I've been learning about What is a rootkit? As well as rootkit building and general system architecture. I have read that there are "User mode" rootkits that run in ring 3. But these aren't the highest level of control over a system. The holy grail of a rootkit is to get ring 0 control?
What protects the kernel and system from a rootkit getting ring 0 access?