Microsoft Has Verisign Revoke Atsiv CertificateMicrosoft Corp. last week slammed the door on a free utility out of Australia that outflanked one the company's touted security features in Windows Vista by having the program's digital certificate revoked.LinchpinLabs' Atsiv utility, released July 20, used a signed driver to load other, unsigned code, into the Vista kernel, according to U.S.-based Symantec Corp. researcher Ollie Whitehouse. Atsiv, said Whitehouse, thus let users circumvent a feature of the 64-bit version of Vista that allows only digitally-signed code to be loaded into the operating system's kernel. The digital signing requirement is one way Vista tries to stymie hackers from infiltrating the kernel -- the heart of the OS -- with, among other things, rootkit cloaking technologies that hide malware from security software."This is rootkit behavior," said Whitehouse last Monday.Atsiv's developers, on the other hand, have touted the utility as a tool useful for loading unsigned, but legitimate, drivers into Vista 64-bit.Friday, Microsoft announced it had worked with VeriSign, the company that provided the certificate to LinchpinLabs, to have the code signing key revoked, said Scott Field, a Windows security architect in a posting to the Vista security team's blog. "VeriSign has revoked the code signing key used to sign the Atsiv kernel driver [as of Aug. 2], which means the code signing key will no longer be considered valid," Field said. View: Full Article News source: PCWorld Read full story...
http://feeds.feedburner.com/~r/neowin-main/~3/141601689/index.php
