Kugadzirisa Core Isolation uye Memory Integrity muWindows

  • Core Isolation neMemory Integrity zvinoshandisa security yakavakirwa pa virtualization kuti zviparadzanise kernel uye zvisimbise kodhi mu kernel mode, zvichideredza zvakanyanya kukanganisa kwe malware uye kushandiswa kwayo.
  • Kushanda kunogona kuitwa kubva kuWindows Security, Registry, PowerShell kana App Control policy, uye zvakakosha kusimbisa hardware, firmware uye driver compatibility.
  • Zvinhu izvi zvinopa dziviriro yakasimba asi zvinokanganisa mashandiro uye zvinogona kukonzera kusawirirana nevatyairi, saka zvakakosha kuenzanisa kuchengetedzeka nekushandiswa kwemidziyo chaiyo.
  • Pamachina eHyper-V chaiwo uye pamasisitimu apo asingashande, anogona kusanganiswa nematekinoroji akadai sekuchengetedza hardware stack, Docker, kana mamwe maVM kuti awane kupatsanurwa kunobudirira.
Joaquin RomeroUpdated on

19 maminitsi

Kugadzirisa Core Isolation uye Memory Integrity muWindows

Iko kumisikidzwa kwe Kuparadzaniswa kweCore uye Kuvimbika kweMemory muWindows Yave nyaya huru kune chero munhu ari kutsvaga kuchengetedzwa kwakawedzerwa kwemakombiyuta, kunyanya munzvimbo dzine malware nesystem kurwiswa kwakajairika. Kunyange zvazvo pakutanga zvingaita se "zvakavanzika" pakati pemagadzirirwo epamusoro, zvinoita basa guru mukudzivirira moyo weoperating system.

Mumitsara inotevera muchawana gwara rakakwana rinotsanangura Chii chaizvo chinonzi core isolation?Mashandiro anoita virtualization-based memory integrity (VBS), zvinodiwa uye zvipingamupinyi zvainazvo, maitiro ekuigonesa kana kuidzima kubva pa graphical interface kana kuburikidza neRegistry, PowerShell kana mapolicy, uye kuti inogona kukanganisa sei mashandiro ekombuta yako uye kushandira pamwe kwayo.

Chii chinonzi Core Isolation muWindows uye chinoshandiswa pai?

Iko kufona Kuzviparadzanisa kwepakati Icho chinhu chekuchengetedza chepamusoro chakavakirwa muWindows 10, Windows 11, uye Windows Server chinoenderana ne virtualization-based chengetedzo (VBS)Chinangwa chayo ndechekumhanyisa zvimwe zvikamu zvakakosha zvesystem yekushandisa munzvimbo yakaparadzana nemamwe maitiro, zvichideredza zvakanyanya nzvimbo yekurwiswa kwemalware uye mashandisirwo anoedza kukanganisa kernel.

Kana ukagonesa Core Isolation, sisitimu inogadzira nharaunda yakachengetedzwa chaiyo Ichishandisa Windows hypervisor, nzvimbo iyi yakasarudzika inoita mabasa akachengeteka zvakanyanya, ichidzivirira kodhi yakaipa inokwanisa kushanda pasystem yakajairika kuti isashande nyore nyore nekernel kana kukanganisa marongerwo ekurangarira akakosha. Kupatsanurwa uku kunoshanda sechipingamupinyi pakati pesystem nechero chinhu chinobva kunze, kungave chiri chinhu chakabatanidzwa nehutachiona, chirongwa chine mavambo asina chokwadi, kana dhiraivha isina kunaka.

Fungidzira uchivhura email ine chinhu chine njodziPasina kuparadzaniswa uku, kushandiswa kunogona kushandisa mukana wekusagadzikana kwesystem kuwedzera kodzero uye kusvika pa kernel. Kana Core Isolation yakagoneswa, hunyanzvi hwakawanda hwepfungwa hwakachengetedzwa mukati meiyi virtualized environment, zvichideredza zvakanyanya kugona kwemalware kushanda, kunyangwe ikakwanisa kuita nekodzero dzakakwirira muchikamu chisina kuparadzaniswa chesystem.

