Uninformed: Informative Information for the Uninformed

Vol 8» 2007.Sep

Protection Improvements

PatchGuard 3 implements several incremental improvements designed to protect PatchGuard from third party code attempting to disable it as compared to PatchGuard 2. The majority of the alterations to PatchGuard's self-defense logic appear to be direct responses to previously published, publicly-known bypass techniques, rather than general improvements meant to make PatchGuard 3 more resilient to analysis and attack. In this vein, while the alterations to PatchGuard 3 (over PatchGuard 2) are effective at disabling most previously-published bypass mechanisms that the author is aware of, it is not exceedingly difficult to alter many previous attack mechanisms to be effective against PatchGuard 3. Many of the protection systems that were implemented in PatchGuard 2 are still present in PatchGuard 3 in some form or another, though some of them have been altered to resist previously-published attacks.

This chapter will describe a number of specific improvements that have been made.