The brouhaha over developing third-party security applications for Windows Vista may be far from over, but Microsoft has followed up on a pledge it made last October to clue third-party security developers into the APIs they’ll need to use to tap into the Vista kernel.
In order to improve security in Windows Vista—at least, compared to the long-standing nightmare which has been security under Windows XP—Microsoft extended its PatchGuard technology to isolate the operation system kernel in the 64-bit edition of Windows Vista. The decision left no mechanisms for developers of third-party security applications—like Symantec and McAfee—to create security, scanning, and firewall products for the 64-bit version of Vista.
Microsoft has made the draft APIs available to third-party developers for testing and comment through the end of January, 2007, and promises a final version of the APIs will be available when Microsoft releases its first service pack for Windows Vista, expected in mid- to late-2007. So far, no security vendors have commented publicly on the API information received from Microsoft.
“These new APIs for Windows Vista have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection,” said Ben Fathi, Microsoft’s Windows security chief, in a statement. Fathi also noted that the APIs are not finalized, and it expects to modify the specifications in response to feedback from security experts and developers. Microsoft has published a document (MSWord) outlining the process it uses to prioritize and evaluate requests for Kernel Patch Protection APIs.
In the meantime, computing enthusiasts, enterprise customers, and others interested in 64-bit editions of Windows Vista remain concerned that no third-party security products will likely be available for the operating system until some time after the release of Vista Service Pack 1.