in regard to making drivers read only..

Hi:
I was wondering is it safe to make all windows drivers in system32/driver folder read only to protect against malwares such as rootkits, etc.? Will the pc operate fine and how about installing new trusted softwares will I be able to do that? Your comments on this matter is welcomed. Thanks in advance.

 

Hi taleblou,

If the driver is coded to contain variable data, then it would be unwise to make it read only, i.e. the state would never be allowed to change which would cause run-time segfault errors, and possibly prevent bootup.

There are features of the Windows OS that can be used to make drivers more secure, such as DEP (data execution prevention) which can prevent the driver from being executed (according to what rule governs its execution), and there is a feature in the newer Windows OSes - Vista and 7, that allow you to move the usual executable location to random locations so the malware cannot find what it is looking for - the name of the feature is ASLR or address space layouot randomization) - however, I am not sure that these features are only applicable to applications or whether it is possible to apply them to drivers at all.

Installing new trusted software probably depends on being administrator more than anything else.

-- Tom

 

Actually, it is safe to make drivers "read-only", because drivers are required a signature in x64, to compatible with it, no one would change data of driver in disk after compiling even in x32, if need, could change it in memory by some tricks.

but "read-only" will not prevent malwares, because it only takes effect in api "createfile/writefile...", obviously, malwares would not obey these rules.

 

Setting files as read-only won't stop malware from altering them. The Windows operating system already uses the active Windows File Protection (WFP) feature to protect all critical system files, but some types of malware will start out by disabling that feature.

The best antimalware strategy is to keep good backups, especially image backups of the operating system and Track 0.

 

Couldn't agree more with dantz,
Backup backup backup!
No malware can survive a full disk restore from an offline backup.
There is no excuse for failing to implement a good backup strategy these days.
I just bought a 1TB hard disk and USB/eSATA dock for under $100