feedburner
Enter your email address:

Delivered by FeedBurner


Windows 7 Architectural and Internal Security Improvements - Code Integrity

Labels:

When Windows starts up, Code Integrity (CI) verifies that system files haven’t been maliciously modified and ensures that there are no unsigned drivers running in Kernel Mode. The bootloader checks the integrity of the kernel, the Hardware Abstraction Layer (HAL), and the boot-start drivers. After those files are verified, CI verifies the digital signatures of any binaries that are loaded into the kernel’s memory space. Additionally, CI verifies binaries loaded into protected processes and the cryptography dynamic-link libraries (DLLs). CI works automatically and does not require management.

CI is an example of a detective countermeasure because it can identify that the computer was compromised after the fact. Although it is always preferable to prevent attacks, detective countermeasures such as CI enable you to limit the damage caused by the attack by detecting the compromise so that you can repair the computer. You should also have a response plan in place to enable you to quickly repair a system that has had critical files compromised.


Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

0 comments:

Post a Comment

Alltop, all the top stories
BlogMalaysia.com
All Malaysian Bloggers Project
Computer Blogs - BlogCatalog Blog Directory Add to Technorati Favorites
Technorati Profile
Top Computers blogs