14 DAY TRIAL // The kernel is at the heart of all modern operating systems. On this single-core component is based the very security of the operating system and Windows vista is no exception to this rule. With the release of Windows Vista, Microsoft has introduced three technologies designed to bulletproof the kernel. Driver signing, code integrity and PatchGuard are the pillars of the 64-bit editions of Windows Vista's kernel.
"Kernel Patch Protection allows us to provide increased reliability, consistent performance, and additional levels of security for 64-bit Windows by preventing unauthorized software from modifying or patching the Windows kernel using unsupported methods while it's running. Kernel Patch Protection works by providing extensibility that allows potential extensions to be planned for, reviewed and tested thoroughly during product development. Instead of allowing multiple parties to directly modify kernel instructions and data structures in undocumented and unsupported ways, providing supported mechanisms and APIs will strengthen the security, performance and reliability of Windows Vista," revealed Microsoft's Stephen Toulouse, senior program manager for the Trustworthy Computing Group.
Symantec has long contested the legitimacy and validity of the Kernel Patch Protection, but Microsoft failed to budge from its position. Via driver signing, Microsoft controls all the drivers loaded into the kernel. And code integrity safeguards the core operating system and ensures that it has not been tampered with in any way.
"Symantec researchers investigated the feasibility of disabling all three key kernel integrity technologies: driver signing, Code Integrity, and PatchGuard. Results have shown that all three technologies can be permanently disabled and removed from Windows Vista after approximately one man-week of effort. A potential victim need make only one mistake to become infected by a threat that does the same. The result: All new security technologies are stripped from Windows Vista in their entirety," concluded Symantec.