Linux has the immutable bit that can be set on files which keep even root from modifying, deleting, and linking to them. Not a perfect solution to keeping malware from overwriting cricital system files, but a good layer of defense. There are some who have written scripts to set the immutable bit on critical Linux files and folders to stop malware from overwriting them. Another script is run to back out the immutable bit so that the system can be updated, then it is locked down again. I've tested this in a lab and it seems to work well. Most of the malware written for Windows at some point in time during installation, either modifies existing DLLs/drivers, or drops new ones. Why don't we have a similar immutable capability in Windows? Seems to me since anti-virus software is only catching about 30%-50% of the some 70 million variants of malware, that another defensive approach needs to be used.

Thank you for your information. We will report this to our related department. Also, customers with a Premier contract with Microsoft can submit a DCR (Design Change Request) to request product teams to review the design based on your business case (filing a DCR does not guarantee changes to design). Regards, Sabrina TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Sabrina TechNet Community Support