Windows 7 Architectural and Internal Security Improvements - Windows Resource Protection

Any code that runs in Kernel Mode, including many types of drivers, can potentially corrupt kernel data in ways that surface later. Diagnosing and fixing these bugs can be difficult and time consuming. Corruption of the registry tends to have a disproportionate impact on overall reliability because this corruption can persist across reboots.

Windows Vista and Windows 7 protect system settings from corruption or inadvertent changes that can cause the system to run incorrectly or to not run at all. Windows Resource Protection (WRP), the follow-up to the Windows File Protection (WFP) feature found in previous Windows platforms, sets tight ACLs on critical system settings, files, and folders to protect them from changes by any source (including administrators) except a trusted installer. This prevents users from accidentally changing critical system settings that can render systems inoperable.

Windows Vista and Windows 7 also prevent poorly written drivers from corrupting the registry. This protection enables the memory-management feature to achieve protection the vast majority of the time, with low overhead. Protected resources include:

• Executable files, libraries, and other critical files installed by Windows.
• Critical folders.
• Essential registry keys installed by Windows.

WRP does not allow you to modify protected resources, even if you provide administrative credentials.


Source of Information : Windows 7 Resource Kit 2009 Microsoft Press