Jump to content

Microsoft's new Kernel Patch Protection scheme sucks!

AllUltima

By AllUltima
in Windows XP

 Share

Recommended Posts

AllUltima

AllUltima

Posted
Posted

I've gotta say, Microsoft's plans for Kernel Patch Protection on Windows x64 and for Vista are aweful. It will now be impossible to modify the kernel in any way, without the system shutting down. This effectively destroys the extensibility of the operating system, because applications and drivers will now only be able to do things that Microsoft specifically provides functionality for. Virtual drive emulation will now be impossible, along with many other things that some drivers, firewalls, and antivirus software may want to do.

Daemon Tools and Alcohol 120% users are screwed. :realmad:

Update for Windows XP x64 Edition (KB914784), released June 13, 2006, enforces this new paradigm on xp x64. As of now, Microsoft has not released this update for Win32 users (YET), realizing it would break a large amount of exisiting software, but they will if they feel they can get away with it.

I recognize this does actually improve security in this area somewhat, and that why Microsoft says they're doing it. I think they are trying to usurp control away from developers so they can better police what we do. Here's what they have to say about it:

http://www.microsoft.com/whdc/driver/kerne...tpatch_FAQ.mspx :huh:

There are alternatives/compromises that could offer an upgrade of security without ruining the extensibility of the operating system. For example, a blacklist (kept safe; but user editable through a specific application or via windows update) could be used to block known malicious programs. Also, when a patch attempt is made, the user could be prompted with a box:[ app1.exe is trying to patch the kernel! "Allow" or "Block" remember my decision ], much like a firewall.

Does anyone out there agree with me on this? The people I know that i've made aware of this are disgusted by the idea after researching it. I'm trying to "raise awareness" on this issue because I hope that Microsoft will consider changing their position on the blanket banning of kernel patching if they realize that people dissapprove.

Link to comment
Share on other sites

LLXX

LLXX

Posted
Posted

Expect a workaround for this very soon after release. "If there's a will, there's a way."

M$ is certainly trying to "own" the user's machines... first WGA and now this... they always say it's for "better security". Same with the "protected audio path" and the requirement for all drivers to be signed.

Link to comment
Share on other sites
RJARRRPCGP

RJARRRPCGP

Posted
Posted (edited)

Microsoft says that any kernel patching causes Windows to treat the data as a data corruption attack and generate a fatal exception, a stop error, thus halt. :realmad:

Edited by RJARRRPCGP
Link to comment
Share on other sites
nfm

nfm

Posted
Posted

Oh thanks AllUltima for clearing this issue up, I was wondering why daemon and alcohol wouldn't work on x64 os. I guess i will remove this patch from my Update Pack. Micros*** is bunch of stupid idiots.

Expect a workaround for this very soon after release. "If there's a will, there's a way."

I hope there will be ; As a matter of fact I don't care what MS does (Vista will be a complete failure, trust me), 90% of the time I use Linux and my hacked xbox for entertainment.

Link to comment
Share on other sites
redxii

redxii

Posted
Posted
Oh thanks AllUltima for clearing this issue up, I was wondering why daemon and alcohol wouldn't work on x64 os. I guess i will remove this patch from my Update Pack. Micros*** is bunch of stupid idiots.
Daemon Tools and Alcohol would work if they didn't "patch" the kernel.

http://www.sysinternals.com/blog/2006/02/u...at-digital.html

The kernel shouldn't be f***ed with by ISVs.

Link to comment
Share on other sites
Mr Snrub

Mr Snrub

Posted
Posted (edited)
Does anyone out there agree with me on this?
Not me.

I'll take kernel security and stability over badly-coded apps any day.

It should not be necessary to modify the running OS kernel to achieve a goal, and I also like the required signing of kernel mode drivers in 64-bit versions of Windows.

Black lists would never work, as has already been alluded to "if there's a will, there's a way".

Polymorphic code with random filename generation would render a blacklist useless.

Ultimately this should force vendors to write software in a better way, and prevent a large number of bugchecks that never get resolved.

Hooking kernel code relies on either very clever coding or each version of the product will only work for a specific version of the kernel.

Edit:

Having this as an "opt-out" feature would also negate the point of the exercise - social engineering, user stupidity or plain ignorance could lead to it being disabled by malware, leaving it wide open for any kernel patching including rootkits.

This is also not a new feature - this KB article is making enhancements to the existing 64-bit kernel protection.

It is this protection that has prevented "rootkit style" code working on x64 versions of Windows.

Edited by Mr Snrub
Link to comment
Share on other sites
T D

T D

Posted
Posted

Here comes linux and mac osx86... like undeadsoldier.

I'd also take kernel security but still! It should ask "do you want ....... changes to your kernel?" sort of prompts to make it easier.

Link to comment
Share on other sites
prx984

prx984

Posted
Posted

just like the government. they take something simple, and complicate the hell out of it. so what if a person wants to modify their OS fairly extensivley? who is microsoft to start dictating to us what we can and cannot do to our own peice of software that we PAYED for. thats bull**** right there for ya. if it comes down to it, and MS makes one for XP 32bit, im either not going to install it, or just go back to win 2000 or hell, even switch to linux (god that scares the crap out me cuz i havent got a clue as to what id be doing). i really like XP, so id like to stick with it. but ****, that just makes the OS no fun.

-brian

Link to comment
Share on other sites
colemancb

colemancb

Posted
Posted

I'm not saying it's a really good thing, but it may get rid of a lot of bi-curious Linux/Windows dualbooters. Windows isn't about customization, it's about simplicity and ease of use. It's about not having to modify the core to get everything you want out of it. Linux is the exact opposite. In general, the people that use Windows for what Windows can do shouldn't really care either way, but the people that feel the need to m0d their Wind0ez as much as they possibly can should break out the Linux books.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...