New
#11
That logic is clearly unsound: "we'll check for the presence of kernel-mode malware by using a mechanism which would have to fail for kernel-mode malware to be present."
In fact, their description (which you quoted) does not directly imply that they're using driver signatures to detect "untrusted" drivers. It just says they "constantly monitor the keyboard driver stack" (although they also "eliminate time-consuming memory scans"!).
My point is that such a game of detection one-upmanship with malware drivers would be pointless without a constantly evolving definition of just what it is that they're looking for, hence the need for regular updates.