Kernel Patch Protection: Difference between revisions

[[Image:Kernel Layout.svg|thumb|200px|The [[Kernel (computeroperating sciencesystem)|kernel]] connects the application software to the hardware of a computer.]]

'''Kernel Patch Protection''' ('''KPP'''), informally known as '''PatchGuard''', is a feature of 64-bit ([[x86-64|x64]]) editions of [[Microsoft Windows]] that prevents patching the [[Kernel (computeroperating sciencesystem)|kernel]]. It was first introduced in 2005 with the x64 editions of [[Windows XP Professional x64 Edition|Windows XP]] and [[Windows Server 2003]] Service Pack 1.<ref name="KPP FAQ">{{cite web

"Patching the kernel" refers to unsupported modification of the central component or [[Kernel (computer science)|kernel]] of the Windows operating system. Such modification has never been supported by Microsoft because, according to Microsoft, it can greatly reduce system security, reliability, and performance.<ref name="KPP FAQ"/> Although Microsoft does not recommend it, it is possible to patch the kernel on [[x86]] editions of Windows; however, with the x64 editions of Windows, Microsoft chose to implement additional protection and technical barriers to kernel patching.

However, because of the design of the Windows kernel, Kernel Patch Protection cannot completely prevent kernel patching.<ref name="skape"/> This has led to criticism that since KPP is an imperfect defense, the problems caused to antivirus vendors outweigh the benefits because authors of [[malware|malicious software]] will simply find ways around its defenses.<ref name="Samenuk"/><ref name="Gewirtz"/> Nevertheless, Kernel Patch Protection can still prevent problems of system stability, reliability, and performance caused by legitimate software patching the kernel in unsupported ways.