That "RAM Compartmentalization" section doesn't make any sense. It describes Virtual Address spaces, which exist on pretty much any Protected Mode Operating System, eg, the first paragraph of that section. I've broken it up and stuck numeric footnotes to address.
Along with the hack attempts bypassing firewalls, another problem with traditional operating systems(1) is that they tend to mix up electronic memory (the RAM bytes) with one or more programs(2). For example, if you are running program A, B and C at the same time, and if there isneed for some data to be stored for program B, the operating system will simply put the data into the next available empty cells. These data cells are not isolated, so the other programs may snoop out or even write on them to infect the computer(3).
1. What do they mean by traditional?
2. I think I see what they mean here- even if the memory addresses are virtualized, the physical memory of programs can be adjacent (?).
3. However, as I understand it, this is completely false. Within a Protected-Mode operating System, The only way RAM can be directly addressed without being virtualized is within Ring0 Drivers. Meaning it is not a vector of attack. Perhaps there is something that is poorly explained in the section. I cannot find anything- at all- about this "Ram compartmentalization" capability anywhere except on that post and posts that link to it; additionally, it still makes no sense, eg:
From Windows 7, and especially in Windows 8.1, the operating system provides a RAM compartment for each program and its data. That is, a kind of sandboxed RAM. If program A is running in compartment 2, program B cannot store its code or data into the empty RAM cells allotted to program A. If there is need for more storage, it falls back to paging file on Hard Disk.
This makes sense on the surface.
However- how are RAM cells "allotted" to a program? The only way I can see would be if that programs
entire virtual address space is directly allotted to physical memory locations. For 32-bit programs that means every program gets 4GB of Physical memory; 64-bit programs would need 256TB of memory, of course, this is entirely impractical, so I question the legitimacy of the "technique" being mentioned, and suspect it is actually talking about Address Space Virtualization, which is hardly new.
I did find
Isolated Storage, but that seems to be something entirely different and far from actually being secure (and it's not related to Memory, either). It's also a .NET feature as far as I can tell.