Defeating patchguard and 64bit kernel-mode protections
 

I read a really good paper on defeating the patchguard on the new 64bit kernel of Windows. I hadn't seen it posted here yet so this is the link:
hxxp://www.uninformed.org/?v=3&a=3&t=txt

Another tool whose writer seems to have circumvented patchguard as well is appdefend:
hxxp://www.wilderssecurity.com/showthread.php?t=107864

I think the first paper brings up a point that even though it can be circumvented Microsoft can just keep changing things to break your software (unless some global solution id figured out). So it seems that there is no future for kernel level protections (Themida and StarForce...) unless they are in cahoots with Microsoft and get their drivers signed/approved. The other option is for the protections to crack patchguard and I don't see to many companies being comfortable with that.

Even if an agreement is worked out with microsoft. would Microsoft really let them get away with hooking the IDT, etc like they do now? I heard a rumor that the last version of Themida doesn't do such hooking..but haven't had time to test it out with SoftICE.

well what we can expect is now safedisc will be only option due they have msshit certificate and signed agreement week ago about sharing knowledge. other protector probably will use holes till they will be not patched, there is always workaround, for ring0 nothing is impossible, maybe drivers will load like softice before windows and then they rule