Windows 10 May Get Key Security Boost

John Lister's picture

Microsoft is testing a new Windows 10 security measure that could neutralize a malware technique. It's called Kernel Data Protection and will protect part of a computer's memory from tampering.

The idea is to protect two key software parts of a computer: the operating system kernel and drivers. The kernel is the most central part of a system and acts a little like a central command point, deciding what the computer does at any precise moment. Meanwhile, drivers control the way the operating system communicates and interacts with hardware devices.

Within the computer's memory, the kernel is usually kept completely separate from applications, meaning rogue software can't access it. However, in some cases hackers have been able to use compromised drivers to alter the kernel code stored in the memory, opening up the possibility of installing malicious software and doing some serious damage.

Read-Only Memory The Key

Kernel Data Protection will make it possible to mark some parts of the kernel code in the memory as read-only, preventing it from being corrupted. When this happens, even Windows itself shouldn't be able to alter the kernel code.

The technique is already being tested in the Windows 10 Insider Build program that lets tech enthusiasts be the first to try out new Windows features on the understanding that they may not work as designed and could even cause technical problems.

Digital Rights Management Boosted

Microsoft says Kernel Data Protection could bring some performance benefits as well. For example, if a particular piece of data in the kernel is marked as read-only, there will be no need for software to periodically check to see if the data has changed. (Source: microsoft.com)

It could also be useful for copyright protection and software licensing. For example, the fact a file or application is licensed could be stored in the protected part of kernel memory and acts as a verification tool that can't be maliciously deleted or altered. (Source: zdnet.com)

What's Your Opinion?

Are you surprised Microsoft hasn't used this approach before? Would it make you more confident about computer security? Do you trust Microsoft to get this right?

Rate this article: 
Average: 5 (10 votes)

Comments

FreedomisnotCONTROL's picture

For once Microsoft actually looking out for the safety/security of THEIR PAYING CUSTOMERS.

buzzallnight's picture

Are you surprised Microsoft hasn't used this approach before? yes
Would it make you more confident about computer security? yes
Do you trust Microsoft to get this right? NO!!!!!!!!!!!!!!

pctyson's picture

Dennis,
Being on the front line, I was wondering what your take is on this?

russoule's picture

sounds more like "protect our stuff from pirates" to me. if even Windows can't modify these areas, how are they changed for new apps and devices and drivers? this sounds like another duplication of the Android system whereby everything that controls the computer is safely protected against that nasty old purchaser of the opsys. how long would it be before someone learns how to "jailbreak" this opsys?

as for Digital Rights Management Boosted, again it sounds like this is to protect against those would use the software and/or media without paying Microsoft for it. this is hardly for the sake of the paying customer. more like for the sake of Microsoft.