Windows 10 May Get Key Security Boost
Microsoft is testing a new Windows 10 security measure that could neutralize a malware technique. It's called Kernel Data Protection and will protect part of a computer's memory from tampering.
The idea is to protect two key software parts of a computer: the operating system kernel and drivers. The kernel is the most central part of a system and acts a little like a central command point, deciding what the computer does at any precise moment. Meanwhile, drivers control the way the operating system communicates and interacts with hardware devices.
Within the computer's memory, the kernel is usually kept completely separate from applications, meaning rogue software can't access it. However, in some cases hackers have been able to use compromised drivers to alter the kernel code stored in the memory, opening up the possibility of installing malicious software and doing some serious damage.
Read-Only Memory The Key
Kernel Data Protection will make it possible to mark some parts of the kernel code in the memory as read-only, preventing it from being corrupted. When this happens, even Windows itself shouldn't be able to alter the kernel code.
The technique is already being tested in the Windows 10 Insider Build program that lets tech enthusiasts be the first to try out new Windows features on the understanding that they may not work as designed and could even cause technical problems.
Digital Rights Management Boosted
Microsoft says Kernel Data Protection could bring some performance benefits as well. For example, if a particular piece of data in the kernel is marked as read-only, there will be no need for software to periodically check to see if the data has changed. (Source: microsoft.com)
It could also be useful for copyright protection and software licensing. For example, the fact a file or application is licensed could be stored in the protected part of kernel memory and acts as a verification tool that can't be maliciously deleted or altered. (Source: zdnet.com)
What's Your Opinion?
Are you surprised Microsoft hasn't used this approach before? Would it make you more confident about computer security? Do you trust Microsoft to get this right?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
This would be nice.
For once Microsoft actually looking out for the safety/security of THEIR PAYING CUSTOMERS.
Are you surprised Microsoft
Are you surprised Microsoft hasn't used this approach before? yes
Would it make you more confident about computer security? yes
Do you trust Microsoft to get this right? NO!!!!!!!!!!!!!!
I would love to have your take on this Dennis
Dennis,
Being on the front line, I was wondering what your take is on this?
Kernal Protection?
sounds more like "protect our stuff from pirates" to me. if even Windows can't modify these areas, how are they changed for new apps and devices and drivers? this sounds like another duplication of the Android system whereby everything that controls the computer is safely protected against that nasty old purchaser of the opsys. how long would it be before someone learns how to "jailbreak" this opsys?
as for Digital Rights Management Boosted, again it sounds like this is to protect against those would use the software and/or media without paying Microsoft for it. this is hardly for the sake of the paying customer. more like for the sake of Microsoft.