Can we make Anti-Patchguard Online Petition?

We the people of Wilders Security Forums are aware of the PatchGuard issue Microsoft has imposed on us with 64 bit editions of Windows.

Such a policy of Microsoft has practically disabled many security vendors and developers in their efforts of providing independent protection of the Windows OS.

I wonder if we could start an online petition here at Wilders to tell those guys in Redmond to start listening to what their customers say.

We want them to make PatchGuard (Kernel Patch Protection) user selectable. Each Windows user should be able to decide on his own to have KPP on or to disable it. By default it should be on to protect newbie users, but many advanced users would prefer third party security over Microsoft's own. It's about freedom of choice.

I am sure Ilya, Tzuk, Xiaolin and many other security experts and developers would join us in our demands.

If site admins give their OK, we can start changing the world now!

 

Dear it wil not change even a brick over at microsoft. Moreover, personally i like patch guard as it protects from rootkits. Why they should stop it?

Lastly it wil never be allowed here.

 

So you can keep it. I don't like it, why can't I choose not to have it?

 

I think because they want to protect ordinary users out of the box. Besides it might be technically difficult to have it optional, just my guess. There might be other good reasons. Let,s see what others say.

Besides, the point is that such online petitions will not affect their decisions.

 

If I am not mistaken, patchguard is implemented at kernel level in x64 OS, its quite a complex issue to go fiddling with the kernel to make it a on and off feature and I guess for stability's sake, MS decided to keep it on.

On a different note, Patchguard is exactly the reason I have preferred to stick to x64 OS from day one of their introduction, so when AMD launched its x64 CPU, I had both XPx64 and Ubuntu x64 running on it.

 

The dream is an OS that needs no security software to stay safe. So Patchguard is a step to that direction. The security companies should put pressure on Microsoft and get what they need. Although I have positive feelings for all the developers you have mentioned, I think it's their task to protect and keep their business alive and not mine. I already support them by buying software, don't think I have to do more.

Although I believe this is a problem that at the end will have a happy conclusion. It's too early and Microsoft has not had the time or the will to provide a complete set of APIs. In the next two or three years Microsoft will provide to the developers what they need, maybe asking a fee or partecipation to a program ( not that fair I know ).

 

Because you have already chosen to use it by installing the Microsoft OS 64bit. If you don't like it there is the option of 32bit which is absolutely valid and absolutely not outdated for the year 2010.

 

Patchguard is exactly the reason why I have prefered not to upgrade to x64 yet.

But I am aware that, sooner or later, I'll have to.

But will it be valid and not outdated for the year 2012 or 2015?

We are wasting time and losing years that could have been used for developing modern security software just because Microsoft decided to sabotage other security vendors and that way eliminate competition in security software market.

What we will be getting in the years to come is security vendors adapting to the situation just to survive on the market which will result in us buying watered-down security software.

At least, Tzuk is honest and admits that Sandboxie 64 can't provide such a level of protection like Sandboxie 32. Other vendors will not admit it and will just keep advertising and selling crippled apps without saying anything about weakened security.

 

It's a bit too big words... Don't you think so?

There is not really a big point for Microsoft to sabotage and take over security software market and so on...

as you have mentioned earlier, Microsoft just listened to it's user, Majority of whom wanted Secure OS out of box without need for some third party products.
So it created PatchGuard...

 

I don't see a massive adoption of 64bit systems before the next version of Windows OS.

Don't worry about the lost time.
Creating security products is not a research...like a research in molecular biology. They already have the technologies available, they just don't know how to "speak" with the OS. It will take them max 1 year to provide stable and secure products when they'll have the APIs. In the meanwhile they have already started digging patchguard, have acquired some experience and formulated ideas. So when the APIs will be available they'll be ready to use them.

Microsoft has not decided to sabotage security products. They have made a decision for their OS and also have defined higher standards for the development of security applications. Considering also the release of MSE...it was more a wake up call than a sabotage. In the next 2-3 years the APIs will be known and everybody will be happy. Microsoft sees no reason to hurry up things and honestly I don't see the reason too.

 

They can make it changeable from the Safe mode only if they want to avoid on/off clickshow.

I wouldn't mind different retail versions of Windows (with or without PatchGuard) either.

 

IN fact, I would prefer to see PatchGuard more selectable with certain API protection. For example, do you see any practical need in protecting ZwClose or ZwSetSystemInformation from rootkits?

But MS will never do it because they want to protect their sandbox, UAC, from competition.

 

why getting rid of something that increases the security of the Windows install, the very reason that 3rd security utils are ran? If it breaks the ability of malware to encroach and remain in the system and does as good job as 3rd party util why getting rid of it or ask for it to be disabled or crippled. Just because the security software has nothing to protect against? Is it that good that there is no space for 3rd party util to protect over and above what it does? No flaws in it that malware can't take advantage and so that 3rd party util can't enhance it?

 

I think the same. I 'm able to accomplish my security myself, choosing the security layers and the softwares that I prefer.

 

It seems I'll have to ditch some of my favourite software when I upgrade to x64.

Some developers will try to find alternative ways to bypass the obstacle, but that might lead us to unpredictable consequences. Practically, M$ makes good guys turn into bad guys.

We'll end up with low-fat sugarfree security software without security at all.

P.S. Of course, Ilya meant x64.

