I've been reading about Windows lately, in particular about kernel mode and user mode. From what I understand, code running in kernel mode has access to just about any part of the operating system. Since device drivers run in kernel mode, what would stop someone from making a driver for, say, a usb flash drive and having it access the sam/syskey files to extract password hashes, and then paste them onto that very flash drive. Is there any built-in security to stop such things?