An Introduction to Kernel Patch Protection



Hello, I’m Scott Field, an Architect working on Windows Kernel Security. There have been a lot of questions recently about a Windows technology called Kernel Patch Protection (sometimes referred to as PatchGuard) so I wanted to provide some context about the feature to help answer them.  OS kernel design is a very specialized area of computer science that rarely receives a lot of public attention, so it’s understandable that there are a lot of questions out there. The purpose of this post is to give a basic primer on Kernel Patch Protection and why it is an important technology to increase the security and reliability of Windows-based PCs.


What is the Kernel?
The kernel is the lowest-level, most central part of a computer operating system and one of the first pieces of code to load when the machine starts up. The kernel is what enables the software of the machine to talk to the hardware and is responsible for basic OS housekeeping tasks such as memory management, launching programs and processes, and managing the data on the disk. All applications and even the graphical interface of Windows run on a layer on top of the kernel. The performance, reliability, and security of the entire computer depend on the integrity of the kernel.


You may have heard the term “rootkit” and that they can be very difficult to detect and remove.   Rootkits are a type of malicious software that can use a number of different techniques, including monitoring keystrokes, changing system log files or existing system applications, or creating a backdoor into the system to gain remote access to a computer and launch attacks. Rootkits often try to gain access to the kernel of the OS. Since the kernel has the power to control all of the other applications on the PC, the rootkit can actually hide itself from the file system or even anti-malware tools, and ultimately from view of the user.


The kernel is the most carefully coded piece of the entire operating system. Since all other programs depend upon it, a glitch in the kernel can make all other programs crash or perform unexpectedly. You’re probably also familiar with the term, “Blue Screen of Death” (BSoD). This is the result of an error in the kernel or in a driver running in the kernel that is so severe that the system can’t recover from it. The BSoD is bad, so we want to do everything we can to keep customers from seeing it. One of the ways we can do that is to maintain the integrity of the kernel by restricting what software is allowed to run in and interact with it.


What is Kernel Patching?
“Kernel patching” or “kernel hooking” is the practice of using unsupported mechanisms to modify or replace kernel code. Patching fundamentally violates the integrity of the Windows kernel and is undocumented, unsupported and has always been discouraged by Microsoft.  Kernel patching can result in unpredictable behavior, system instability and performance problems—like the Blue Screen of Death–which can lead to lost user productivity and data.  More importantly, kernel patching has increasingly become a mechanism used by malware developers to attack Windows systems. 


Motivations for patching the kernel vary widely. Anti-malware vendors, for example, may intercept system calls to prevent applications they have deemed malicious from creating processes on the system. The goals of these types of software are obviously laudable but these practices also may cause reliability and performance problems. The greatest risk from kernel patching comes from virus and spyware writers that use this technique with malicious intent and to hide their presence.  


Malware authors are motivated to patch the kernel because it is a powerful mechanism for attacking the user’s PC and data. Patching can be used to implement rootkits, which also hide the presence of other malware on the system. This form of malware can be extremely potent—for example, allowing the capture of banking passwords and monitoring of all user activities. 


What is Kernel Patch Protection?
There are many brand new security features in Windows Vista, but Kernel Patch Protection is actually not one of them. Kernel Patch Protection was first supported on x64 (AMD64 and Intel EMT64T) CPU architecture versions of Microsoft Windows including Microsoft Windows Server 2003 SP1 and Windows XP Microsoft Windows XP Professional x64 Edition. (Patch protection is currently not supported on x86 or ia64 architectures.) Though, as the use of 64-bit computers is increasing, Windows Vista users will end up benefiting most from this technology.


Kernel Patch Protection monitors if key resources used by the kernel or kernel code itself has been modified. If the operating system detects an unauthorized patch of certain data structures or code it will initiate a shut down of the system. 


Kernel Patch Protection does not prevent all viruses, rootkits, or other malware from attacking the operating system.  It helps prevent one way to attack the system: patching kernel structures and code to manipulate kernel functionality. Protecting the integrity of the kernel is a fundamental steps in protecting the entire system from malicious attacks and from inadvertent reliability problems that result from patching.