 

Yeah, you will have to ditch some your favourite tools and get security from OS itself..
ok, I do agree not the same level of security, but even weaker one.

But we are going in the right way: as ideal OS is the one which is secure itself without any third party software.

For so many years Windows users just shouted at Microsoft, for not doing anything to secure their OS. They were impressed by Unix security but they just took it for granted that Windows hadn't have almost any restrictions....
So Microsoft decided to go few steps on direction of security. But it meant that it will bring some restrictions.

Microsoft urged it's users to switch to LUA (standard users) for normal usage.
Windows users said it was stupid and just ignored this message.

Microsft created fast user switch to make it easier to use LUA. None cared about it..

Microsoft created UAC, atlesat downgrade admin accounts as user don't want to switch.
Half of the users disabled it and most of the users cursed Microsoft that it was "annoying"....

Microsoft listened to it's users, created a bit less annoying UAC with Windows 7.
Security experts started creating reports that Windows 7 was less secure that Window Vista out-of-box because it less strict UAC.
Unaware users again stared cursinf Microsoft that it isnot securing it's OS enough.. (funny thing is those people are the same who claimed UAC was annoying)

Microsoft implements PatchGuard (actually it was implemented in 2005, it's nothing new. I wonder why we do have so much noise about it now!) We already had BIG debate about PatchGuard in 2005.
when large security vendors claimed that it was less secure option... (companies like Symantec and McAfee)

Then there was Sophos who said it wasn't really restriction for them to create the same safe OS with patchGuard..

There was Joanna Rutkowska, who showed attacks to PatchGuard (as far as I know.....)

And all this debate was ended when Microsoft gave APIs...

Then almost all debates were ended.

Now we are creating new "Petition" against it, based purely on complains of small developers.
As you can see all the big companies are already satisfied with it and found ways to work under it, so it is possible to other developers to find ways aswell.

I know what will be Ilya's response to me ( if it will be). That I am not technically educated enough to understand it or something on this note.
But even though both me and Ilya do undersant that it IS really Possible to do. Maybe with new approaches, but it is really possible to make 64-bit OS even more secure that 32-bit one...

So why Windows users are like this?
Why we always complain about something?
Why we always hate our OS?

Why we imagine Linux/Unix as perfect OS, but at the same time don't accept principles which are similar to them...
I think, it's useless...

Microsoft had too big market, and there are too many types of people who use it, so there is almost noway for Microsoft to satisfy all of them.

We will never reach it: Perfect OS

...


P.S. if you want more read about Patchguard:
https://www.wilderssecurity.com/showthread.php?t=248774
http://en.wikipedia.org/wiki/Kernel_Patch_Protection

 

All I am asking is this:

Give me the choice to run "perfect" OS on 64 bits or an imperfect one if I prefer so.

 

Why should Microsoft adapt to small developers?
Why small developers can't adapt to Microsoft's actions?

no, I mean, ofcourse Microsoft should think about developers...

what I mean is, if they do as you ask, it will just kill whole theory. it will kill PatchGuard.

Most of the users will start turning it off, just like they did with UAC, without knowing what it is.
They will just turn it off becaues they read some article that PatchGuar is evil...
I mean they will disable it and that's it... Not that they will install something that will interact with it, but just disable it...

And then there comes Developers.
They wil continue to create their product with PatchGuard turned off and there will be new devlopers in this area and they will do the same with patchguard off and so on.
I mean it's not really that bad. But they will never adapt to PatchGuard.
Who needs extra work when there is easier way?

If you will not give them any way of escaping PatchGuard and Microsoft will stand strong on it, They will eventually adapt to it and create their products under it.
Because they Can, because they have to make their living, so they will create the same level products under PatchGuard...

Maybe Microsoft has it's own view on this, own reasons, maybe he dosen't want competition or something like this. I don't know.

This was just my view, and this was just reasons why I am against this petition.

If you or anybody else felt in anyway offended, I sincerely apologise. Sometimes I am like this direct. Sorry

 

so can anyone one tell me has there been any malware to date which has bypassed patch guard ?

 

I am yet to see a single x64 rootkit, I maybe wrong but patch guard so far works and works well.

 

In the laboratory it has been done, but it was already patched..

 

If Patchgaurd is causing this much of a problem then good, it is doing what is was meant to. I have no interest in seeing it removed.

 

I see Patchguard as both good and bad. It certainly does interfere with some security programs, causing some to behave differently, and, some not to work. It HAS kept me away from quite a few good security programs. On the upside, it's probably a good thing that programs can't just dig their claws so deeply, and, perhaps, it's reducing the need for such security programs. I fully expect 64bit to be targeted and attacked in the future. After all, malware writers work their hardest and are at their most creative when they start getting blocked out. For now, we 64bit users should enjoy not having the biggest bulls-eye on our backs.

 

This. Keep up the good work Microsoft, I hope you improve on these kind of "default" security technologies with Windows 8 and beyond.

 

That is the whole point.

If you want a secure OS then you might try Linux or OpenBSD.

MS Windows was never meant to be a secure OS. It is insecure by its architecture. It was concieved wit ease of use as the main idea and all security patches are just afterthoughts. I never trusted MS security.

It's been third party software that always secured Windows and fought malware, MS was light years behind actual security threats.

Now they come with PatchGuard which seemingly increases security while it actually undermines third party security software.

So the restrictions MS has brought are restrictions on security itself.