Windows 7 and rootkits

Hi,
maybe you guys can give an answer:

Are rootkits the same high threat for Win 7 as they were for Win XP ? And if yes, couldn't MS do anything about it ?

 

If it's Win7 64 bit, then, no, it is not as susceptible to rootkits as prior 32 bit versions of Windows. Why? Because M$ does not allow the 64 bit kernel to any longer be patched and requires digital driver signing.

 

Windows 7 systems can still get just as many rootkits as any other version of windows. The x86 (32 bit) version of Windows 7 is more vulnerable than the x64 version, but both are still able to get infected.

There are rootkits out there that can infect 64-bit Windows 7. Driver signing is a good step toward safety, but it is not foolproof and can be defeated. Kernel protection through Patch Guard doesn't protect your system at all. They are less common, but they exist and they are a threat. Moving forward I would expect to see them become more popular.

Windows 7 is not invulnerable to these threats.

 

Perhaps some of the information in this thread may be of interest to you.

 

Thank you all. Is it correct to say that the kernel of Win 7 is at least only an "improved" version of the XP kernel with only few changes? And that for this reason there was no way to protect from Rks in the near future ? If yes , so i guess that only a new, from the scratch, designed OS is needed ?

 

It's a matter of opinion, unfortunately. There have been changes to the kernel, particularly in regard to the 64 bit version of Windows 7. But some people see these in a negative light.

Windows 7 32-bit is just about as vulnerable to rootkits as XP was these days - But you have the added benefit of MUCH more functional security software. Most virtualization or sandboxing software will be much stronger on a x86 system.

The 64-bit flavor of Windows 7 has driver signing and patchguard. Also, it's a less prevalent target, so it enjoys reduced attention from malware authors - That's only temporary, though. In the long run, malware authors will find a way to get around patchguard, and driver signing is already easily bypassed. The real difference here is that the PatchGuard implementation cripples virtualization and sandboxing software - Any kind. Tzuk has been up front about the limitations of his software, but just about every other piece of security software is limited in the same way - they just don't tell you.

In my opinion, the 32-bit kernel is more secure once you do the work to put the right software in place. The 64-bit kernel is more secure 'out of the box' before putting appropriate security layers in place, but only as of writing this post - and who knows for how long.