If the malware is already running in a driver, it can do anything - such as overwriting the memory of the driver that's preventing the kernel kill - so it's a lost fight anyway.
Umm, then don't let the malware run a driver. Its that easy.
Well, if avast! detected the driver (or the malware dropping the driver), then of course it wouldn't allow it to be loaded. We're talking about new, undetected malware - when none of the files is detected. So no, it's not that easy.
But yes, it's just about blocking a driver loading (or installation) in general - as I wrote previously. Of course, it's not possible to block all drivers (many applications use their own drivers, and you wouldn't be happy if they were blocked). So, what is needed is a behavior blocker, announcing suspicious or unusual events - with rules, exclusions, whitelist...
I'd say it will happen in the future version of avast!, but it's simply not possible right now.
Look at how good Kaspersky is against self-termination; this method didn't work on them...
That's what I am saying - yes, it would probably be possible to block this one particular method - but it's not a real protection, the driver can do
anything; if it wants to kill Kaspersky, it can.