Microsoft Releases Patchguard API Microsoft releases API for security vendors

[yeh 0]

Hi. I just read a report about this on ComputerWorld. Here's the address

http://forums.xisto.com/no_longer_exists/

Basically, Microsoft is not letting security vendor modify the Vista kernel. Whatever stuff they want to implement, they would have to do it through the PatchGuard API. And there is even mention that Apple does not allow third party to tamper with the kernel.

I'm no security experts, so here are my questions to the security gurus...

If Apple does not allow third party to tamper with its kernel, how do security software companies implement their products for the Apple platform? Or there is actually a discrepancy between what is offered for Microsoft platform, excluding Vista, as compared to the Apple platform?

What does it mean actually by not letting third party modify the kernel? Does that mean that how the kernel works is kept secret? Or are there actually security mechanisms to ensure that no modification is done to the kernel? Rootkits are developing into a big security problem. I'm not an Apple user, but are rootkits in existence on the Apple platform? If there are, how do they know how to modify the Apple kernel? Is it through some sort of reverse engineering or someone actually divulges the Apple kernel secret?

Hmm... I think that's all the questions for now. Thanks in advance for the reply.