The hooks to replace Defender are the same ones available to be used by any
AntiVirus or FireWall product and have existed since before the release of
Windows XP SP2. The Windows Filtering Platform is used by the Windows XP SP2,
Vista and Windows Live OneCare AV and firewalls, none of which use any other
direct access to the OS. A firewall is really nothing but a GUI interface
into this WFP API set.
The reason this was done is that many of the AV/Firewall vendors were
writing their own wedges into the TCP/IP packet stream, causing problems with
the stability and integrity of the network stack and interfering with
critical services like BITS which resulted in failures in the Windows
Automatic Update and other systems. Microsoft is finally done fooling around
with these idiots and is providing a clear interface to the OS for anyone
with the skills to write to them. If they don't wish to use these API sets,
good riddance.
Here's a description of the Windows Filtering Platform and a link to its
complete description on WHDC, dated May 13, 2004.
http://www.microsoft.com/whdc/device/network/WFP.mspx
"The Windows Filtering Platform is a new architecture in Windows Vista and
Windows Server "Longhorn" that allows third-party software developers access
to the TCP/IP packet processing path, wherein outgoing and incoming packets
can be examined or changed before allowing them to be processed further. By
tapping into the TCP/IP processing path, ISVs can create firewalls, antivirus
software, diagnostic software, and other types of applications and services.
The Windows Filtering Platform is designed for both IPv4 and IPv6 traffic.
Third-party host-based firewall products that use the Windows Filtering
Platform will typically support both IPv4 and IPv6 traffic.
I'm tired of listening to the general European 'MS Bashing' and it would be
fine with me if they simply decided to stop doing business there. The
European Commision is obviously nothing but a protectionist front for
European Union products.
Funny how now that Microsoft is developing products, including a new OS,
that will really protect Windows' users, the rest of the security ISVs cry
foul. Interesting, since they're the same ones who were always saying that MS
needed to improve security in the OS! Can't have it both ways and it really
shows their true colors.
By the way, anyone else noticed that every single significant security
product vendor has a new suite product either in development or already
available? Think that's coincidence or maybe they all knew this was coming,
it just took some longer to realize or re-develop their products for it?
Anyone in the security community claiming they didn't know about this is
either blind and deaf, or an idiot. This is nothing but product positioning
done the wrong way. Those buying this excrement need to get a clue!
Bitman
