Blog‎ > ‎

Windows 7 x64 Impervious to Rootkits?

posted Sep 13, 2010, 8:06 AM by Jeremy Walker   [ updated Mar 1, 2011, 8:05 PM ]
Recently, a co-worker of mine mentioned a neat little fact about Windows 7 x64. By default, Windows 7 x64 requires all Kernel-Mode programs (drivers and low-level services) to be digitally signed before it will load them. Since Rootkits are Kernel-Mode programs, usually loaded before Windows has a chance to load an anti-malware program, and it costs money to get a program or driver approved for digital signing, then Windows should be impervious (or at least better protected) to/against them in its natural state. Here's an article from Microsoft's site:

The article basically says that Windows 7 and Vista x64 require Kernel Mode Code Signing to load Kernel-Mode software. However, this must be proven in a lab before I can anchor myself to it.
Get crackin'!