Gadzira FTP muWindows
Nyaya inoenderana:
Kumisikidza FTP paWindows: sevha, mvumo, uye chengetedzo yekutanga

Chii chinonzi ndangariro yakakwana uye ibasa ripi rinoitwa muVBS?

Mukati meCore Isolation, nyeredzi ndiyo inonzi Memory kuperera, inozivikanwawo seHVCI (Hypervisor-Enforced Code Integrity). Basa iri rinotamisa kutarisa kwekuvimbika kwekodhi kubva kukernel mode kuenda kunzvimbo yakachengeteka yeVBS, kuitira kuti hypervisor ishande semudzi wekuvimba uye inovimbisa kuti kodhi yakasainwa uye yepamutemo chete ndiyo inoiswa mukernel.

NeKushanda Kwekurangarira Kuvimbika, sisitimu iyi inodzivirira kugoverwa kwendangariro dzekernel Izvi zvinogona kushandiswa pakurwisa ma code injection kana kudzima nzira dzekuchengetedza. Nekuti kuvimbika kwechokwadi kunoitwa munzvimbo yakaparadzana, murwisi anokwanisa kukanganisa kernel yechinyakare anoomerwa zvikuru nekudzima dziviriro idzi, sezvo maitiro ekusimbisa pachawo asingakwanise kusvika.

Pakati pemabasa akakosha emukati, kuchengetedzwa kwendangariro ndiko kunokonzera Dzivirira bitmap yeControl Flow Guard (CFG) Zvichishandiswa kumadhiraivha ekernel-mode, matanho aya anosimbisawo maitiro ekuvimbika kwekodhi ayo anosimbisa kuti mamwe maitiro ane zvitupa zvinoshanda. Matanho aya anoderedza zvakanyanya kuedza kutungamira kuyerera kwekuita kune kodhi yakaipa kana kuisa ma binary asina kuvimbika mu kernel.

Zvinodiwa zvekudzivirira muviri uye kuenderana nazvo

Kugadzirisa Core Isolation uye Memory Integrity muWindows

Kunyangwe Windows ichibatanidza maficha aya nekusingaperi, Haasi ese maturusi anoenderana kana kuti zvinogoneswa nedefault. Kuti Core Isolation uye memory integrity zvishande nemazvo, hardware nefirmware zvinofanirwa kusangana nemamiriro akati wandei: rutsigiro rwehardware virtualization (Intel VT-x, AMD-V), secure boot, mamwe maCPU extensions akadai seMBEC/GMET, uye, munzvimbo dzeserver kana virtualization, mamwe ma virtual machine isolation.

Muzviitiko zvakawanda, sarudzo idzi dzinoenderanawo ne BIOS/UEFI marongeroKana virtualization kana secure boot zvikadzimwa padanho refirmware, VBS haizokwanisi kutanga uye maficha e kernel isolation haazowanikwe, kunyangwe ukaagonesa kubva kuWindows. Pamusoro pezvo, mamwe madhiraivha ekare kana asina kuchengetwa zvakanaka anogona kusawirirana nematekinoroji aya, zvichikonzera zvikanganiso. Magirazi ebhuruu akadai se IRQL_NOT_LESS_OR_EQUAL error kana kudzivirira zvakananga kushanda kwekuchengetedza ndangariro.

Ndingagonesa kana kudzima sei Core Isolation kubva kuWindows Security?

Nzira iri nyore uye yakanakisa yevashandisi vekumba kana kuhofisi ndeyekugadzirisa kuparadzaniswa kwemukati memudziyo pachawo. Windows Security application, uko marongero mazhinji ekuchengetedza esystem akarongwa kuita panel imwe chete.

Kuti uongorore uye uchinje sarudzo idzi, unogona kutevedzera nzira yakafanana neiyi muWindows 10 neWindows 11: vhura Windows Security app kubva pachiratidzo cheshield musystem tray kana uchishandisa search, wobva waenda ku Kuchengetedzwa kwemidziyo uye unowana bhuroko re Kuzviparadzanisa nevamwePachiratidziro ichocho, meseji inowanzoonekwa ichiratidza kana kuchengetedzwa kwendangariro kwakagoneswa kana kwete, pamwe chete nenyevero yekusagadzikana kana ikaramba yakaremara.

