![]() Well, on 32-bit systems they may resort to patching up the kernel. So how may an Antivirus product protect against malicious software? Malicious software may not just try to do things like terminate the Antivirus processes, get rid of the Antivirus services and the actual required files for the Antivirus to work, but may also try to attack the Registry keys. There are other ways an Antivirus product may be attacked, such as with the Registry. In some cases, the malicious software may not just disable the protection of the Antivirus product, but actually attempt to uninstall the security software off the system. It would not be good if the Antivirus was attacked, leaving all the protection disabled. Self Defence is a very important thing in the Antivirus industry. My first example will be about Self Defence. But why? Well there are many priveleges to kernel-mode. Now I got that little bit of theory out the way, I can start going into why Antivirus software like to use kernel-mode drivers.Īntivirus developers love kernel-mode. This is the disadvantage of kernel mode, but what do you expect? It's running at the root access of the OS. ![]() ![]() a kernel mode driver (ring0), it will result in the whole system crashing (BSOD - Blue Screen of Death). When a crash occurs in user-mode (ring3), only that application which has/is crashing will have an affect. For example, if you opened up Google Chrome or Skype, they would be running in Ring3. Ring3 is where user-mode applications are executed. An example of a program which makes use of Ring1 is VirtualBox, it loads the guest kernel code there. ![]() This is where the code to the kernel mode drivers gets loaded (since we are talking about drivers). Instead of responding directly as a post on one of my threads, I decided to keep this as a separate thread altogether considering if someone see's this separate thread they may also be interested in what a kernel mode driver is and why Antivirus software like them.įirst up, the term "kernel mode" represents ring0. Earlier today Cole asked me a question relating to Antivirus software and Kernel Mode drivers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |