Kaspersky

Kaspersky regards the Kernel Patch Protection introduced in 64-bit Windows Vista as a joke. Alisa Shevchenko, Virus analyst, Kaspersky Lab, claims that PatchGuard can “hardly be viewed as providing serious protection against rootkits.” In this context, Kaspersky has revealed that the Windows Vista kernel, for 64-bit platforms only, is just “allegedly” immune to modifications. “It is, by its very nature, vulnerable, as is demonstrated by the existence of documented methods for disabling protection. The major vulnerability within PatchGuard is architectural: the code which ensures protection is executed at the same level as code which it is both designed to protect, and to protect against. This protection has the same rights as a potential attacker, and can be evaded or disabled. Ways in which PatchGuard can be exploited or disabled are already known,” explained Shevchenko. ...