As Microsoft’s Vista operating system slouches toward completion, there’s been a rising chorus of criticism from independent software vendors about Vista’s supposed strong suit: security. PatchGuard, a kernel-protection technology, is a favorite target. Aside from blocking access to the kernel for third-party products, some security firms are raising questions about whether the kernel-protection feature will even work. Latest among them is Authentium, a provider of security SaaS (software as a service) products, which said recently that a new product, VirtualATM, can shut off PatchGuard so the company could secure online banking transactions, even on infected PCs. InfoWorld Senior Editor Paul F. Roberts caught up with Authentium CEO John Sharp last week to talk about the controversy.
InfoWorld: Do you worry that Windows Vista, with its built-in anti-spyware, firewall, and auto updates, as well as Microsoft’s other enterprise security offerings, will undermine the value that your company offers?
John Sharp: My biggest concern is that [Microsoft] will undermine innovation. We’ve developed a terrific technology that works in a very different way from the way security works in Vista. If we’re not allowed to innovate and McAfee and Symantec aren’t allowed to innovate, we’re going to end up with very mediocre security tools. Or, we’ll get terrific tools, but on a time line that allows hackers to do damage in the meantime. Our message to Microsoft is that, “We’ve got great technology. We’d like you to certify it. If you do that today, we can be operational with it in a couple months.”
IW: You initially claimed that the technology you’ve developed, VirtualATM, disabled PatchGuard to secure online banking transactions. Later, you revised that to say that VirtualATM is a complementary security layer that leaves PatchGuard in place. Which is it?
JS: Basically PatchGuard controls process creation and termination, access to memory, anti-tamper and code loading at the kernel. VirtualATM works in all those areas to manage secure banking transactions. [VirtualATM] enables a single trusted process environment to connect to a bank through a VPN connection and enable a transaction, even if you’re infected with spyware or a rootkit and they’ve hacked your kernel.
IW: So when you say that you’re leaving PatchGuard in place, but just suspending it to run VirtualATM, that sounds like you’re not really leaving it in place.
JS: PatchGuard is there to put up a wall to unauthorized changes to the OS. We’re asking Microsoft to certify our capability in this area or provide us with an API or build one based on our technology. Whatever gets the solution to market faster. What we want is a certified capability to do what we do, because after what we do with VirtualATM, the end point is more secure with respect to online banking transactions with Windows.
IW: In doing that, you know that you’re doing something that Microsoft doesn’t want you to do, but you did it anyway. Why?
JS: We did it because we had an innovative approach and we wanted to support that. It’s not accurate to say that Microsoft doesn’t support it. We’ve had ongoing conversations with them for weeks. They’ve known what we’re up to in that respect, and certainly in the last few weeks they’ve known we’re taking this approach.