Impacts on Application Compatibility
Kernel Patch Protection may impact compatibility of some legitimate software, on x64 systems,
which were built using unsupported kernel patching techniques. Microsoft is sensitive to how application compatibility changes impact our customers and our partners. That is the reason that we have implemented this technology on x64 systems only. As customers adopt the x64 platform, and new native 64-bit software, we have the opportunity to build a more secure and reliable next generation platform that does not facilitate unsupported and unreliable practices such as kernel patching.


We have also been asked to provide a supported way for ‘known good’ vendors to continue hooking the kernel but prevent others from doing so.  Unfortunately, there is no reliable mechanism for us to distinguish between ‘known good’ software and malicious software.  Moreover, we cannot prevent a malicious software author from “bundling” purportedly good software in an attempt to thwart the system.  Even if we could include such a mechanism, it’s unclear if we could use this mechanism to selectively allow kernel hooking in a manner that provides an acceptable trade off between performance and reliability and security. Furthermore, creating such an exception would greatly hamper the ability to utilize hardware assisted security technology, such as a virtual machine hypervisor, to further improve the integrity of the operating system.


Alternatives to Kernel Patching
Clearly, customers demand effective security solutions, and they can be developed without relying on kernel patching techniques. Some of the alternatives to kernel patching are:



  • Windows Vista includes the “Windows Filtering Platform“, which enables software to perform network oriented activities such as packet inspection and other activities necessary to support firewall products.
  • The file system mini filter model allows software to participate in file system activities, which can be used by Anti-Virus software.
  • Registry notification hooks, introduced in Windows XP, and recently enhanced in Windows Vista, allow software to participate in registry related activities in the system.

These solutions were designed with reliability and long term supportability in mind, and also provide a means for multiple products to co-exist without the conflicts that kernel patching could cause. We have been working with our security partners and other types partners for almost 2 years to assist them in making their solutions compatible with our current x64 architecture—and we are working with them even more closely as the Windows Vista launch approaches. If your application or driver must perform a task that you believe cannot be accomplished without patching the kernel, contact your Microsoft representative or msra@microsoft.com for help in finding a documented alternative.


It’s important to note that Kernel Patch Protection applies uniformly to Microsoft products as well as third party products.  No code is allowed to modify the kernel using unsupported patching techniques. Security products developed by Microsoft only have access to the same supported interfaces that any other vendor would use.


In Conclusion
Since Microsoft announced our Trustworthy Computing initiative, helping to ensure the security of our customers has been one of our primary goals as an organization. Part of this is ensuring a rich ecosystem of powerful security products that will reduce the threats from malware and other types of attack. We would not develop a technology designed to lessen the security of our customers or weaken the security of the Windows platform.


We will continue to work with security partners to help them make their current and future products compatible with Kernel Patch Protection and the new security investments that we have made in Windows Vista.


More information on Kernel Patch Protection is available at these locations and we will update the post as more resources become available.


·         Patching Policy for x64-Based Systems


·         Kernel Patch Protection: Frequently Asked Questions


·         Kernel Enhancements for Windows Vista and Windows Server “Longhorn”


·         Microsoft Windows Vista Security Advancements [Word Document]


 


Scott Field


Comments (284)

  1. Symantec has definitely been the target of my wrath as of late, and the time has now come to address…

  2. Symantec has definitely been the target of my wrath as of late, and the time has now come to address…

  3. Luca says:

    I hope kernel patch protection in Vista will be also avaible for x86 systems.

  4. Jeff Smith says:

    It would be nice if the end user could opt out.  Sometimes I like running 3rd party program made by independent developers.  It would be nice to have the option.  Don’t get me wrong I think patchguard should be enabled be default.  I just like the ability to choose.

  5. Luca says:

    My thoughts:

    * UAC should not be optional otherwise a malware can disable it. UAC should be hard coded enable!

    * Kernel Patch Protection should not be optional otherwise a malware can disable it.

  6.  

    NOTE:  I know this is a long post.  If you don’t want to read all the details…

  7. KK says:

    Quote: "Registry notification hooks, introduced in Windows 2000".

    Is this correct? To my understanding they were introduced in Windows XP. Could you clarify this statement, please.

  8. db says:

    What is "registry notification hooks"? Google finds only 2 pages with this phrase including this one.

