David was concerned that if Major Privacy was used as a rootkit by malware to bypass some antivirus engines(run in PPL,which is allowed by default now), it could potentially get Major Privacy included in a "vulnerable driver list", so no related functionality could be persisted, here's the technical thought process to enable such a configuration.
1. Similar configurations are disabled by default each time the system boots.
2. When the user wants to enable it, we create an “Enhanced Desktop”, and a driver-registered callback to block all external processes from accessing that desktop, thus ensuring the real user authorization.
3. After the user interaction is passed, driver places the enable flag in private memory, thus enabling the feature (never write to persistent storage device).
1. Similar configurations are disabled by default each time the system boots.
2. When the user wants to enable it, we create an “Enhanced Desktop”, and a driver-registered callback to block all external processes from accessing that desktop, thus ensuring the real user authorization.
3. After the user interaction is passed, driver places the enable flag in private memory, thus enabling the feature (never write to persistent storage device).