Sydney ISV rages against Vista security feature

Linchpin Labs won't replace revoked digital certificate, but doesn't go quietly into the night

Linchpin Labs, a small Australian security company whose free utility Microsoft has blocked from loading unsigned drivers into Windows Vista, today lashed out at the American giant. Microsoft, said Linchpin, should set its own security house in order before it accuses other developers of turning their legitimate software into threats.

Earlier this month, the Sydney, Australia-based Linchpin released Atsiv, a program that uses a signed driver to load other, unsigned drivers into the 64-bit Vista kernel, behaviour that Microsoft said late last week evades a Vista security feature. In 64-bit Vista, only drivers accompanied by a valid digital certificate may load into the kernel; the provision is meant to stymie hackers from infiltrating the kernel with, among other things, malware-cloaking rootkits. Thursday, working with VeriSign, which had issued the Atsiv certificate, Microsoft got Atsiv's signing key revoked, blocking the utility from loading its driver.

Calling the certificate-bearing utility a "potential as well as actual security threat," Microsoft said it also recently added signatures to its antispyware program Windows Defender to detect, block and remove Atsiv's current driver.

On Monday, in response to e-mailed queries by Computerworld, Linchpin defended its software as legitimate. "[Atsiv] assists users of Microsoft Vista that are currently unable to use legacy hardware without signed drivers, and casual developers (such as hobbyists) that are not able to use a company's signing certificate," the company said. "With Atsiv, consumers could once again make use of their legacy hardware, actually increasing [emphasis in original] the user experience of Microsoft Windows Vista."

Even so, it knew when it was beat. "Linchpin Labs will not be acquiring a new certificate to support Atsiv, as Microsoft would undoubtedly push to revoke it as well," the statement read.

"[But] Atsiv does not threaten the user, nor does it provide anonymity to the client drivers that it is used to load," the company said before launching into a serious of rhetorical questions. "What is Microsoft doing to protect the consumer from actual malicious software for which Microsoft does not have a signature? What about signed drivers that contain exploitable vulnerabilities? What about drivers signed and supported by the malware industry?"

As have users reacting to the blog posting in which Windows security architect Scott Field announced the revocation of Atsiv's certificate, Linchpin cast Microsoft's move as the first step on a slippery slope. "The fact [that] Microsoft has taken it upon itself to revoke the Atsiv certificate based on its own definition for malware sets a concerning precedent, one that should not be ignored," Linchpin said. "What if anti-SRE [software reverse engineering] software from company X incorporates a stealth service to help protect products? What if software from company Z implements a system for injecting and running Linux drivers in the Windows kernel?"

Linchpin also unleashed the "A" word -- antitrust. "The long-term impact of this decision by Microsoft will be interesting, as denial-of-service of legitimate software, justified by an arbitrary definition of malware and subjectively enforced, raises the question of antitrust violations."

Others expressed similar thoughts in reaction to Field's blog. "I don't like the idea that MS [Microsoft] can be the sole arbiter of what I can and can't run on my machine," wrote someone identified only as Peter. "What happens when a vendor releases a driver for a piece of software that competes with a MS product? I really don't like where MS is going on this."

Several users also commenting to Field's post, however, noted that the certificate revocation doesn't necessarily preclude Atsiv use, since one can load unsigned code by pressing F8 at boot and choosing "Disable Driver Signature Enforcement."

But that raised more questions. "While this would appear to be a legitimate method of loading an otherwise unsigned driver because it is using Microsoft documented methods, I wonder how this differs greatly from what Atsiv set out to do," said a user named Ben. "Atsiv used Microsoft-documented methods."

Linchpin's last word on the brouhaha was a final shot at Microsoft. "[We] would like to suggest that Microsoft spend less time using debatable policy as a security mechanism, and spend more time actually tightening its operating systems," the company said. "For the casual reader, we encourage awareness of the difference between solid security and a powerful marketing campaign."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?