  9. Fred says:

    Would it be possible to give a little bit more information about the TPM module supported by vista and the available librairies to access that TPM (f.e. how to access the platform integrity metrics) ?

    Thanks in advance for any pointer at that level.

  10. UAC says:

    KK & db: Thanks for your questions about Kernel patch protection:

    KK is correct that these were introduced in Windows XP. The blog has been updated.

    Db, there is a page on MSDN that was not showing up for some reason. The link is here http://msdn.microsoft.com/library/default.asp?url=/library/en-us/Kernel_r/hh/Kernel_r/drvrrtns_988f8f3d-4ee8-4351-8fc0-703a88bd8421.xml.asp. We will be releasing an updated version of that doc (to include the significant registry filtering enhancements in Windows Vista) in coordination with Windows Vista RC1, so stay tuned.

  11. I’ve been playing around with Vista a lot as well as doing a lot of reading about it.  More and…

  12. I was just looking at Jeff Jones’ security blog and noticed this post where he links to a new blog addressing…

  13. gmkernel@gmail.com says:

    I’d appreciate if there would be a documented way to disable/enable Patch Guard, like driver signing policy currently implemented. Or user was just notified about kernel mofication instead of BSOD…. Anyways, solutions to disable/re-enable Patch Guard already exist. These solutions rely on undocumented features and internal kernel symbols and I agree that it may appear difficult to support such a solution for commercial software, but malware and Trojans still can use it. So MR Field, do you really think that Patch Guard really improves kernel security? Yes, you can rewrite Patch Guard implementations one more time (first Patch Guard implementation was as easy to disable as patching KeBugCheckEx) and this definitely will add some work to researchers and hackers but I think you understand that this is just impossible to create ubreakable solution.

  14. Carol says:

    Hi Scott.  You say that

    "Kernel Patch Protection monitors if key resources used by the kernel or kernel code itself has been modified. If the operating system detects an unauthorized patch of certain data structures or code it will initiate a shut down of the system."

    To me it sounds like this would result in anyone being able to write a program to crash the system!

    It seems to me to be a reactionary approach rather than a preventive approach . . . what you should want to do is to make it impossible for anyone to modify the kernel and system data structures.  Since the kernel is responsible for memory management, it should be able to restrict areas of memory that a program can access.  As a matter of fact, there shouldn’t be any reason for a program to have to access any area of memory not allocated to it by the kernel.  If it is necessary for a program to access system data structures, this should be controlled by the kernel by using procedure calls to the operating system, not by direct access.  I’m not a Windows programmer, so I don’t understand why it’s necessary for ANY program to have to be able to run in kernel mode.  Maybe someone can explain that to me some day. . .

  15. Web Resources

     

    [SQL Server and Data Access] 2006 PASS Community Summit: Microsoft SQL…

  16. I have finally got my outlook unread messages down to zero. There are 1229 Messages in my deleted Items…

  17. Paul says:

    See Skywing’s analysis of current antivirus software incorrectly patching the windows kernel at http://www.uninformed.org/?v=4&a=4&t=sumry to realise why  PatchGuard is a good idea.

  18. Tony says:

    IT THE KERNEL CODE IS BROKEN WHO WILL TAKE THE CAN – MICROSOFT OR THE CUSTOMER?

    SHOULD WE LEAVE VISTA ALONE?

  19. Phill Hallam-Baker says:

    I would like Microsoft to go further and provide a ‘kernel restoration kit’ to allow people to quickly restore kernels that have been patched by AV software.

    The problem is that most machines are shipped with AV software today so the kernel has already been attacked by the time the user receives it.

    I want that software off my machine, but getting rid of it is harder than you might think.

    The impact that AV software has on a machine is significant, the security protection negligible. Thats right, they just do not work. They worked in the pre-broadband era when viruses were slowing moving from address book to address book, they don’t work any more.

    A much more effective strategy is to install a cheap firewall and have executable stripping in the mail system to scrub out malicious downloads.

  20. ASB says:

    Great article, Scott.

    I agree that starting with the x64 codebase is the best way to add the functionality, while leaving backwards compatibility in the 32bit space.

    And I prefer my OS to be resilient before 3rd party code gets into play.

