Kernel Patch Protection: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 04:03, 5 April 2023 edit VulcanSphere (talk \| contribs) Extended confirmed users 22,203 edits Importing Wikidata short description: "Security feature of Microsoft Windows" Tag: Shortdesc helper ← Previous edit		Latest revision as of 02:32, 21 December 2024 edit undo GreenC bot (talk \| contribs) Bots 3,060,429 edits Reformat 1 archive link. Wayback Medic 2.5 per WP:USURPURL and JUDI batch #20
(3 intermediate revisions by 3 users not shown)
Line 2: [[Image:Kernel Layout.svg\|thumb\|200px\|The [[Kernel (operating system)\|kernel]] connects the application software to the hardware of a computer.]] '''Kernel Patch Protection''' ('''KPP'''), informally known as '''PatchGuard''', is a feature of 64-bit ([[x86-64\|x64]]) editions of [[Microsoft Windows]] that prevents patching the [[Kernel (operating system)\|kernel]]. It was first introduced in 2005 with the x64 editions of [[Windows ~~XP Professional x64 Edition\|Windows XP~~Vista]] and [[Windows Server 2003]] Service Pack 1.<ref name="KPP FAQ">{{cite web \|url=http://www.microsoft.com/whdc/driver/kernel/64bitpatch_FAQ.mspx \|title=Kernel Patch Protection: Frequently Asked Questions Line 28: \|archive-date=3 March 2016 \|url-status=dead }}</ref> Device drivers are expected to not modify or ''patch'' core system structures within the kernel.<ref name="KPP FAQ"/> However, in [[x86]] editions of Windows, Windows does not enforce this expectation. As a result, some x86 software, notably certain security and [[antivirus software\|antivirus]] programs, were designed to perform needed tasks through loading drivers that modify core kernel structures.<ref name="Introduction"/><ref name="Fathi">{{cite web \|url=https://www.theguardian.com/technology/2006/sep/28/viruses.security \|title=Antivirus vendors raise threats over Vista in Europe Line 144: Microsoft's Kernel Patch Protection FAQ further explains: {{~~quotation~~blockquote\|Because patching replaces kernel code with unknown, untested code, there is no way to assess the quality or impact of the third-party code...An examination of Online Crash Analysis (OCA) data at Microsoft shows that system crashes commonly result from both malicious and non-malicious software that patches the kernel.\|{{cite web \|url=http://www.microsoft.com/whdc/driver/kernel/64bitpatch_FAQ.mspx \|title=Kernel Patch Protection: Frequently Asked Questions \|website=[[Microsoft]] \|date=22 January 2007 \|access-date=22 February 2007}}}} ==Criticisms== Line 348: ==External links== {{usurped\|1=[https://web.archive.org/web/20070217053224/http://www.windows-now.com/blogs/robert/archive/2006/08/12/PatchGuard-and-Symantecs-Complaints-About-Windows-Vista.aspx The Truth About PatchGuard: Why Symantec Keeps Complaining]}} [https://web.archive.org/web/20061124094344/http://blogs.msdn.com/windowsvistasecurity/archive/2006/08/11/695993.aspx An Introduction to Kernel Patch Protection] *[https://web.archive.org/web/20070205155710/http://www.microsoft.com/security/windowsvista/allchin.mspx Microsoft executive clarifies recent market confusion about Windows Vista Security]