Mukati Core insulation details Uchawana switch yekubatidza kana kudzima Memory Integrity, pamwe nesarudzo inonzi Rondedzero yeMicrosoft yevatyairi vasina dziviriroIzvi zvinodzivirira madhiraivha anozivikanwa kuti ane zvikanganiso zvakakura kubva pakurodha. Kana wangobvumira memory integrity, sisitimu ichakukurudzira kuti utangezve komputa yako kuti ushandise shanduko dzacho, uye kana watangazve, unofanira kuona chiratidzo chegirini chekusimbisa padivi pechikamu che kernel isolation.

Ehe, paunoibatidza, inoonekwa matambudziko ekushanda, FPS inodonha mumitambo Kana kuti kana ukawana mascreen ebhuruu, unogona kudzokera kupaneru iyoyo wodzima switch. Windows inokutendera kuti uchinje setting iyi kakawanda sezvaunoda, izvo zvinobatsira kana, semuenzaniso, uchida kuibatidza panguva dzakatarwa (senge paunenge uchishandisa maUSB drives asingazivikanwe kana kuisa software kubva kunzvimbo dzisina chokwadi).

Mhedzisiro pakushanda uye kuti inofanira kuvhurwa riini kana kuti kwete

Zvakakosha kunzwisisa kuti Core Isolation, uye kunyanya ndangariro integrity, Zvinhu izvi hazvisi zvemahara kana tichitarisa mashandiro azvo.Chikamu chimwe nechimwe chekuchengetedza chinoreva kuongororwa kwakawanda, kusimbiswa kwekodhi kwakawanda, uye kushanda kwakawanda kweCPU kuti iongorore zviri kushanda pasystem. PamaPC ane simba, izvi zvingasanyatsooneka, asi pamichina isina simba rakawanda kana pakutamba mitambo inoda simba, unogona kuona kudzikira kweFPS kana mhinduro isina kunaka.

Vazhinji vashandisi vakataura kuti, mushure mekushandisa core isolationMitambo nemapurogiramu emifananidzo ari kutowedzera kuipa, uye kuidzima kunodzorera kuyerera kwayakaita kare. Mune zvimwe zviitiko, vakatosangana nazvo. zvikanganiso zvakakomba zvakaita seBSOD Critical_Process_Died pakuedza kuivhura, kunyanya kana paine madhiraivha ekare kana asina kugadzirwa zvakanaka asina kushanda zvakanaka nedziviriro idzi.

Saka, zvine musoro kufunga nezvekushandiswa kwacho. Kana uchinyanya kushandisa komputa yako mitambo yemitambo uye mabasa epamusoro-soro Munzvimbo ine kuchengetedzwa kwakaringana, ine tsika dzakanaka dzekuchengetedza (kwete kudhawunirodha ma executable anofungirwa, kudzivirira mawebhusaiti asina kunaka, kuchengetedza Windows Defender ichivandudzwa), ungasarudza kusiya Core Isolation yakavharwa kuti uwane zvakawanda kubva kuhardware yako. Zvisinei, kana uchitsvaga-tarisa kakawanda, uchivhura zvakabatanidzwa kakawanda, uchibatanidza zvishandiso zvekunze zvevamwe, kana kuti komputa ichigovaniswa mumaraibhurari, mumahofisi, kana muzvikoro, zvinokurudzirwa zvikuru kurega kushanda zvishoma kuti uwane kuchengetedzwa kwakanyanya.

Kuchengetedzwa kwendangariro uye kuparadzaniswa kwemidziyo: maitiro ekudzivirira system

Pakukurukura nezvebasa iri, zvinowanzotaurwawo kuti inoparadzanisa maitiro ekuchengetedza kwakanyanya kubva kune mamwe ese yehurongwa, zvichigadzira chipingamupinyi chiripo pakati pezvatingafunga kuti hardware yekutanga (motherboard, CPU, GPU, RAM, uye main storage) uye peripheral hardware (USB devices, printers, external drives, nezvimwewo). Pfungwa ndeyekuti chero kudyidzana nezvinhu zvakakosha kunopfuura nekupfachura kwakaoma.

