Sydney ISV rages against Vista security feature

Linchpin Labs won't replace revoked digital certificate, but doesn't go quietly into the night

Linchpin Labs, a small Australian security company whose free utility Microsoft has blocked from loading unsigned drivers into Windows Vista, today lashed out at the American giant. Microsoft, said Linchpin, should set its own security house in order before it accuses other developers of turning their legitimate software into threats.

Earlier this month, the Sydney, Australia-based Linchpin released Atsiv, a program that uses a signed driver to load other, unsigned drivers into the 64-bit Vista kernel, behaviour that Microsoft said late last week evades a Vista security feature. In 64-bit Vista, only drivers accompanied by a valid digital certificate may load into the kernel; the provision is meant to stymie hackers from infiltrating the kernel with, among other things, malware-cloaking rootkits. Thursday, working with VeriSign, which had issued the Atsiv certificate, Microsoft got Atsiv's signing key revoked, blocking the utility from loading its driver.

Calling the certificate-bearing utility a "potential as well as actual security threat," Microsoft said it also recently added signatures to its antispyware program Windows Defender to detect, block and remove Atsiv's current driver.

On Monday, in response to e-mailed queries by Computerworld, Linchpin defended its software as legitimate. "[Atsiv] assists users of Microsoft Vista that are currently unable to use legacy hardware without signed drivers, and casual developers (such as hobbyists) that are not able to use a company's signing certificate," the company said. "With Atsiv, consumers could once again make use of their legacy hardware, actually increasing [emphasis in original] the user experience of Microsoft Windows Vista."

Even so, it knew when it was beat. "Linchpin Labs will not be acquiring a new certificate to support Atsiv, as Microsoft would undoubtedly push to revoke it as well," the statement read.

"[But] Atsiv does not threaten the user, nor does it provide anonymity to the client drivers that it is used to load," the company said before launching into a serious of rhetorical questions. "What is Microsoft doing to protect the consumer from actual malicious software for which Microsoft does not have a signature? What about signed drivers that contain exploitable vulnerabilities? What about drivers signed and supported by the malware industry?"

As have users reacting to the blog posting in which Windows security architect Scott Field announced the revocation of Atsiv's certificate, Linchpin cast Microsoft's move as the first step on a slippery slope. "The fact [that] Microsoft has taken it upon itself to revoke the Atsiv certificate based on its own definition for malware sets a concerning precedent, one that should not be ignored," Linchpin said. "What if anti-SRE [software reverse engineering] software from company X incorporates a stealth service to help protect products? What if software from company Z implements a system for injecting and running Linux drivers in the Windows kernel?"

Linchpin also unleashed the "A" word -- antitrust. "The long-term impact of this decision by Microsoft will be interesting, as denial-of-service of legitimate software, justified by an arbitrary definition of malware and subjectively enforced, raises the question of antitrust violations."

Others expressed similar thoughts in reaction to Field's blog. "I don't like the idea that MS [Microsoft] can be the sole arbiter of what I can and can't run on my machine," wrote someone identified only as Peter. "What happens when a vendor releases a driver for a piece of software that competes with a MS product? I really don't like where MS is going on this."

Several users also commenting to Field's post, however, noted that the certificate revocation doesn't necessarily preclude Atsiv use, since one can load unsigned code by pressing F8 at boot and choosing "Disable Driver Signature Enforcement."

But that raised more questions. "While this would appear to be a legitimate method of loading an otherwise unsigned driver because it is using Microsoft documented methods, I wonder how this differs greatly from what Atsiv set out to do," said a user named Ben. "Atsiv used Microsoft-documented methods."

Linchpin's last word on the brouhaha was a final shot at Microsoft. "[We] would like to suggest that Microsoft spend less time using debatable policy as a security mechanism, and spend more time actually tightening its operating systems," the company said. "For the casual reader, we encourage awareness of the difference between solid security and a powerful marketing campaign."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?