Ideas Microsoft has Stolen from Malware
One of the many features of Vista that Microsoft has included is PatchGuard v2. Skywing has posted a great article on Uninformed about subverting PatchGuard v2. The protection mechanisms that Microsoft employs are some of the exact same ones that malware authors have been using for years.
There are some startling techniques that Microsoft is using to protect itself from reverse engineering and modification. One of them is to do a standard IsDebuggerPresent (or KdDebuggerNotPresent) to validate that PatchGuard isn't being debugged. The next protection mechanism is to use self-decrypting and self-modifying code inside of the Integrity Check Routine. Skywing has done a great job of outlining the defenses that are taken, as well as methods for subverting the system.
PatchGuard is meant to protect against unauthorized modifications of the Vista kernel. In essence, Microsoft does not want you to modify their kernel with your bad code. While these mechanisms are useful for preventing rootkits, as Skywing has pointed out they can be modified.