Last week, Microsoft issued fixes for Internet Explorer 9, the latest version of the IE browser. The worst kind of security flaw allows a third party to execute command, run programs or even take over the infected computer. One of Microsoft’s patches involves Windows kernel-mode drivers that could be compromised under the right circumstances.

What’s In A Windows Driver?

If you don’t know much about computers (and don’t really want to) this post might not hold much interest to you. In that case, just apply the latest set of patches and go on with your life! If you like knowing how things work, or why things are the way they are, knowing the difference between a kernel-mode driver and a user level driver might give you something to think about.

The Windows operating system is designed to work with different security levels. The level with the most security is the user level. The user level operates in a way that isolates it (for the most part) from other parts of the operating system. That’s good because poorly written code at the user level can’t really have much of a negative impact on the rest of the system. The price for that, however, is reduced performance. Software (including drivers) that operate at the user level are slow, and require a lot of “overhead.” They take time to do what they do because they have a lot of hoops to jump through to access the functions at lower, less secure and more powerful levels of the operating system.

In contrast, drivers that operate at the most powerful level – the kernel level – are fast, but speed also comes with a price. The price of this speed is that a poorly written (or malicious) driver can crash the whole system. Since the kernel is the central part of the operating system., it has the most privileges and does the most important work. It also needs to be protected carefully – not just from malicious individuals, but also from bad programming, which can cause the entire system to malfunction and crash.

Programming that operates at the kernel level must be correct, secure and uncompromised for things to work out right. When bad programming is introduced at the kernel level, it can grant access to malefactors who want to take control of a computer, defeat built-in security measures, and steal sensitive information. The kernel is the fastest and most powerful operating level precisely because it doesn’t have the controls and security measures in place that higher levels of the OS have. The kernel is supposed to be protected by the higher levels of the OS, and its access is supposed to be strictly limited.

In my next post, I’ll talk about the differences between kernel-level drivers and user-level drivers, and take a look at which kinds of hardware drivers operate at each level.

Photo Credit: Henrique Vicente, via Flickr

Backing up and restoring (anything!) is a touchy subject with users because most users don’t have a valid backup-and-restore plan. Some users assume that their data are being backed up. (Not usually). Some users have a limited data backup plan, which backs up application data, but doesn’t back up system data. Some users back up system configs but leave their data hanging out. A few very savvy users back up everything. In most cases, however, system and configuration data aren’t backed up. Which means important components, like hardware drivers, aren’t backed up either.

Know What You’re Backing Up and How To Access It

If you ask a user how to back something up, s/he might be able to tell you how to set up a backup, or even where the backed up data are stored. That’s good, but the step few users (and technicians for that matter) take is learning how to restore data from a backup. When a restore is needed, amazingly few people can actually correctly and completely restore data, even if the restored data are intact, ready and waiting.

Why is this important? Having a backup of your data (whether they’re application data or system data) can save significant time, effort, expense and aggravation. Knowing where the backup is stored and how to restore the data is critical. Why even have a backup if you don’t know how to restore the missing data?

When it comes to system data, few users can tell you even simple things, like where the hardware drivers are stored. For the record, drivers are stored in the C:\Windows\System32\Drivers\DriverStore folder. You can make a backup of this folder “by hand” by simply copying the contents of the folder to another folder, or better yet, a removable storage device. If you ever need to reload or replace the driver, you have a fresh, working copy available.

You might argue that this step is unnecessary, since you could go to the manufacturer’s website to download the correct driver. That assumes you have Internet connectivity. If you’re having driver problems or system problems, you can’t assume that you’ll have access to any network, so it’s best to keep a backup of your Windows hardware drivers handy.

For me, the better way to back up drivers – and to manage the entire hardware driver process – is to use Driver Detective. Driver Detective monitors all of the drivers installed on your computer, and stores a backup copy, in case a driver becomes corrupted or goes missing. Driver Detective also looks out for updated drivers, retrieves them and installs them for you. Download your copy of Driver Detective today and see for yourself what a difference it can make!

