[SOLVED] What is VBS (Virtualization based security)?
- Thread starter wabale97
- Start date
Solution
- Jun 12, 2015
- 65,242
- 6,458
- 168,090
Virtualization-based security, or VBS, uses hardware virtualization features to create and isolate a secure region of memory from the normal operating system. Windows can use this "virtual secure mode" to host a number of security solutions, providing them with greatly increased protection from vulnerabilities in the operating system, and preventing the use of malicious exploits which attempt to defeat protections.
VBS uses the Windows hypervisor to create this virtual secure mode, and to enforce restrictions which protect vital system and operating system resources, or to protect security assets such as authenticated user credentials. With the increased protections offered by VBS, even if malware gains access to the OS kernel the possible exploits can be greatly limited and contained, because the hypervisor can prevent the malware from executing code or accessing platform secrets.
Similarly, user mode configurable code integrity policy checks applications before they're loaded, and will only start executables that are signed by known, approved signers. HVCI leverages VBS to run the code integrity service inside a secure environment, providing stronger protections against kernel viruses and malware. The hypervisor, the most privileged level of system software, sets and enforces page permissions across all system memory. Pages are only made executable after code integrity checks inside the secure region have passed, and executable pages are not writable. That way, even if there are vulnerabilities like a buffer overflow that allow malware to attempt to modify memory, code pages cannot be modified, and modified memory cannot be made executable.
https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs
VBS uses the Windows hypervisor to create this virtual secure mode, and to enforce restrictions which protect vital system and operating system resources, or to protect security assets such as authenticated user credentials. With the increased protections offered by VBS, even if malware gains access to the OS kernel the possible exploits can be greatly limited and contained, because the hypervisor can prevent the malware from executing code or accessing platform secrets.
Similarly, user mode configurable code integrity policy checks applications before they're loaded, and will only start executables that are signed by known, approved signers. HVCI leverages VBS to run the code integrity service inside a secure environment, providing stronger protections against kernel viruses and malware. The hypervisor, the most privileged level of system software, sets and enforces page permissions across all system memory. Pages are only made executable after code integrity checks inside the secure region have passed, and executable pages are not writable. That way, even if there are vulnerabilities like a buffer overflow that allow malware to attempt to modify memory, code pages cannot be modified, and modified memory cannot be made executable.
https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs
Yes
Yes, and I don't think you can
TRENDING THREADS
-
News Microsoft updates Windows 11 24H2 requirements, CPU must support SSE4.2 or the OS will not boot- Started by Admin
- Replies: 11
-
Question How can I make my AMD GPU scale *all* resolutions to 1080p, even resolutions that are "supported" by my TV?
- Started by Sol33t303
- Replies: 7
-
-
-
News Windows 11 update brings advertisements to the start menu
- Started by Admin
- Replies: 7
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 3K
-
Question Can I just upgrade my graphics card or should I be upgrading my processor as well for UE5?- Started by Tolstoy1990
- Replies: 12
Facebook
Twitter
Instagram