Kernel Level Drivers: Difference between revisions

(4 intermediate revisions by 4 users not shown)

Line 1:

Use of Kernel Level Drivers as a mandatory component of userspace software, such as for cybersecurity or [[Kernel Level Anti-Cheats]], is a process in which software companies will release proprietary drivers to be installed to the end user's kernel along with a piece of software, and in many cases will not allow that software to function without them.

~~==How~~ it ~~works==~~

'''Kernel drivers''', kernel modules, or drivers are programs that run inside the kernel of an operating system. The kernel is the most fundamental part of the operating system, it provides basic services which other parts of the operating system use. Kernel drivers allow the computer to communicate with hardware devices such as keyboards, mice, storage, and network cards. Kernel access is required since these drivers usually manage hardware directly, which isn't possible in user space. This code is minimally restricted since it runs inside of the kernel, meaning drivers have privilege as high as any other part of the operating system — higher than even the traditional administrator role. If kernel code fails, the entire system may crash, or become unreliable. In comparison, user processes can gracefully exit without affecting other processes. Also, if a kernel driver has any vulnerabilities, these can be exploited to gain kernel access and bypass any security measures the user has in place.

Kernel drivers allow the computer to communicate with devices such as keyboards, mice, storage, network cards~~, and more~~. ~~Such communication requires kernel level~~ access ~~to the operating system as~~ these drivers ~~each~~ manage ~~hyper specific~~ hardware~~. However~~ in ~~order to gain this privileged access to end~~ user ~~machines~~, ~~companies~~ have ~~begun writing drivers~~ as a ~~component of their userspace software~~ and in ~~some cases requiring it to load on boot~~.

~~==Why it is~~ a ~~problem==~~

There are even lower level processors and programs, which typically operate beyond the control of an operating system. Examples include the UEFI or BIOS, the Intel management engine (and similar processors from other manufacturers), the microcode, and the controllers on various devices (like the storage controller on a solid state drive). These are typically proprietary, less well documented and less well understood than the kernel. They can pose similar risks to kernel drivers.

~~Kernel access allows full system monitoring~~, ~~which creates numerous privacy concerns~~.

~~Further~~, ~~allowing third parties~~ to ~~define unnecessary~~ drivers ~~creates further points of failure~~ that ~~could end up bricking the operating~~ system.

==Consumer Impact==

Code running in the kernel presents numerous privacy and security concerns. Code running in the kernel can read and write the memory of any running process, including apps and websites used for banking, passwords, and other highly sensitive actions. Additionally, it has full control over all hardware, including the capability to permanently damage or disable hardware components.

Many companies now require the use of proprietary drivers in order to use applications that would work fine in user space, like [[Kernel Level Anti-Cheats]]. This gives these companies unrestricted access to a consumer's system, allowing for unmoderated data collection and control.

==Examples==

*[[wikipedia:CrowdStrike|CrowdStrike]]

*[[wikipedia:Cheating_in_online_games#Anti-cheating_methods_and_limitations|Anti-cheats]], like Easy Anti Cheat and EA Anti Cheat

==Incidents==

*[[wikipedia:2024_CrowdStrike-related_IT_outages|2024 CrowdStrike-related IT outages]]

==See Also==

*[[Kernel Level Anti-Cheats]]

*[[Trusted Computing]]

The 2024 Crowdstrike outage<ref>{{Cite web |last=Warren |first=Tom |date=2024-07-19 |title=Major Windows BSOD issue hits banks, airlines, and TV broadcasters |url=https://www.theverge.com/2024/7/19/24201717/windows-bsod-crowdstrike-outage-issue |url-status=live |access-date=2025-06-18 |website=The Verge}}</ref> shows the potential consequences of allowing third party kernel-level access.

==References==

[[Category:Common terms]]

@@ Line 1: / Line 1: @@
-Use of Kernel Level Drivers as a mandatory component of userspace software, such as for cybersecurity or [[Kernel Level Anti-Cheats]], is a process in which software companies will release proprietary drivers to be installed to the end user's kernel along with a piece of software, and in many cases will not allow that software to function without them.
+{{Incomplete|Issue 1=No references}}
-==How it works==
+'''Kernel drivers''', kernel modules, or drivers are programs that run inside the kernel of an operating system. The kernel is the most fundamental part of the operating system, it provides basic services which other parts of the operating system use.  Kernel drivers allow the computer to communicate with hardware devices such as keyboards, mice, storage, and network cards.  Kernel access is required since these drivers usually manage hardware directly, which isn't possible in user space. This code is minimally restricted since it runs inside of the kernel, meaning drivers have privilege as high as any other part of the operating system — higher than even the traditional administrator role. If kernel code fails, the entire system may crash, or become unreliable. In comparison, user processes can gracefully exit without affecting other processes. Also, if a kernel driver has any vulnerabilities, these can be exploited to gain kernel access and bypass any security measures the user has in place.
-Kernel drivers allow the computer to communicate with devices such as keyboards, mice, storage, network cards, and more. Such communication requires kernel level access to the operating system as these drivers each manage hyper specific hardware. However in order to gain this privileged access to end user machines, companies have begun writing drivers as a component of their userspace software and in some cases requiring it to load on boot.
-==Why it is a problem==
+There are even lower level processors and programs, which typically operate beyond the control of an operating system.  Examples include the UEFI or BIOS, the Intel management engine (and similar processors from other manufacturers), the microcode, and the controllers on various devices (like the storage controller on a solid state drive).  These are typically proprietary, less well documented and less well understood than the kernel.  They can pose similar risks to kernel drivers.
-Kernel access allows full system monitoring, which creates numerous privacy concerns.
-Further, allowing third parties to define unnecessary drivers creates further points of failure that could end up bricking the operating system.
+==Consumer Impact==
+Code running in the kernel presents numerous privacy and security concerns. Code running in the kernel can read and write the memory of any running process, including apps and websites used for banking, passwords, and other highly sensitive actions. Additionally, it has full control over all hardware, including the capability to permanently damage or disable hardware components.
+Many companies now require the use of proprietary drivers in order to use applications that would work fine in user space, like [[Kernel Level Anti-Cheats]]. This gives these companies unrestricted access to a consumer's system, allowing for unmoderated data collection and control.
 ==Examples==
+*[[wikipedia:CrowdStrike|CrowdStrike]]
+*[[wikipedia:Cheating_in_online_games#Anti-cheating_methods_and_limitations|Anti-cheats]], like Easy Anti Cheat and EA Anti Cheat
+==Incidents==
+*[[wikipedia:2024_CrowdStrike-related_IT_outages|2024 CrowdStrike-related IT outages]]
+==See Also==
+*[[Kernel Level Anti-Cheats]]
+*[[Trusted Computing]]
-The 2024 Crowdstrike outage<ref>{{Cite web |last=Warren |first=Tom |date=2024-07-19 |title=Major Windows BSOD issue hits banks, airlines, and TV broadcasters |url=https://www.theverge.com/2024/7/19/24201717/windows-bsod-crowdstrike-outage-issue |url-status=live |access-date=2025-06-18 |website=The Verge}}</ref> shows the potential consequences of allowing third party kernel-level access.
 ==References==
 {{reflist}}
 [[Category:Common terms]]