Dziviriro iyi haitsivi Windows Defender uye haitsivi mimwe mishonga yechinyakare yekurwisa malware, asi inovabatsira. Antivirus inoramba iine basa rekuongorora mafaira, kuona maitiro emalware, uye kudzivirira njodzi dzinozivikanwa, ukuwo kernel isolation ichitarisa mavector ekurwisa anotarisa kernel pachayo uye marongerwo endangariro anonyanya kunzwisisika. Kazhinji zvinokurudzirwa kuchengetedza Windows Defender ichigoneswa nguva dzose uye, pamwe, kuwedzera yakakosha kuchengetedza software zvichienderana nezvinodiwa chaizvo.

Maitiro ekugonesa kernel isolation muWindows 11 nhanho nhanho?

MuWindows 11, kubvumira chinhu ichi kuri nyore uye hakudi kugadziriswa kweregistry kana uchida nzira iri nyore. Chaizvoizvo, zvinosanganisira kupinda mumagadzirirwo esystem, kuenda kuchikamu chekuchengetedza, uye kutsvaga Windows Security panel kuti ugone kupatsanura kernel uye kuchengetedza ndangariro.

Nzira yakajairika inosanganisira kuvhura Zvirongwa zveWindows (semuenzaniso naWin + I), enda ku Kuvanzika uye kuchengeteka, famba kupinda Windows kuchengetedzeka wobva wadzvanya bhatani rinovhura application. Kubva ipapo, pane menyu yedivi, unosarudza Kuchengetedzwa kwemidziyoUnowana Core Isolation block, wowana ruzivo, wobva waita kuti Memory kuperera Kana yakadzimwa. Mushure mekuvhara hwindo uye kutangazve sisitimu, basa racho rinovhurwa; kuti uwane mazano akazara ekuti sei Kuvandudza kuchengeteka mukati Windows 11 Unogona kuongorora mamwe magwara ekuwedzera.

Unogona kudzokorora maitiro akafanana kakawanda sezvaunoda. Mune zvimwe zviitiko, zvinogona kubatsira kuibatidza chete kana zvichidikanwa, semuenzaniso kana Uchabatanidza USB drive kubva kune mumwe munhu.Izvi zvinonyanya kukosha kana uchishanda nemadhiraivha ekunze asingazivikanwe kwaakabva kana kana uchigovana komputa nevashandisi vakawanda. Kunyangwe isiri nharembozha isingapindiki, inoderedza mikana yekuti malware ishandise mukana wekuti mutyairi apinde mu kernel level.

Kushanda muWindows 10 uye kufanana neWindows 11

Windows 10 inewo kernel isolation uye memory integrity, uye Nzira yekuishandisa yakafanana zvikuru Zvakafanana neWindows 11, ine misiyano midiki mumazita emamwe mamenyu. Zvakare, maitiro acho anosanganisira kupfuura nepaneru yeZvirongwa, chikamu cheSecurity, uye Windows Security app.

Muchiitiko ichi, unovhura Zvirongwa, wobva wapinda mu Kwidziridzo uye kuchengetedza, unosarudza Windows kuchengetedzeka uye ipapo chikamu che Kuchengetedzwa kwemidziyoIkoko uchawana chikamu cheCore Isolation, uye mukati memashoko acho, switch yekubatidza kana kudzima Memory Integrity. Unogona kuchinja iyi setting chero nguva yaunoda, izvo zvinobatsira kana ukachinjana pakati penguva dzeinternet browsing yakanyanya uye mitambo yekutamba kwaunoda kubvisa FPS yese kubva musystem yako.

Batidza Memory Integrity neVBS kubva pamutsetse wemirairo (Registry)

Kugadzirisa Core Isolation uye Memory Integrity muWindows

Kune makambani kana vashandisi vepamusoro vanoda kugadzirisa magadzirirwo eVBS uye kuchengetedzwa kwendangariro otomatiki, Windows Registry inopa kutonga kwakanyatsojekaUchishandisa chishandiso cheREG command-line, unogona kuwedzera nekugadzirisa makiyi anodiwa kuti ugonese kuchengetedza hypervisor uye virtualization-based panotanga; usati waita izvozvo, zvinokurudzirwa kugadzira registry backups.

