An Introduction to Kernel Patch Protection

By | August 14, 2006

There have been a lot of questions recently about a Windows technology called Kernel Patch Protection (sometimes referred to as PatchGuard) so I wanted to provide some context about the feature to help answer them. OS kernel design is a very specialized area of computer science that rarely receives a lot of public attention, so it´s understandable that there are a lot of questions out there.

The purpose of this post is to give a basic primer on Kernel Patch Protection and why it is an important technology to increase the security and reliability of Windows-based PCs.

Kernel Patch Protection monitors if key resources used by the kernel or kernel code itself has been modified. If the operating system detects an unauthorized patch of certain data structures or code it will initiate a shut down of the system.

Kernel Patch Protection does not prevent all viruses, rootkits, or other malware from attacking the operating system. It helps prevent one way to attack the system: patching kernel structures and code to manipulate kernel functionality. Protecting the integrity of the kernel is a fundamental steps in protecting the entire system from malicious attacks and from inadvertent reliability problems that result from patching.Read Full Story

Leave a Reply