Linchpin Labs, a small Australian security company whose free utility Microsoft has blocked from loading unsigned drivers into Windows Vista, today lashed out at the American giant. Microsoft, said Linchpin, should set its own security house in order before it accuses other developers of turning their legitimate software into threats.
Earlier this month, the Sydney, Australia-based Linchpin released Atsiv, a program that uses a signed driver to load other, unsigned drivers into the 64-bit Vista kernel, behavior that Microsoft said late last week evades a Vista security feature. In 64-bit Vista, only drivers accompanied by a valid digital certificate may load into the kernel; the provision is meant to stymie hackers from infiltrating the kernel with, among other things, malware-cloaking rootkits. Thursday, working with VeriSign Inc., which had issued the Atsiv certificate, Microsoft got Atsiv's signing key revoked, blocking the utility from loading its driver.
Calling the certificate-bearing utility a "potential as well as actual security threat," Microsoft said it also recently added signatures to its antispyware program Windows Defender to detect, block and remove Atsiv's current driver.
On Monday, in response to e-mailed queries by Computerworld, Linchpin defended its software as legitimate. "[Atsiv] assists users of Microsoft Vista that are currently unable to use legacy hardware without signed drivers, and casual developers (such as hobbyists) that are not able to use a company's signing certificate," the company said. "With Atsiv, consumers could once again make use of their legacy hardware, actually increasing [emphasis in original] the user experience of Microsoft Windows Vista."
Linchpin, Microsoft, Windows Vista, Vista Security, Vista Drivers, Unsigned Drivers