Microsoft becoming 'software police', say users

Software giant's decision to have Atsiv utility digital certificate revoked is criticised by users

Microsoft last week slammed the door on a free utility out of Australia that outflanked one the company's touted security features in Windows Vista by having the program's digital certificate revoked.

Users took the company to task for the move, noting the slippery slope the company had stepped on, with some blasting Microsoft as playing "software police".

LinchpinLabs' Atsiv utility, released July 20, used a signed driver to load other, unsigned code, into the Vista kernel, according to US-based Symantec researcher, Ollie Whitehouse.

Atsiv, Whitehouse said, thus let users circumvent a feature of the 64-bit version of Vista that allows only digitally-signed code to be loaded into the operating system's kernel. The digital signing requirement is one way Vista tries to stymie hackers from infiltrating the kernel -- the heart of the OS -- with, among other things, rootkit cloaking technologies that hide malware from security software.

"This is rootkit behaviour," Whitehouse said.

Atsiv's developers, on the other hand, have touted the utility as a tool useful for loading unsigned, but legitimate, drivers into Vista 64-bit.

Microsoft recently announced it had worked with VeriSign, the company that provided the certificate to LinchpinLabs, to have the code signing key revoked, a Windows security architect, Scott Field, said in a posting to the Vista security team's blog.

"VeriSign has revoked the code signing key used to sign the Atsiv kernel driver [as of Aug. 2], which means the code signing key will no longer be considered valid," Field said.

Microsoft also included a detection and removal signature for Atsiv in the recent update to Windows Defender, the anti-spyware software bundled with both 32- and 64-bit editions of Vista.

Field downplayed the kernel signing's significance in the overall Vista security landscape. "Kernel Mode Code Signing[KMCS] is a not a security boundary, rather, it is only one aspect of a defence-in-depth approach to security," Field said. "KMCS does not provide a means to determine the 'intent' of the signed code (i.e., good or bad). A primary benefit of KMCS is that it provides a means to identify the author of a piece of code."

In that regard, Field said, KMCS worked as expected in the Atsiv case, even though the utility was able to get around the feature.

Comments pegged to Field's post were mixed, but leaned heavily toward criticising Microsoft for revoking the Atsiv certificate.

"I'm uncomfortable with the idea of CA's [certification authority] becoming the software police," one user, John, said. "Atsiv may be an easy case, but what precedent does this set when less cut-and-dried cases arise? Working around limitations in an operating system is not necessarily a bad thing."

"I am also concerned about the implications of Microsoft's ability to have the signing certificate revoked," Ben, another user commenting on Field's posting, said. "It appears that Microsoft ... is using [code signing] to ensure that programs do not contravene Microsoft's self created policies. This is an interesting case of Microsoft not only being self-appointed police, but self-appointed policy makers."

Michael's long comment started: "This is a very interesting thing Microsoft have [sic] done. The Microsoft logic seems to revolve around Atsiv being 'undesirable' or misrepresenting itself in some fashion. There have never been claims of deception in obtaining the signing certificate, or that the Atsiv tool does anything other than what it claims.

"To describe this tool as 'undesirable' stretches that word beyond reason. Atsiv has no self-propagating functionality. It doesn't do any privilege escalation or modify any system functions or memory or anything like that. It uses (I assume) documented windows APIs to provide functionality that some people clearly desire. You need to be an administrator to run it. You will see the UAC [user account control] dialog, if enabled. If people choose to download and run it on their own computers, then it is providing 'desirable' functionality, by definition."

LinchpinLabs did not reply to a request for comment; nor has it indicated whether it would seek a replacement certificate to allow Atsiv to work as advertised.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?