Kugadzirisa kwakajairika kunosanganisira kugonesa virtualization yakavakirwa pakuchengetedza, inoda maficha chaiwo epuratifomu, kubvumira hypervisor-enforced code integrity, uye kugadzirisa UEFI locking. Izvi zvinoitwa nekugadzirisa zvinyorwa pasi pekiyi. HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard uye subkey yayo Mamiriro ezvinhu\HypervisorEnforcedCodeIntegrity, kugadzirisa ma values ​​​​akadai se EnableVirtualizationBasedSecurity, RequirePlatformSecurityFeatures, Locked, Enabled kana Mandatory, ese ari mu REG_DWORD format ane ma numeral values ​​​​anotsanangura maitiro.

Semuenzaniso, unogona kugadzirisa VBS pasina kuchengetedzwa kwendangariro nekungogonesa EnableVirtualizationBasedSecuritykana kuisanganisa nekiyi InodaPlatformSecurityFeatures kuda secure boot (kukosha 1) kana secure boot pamwe neDMA dziviriro (kukosha 3). Parameter rakakiyiwa inokutendera kuti utsanangure kana UEFI locking iri kushandiswa kana kwete, uye sarudzo fanira Zvinokonzera kuti system isarambe ichitanga kana hypervisor, kernel yakachengeteka, kana imwe yemamodule ayo asingakwanise kurodha nemazvo.

Muchikamu cheHypervisorEnforcedCodeIntegrity, kukosha akwanise Inodzora zvakananga kana kuvimbika kwendangariro kwakagoneswa, nepo kiyi rakakiyiwa Pachiitiko chimwe chete ichocho, inosarudza kana ichizokiya neUEFI. Pamusoro pezvo, pane kukosha kunonzi WasEnabledBy iyo inoshandiswa kudzora mashandisirwo anoitwa graphical interface kumushandisi: kana ikabviswa, UI inoratidza meseji inoti "Kugadzika uku kunotariswa nemukuru wako" uye switch inoita seyakabviswa; kana ikaiswa kune imwe kukosha, interface inoita zvakajairika zvakare.

Maitiro ekuita ESU muWindows
Nyaya inoenderana:
Maitiro ekugonesa akawedzera kuchengetedza zvigadziriso zve Windows 10

Kutungamira kuburikidza neApp Control yemabhizinesi nePowerShell

Mukushandiswa kwemakambani uko mitemo yekuchengetedza iri pakati, App Control yemabhizinesi (yaimbova Windows Defender Application Control) inopa imwe nzira yekugonesa kuchengetedzwa kwendangariro nenzira yakarongeka. Setup wizard yayo inokutendera kuti ugadzire kana kugadzirisa application control policy uye usarudze sarudzo yekuti Kuvimbika kwekodhi kunodzivirirwa ne hypervisor papeji remitemo yemutemo.

Pamusoro pekushandisa graphical interface, zvinokwanisika kushandisa PowerShell cmdlet Set-HVCIOptions, yakagadzirirwa kugadzirisa sarudzo dzeHVCI, kana kugadzirisa zvakananga App Control directive XML, ichichinja kukosha kwechinhu kuti ushandise dziviriro inodiwa. Nzira idzi dzinonyanya kubatsira kana uchida kushandisa magadzirirwo akafanana kumidziyo yakawanda usingafanire kuigadzirisa yega yega, uye dzinogona kuwedzerwa ne Mitemo yekuchengetedza kuburikidza ne secpol.msc munzvimbo dzinotarisirwa.

Tarisa kana VBS neMemory Integrity zvakagoneswa

Kuti utarise nemazvo kana virtualization yakavakirwa pakuchengetedza uye kuvimbika kwendangariro Chaizvoizvo vari kushanda uye vari kushandaWindows inopa maturusi akati wandei akagadzirirwa vatariri nevashandisi vepamusoro, kusanganisira kirasi chaiyo yeWMI uye yekare msinfo32.

Kirasi yeWMI Win32_DeviceGuardInowanikwa kubva kuPowerShell ine kodzero dzakakwirira uchishandisa murairo weGet-CimInstance uye namespace root\Microsoft\Windows\DeviceGuard, inodzosera minda yakawanda ine chekuita nekuchengetedzwa kweVBS neHVCI. Izvi zvinosanganisira:

Chiratidzo chakasiyana InstanceIdentifier and the shanduro yekirasi, iyo parizvino inowanzova 1.0, pamwe chete nerondedzero Zvivakwa zvekuchengetedza zviripoizvo zvinoratidza kuti ndeapi maficha ekuchengetedza akavakirwa pahardware aripo pamudziyo, akadai se hypervisor support, secure boot, DMA protection, secure memory overwrite, NX protections, SMM mitigations, MBEC/GMET, kana APIC virtualization.

