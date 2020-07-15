Microsoft is testing a new Windows 10 security measure that could neutralize a malware technique. It's called Kernel Data Protection and will protect part of a computer's memory from tampering.

The idea is to protect two key software parts of a computer: the operating system kernel and drivers. The kernel is the most central part of a system and acts a little like a central command point, deciding what the computer does at any precise moment. Meanwhile, drivers control the way the operating system communicates and interacts with hardware devices.

Within the computer's memory, the kernel is usually kept completely separate from applications, meaning rogue software can't access it. However, in some cases hackers have been able to use compromised drivers to alter the kernel code stored in the memory, opening up the possibility of installing malicious software and doing some serious damage.

Read-Only Memory The Key

Kernel Data Protection will make it possible to mark some parts of the kernel code in the memory as read-only, preventing it from being corrupted. When this happens, even Windows itself shouldn't be able to alter the kernel code.

The technique is already being tested in the Windows 10 Insider Build program that lets tech enthusiasts be the first to try out new Windows features on the understanding that they may not work as designed and could even cause technical problems.

Digital Rights Management Boosted

Microsoft says Kernel Data Protection could bring some performance benefits as well. For example, if a particular piece of data in the kernel is marked as read-only, there will be no need for software to periodically check to see if the data has changed. (Source: microsoft.com)

It could also be useful for copyright protection and software licensing. For example, the fact a file or application is licensed could be stored in the protected part of kernel memory and acts as a verification tool that can't be maliciously deleted or altered. (Source: zdnet.com)

What's Your Opinion?

Are you surprised Microsoft hasn't used this approach before? Would it make you more confident about computer security? Do you trust Microsoft to get this right?