] There's recently been a great deal of talk about Windows ] for x86-64. One interesting feature of this operating ] system is that modifying the system structure is ] forbidden ... ] The stack cannot be used in kernel mode unless expressly ] permitted by the kernel. The operating system will also ] check certain parts of kernel code for integrity, and ] modifying these parts of code will cause a Blue Screen of ] Death. This last check is performed only on native AMD64 ] systems (but not on Intels' EM64T clones). ... ] So the good news is that the majority of today's rootkits ] will be unable to function in kernel mode under this new ] operating system The promise of this kind of technology has been a long-time coming. On the other hand, Microsoft is now willing to break compatibility in the name of security, and going to a new chipset means they can better rely on the availability of certain features that have been being added bit by bit to modern processors. It was never clear how best to take advantage of certain modes that were available only on certain processors. If AMD and Intel are in operating agreement on 64bit chips, though, then maybe we'll actually see this stuff implemented at all levels. Viruslist.com - Analyst's Diary |