Vista: block Rootkit attacks on the operating system core

Last Thursday, Microsoft security expert Joanna Rutkowska announced that Vista has just been built with the latest functionality, capable of blocking rootkit attacks on the operating system core. She was the one who launched the strategy of the new anti-rootkit protection program for Windows Vista last summer.

In the 64-bit version of Vista, all kernel-mode drives must be digitized, a move from previous versions of Windows. Previous Windows versions are recommended for drives, but not required. This summer, security expert Rutkowska, who worked with security firm COSEINC in Singapore, pointed out that there are attacks that allow drives to not directly access Vista's kernel. If this technique is exploited by hackers, they will drop rootkits into the new operating system.

However, Release Candidate 2 (RC2) beta of 64-bit Vista was able to block this attack.

' Vista RC2 can now block write access to raw disk sectors in applications for users, even if they are enforced with high administrative privileges ,' Rutkowska wrote in his blog.

Although Vista blocks the attack, the technique Microsoft uses to deflect the exploit is a spontaneous error. Disabling write access to raw disk sectors in Vista's user model 'is not the only cause for incompatibility problems but is not really a solution to the problem'.

She said these legal and digital markers could be hacked and used by cybercriminals in attacks to build rootkits and other malware on Vista machines. 'Nothing can prevent a hacker' borrowed 'the marker and use it to perform the attack. There is no wrong in the drive, so there is no reason to recall or cancel the drive symbol. '

Rutkowska is known for creating the 'Blue Pill' technique, now included in virtualization technology based on the use of hardware from Intel and AMD. This technique creates extremely dangerous malware, which can hijack a server's operating system.