  21. Otherwise known as Vista vs the Selfish Security Vendors: Part Two … Here’s a follow-up to my earlier

  22. Recently some security software companies had heavily criticised Microsoft approached to secure Vista…

  23. Shane O'Neill says:

    Microsoft is releasing it’s own (non-free) virus software.  At the same time, they’re denying a much-used method of allowing complete system monitoring to competing securty software manufacturers.  Leverage.  All this crap about MS products only having the same API to use as 3rd party code can’t be true.  How does MS intend to patch the kernel then?  Does this mean that any securuty breaches in the kernel can never be corrected?  If they can be fixed, is this then possible using the API they say is also open to 3rd party code?  I don’t think so.

    Smells like a lot of marketing with a very small sprinkling of technobabble to keep the other morons posting here happy.

    I don’t see Vista having an easy time in Europe.  Convivted anti-competitive company blocking competition is such an overtly way.

    Lie the big lie I suppose, as Hitler wrote in "Mein Kampf".

  24. white says:

    Anyone who can tell me, how to attach to the harddisk driver stack? My driver use IoAttachDevice to filter "DeviceHarddisk0Partition0". But it can not run well in Vista.

  25. booooring says:

    After 20 years of 386 and "protected mode" you came up with this stupidity… Go and write kernel as it should be done for ages. Minimum ring 0 code, third party code only on ring 3, including drivers.

    PS: Ring switch performance is not your problem, i/amd will solve it shortly.

  26. Otherwise known as Vista vs the Selfish Security Vendors: Part Two … Here’s a follow-up to my earlier

  27. Manoj Abraham says:

    Please refer to the following link. The article is skeptical. But is it fair that Microsoft is becoming an island as far as security is concerned. Is a consensus among security organizations and vendors is lacking?

    http://www.frontline.in/fl2321/stories/20061103002303800.htm

  28. Yuhong Bao says:

    >After 20 years of 386 and "protected mode" you came up

    >with this stupidity… Go and write kernel as it should be

    >done for ages. Minimum ring 0 code, third party code only

    >on ring 3, including drivers.

    BTW, this is called a "microkernel" architecture.

    Or, if you are willing to satifice portablity (NT can’t, but…) , you can use ring 1 and ring 2 as apporate.

  29. Uma das polêmicas que mais agitaram o mercado de tecnologia foi em relação ao acesso ao kernel do Windows

  30. billys says:

    Hello! I am Billy Johnson Nice design. Enjoy! Good site! OK. 0n79p7k .

  31. It will be really helpfull to my new system . Kernel Patching Protection can remove 3rd party protection use hope so…………

  32. Joan says:

    I’m new and I’m frustrated and I have no where else to go.  My laptop was stolen and I had to buy a new one.  It never occured to me that I would buy one with a Windows Operating system that caused so many issues with programs that ran great on other versions.  When I contacted the Mfg. to ask how to replace the operating system with XP I was told that the computer would not function correctly with anything but VISTA.  Good for the VISTA maker but bad for someone like me that travels and simply wants to be able to VPN into my office.  

    I even went back to return the thing the very next day and was told I would have to pay a 15% restocking fee.

    So here I sit with a computer that is worthless to me, with an operating system I didn’t care about or want.  What a RIP!

  33. Kevin says:

    Hi all , very nice site! Thank You !

  34. BitLocker Drive Encryption BitLocker Drive Encryption BitLocker Drive Encryption Frequently Asked Questions

  35. ... says:

    Luogo molto buon:) Buona fortuna!

  36. ... says:

    pagine piuttosto informative, piacevoli =)

  37. ... says:

    9 su 10! Ottenerlo! Siete buoni!

  38. ... says:

    Stupore! ho una sensibilit molto buona circa il vostro luogo!!!!

  39. Zyrtec Uses, How Taken, Warnings/Precautions, Missed Dose, Possible Side Effects, Storage, Overdose, More Information, where to buy online.

  40. shopautodotcaseocontest says:

    thanks, i had some problems with my kernel not too long ago.

  41. ip4smpzwtk says:

    z1eknd41i5z4 <a href = http://www.695497.com/139030.html > 43nbk8kumd </a> [URL=http://www.523603.com/343929.html] p7xsane5p [/URL] l4xq6kr8slaj

  42. Ricky Lelis says:

    Hello, article is interesting. My work friends read too – Great. Keep up! good work! Greetings, Ricky Lelis

  43. Mike Cinit says:

    I agree! nice article. Maybe too little for professional but quite good for me!! THANKS !!

