Microsoft Denies PatchGuard Update, Kernel Hacks Link

Tuesday's update to Windows Vista's PatchGuard, a kernel protection scheme designed to keep malicious or unproven code at arm's length, had nothing to do with recent hacks of another Vista defense, Microsoft said Thursday. The update to Kernel Patch Protection (KPP), also known as PatchGuard, was issued Tuesday to Vista 64-bit users, but the description of the enhancement was inscrutable. All Microsoft said at the time was "this update adds checks to this protection for increased resiliency in Windows."

Third-party researchers filled the vacuum with speculation about the update's purpose, with much of that speculation centered on a possible connection between the update and multiple disclosures that Vista's kernel code signing defense -- another barrier Microsoft set up to protect the kernel, but separate from PatchGuard -- could be easily circumvented. Among the end-arounds was a utility written by Alex Ionescu, a Canadian college student interning this summer at Apple Inc. Ionescu's "Purple Pill" used a flawed, but legitimate and signed ATI Technologies video driver, to slip unsigned code past Vista's protection.

View: The full story
News source: PCWorld

Report a problem with article
Previous Story

Outage of Skype's VoIP service appears to be over

Next Story

Microsoft launches PC-rebuilding scheme

4 Comments

Commenting is disabled on this article.

Agreed.. I don't think this is the place to complain about Vista on. Windows XP is even worse off. Vista at least tries to move more drivers into user mode where it can more cleanly handle driver bugs than Windows XP. But if a hardware driver operating in kernel mode (like ATI's) has bugs in it, there's little the OS can do really. They've tried to help even against that case with signed drivers and the kernel protection, but obviously that becomes quite a bit harder to do efficiently.

kaiwai said,

Lets assume they went back to their own micro kernel design - would the market be willing to put up with the performance hit? would the gamers who want hight 'teh snappy' be happy to see a small performance penalty in the games for improved stability and security?

Microsoft could make the worlds best operating system tomorrow but what stops it are the custoemrs who demand backwards compatibility for ever and expect that all their hardware work flawlessly out of the box.

You're right, which is also why MS makes changes slowlly insted of all at once. They did take parts of the graphics system out of kernel mode and into usermode. And I think with the next version they'll probably take even more things out. Now that CPUs/GPUs and so on are so powerful, with good drivers, I beleave you won't notice the change.