Safe Unlinking in the Kernel Pool

Windows 7 includes low-level integrity checks not included with earlier versions of Windows to reduce the risk of overruns. Malware frequently uses different types of overruns to run elevated privileges and code without the user’s consent. Essentially, Windows 7 double-checks the contents of memory in the pool—a portion of memory that applications use temporarily but which is managed by the operating system. If the pool has been modified or corrupted, Windows 7 initiates a bug check that prevents more code from running.

According to internal Microsoft testing, the additional memory checking does not have a measurable performance impact. For more information, read “Safe Unlinking in the Kernel Pool” at http://blogs.technet.com/srd/archive/2009/05/26/safe-unlinking-in-the-kernel-pool.aspx.


Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

No comments:

Virtual tape

The desire to reduce the dependency on tape for recovery gave rise to the development of virtual tape libraries (VTLs) that use disk drives ...