There’s been a great deal of speculation and debate in the Press and online regarding Windows Vista (and Server 2003)’s Patch Guard feature. The name’s a little misleading as many people associate the word “patch” purely with legitimate software updates whereas this feature is to prevent unauthorised modification to the kernel.
Many existing security products modify the kernel to insert their own hooks – on Windows Vista PatchGuard will prevent such modifications HOWEVER it’s only going to be present on 64 bit versions of Windows Vista (and Server 2003 SP1) AND we’re publishing APIs to enable third party (and Microsoft) security products to continue to integrate with the kernel and add value as they do today.
Clearly 64 bit systems will become the de facto in the next few years but currently the vast majority of existing systems (running Microsoft Windows) are 32 bit.
If you’d like to learn more about PatchGuard then an earlier post of mine provides more details. There’s a white paper due soon – I’ll post it’s location when it’s published.