Checking The Driver
Difficult to block malware which removed the kernel level, Microsoft relies KMCS (Kernel Mode Code Signature). The system will check if the device driver has a valid signature with the certificate or not.
This is usually done through the WHQL (Windows Hardware Quality Lab). If the signature is not found or false, Vista will classify the driver as a malicious file and will warn users.
Immunize RAM
Behind the ASLR (Address Space Layout Randomization) there is a technique that protects PCs from buffer overflow. Windows provides an area in RAM for files that can be run and the DLL file on each restart. Thus, the attack would fail to address standards.
Blocking Progama-Code
DEP (Data Execution Prevention) block malware to distinguish the normal data and code in RAM. If a malware infects the code, DEP kill alarm ringing and blocking access. Furthermore, the code is the status "write protected" and will not be affordable by hackers.
