Sydney ISV rages against Vista security feature

Linchpin Labs won't replace revoked digital certificate, but doesn't go quietly into the night

Linchpin Labs, a small Australian security company whose free utility Microsoft has blocked from loading unsigned drivers into Windows Vista, today lashed out at the American giant. Microsoft, said Linchpin, should set its own security house in order before it accuses other developers of turning their legitimate software into threats.

Earlier this month, the Sydney, Australia-based Linchpin released Atsiv, a program that uses a signed driver to load other, unsigned drivers into the 64-bit Vista kernel, behaviour that Microsoft said late last week evades a Vista security feature. In 64-bit Vista, only drivers accompanied by a valid digital certificate may load into the kernel; the provision is meant to stymie hackers from infiltrating the kernel with, among other things, malware-cloaking rootkits. Thursday, working with VeriSign, which had issued the Atsiv certificate, Microsoft got Atsiv's signing key revoked, blocking the utility from loading its driver.

Calling the certificate-bearing utility a "potential as well as actual security threat," Microsoft said it also recently added signatures to its antispyware program Windows Defender to detect, block and remove Atsiv's current driver.

On Monday, in response to e-mailed queries by Computerworld, Linchpin defended its software as legitimate. "[Atsiv] assists users of Microsoft Vista that are currently unable to use legacy hardware without signed drivers, and casual developers (such as hobbyists) that are not able to use a company's signing certificate," the company said. "With Atsiv, consumers could once again make use of their legacy hardware, actually increasing [emphasis in original] the user experience of Microsoft Windows Vista."

Even so, it knew when it was beat. "Linchpin Labs will not be acquiring a new certificate to support Atsiv, as Microsoft would undoubtedly push to revoke it as well," the statement read.

"[But] Atsiv does not threaten the user, nor does it provide anonymity to the client drivers that it is used to load," the company said before launching into a serious of rhetorical questions. "What is Microsoft doing to protect the consumer from actual malicious software for which Microsoft does not have a signature? What about signed drivers that contain exploitable vulnerabilities? What about drivers signed and supported by the malware industry?"

As have users reacting to the blog posting in which Windows security architect Scott Field announced the revocation of Atsiv's certificate, Linchpin cast Microsoft's move as the first step on a slippery slope. "The fact [that] Microsoft has taken it upon itself to revoke the Atsiv certificate based on its own definition for malware sets a concerning precedent, one that should not be ignored," Linchpin said. "What if anti-SRE [software reverse engineering] software from company X incorporates a stealth service to help protect products? What if software from company Z implements a system for injecting and running Linux drivers in the Windows kernel?"

Linchpin also unleashed the "A" word -- antitrust. "The long-term impact of this decision by Microsoft will be interesting, as denial-of-service of legitimate software, justified by an arbitrary definition of malware and subjectively enforced, raises the question of antitrust violations."

Others expressed similar thoughts in reaction to Field's blog. "I don't like the idea that MS [Microsoft] can be the sole arbiter of what I can and can't run on my machine," wrote someone identified only as Peter. "What happens when a vendor releases a driver for a piece of software that competes with a MS product? I really don't like where MS is going on this."

Several users also commenting to Field's post, however, noted that the certificate revocation doesn't necessarily preclude Atsiv use, since one can load unsigned code by pressing F8 at boot and choosing "Disable Driver Signature Enforcement."

But that raised more questions. "While this would appear to be a legitimate method of loading an otherwise unsigned driver because it is using Microsoft documented methods, I wonder how this differs greatly from what Atsiv set out to do," said a user named Ben. "Atsiv used Microsoft-documented methods."

Linchpin's last word on the brouhaha was a final shot at Microsoft. "[We] would like to suggest that Microsoft spend less time using debatable policy as a security mechanism, and spend more time actually tightening its operating systems," the company said. "For the casual reader, we encourage awareness of the difference between solid security and a powerful marketing campaign."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender solutions stop attacks before they even begin! Get cybersecurity that 500 MILLION users already have and trust.

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?