Tuesday's update to Windows Vista's PatchGuard, a kernel protection scheme designed to keep malicious or unproven code at arm's length, had nothing to do with recent hacks of another Vista defense, Microsoft said Thursday. The update to Kernel Patch Protection (KPP), also known as PatchGuard, was issued Tuesday to Vista 64-bit users, but the description of the enhancement was inscrutable. All Microsoft said at the time was "this update adds checks to this protection for increased resiliency in Windows."
Third-party researchers filled the vacuum with speculation about the update's purpose, with much of that speculation centered on a possible connection between the update and multiple disclosures that Vista's kernel code signing defense -- another barrier Microsoft set up to protect the kernel, but separate from PatchGuard -- could be easily circumvented. Among the end-arounds was a utility written by Alex Ionescu, a Canadian college student interning this summer at Apple Inc. Ionescu's "Purple Pill" used a flawed, but legitimate and signed ATI Technologies video driver, to slip unsigned code past Vista's protection.
View: The full story
News source: PCWorld
Third-party researchers filled the vacuum with speculation about the update's purpose, with much of that speculation centered on a possible connection between the update and multiple disclosures that Vista's kernel code signing defense -- another barrier Microsoft set up to protect the kernel, but separate from PatchGuard -- could be easily circumvented. Among the end-arounds was a utility written by Alex Ionescu, a Canadian college student interning this summer at Apple Inc. Ionescu's "Purple Pill" used a flawed, but legitimate and signed ATI Technologies video driver, to slip unsigned code past Vista's protection.
View: The full story News source: PCWorld
If 3rd party software developers write buggy code, theres always gonna be flaws.
Can you even fully move hardware drivers into user mode? I'm no driver expert but hardware needs to have access to the kernel in some form. I suppose you can just have it talk to the HAL fully, but that gives you a performence hit doesn't it? I think MS put many things in kernel mode to help with performence back in the day.
Lets assume they went back to their own micro kernel design - would the market be willing to put up with the performance hit? would the gamers who want hight 'teh snappy' be happy to see a small performance penalty in the games for improved stability and security?
Microsoft could make the worlds best operating system tomorrow but what stops it are the custoemrs who demand backwards compatibility for ever and expect that all their hardware work flawlessly out of the box.
You're right, which is also why MS makes changes slowlly insted of all at once. They did take parts of the graphics system out of kernel mode and into usermode. And I think with the next version they'll probably take even more things out. Now that CPUs/GPUs and so on are so powerful, with good drivers, I beleave you won't notice the change.
Guess that's not such a bad thing after all...
Probably the PatchGuard kicking in.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.