Photo Credit: yonghokim, via Flickr

By all accounts, Intel had been planning to launch its latest processor platforms for both laptops and netbooks in September, but new reports suggest that Intel’s third-generation Atom chipsets did not achieve Windows 7 certification on schedule. The revised release estimate for the Cedar Trail M and Atom chipsets is November. The holdup surrounds the platform’s graphics drivers.

Thinner Notebooks Kept Waiting

Netbook manufacturers that planned to Cedar Trail, will need to wait until the chipset achieves Microsoft’s Windows 7 certification, which may not occur until October or later. The new netbook chipsets are reportedly smaller and more efficient. The change in design will allow manufacturers to jettison the cooling fan, and offer a battery life of about 10 hours.

The Atom, Intel’s netbook and mobile device platform, was first introduced in 2008. The newest version of the chipset will offer Blu-Ray support, Fast Boot, HDMI and DisplayPort output options, Intel Wireless Music and Wireless Display, PC Sync and more. The new chipset could make netbooks (as well as other platforms) much more attractive and versatile.

There’s no indication that the delay in certification will cause delays for Intel’s next chipset release, the Medfield, which offers a system-on-a-chip (SoC) design, or the Clover Trail chip, which is expected in the second half of 2012. The Medfield is currently expected to hit the market in the first half of 2012.

For such a media-intensive chip, the failure of the graphics drivers to pass certification requirements is significant. Intel will no doubt redouble its efforts to bring the chipset to market before the end of 2011. How problematic the certification delay is remains to be seen.

Netbooks were an almost instant hit when they were first introduced to the market, but consumers have turned their attentions to tablet computers. The delay of an updated Cedar Trail netbook platform by sixty days may not put a significant dent in sales or consumer interest in new netbook products.

The Atom, however, is designed to support mobile devices, and its absence or delay could put a crimp in the plans of a wide range of mobile device manufacturers. The delay could mean reduced holiday availability of new mobile devices, something both manufacturers and retailers would prefer not to miss. Nonetheless, Windows 7 certification is exceptionally important for Microsoft, since the company is pinning future OS development on the Vista/Windows 7 platform.

Photo Credit: Nima Badiey, via Flickr

A relatively new document released by the Australian Defence Signals Directorate (DSD) indicates that at least 70 percent of computer intrusions are preventable. The document outlines nearly 3-dozen actions computer users can take to reduce the likelihood that their computer will be compromised by unauthorized third parties. One of the top 5 actions is running a host-based intrusion detection system (IDS) that monitors hardware driver loading.

Document Stresses Importance of Updates

Running outdated software (including hardware drivers) and the unauthorized loading of rogue drivers constitutes a significant security threat. Users who are unaware of the drivers that are installed on their computers run the risk that their computers will be compromised, most often with no appreciable signs of the intrusion.

Maintaining awareness of the drivers that are required can help users recognize drivers that don’t belong, and can hasten detection of an intrusion or an intrusion attempt. Host-based intrusion detection systems monitor activities that could be considered suspicious. These activities include process injection, keystroke logging, driver loading and call hooking.

By itself, driver loading isn’t suspicious, but the report underscores the ways in which clever hackers can take advantage of operating-system architecture to gain access to system-level operations. It also underscores the importance of routine driver maintenance.

One way in which you can control the drivers that are loaded on your computer is by running a driver management program like Driver Detective. Driver Detective keeps track of the drivers that should be loaded on your system and routinely monitors their performance. If a driver goes bad, Driver Detective will download and install a fresh copy. Driver Detective will also notify you when new or unrecognized drivers are being loaded. If Driver Detective manages all of the bona fide drivers on your system, new (and possibly malicious) drivers will be easy to spot.

Downloading and installing the current version of a driver also helps protect your system against vulnerabilities that may have been discovered by hackers. Driver Detective routinely checks for new or updated drivers. When it finds a new driver, it downloads and installs it, and backs up the new driver. It also gives you the option to roll back the upgrade to the old driver if the update doesn’t work properly or causes other problems for your system.

A program of regular hardware driver updates is a great way to ensure that you keep your system as secure as possible.

Photo Credit: Zodman, via Flickr