Re: Microsoft: from vindictive to cack-handed...
In its now usual cack-handed fashion Microsoft is possibly attempting to do the right thing here. We know AV software digs deep into Windows, patching hardened APIs and pulling all sorts of nefarious tricks to get itself embedded. To me, that is now an unacceptable risk. If Microsoft is spending time adding parameter validation and hardening the Windows kernel only to have that undermined by an AV tool patching and hacking it all away, then that AV tool needs to be blocked. If an AV tool can patch its way in to intercept whole families of calls, so can a virus.
If third-party AV products are capable of burrowing deeply enough into Windows to carry out their function, without Windows detecting and preventing this, then third-party malware can do the same.
Which leaves us with a quandry -- we'd like Windows to be hardened to the point at which the malware cannot run, but we'd also like to able to run third-party AV tools. The two are not compatible goals.
The answer may be for Microsoft to produce an official AV Tool API that the third-party AV vendors can use, with some validity checking (code-signing, etc) so that only approved AV Tool vendors can use the API ... but that would need to be done very carefully, as errors in the API validation could lead to a very bad exploit.
(Oh, but I make it sound so simple! In reality each vendor would want a different API with a different set of functions, and Microsoft would end up providing an API that had not quite all the functionality that any of them wanted ... probably with an unforeseen exploit arising from a combination of features requested by different vendors. It is software, after all.)