  44. – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]

  45. – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]

  46. – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]  – [URL= ]  [/URL]

  47. Ann says:

    Thanks for this really interesting post. It appears really helpful for me. I would like to ask you if I could translate it and include it in our page, also with link to your page. Alternatively I would like to put link to your page on my section with interesting articles. If it would be possible to put this link on my page please email me. One more time thanks for really great article. Greetings  

  48. Thanks for very interesting article. btw. I really enjoyed reading all of your posts. It’s interesting to read ideas, and observations from someone else’s point of view… makes you think more. So please keep up the great work. Greetings.

  49. Hausschuhe says:

    I think these blog is really useful for new comers and Excellent resource list.

    It´s a very interesting Blog and simple answer of many questions.

    Keep up the good work!

    Thanks it helps me a lot…

  50. So I am reading a lot of stories that seem to have confused, or incorrectly aligned, Windows Vista driver

  51. So I am reading a lot of stories that seem to have confused, or incorrectly aligned, Windows Vista driver

  52. Thanks for very interesting article. btw. I really enjoyed reading all of your posts. It’s interesting to read ideas, and observations from someone else’s point of view… makes you think more. So please keep up the great work. Greetings.

  53. TO OPT OUT says:

    i agree with what some dude said before…you should have the ability to opt out of the kernel protection because sometimes i have to use third party programs that were developed by independent developers. For example, back in my windows xp computer, i used to use UCE’s (undetected cheat engines) a lot, and now on my vista laptop, everytime i even open a UCE, it gives me the blue screen of death…not cool man. =/

  54. Thanks for very interesting article. btw. I really enjoyed reading all of your posts. It’s interesting to read ideas, and observations from someone else’s point of view… makes you think more. So please keep up the great work. Greetings.

  55. genital warts cure says:

    <a href="http://www.nomorewart.com/">genital warts cure</a>

  56. Fotka Randki says:

    Hello

    Nice one. good explanation of the topic

    Greetings

  57. gola tasche says:

    Great post. I have a constant battle with clients that have all these great ideas on design and want them implemented even though I try to tell them this will make it very difficult for a visitor to figure out and navigate the site.

  58. Thanks for very interesting article. btw.

    I really enjoyed reading all of your posts.

    It’s interesting to read ideas, and observations from someone else’s

    point of view… makes you think more. So please keep up the great work.

    Greetings.

  59. Rollo says:

    This is the kind of thing that can only work if an app is really “sticky” even for the first users of the system. And it’s true, you can benefit from use of a social bookmarking system without needing anyone else to participate, but each added participant makes the whole system more valuable. This recognition that personal value precedes network value is now commonly being referred to as the Del.icio.us Lesso

  60. Rollo says:

    If you don’t want to post adsense ads,i think you can try some affiliate programs to earn some money,may be Amazon’s book affiliate program more better to your blog.You are good blogger who can consider visiters feeling.

  61. Toner says:

    How about running a Favicon Ads Page on your site. Similar to the million dollar web site where you buy a pixel for one dollar, for a small fee (just a suggestion – £5) you can have your favicon displayed there for the lifetime of this site for all the world to see. As your site stats are impressive its a great way for others to promote their site and for you to generate some income to fund your book

  62. Party says:

    this is a great party – here is the Party king

  63. Eiweiss says:

    Thanks for very interesting article. btw. I really enjoyed reading all of your posts. It’s interesting to read ideas, and observations from someone else’s point of view… makes you think more. So please keep up the great work. Greetings.

  64. Lampen says:

    This site is interesting and very informative

  65. I don’t see Vista having an easy time in Europe.  Convivted anti-competitive company blocking competition is such an overtly way.

  66. Plissee says:

    These solutions rely on undocumented features and internal kernel symbols and I agree that it may appear difficult to support such a solution for commercial software, but malware and Trojans still can use it. So MR Field, do you really think that Patch Guard really improves kernel security?