Munda ZvinodiwaZvinhu Zvekuchengetedza inotsanangura kuti ndeapi ma element anodiwa kuti VBS ishande pachishandiso ichocho (semuenzaniso, inoda kuchengetedzwa kwakachengeteka kana DMA), ukuwo SecurityServicesConfigured Inoratidza kana masevhisi akadai seCredential Guard, memory integrity, System Guard Secure Launch, SMM firmware measurement, kana kernel-mode stack protection akagadziridzwa, kusanganisira kana yekupedzisira iri mu audit kana enforced application mode.

Inoenderana nezviri pamusoro, SecurityServicesRunning Inoratidza kuti ndeapi masevhisi ari kushanda panguva iyoyo, zvichisiyanisa pakati pezvakagadzirirwa nezviri kushanda. Mimwe minda yakakosha ndeiyi: Mutemo weKuvimbikaUrongwa hweKusimbisa Mamiriro, izvo zvinoratidza kana mutemo wekuvimbika kwekodhi yesystem wakadzimwa, muchimiro chekuongorora, kana muchimiro chekumanikidzwa; UsermodeCodeIntegrityPolicyEnforcementStatus, iyo inopa ruzivo rumwe chete asi inotarisa pane kodhi yemushandisi; uye VirtualizationBasedSecurityStatus, izvo zvinojekesa kana VBS yakadzimwa, yakangobvumira asi isingashande, kana kuti yakabvumira zvizere uye ichishanda.

Pakupedzisira, Kuparadzaniswa kweMuchina weVirtual y Zvimiro zveVirtualMachine Isolation Zvinoratidza mwero wekupatsanurwa kwemuchina wevirtual uye matekinoroji anotsigirwa, akadai seAMD SEV-SNP, security-based virtualization, kana Intel TDX, ayo akakosha kana uchida kushandisa idzi dziviriro munzvimbo dzakagadzirwa zvevirtual.

Kana uchida nzira yekuona zviri nani, unogona kumhanya msinfo32.exe Nekukwidziridzwa kwekodzero, hwindo reSystem Information richavhurwa. Pasi pechikamu cheSystem Summary, pane bhokisi rakatsaurirwa kuzvinhu zveVBS nemamiriro azvo, richitsanangura kana kuchengetedzwa kwakavakirwa pa virtualization kwakagoneswa uye kuti ndeapi ma components chaiwo ari kushanda.

Kudzivirirwa kwematanda akaiswa nehardware uye hukama hwayo nekuvimbika kwendangariro

Mumhuri yedziviriro inotenderera kuCore Isolation, tinowana hardware-enforced stack dziviriro, basa rakavakirwa pahunyanzvi hwemaCPU emazuva ano (akadai seIntel Control-Flow Enforcement Technology kana AMD Shadow Stack) rakagadzirirwa kudzivirira kodhi yakaipa kubva pakushandura mareta ekudzoka pa kernel-mode stack kuti itungamire mafambiro kune mitoro yakaipa.

Muma processor anoenderana, CPU inochengetedza kopi yechipiri yekero dzekudzosa muchikamu chemumvuri chekuverenga chete, chisingawanikwe nevatyairi vakajairwa. Kana chirongwa kana mutyairi akaedza kugadzirisa kero yekudzosa pachikamu chikuru, CPU inoona musiyano wacho nekuienzanisa nereferensi yakachengetwa muchikamu chemumvuri. Kana izvi zvikaitika, sisitimu inotanga kukanganisa kukuru (chidzitiro chebhuruu chakajairika) uye inomisa kuitwa, ichivhara kuedza kwekutora kufamba kwekuita.

