Hackers 'will crack Windows security tech soon'

PatchGuard, a Microsoft technology to protect key parts of Windows, will be hacked sooner rather than later, a security expert said on Thursday.

Hackers will break through the protection mechanism soon after Microsoft releases Windows Vista, Aleksander Czarnowski, a technologist at Polish security company Avet Information and Network Security, said in a presentation at the Virus Bulletin event in Montreal.

Czarnowski said: "It will probably take a year or so for it to surface publicly but I believe it will be broken earlier. PatchGuard will be broken pretty soon after the final version is released... A lot of people who would break it will probably not make it public immediately."

Microsoft designed PatchGuard - also called kernel patch protection - to safeguard the Windows kernel against malicious code attacks. Cyber crooks have found ways to exploit the innards of Windows for malicious purposes, making the protection offered by PatchGuard key to securing the operating system, Microsoft has said.

The technology applies only to 64-bit versions of Windows and debuted last year in Windows XP x64 Edition. However, while that Windows version was never broadly adopted, PatchGuard is set to become used more widely, when Vista hits store shelves in January and people are expected to buy PCs with 64-bit processors and 64-bit versions of the operating system.

Stephen Toulouse, a program manager in Microsoft's Security Technology Unit, wrote on his blog last week: "Kernel patch protection is not a silver bullet. We're not saying no one will ever crack it. The point is that the situation as it exists now… attackers don't need to do any work to access the kernel at the highest level. At least with kernel patch protection, we're trying to prevent that."

There have been some claims that PatchGuard has already been compromised but Microsoft has denied this. Toulouse wrote: "We're not aware as of right now that people have circumvented it."

If PatchGuard is ever circumvented, Microsoft would fix the issue with a software update, Toulouse wrote. "Kernel patch protection can become more resilient over time due to the combination of hardware and software advancements," he added.

Joris Evers writes for CNET News.com