Microsoft releases Vista APIs to security vendors

Microsoft released a draft set of programming interfaces allowing security vendors to develop software using the Windows kernel on 64-bit systems.

Microsoft on Tuesday released a draft set of programming interfaces that would give third party security vendors access to the kernel of 64-bit versions of Windows Vista.
In the next several weeks, we'll continue gathering input about the draft specifications from ISVs and other security experts.
Ben Fathi,
corporate vice president, Security Technology UnitMicrosoft

In an announcement on its Web site, Microsoft's Ben Fathi said the draft set of application programming interfaces (APIs) "have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection."

Fathi, corporate vice president of Microsoft's Security Technology Unit, said the first set of APIs would create a control, which could be used to govern whether applications are allowed to be launched or manipulated.

The APIs would also provide API support to prevent tampering with process hosting security software, memory based controls to address space manipulation and image loading operations to prevent malicious code images from loading and executing.

Kernel Patch Protection:
Security Blog Log: The never-ending PatchGuard debate

Sept: Microsoft: We're not out to crush security vendors

Oct: Microsoft caves to pressure over Vista security

Opinion: Microsoft Kernel Patch Protection should be lauded

"In the next several weeks, we'll continue gathering input about the draft specifications from ISVs and other security experts," Fathi said.

The first set of APIs will be released in both 32-bit and 64-bit versions of Windows Vista Service Pack 1. Early test versions will be made available to ISVs to update and test their software in time for release along with Service Pack 1, Fathi said.

Third party security vendors, Symantec Corp. and McAfee Inc. and others have long accused Microsoft of locking them out , with its Kernal Patch Protection feature, formerly called PatchGuard. The feature was introduced by Microsoft to stop attackers from gaining access to Vista's kernel.

In October, Microsoft changed course , telling security vendors that it would create additional APIs, opening up Vista's core so third-party security products would work effectively with the new operating system.

Read more on IT risk management