内 核 补丁保 护
![本页使用了标题或全文手工转换](https://upload.wikimedia.org/wikipedia/commons/thumb/c/cd/Zh_conversion_icon_m.svg/35px-Zh_conversion_icon_m.svg.png)
![]() |
![](https://upload.wikimedia.org/wikipedia/commons/thumb/8/8f/Kernel_Layout.svg/200px-Kernel_Layout.svg.png)
“
技 术概述
[编辑]Windows
對 系統 服務 描述表 進行 修 改 或 鉤 子 (Hook)修 改 系 统调用 表 修 改 中断 描述表 修 改 全局 描述表 使用 未 由 内 核 分配 的 内 核 堆 栈修 改 或 修 补内核 本身 、硬 體 抽象 層 (HAL)或 網 絡 驅動 程 式 介 面 規範 (NDIS)内 核 库中包含 的 代 码[5]
此外,
优点
[编辑]
由 于修补程序 使用 未知 、未 经测试的代 码替换内核 代 码,无法评估第 三方代码的质量或影响。微 软对在 线崩溃分析 (OCA)数 据 的 检查表明 ,系 统崩溃经常 由 于恶意 和 非 恶意的 软件修 补内核 所 造成 。——Kernel Patch Protection: Frequently Asked Questions. 22 January 2007 [22 February 2007]. (原始 内容 存 档于2007年 3月 4日 ).
缺点
[编辑]第 三 方 软件
[编辑]赛门铁克
![](https://upload.wikimedia.org/wikipedia/commons/thumb/8/8c/Jim_Allchin_at_PDC_2005.jpeg/220px-Jim_Allchin_at_PDC_2005.jpeg)
弱点
[编辑]2006
虽说如此,
反 垄断行 为
[编辑]2006
参考 资料
[编辑]- ^ Kernel Patch Protection: Frequently Asked Questions. Microsoft. 22 January 2007 [30 July 2007]. (
原始 内容 存 档于2007-03-04). - ^ 2.0 2.1 Skywing. Introduction. PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3. Uninformed. September 2007 [20 September 2007]. (
原始 内容 存 档于2016-03-03). - ^ Schofield, Jack. Antivirus vendors raise threats over Vista in Europe. The Guardian. 28 September 2006 [20 September 2007]. (
原始 内容 存 档于2019-05-12). "This has never been supported and has never been endorsed by us. It introduces insecurity, instability, and performance issues, and every time we change something in the kernel, their product breaks." —Ben Fathi, corporate vice president of Microsoft's security technology unit - ^ Patching Policy for x64-Based Systems. Microsoft. 22 January 2007 [20 September 2007]. (
原始 内容 存 档于2010-12-16). - ^ skape. System Images. Bypassing PatchGuard on Windows x64. Uninformed. December 2005 [21 September 2007]. (
原始 内容 存 档于2016-08-17). - ^ 6.0 6.1 Skywing. Conclusion. Subverting PatchGuard Version 2. Uninformed. January 2007 [21 September 2007]. (
原始 内容 存 档于2016-03-04). - ^ 7.0 7.1 skape; Skywing. Introduction. Bypassing PatchGuard on Windows x64. Uninformed. December 2005 [20 September 2007]. (
原始 内容 存 档于2016-08-17). - ^ Skywing. Misleading Symbol Names. Subverting PatchGuard Version 2. Uninformed. December 2006 [20 September 2007]. (
原始 内容 存 档于2016-03-03). - ^ 9.0 9.1 Microsoft. Update to Improve Kernel Patch Protection. Microsoft Security Advisory (914784). Microsoft. June 2006 [21 September 2007]. (
原始 内容 存 档于2011-06-06). - ^ 10.0 10.1 Microsoft. Update to Improve Kernel Patch Protection. Microsoft Security Advisory (932596). Microsoft. August 2007 [21 September 2007]. (
原始 内容 存 档于2011-08-06). - ^ Field, Scott. An Introduction to Kernel Patch Protection. Windows Vista Security blog. Microsoft. 11 August 2006 [30 November 2006]. (
原始 内容 存 档于2010-01-24). - ^ 12.0 12.1 Allchin, Jim. Microsoft executive clarifies recent market confusion about Windows Vista Security. Microsoft. 20 October 2006 [30 November 2006]. (
原始 内容 存 档于2007-02-05). - ^ Skywing. Patching non-exported, non-system-service kernel functions. What Were They Thinking? Anti-Virus Software Gone Wrong. Uninformed. June 2006 [21 September 2007]. (
原始 内容 存 档于2016-03-04). - ^ Montalbano, Elizabeth. McAfee Cries Foul over Vista Security Features. PC World. 6 October 2006 [30 November 2006]. (