Havasi vese vanodzora vanoenderana nedziviriro iyi, sezvo Vamwe vatyairi vepamutemo vanochinja kero dzekudzosa nekuda kwezvinangwa zvisina kuipa. Nekuda kweizvi, Microsoft yave ichishanda nevagadziri vakawanda kuti ive nechokwadi chekuti shanduro dzavo dzichangoburwa dzinotsigira dziviriro yemidziyo. Chinhu ichi chinogona kugoneswa kana kudzimwa kuburikidza neswitch muWindows Security interface, asi kuti chishande, kuchengetedzwa kwendangariro kunofanirwa kugoneswa, uye CPU inoshandisa matekinoroji ataurwa pamusoro apa inodiwa.

Kana, pakuedza kuivhura, sisitimu ikanyevera kuti pane mutyairi kana sevhisi isingaenderaneZvinokurudzirwa kutarisa kana paine zvichangobva kuitika pawebhusaiti yemugadziri wemudziyo kana pawebhusaiti yeapplication yacho. Dzimwe nguva, chinhu chinonetsa ibasa rine chekuita nedhiraivha rinongovhurwa chete kana purogiramu yatanga, saka zvingave zvakakosha kubvisa software iyoyo kana kudzivirira kuishandisa zvachose kana uchida kuchengetedza stack protection.

Kugadzirisa matambudziko uye kudzorera shure kana zvikatadza

Kugonesa VBS, kuchengetedzwa kwendangariro, kana kuchengetedzwa kwestack kunogona kukanganisa mamwe masisitimu. vamwe vatyairi vanomira kurodha kana kuti sisitimu yacho inova isina kugadzikanaKana zviri nani, kungogadzirisa madhiraivha kubva kuDevice Manager kana webhusaiti yemugadziri zvakakwana; mumamiriro ezvinhu akakomba, kukanganisa kukuru kunogona kuitika panguva yekutanga.

Kana, mushure mekugonesa mabasa aya, sisitimu ikasatanga nemazvo kana kuti ikaita zvisina kunaka, imwe sarudzo ndeyekushandisa Nzvimbo Yekudzoreredza Windows (Windows RE)Kutanga, zvinokurudzirwa kudzima chero mapolicy (akadai seGroup Policy) akashandiswa kusimbisa VBS neHVCI. Wobva waisa komputa yakakanganiswa muWindows RE, wopinda, uye kubva ipapo, unogona kushandura kiyi yeRegistry inoenderana kuti udzimise memory integrity nekuisa Enabled value yeHypervisorEnforcedCodeIntegrity kuita 0. Pakutangidzazve, system inofanira kutangazve isina dziviriro iyi, iyo inowanzo dzorera kugadzikana kana dambudziko raive dambudziko rekubatana. Kana dambudziko riri kutadza kukuru kweboot, tarisa gwara riri pa [chikamu chakakodzera]. Chikanganiso cheINACCESSIBLE_BOOT_DEVICE.

Munzvimbo dzaunodawo gadzirisa yambiro dzinoonekwa Kana yambiro idzi dzichionekwa muWindows Security (sechiratidzo cheyero chekushamisika kana ndangariro yadzimwa), zvinhu zvinova zvakaoma. Kungogadzirisa Registry hakusi kwakakwana nguva dzose, uye kazhinji zvinodikanwa kusanganisa Group Policy, Intune, kana mamwe maturusi ekutarisira kuviga yambiro idzi pasina kuenda kukombiyuta yega yega kuti ubvise meseji kubva painterface yemuno - chimwe chinhu chinodawo kodzero dzemutariri.

Kuvimbika kwendangariro mumichina chaiyo yeHyper-V

Kuchengetedza ndangariro hakungodziviriri masisitimu emuviri chete; kunogonawo kushandiswa pa michina chaiyo iri kushanda paHyper-Vuko kunoita zvakafanana zvikuru nemaitiro ainoita pakombuta chaiyo. Kubva mukati memuchina wevirtual, matanho ekugonesa basa iri akafanana: kuvhura VBS, kuve nechokwadi chekuti ndangariro yakakwana inogona kutanga, uye kusangana nezvinodiwa zvevirtualized hardware.

Zvakakosha kunzwisisa kuti dziviriro iyi inodzivirira muchina wemuenzi kubva ku malware iyo inoshanda mukati mayo, asi haiwedzeri kuchengetedzeka kwakawedzerwa kune host. Kubva ku host system, zvinokwanisika kudzima memory integrity yeVM chaiyo uchishandisa mirairo yekutarisira yeHyper-V (yakadai seSet-VMSecurity nesarudzo yekubvisa VBS), saka maneja anoramba achidzora kuti ndevapi vaenzi vanoshandisa maficha aya uye ndevapi vasingashandise.

