"What we have always said is we don't want third parties modifying the kernel itself to achieving some functionality because it is not supportable," Fathi said. "So our definition of access to the kernel is access through documented supported APIs."

Microsoft's kernel patch protection technology is an attempt by the company to take control of the "central core of the security problem," said Rob Enderle, president of the Enderle Group in San Jose. "They are approaching security on two fronts, [both with] products that lie on top of their own as well as with enhancements like PatchGuard to the operating system so that it is much more resilient to certain types of attacks," he said.

The APIs give Microsoft a way to appease "legal beagles," especially in the EU, while still allowing it to keep PatchGuard in place, said Roger Kay, an analyst with Endpoint Technologies in Wayland Mass. "It has used first-class negotiation techniques by asking the other side what their real needs are and by getting an answer from them," Kay said.

"Microsoft can say, 'We have taken care of those needs with these APIs,' without actually acceding to [vendors'] requests to fiddle with the kernel," Kay said. "What Microsoft is saying is we need to keep the kernel sacrosanct. I'm pretty much in their camp with this one."

Kay noted that other vendors such as Apple also don't let third parties tamper with the operating system kernel.