Saturday 28 March, 2015

Your antivirus Sux

antivirus woes !!

Fine, it might not suck, but then according to a latest vulnerability exposed by a leading website that writes technical reviews(no its not mashable), there is a huge gap, through which any antivirus can be bypassed through child’s ease.

They employ a special trick to achieve this feat. The method uses the driver hooks that anti-virus programs use to interface with the Windows operating system, sending it a sample of harmless code that will pass security checks before being swapped out with a harmful payload.

This has actually appeared as a vulnerability, and in these timing happens to be a hot topic.Apparently in these systems one thread is sometimes unable to keep track of other threads running at the same time.  Using this “argument-switch” attack, most Windows PCs can end up running code that would otherwise be blocked.

According to the researchers, they’ve run the test on as many Windows security programs as they had time for (almost thirty four of them) and the exploit has worked 100% of the time, due to the fact that the AV programs all use System Service Descriptor Table (SSDT) hooks to modify the OS Kernel.

Although the attack even works when used against a user account with limited permissions, the user must have the ability to run a binary on the PC.  So, um, that’d be most corporate, and pretty much every home user, anywhere.

So now what’s your take about your favou

rite antivirus program, eh?

What Next?

Related Articles

One Response to "Your antivirus Sux"

Leave a Reply

Submit Comment