Kuti michina chaiyo yeHyper-V ishandise ndangariro yakasimba, host inofanira kunge ichishanda zvirinani Windows Server 2016 kana Windows 10 vhezheni 1607uye maVM anofanira kunge ari Generation 2, ane system yemazuva ano yekushandisa (Windows 10 kana Windows Server 2016 kana gare gare). Zvinokwanisikawo kusanganisa ndangariro yakasimba ne nested virtualizationchero bedzi basa reHyper-V rakatanga rabvumidzwa mukati memuchina chaiwo uye mamiriro anodiwa akasangana.

Pane zvimwe zvipingamupinyi zvinofanira kuzivikanwa: mimwe midziyo yemagetsi, yakaita se adapta dzenzira dzefiber chaiyoMadhisiki aya haaenderane nekuchengetedzwa kwendangariro, saka muchina wevirtual unofanira kubviswa paVBS usati waawedzera uchishandisa sarudzo dzekuchengetedza dzeHyper-V. Izvi zvinoshandawo kumadhisiki epass-through akagadzirwa neAllowFullSCSICommandSet, ayo anoda kudzima kuchengetedzwa kwakavakirwa pavirtualization kweVM iyoyo usati waashandisa.

Dzimwe nzira kana Core Isolation isingashande

Muzvikwata uko hardware haina kuzadzisa zvinodiwaKana vatyairi vachikonzera kusawirirana nguva dzose kana kuti kushanda kwacho kwakanyanya, zvine musoro kufunga nezvedzimwe nzira dzekushandisa maapplication ane njodzi pasina kukanganisa sisitimu huru. Pakati pedzinonyanya kushandiswa matekinoroji akadai se Docker kana kushandiswa kwemichina yakakwana yemagetsi.

Docker inokutendera kuti ugadzire nzvimbo dzakaparadzana dzemhando yemudziyo uko maapplication anogona kuitwa nenzira yakavharirwa. MuWindows, inogona kushandiswa kugadzira rudzi rwe "mini-system" yakasiyana yekuyedza software inofungirwa kana masevhisi chaiwo, uchiziva kuti kana mudziyo wacho wavharwa uye wadzimwa, zvese zvirimo zvinonyangarika pasina kana chiratidzo pane host. Kune bvunzo dzakaoma kana kana desktop yakazara ichidikanwa, nzira yekare ndeyekugadzirisa muchina chaiwo une Windows uye mhanyisa mapurogiramu anogona kuva nengozi ipapo; kana chimwe chinhu chikatadza kana kuti malware akaonekwa, ingoparadza VM wogadzira imwe itsva.

Kunyange zvazvo dzimwe nzira idzi dzisinganyatso tevedzera rudzi rwekudzivirira rwunopihwa ne kernel-level memory integrity, dzinopa a nhanho inoshanda yekudzivirira kupisa inobatsira zvikuru kana zvisingaite kana kuti zvichikurudzirwa kushandisa Core Isolation pachirongwa chemuviri.

Digital kuchengetedza zvivharo
Nyaya inoenderana:
Yakakosha kuchengetedza software kana iwe uchida kuchengetedza yako Windows

Iko kumisikidzwa kwe Kuparadzaniswa Kwepfungwa, Kuvimbika Kwendangariro, uye Dziviriro Dzakabatana muWindows Inopa mukana wekuchengetedza wakakwira zvakanyanya nekuda kwekushandisa zvimwe zviwanikwa uye mamwe matambudziko nemadhiraivha asingaenderane; kuziva zvakadzama mashandiro awo, maitiro ekuavhura kana kuadzima, maitiro ekusimbisa iwo neWin32_DeviceGuard uye msinfo32, uye kuti ndeapi mamwe maitiro aripo kana asingashande, inokutendera kuti ugadzirise chiyero chakanaka pakati pekushanda uye dziviriro zvichienderana nekushandiswa chaiko kwaunopa kuPC yako kana zvivakwa zvako. Goverana gwara iri uye vanhu vakawanda vachadzidza zvese nezve Core Isolation uye Memory Integrity muWindows.