原始 内容 存 档于2007年 4月 5日 ). - ^ Symantec AntiVirus Corporate Edition: System Requirements. Symantec. 2006 [30 November 2006]. (
原始 内容 存 档于2007年 5月 15日 ). - ^ Symantec Internet Security product page. Symantec. 2011 [26 January 2011]. (
原始 内容 存 档于2020-12-17). - ^ High-performance threat protection for the next-generation of 64-bit computers. ESET. 2008-11-20 [2018-05-04]. (
原始 内容 存 档于2008-11-20). - ^ Minimum System Requirements. Trend Micro USA. [5 October 2007]. (
原始 内容 存 档于2012-02-08). - ^ AVG Anti-Virus and Internet Security - Supported Platforms. Grisoft. [5 October 2007]. (
原始 内容 存 档于2007-08-27). - ^ Jaques, Robert. Symantec and McAfee 'should have prepared better' for Vista. vnunet.com. 23 October 2006 [30 November 2006]. (
原始 内容 存 档于2007-09-27). - ^ McMillan, Robert. Researcher: PatchGuard hotfix stitches up benefit to Microsoft. InfoWorld. 19 January 2007 [21 September 2007]. (
原始 内容 存 档于2007-01-24). - ^ Notable Changes in Windows Vista Service Pack 1.
微 软. 2008 [20 March 2008]. (原始 内容 存 档于2008-05-03). - ^ Gewirtz, David. The great Windows Vista antivirus war. OutlookPower. 2006 [8 July 2013]. (
原始 内容 存 档于2013年 2月 1日 ). "The system's already vulnerable. People have already hacked into PatchGuard. System is already vulnerable no matter what. PatchGuard has a chilling effect on innovation. The bad guys are always going to innovate. Microsoft should not tie the hands of the security industry so they can't innovate. We're concerned about out-innovating the bad guys out there." —Cris Paden, Manager on the Corporate Communication Team at Symantec - ^ skape; Skywing. Bypassing PatchGuard on Windows x64. Uninformed. 1 December 2005 [2 June 2008]. (
原始 内容 存 档于2017-08-01). - ^ Skywing. Subverting PatchGuard Version 2. Uninformed. December 2006 [2 June 2008]. (
原始 内容 存 档于2016-12-06). - ^ Skywing. PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3. Uninformed. September 2007 [2 June 2008]. (
原始 内容 存 档于2017-12-06). - ^ Hines, Matt. Microsoft Decries Vista PatchGuard Hack. eWEEK. 25 October 2006 [2 April 2016].
- ^ Gewirtz, David. The great Windows Vista antivirus war. OutlookPower. 2006 [30 November 2006]. (
原始 内容 存 档于2007-09-04). - ^ Espiner, Tom. EC Vista antitrust concerns fleshed out. silicon.com. 25 October 2006 [30 November 2006]. (
原始 内容 存 档于2007年 2月 2日 ). - ^ Jones, Jeff. Windows Vista x64 Security – Pt 2 – Patchguard. Jeff Jones Security Blog. Microsoft. 12 August 2006 [11 March 2007]. (
原始 内容 存 档于2008-12-09). - ^ White, Nick. Upgrade to Next Version of Windows Live OneCare Announced for All Subscribers. Windows Vista Team Blog. Microsoft. 14 November 2007 [14 November 2007]. (
原始 内容 存 档于2008-02-01).
外部 链接
[编辑]- The Truth About PatchGuard: Why Symantec Keeps Complaining
- An Introduction to Kernel Patch Protection
- Microsoft executive clarifies recent market confusion about Windows Vista Security
- Kernel Patch Protection: Frequently Asked Questions
- Windows Vista x64 Security – Pt 2 – Patchguard
Uninformed.org
- Bypassing PatchGuard on Windows x64
- Subverting PatchGuard Version 2
- PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3
绕过
- KPP Destroyer (including source code) - 2015 (页面
存 档备份,存 于互联网档案 馆) - A working driver to bypass PatchGuard 3 (including source code) - 2008 (页面
存 档备份,存 于互联网档案 馆) - Bypassing PatchGuard with a hex editor - 2009
|
|