Filed under: Security, Windows
Regardless, it's generally regarded as a bad idea to use a computer without antivirus and malware protection. But according to a report from Matousec, there's a very good chance your software isn't all that hard to exploit and cripple.
In the report, Matousec outlines a bait-and-switch style attack which works via the kernel mode drivers used by almost all Windows antivirus programs. 34 are listed in the report, including favorites like Avast 5, AVG 9, Avira 10, Eset Smart Security, and just about every other big name you can think of.
The post states that the list could easily have included pretty well all Windows antivirus apps, but they only had time to test so many. Interestingly enough, two very popular apps -- Microsoft Security Essentials and Live OneCare -- were not on the list. The post seems to indicate that every app they tested failed, but those are certainly big omissions. I'm much more interested to know how Microsoft's products would have fared than relatively obscure apps like Online Armor, PC Tools, Threatfire, and Security Shield.
Immunet's Alfred Huger informed me that their product does not use SSDT and operates outside the kernel -- so it's not vulnerable in this way.
Matousec's test systems were running Windows XP SP3 and Vista SP1, though they claim that the technique should work on all versions of Windows (including 7) and that x64 software is no safer than x86. However, Huger also told me "This attack [..] will not work (or should not work) under non-XP systems." BSODhook -- the tools Matousec developed to automatically find vulnerabilities -- failed to run on my Windows 7 x64 system, even with administrator permissions.
Matousec report says your antivirus app is way too easy to exploit originally appeared on Download Squad on Sun, 09 May 2010 11:30:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
No comments:
Post a Comment