  67. Plissee says:

    Symantec has definitely been the target of my wrath as of late, and the time has now come to address…

  68. The impact that AV software has on a machine is significant, the security protection negligible. Thats right, they just do not work. They worked in the pre-broadband era when viruses were slowing moving from address book to address book, they don’t work any more.

  69. The impact that AV software has on a machine is significant, the security protection negligible. Thats right, they just do not work. They worked in the pre-broadband era when viruses were slowing moving from address book to address book, they don’t work any more.

  70. Thanks for this really interesting post. It appears really helpful for me. I would like to ask you if I could translate it and include it in our page, also with link to your page. Alternatively I would like to put link to your page on my section with interesting articles. If it would be possible to put this link on my page please email me. One more time thanks for really great article. Greetings  

  71. Toner says:

    How about running a Favicon Ads Page on your site. Similar to the million dollar web site where you buy a pixel for one dollar, for a small fee (just a suggestion – £5) you can have your favicon displayed there for the lifetime of this site for all the world to see. As your site stats are impressive its a great way for others to promote their site and for you to generate some income to fund your book

  72. Toner says:

    So in my opinion your priority hormes must be to “work for IE.sequent gregariousness”. “Train internal Microsoft folks on black flags” is a nice wise as dexterously, except, I aspire following Chris Wilson is single who’s dedicated to commutatives, and that’s what counts.

  73. I’d weigh in with a strong vote a Rollo towards bridging gaps between the browser vendors and working towards a more consistently rendering platform and experience for developers. Veerle also hit my second point of ire right on the Rollo head- the Office/Outlook team is sorely in need of some standardista schooling, given the poor state of HTML email today. Go get ‘em, Molly! Thanks for fighting the good fight.

  74. By the way: application/xhtml+xml would be nice in IE 8 (Next), at all, in my opinion their definite last fair expectation is IE 9 (past a time Next).

  75. Tmbuk2 says:

    I hope kernel patch protection in Vista will be also avaible for x86 systems. Its a must for me…

  76. Webdesign says:

    Nice article and very helpfull.

    THX

  77. Yes it´s always the same. It´s so hard to protect all. But thanks for this article. Interesting to read.

  78. Thanks for this article. It will help me with my new system. Kernel Patching Protection can remove 3rd party protection use

  79. yellowpages says:

    Wonderful Article i enjoyed reading it, thanks for sharing with us!

  80. Gratis SMS says:

    Nice one. good explanation of the topic

  81. Webdesign says:

    The Articel was very interesting and helpfull. And now i will see, how can i use this new informations in my projects and systems…

  82. mitchel says:

    Tanks a lot for this great article.

  83. Yes! Thanks a lot! Very important!

  84. zx says:

    better of without a firewall. securing the pc -to-much- makes users look like they have something to hide. in my humble opinion.

  85. Thanks for this article. It will help me with my new system. Really Great!

  86. oyun says:

    Train internal Microsoft folks on black flags” is a nice wise as dexterously, except, I aspire following Chris Wilson is single who’s dedicated to commutatives, and that’s what counts

  87. Jeff says:

    Interesting post, Ill be checking back to see how this issue progresses

  88. mersin says:

    Thanks for sharing your feedback! If your feedback doesn’t appear right away, please be patient as it may take a few minutes to publish – or longer if the blogger is moderating comments.

    Leave a Comment

  89. oyun says:

    Thanks for sharing your feedback! If your feedback doesn’t appear right away, please be patient as it may take a few minutes to publish – or longer if the blogger is moderating comments.

    Leave a Comment

  90. video says:

    Thanks for sharing your feedback! If your feedback doesn’t appear right away, please be patient as it may take a few minutes to publish – or longer if the blogger is moderating comments.

    Leave a Comment

  91. kral oyun says:

    I agree this article is very helpful. I have been reading about how to improve mt article writing, but it would be nice if I actually had some visitors which left some input. I think that could help me to improve my blog..

  92. Faltrollo says:

    I think it is a good beginning for the protection of data and the operating system and makes it harder attackers!

  93. Kunst says:

    There are many useful informations. Thanks and greetings from Thuringia!

  94. Kunstforum says:

    There are many useful informations in this article. Thanks and greetings from Thuringia!

