Tel aviv, Israel (See original on PRWEB) November 03, 2012:

“Microsoft’s new Windows 8 operating system has created dramatic changes for network interception,” reported Barak Weichselbaum of Komodia, Inc. Founded by Mr. Weichselbaum in 2004, Komodia are the developers of the Komodia’s Redirector Platform. “Programmers and security experts ‘must adapt’ if their applications need to capture and modify network traffic,” said Mr. Weichselbaum.

Komodia know what they are talking about. They are the sole provider in the industry of an SDK that allows development of networking interception solutions within a few days rather then months. Barak continues “Microsoft have changed the rules of the game in the much talked about Windows 8.”

“In Microsoft’s Windows Filtering Platform (WFP), there’s a new functionality that allows the support for cascading proxies. This means that multiple filtering products like Redirector can inspect network traffic and allow another third-3rd party product to inspect it afterwards as well. This permits user to deploy a number of security products, which up until now have been prone to a variety of issues,”

Weichselbaum noted that until Windows Vista’s introduction, networks could be intercepted using LSP, TDI NDIS, the three official technologies, and that WFP was introduced to “eventually replace them,” but he warns “it wasn’t mature enough.”

By Windows 7, the three technologies and one “hack” (DLL injection) offered product developers the advantage of flexibility in choosing the correct one for specific purposes but from diversity many problems occurred:

With LSP’s low entry barrier (and an unseen barrier to make it work really well), many novice programmers developed network filters that hurt the user experience, resulting in application crashes. Also, due to LSP’s low entry barrier conflicts occur with two LSPs installed. For example, when one programmer “insists” on a priority installation – which according to Komodia’s data is a bad practice

Komodia and some other AV products redirect to a local proxy, but with different technologies. Example: one product received the traffic, and the other would not, a situation which often resulted in a conflict.

Mr. Weichselbaum explains that the DLL injection is still ‘possible,’ although a frowned-upon technique, in terms of best practices. In the past AV flagged most commercial packages as viruses; DLL is therefore ‘a last resort’ for ‘legitimate network filters’ say Komodia.

“In the new environment the WFP’s barrier to entry is very high,” Weichselbaum said. “The old technologies still work under legacy mode, but applications can’t be certified if LSP and TDI are used. As a matter of fact they will not intercept modern UI, which is why we say that if your application needs to intercept all traffic, you must adapt.”

“On the new 64-bit platform, the WFP driver must be signed,” added Weichselbaum. “It’s now less likely that a virus will be embedded in the WFP as there is accountability for the WFP’s creator, another important step forward in Windows 8.”

“To tie all of this together and make it work, you will need an experienced programmer or a platform like Redirector, which is a good development. This means a better end user experience, which is what we’re all aiming for,” Weichselbaum concluded.

Follow