Microsoft Updates Guideline on Windows Driver Security (target for many attackers)

[LASER_oneXM]

Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws.

The new guide —also available as a one-document PDF— is authored by Microsoft's Don Marshall and comes to replace an older help page and includes:

→ A security checklist for driver developers
→ A guide on driver threat modeling
→ A guide on how drivers should integrate into the overall Windows security model
→ A tutorial on how to use the Device Guard Readiness Tool to evaluate a driver's Hypervisor-protected Code Integrity (HVCI) compatibility
While the driver security checklist is a must-read for any software developer and not just driver authors, the guide on assessing "threat modeling for drivers" is also something that software engineers should take a peek at.

Drivers are a glaring target for many attackers

While many readers may not be aware, drivers are a crucial attack surface to ***all*** operating systems [1], not just Windows.


Drivers are a bridge between the hardware, software, and data on the computer or network. When installed, drivers usually receive system-level privileges in order to interact with all the needed components.


Attacks on drivers are often the easiest way an attacker could gain system-level privileges or execute malicious (remote) code within previously unreachable portions of an OS, such as the kernel.

AS such, protecting drivers with proper security-minded design must be an utmost priority for any OS maker, as it could undo or bypass many of its internal security features.

 

[ali2018]

Hello, I like your post!
I am having a similar problem it seems but I have not officially diagnosed it. But from the information that I have gathered and your post it seem that this might be what is currently happening to my computer. I have a identified a drive on my network location and also I went the device manager and it is also located on it. I found the following on the device manager.

I first realized that I has a hacker (a neighbor) spying on my computer activities because this person has previously hacked an old TOSHIBA computer that I have and then this person things it's funny to play around with my mouse. I then started chatting with another source that told me that most like it was a software on my computer that would not be detected on by Norton that I am currently using right now.

I would appreciate some help in remove this malware from my computer forever and also advice on low to protect my computer.

Thanks!

 

[509322]

Most any publisher would adhere to that guidance to the very last letter if Microsoft is willing to pay for every last bit of the guidance in the document. People don't understand what kind of money is involved. Because publishers sure can't pass on the costs of secure code to end-users. End-users don't want to pay for anything, and then complain about everything.