Draft Kernel Patch Protection API Published

The introduction of Kernel Patch Protection, a feature of 64-bit versions of Windows Vista that makes it harder for third-party software to modify the kernel, also makes it harder for legitimate developers of security utility software to create products that monitor the Window’s kernel for potentially malicious changes. After intense public debate among utility software vendors, government competition authorities, and Microsoft, Microsoft agreed to provide an API to permit developers to monitor specific kernel activity.

Microsoft released a first draft of the API specification for review and comment in Dec. 2006, with the final implementation due in Vista SP1. However, no date for that service pack has been announced.

What Is Kernel Patch Protection and Why the Controversy?

Although the dispute over how to protect the kernel did not become a public issue until Vista entered its final testing prior to its release in Nov. 2006, the feature had existed in 64-bit versions of Windows XP and Windows Server 2003 since May 2005. Because neither 64-bit edition of Windows gained widespread adoption (most 64-bit computers are still deployed with a 32-bit OS), initially there were few public complaints about the change.