  95. There are many useful informations! Thanks!

  96. Nice constribution. Thank you and greets from germany!

  97. Thanks for the imporatant Infos. Greeting from Pab Passivhaus and Passivhäuser

  98. There are many useful informations in this great article…I really enjoy reading the whole blog that you write.  Thanks!

  99. raffyman says:

                    I have been reading about how to improve mt article writing, but it would be nice if I actually had some visitors which left some input. I think that could help me to improve my blog..              

  100. Good article! thank! Greating! mm Markisen

  101. Schwimmer says:

    Wow, that is a lot of information to the kernel. That knew everything I did not.

  102. Nick says:

    How are you supposed to make patches for the kernel if you can’t get access to it’s source code? And, y’know, linux can HOT SWAP modules to modify it’s kernel without compromising stability. You can even modify existing ones to your needs. If you need something that can be secure and do all of this stuff, WHY ARE YOU USING PROPRIETARY SOFTWARE?

  103. I’m still scratching my head…

  104. I wonder why….<a href="http://www.seslichatciler.com&quot; title="sesli chat sesli sohbet">sesli chat sesli sohbet</a><a href="http://www.seslichatciler.com&quot; title="sesli chat">sesli chat</a><a href="http://www.seslichatciler.com&quot; title="sesli sohbet">sesli sohbet</a>

  105. Lifestyle says:

    Thanks a lot – a really informational article about Vista Security.

  106. Wow I like your vista kernel patch article very much.

  107. anonymous says:

    thanks for the article very usefull.

    Kernel patching is an unbelivably good technique.

  108. Marketing says:

    Interesting story about Kernel Patching.

    Thanks!

  109. Cool and excellent article it’s realy helpful. Thank you

  110. Alex says:

    Interesting names, marketing, markise, ….

  111. sony-alpha says:

    Thank you very much .

    this site has provided me with an understanding of ….., It’s just what I was looking for!

  112. Seamus says:

    Being a Kaspersky user I just found out this mechanism breaks keylogger detection in Vista.

    Is MS going to provide similar capability in the future for detecting keyloggers?

    Keyloggers are a very popular hack these days.

  113. Natinka says:

    Great job.

    Special thanks from me.

  114. مقالة رائعة جدآ شكرآ لك .

    Thanks

  115. <a href="http://www.seo-reklam.com">adtech ile reklam 2.0 dönemi başlıyor ve Trkycmhrytllbtpydrklcktr r10.net seo yarışması</a>

  116. <a href="http://www.seo-reklam.com">adtech ile reklam 2.0 dönemi başlıyor ve Trkycmhrytllbtpydrklcktr r10.net seo yarışması</a>

  117. <a href="http://www.seo-reklam.com">adtech ile reklam 2.0 dönemi başlıyor ve Trkycmhrytllbtpydrklcktr r10.net seo yarışması</a>

  118. shopping says:

    This is another reason why I enjoy Linux, as you can get multiple kernels on the same OS and so, if anything goes wrong with a particular kernel (usually not because of a security problem, but perhaps a bug which is fixed speedily anyway) you can just use one of the other kernels on your system and either sort the problem out or wait the 15 hours for the new update to come through. I know it’s irritating when people come to these forums to talk of another OS, but I only say this as a way of putting in some sort of suggestion to MS.

  119. tuscany says:

    Really interesting article I like it. Best wishes from tuscany

  120. Ulrike says:

    Very interesting an informative article – Great job, thank you!

  121. Buspar vs zanax. Buspar. Buspar buspar effexor.

  122. autogas says:

    Nice vista security article, it was interesting to read it. Thank you.

  123. Acai Berry says:

    I think eventually microsoft will have self updating patches for the kernel, kind of like sfc but ran as a system process.

  124. Computer Help says:

    Really great information, has given me an idea for a blog of my friends.

  125. Dexter says:

    This is just a promotion for Windows Vista,

    the Kernel issue is "case hopeless"

    a whole new strategy for building a new kernel and dumping the old one would maybe solve the problem.

  126. Dexter says:

    But it seems like they came up with something about it though, this is the start , you can never know where it will land

  127. film izle says:

    I think eventually microsoft will have self updating patches for the kernel, kind of like sfc but ran as a system process.

  128. Jenny says:

    A great article and very helpul tips about Patch Protection.

    Thanks