Kernel Level Drivers: Difference between revisions
Reword and format the article to flow better. Also corrected some terminology. |
Trusted Computing |
||
| (3 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{Incomplete|Issue 1=No references}} | |||
'''Kernel drivers''', kernel modules, or drivers are programs that run inside the kernel of an operating system. The kernel is the most fundamental part of the operating system, it provides basic services which other parts of the operating system use. Kernel drivers allow the computer to communicate with hardware devices such as keyboards, mice, storage, and network cards. Kernel access is required since these drivers usually manage hardware directly, which isn't possible in user space. This code is minimally restricted since it runs inside of the kernel, meaning drivers have privilege as high as any other part of the operating system — higher than even the traditional administrator role. If kernel code fails, the entire system may crash, or become unreliable. In comparison, user processes can gracefully exit without affecting other processes. Also, if a kernel driver has any vulnerabilities, these can be exploited to gain kernel access and bypass any security measures the user has in place. | |||
There are even lower level processors and programs, which typically operate beyond the control of an operating system. Examples include the UEFI or BIOS, the Intel management engine (and similar processors from other manufacturers), the microcode, and the controllers on various devices (like the storage controller on a solid state drive). These are typically proprietary, less well documented and less well understood than the kernel. They can pose similar risks to kernel drivers. | |||
== Consumer Impact == | ==Consumer Impact== | ||
Code running in the kernel presents numerous privacy and security concerns. Code running in the kernel can read the memory of any running process, including apps and websites used for banking, passwords, and other highly sensitive actions. Additionally, it has full control over all hardware, including the capability to | Code running in the kernel presents numerous privacy and security concerns. Code running in the kernel can read and write the memory of any running process, including apps and websites used for banking, passwords, and other highly sensitive actions. Additionally, it has full control over all hardware, including the capability to permanently damage or disable hardware components. | ||
Many companies now require the use of proprietary drivers in order to use applications that would work fine in user space, like [[Kernel Level Anti-Cheats]]. This gives these companies unrestricted access to a consumer's system, allowing for unmoderated data collection and control. | Many companies now require the use of proprietary drivers in order to use applications that would work fine in user space, like [[Kernel Level Anti-Cheats]]. This gives these companies unrestricted access to a consumer's system, allowing for unmoderated data collection and control. | ||
| Line 10: | Line 12: | ||
==Examples== | ==Examples== | ||
* [[wikipedia:CrowdStrike|CrowdStrike]] | *[[wikipedia:CrowdStrike|CrowdStrike]] | ||
* [[wikipedia:Cheating_in_online_games#Anti-cheating_methods_and_limitations|Anti-cheats]], like Easy Anti Cheat and EA Anti Cheat | *[[wikipedia:Cheating_in_online_games#Anti-cheating_methods_and_limitations|Anti-cheats]], like Easy Anti Cheat and EA Anti Cheat | ||
== Incidents == | ==Incidents== | ||
* [[wikipedia:2024_CrowdStrike-related_IT_outages|2024 CrowdStrike-related IT outages]] | *[[wikipedia:2024_CrowdStrike-related_IT_outages|2024 CrowdStrike-related IT outages]] | ||
== See Also == | ==See Also== | ||
* [[Kernel Level Anti-Cheats]] | *[[Kernel Level Anti-Cheats]] | ||
*[[Trusted Computing]] | |||
==References== | ==References== | ||