Monday, December 19, 2011

Prevent Loading of Unknown Kernel Mode Drivers with Driver Radar Pro

Driver Radar Pro is an interesting portable program that enables you to selectively block or allow loading of kernel mode drivers on a Windows system. Using whitelisting method you can permit or deny the loading of selected drivers which in turn will temporarily disable any hardware on your system. This can be used to troubleshoot driver and hardware related programs. By selectively blocking drivers from loading and monitoring the behavior of the machine one can isolate the offending drivers. Driver Radar Pro can also be used to block of specific type of malware that infects the system by installing kernel drivers. If your system is already infected by such malware, this program can prevent the malware from executing. Additionally, you can copy the to-be-loaded drivers to a user-specified location so that it can be analyzed later.

Windows already offer some amount of protection against installation of kernel mode drivers. When the OS detects unsigned drivers it suspends the installation process and prompts the user advising them not to continue with the process. However, not all drivers carry digital signatures, even legitimate ones, and Windows users are used to seeing this alert. This has become so common that users think it’s perfectly OK to override the warning and allow unsigned drivers. Windows 64-bit enforces a stricter policy by completely denying unsigned drivers.

driver-radar-pro

Driver Radar Pro adds another layer of protection by denying loading of all drivers - signed or unsigned - unless allowed by the user. Note that Driver Radar Pro blocks loading of drivers, not installation of drivers. This allows you to use Driver Radar Pro without causing any conflict with Windows native driver protection module.

The program has a whitelist where you add drivers you know are legitimate and stable. Everything else is blacklisted. However, choosing drivers to whitelist is not an easy task. You have to know the exact DLL or SYS files of the drivers.

Driver Radar Pro also doesn’t display an allow/deny dialog when a kernel driver tries to load, by default the load of unknown kernel mode drivers is denied. For such reason it is recommended to use this software by experienced users.

Driver Radar Pro is compatible with the following 32-bit Microsoft Windows Operating Systems: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7

0 comments:

Post a Comment

Popular Posts