Critical Flaw Found In Virtually All AV Software

Securityemo writes "The Register is running an article about a new method to bypass antivirus software, discovered by Matousec. By sending benign code to the antivirus driver hooks, and switching it out for malicious code at the last moment, the antivirus can be completely bypassed. This attack is apparently much more reliable on multi-core systems. Here's the original research paper." El Reg notes that "The technique works even when Windows is running under an account with limited privileges," but "it requires a large amount of code to be loaded onto the targeted machine, making it impractical for shellcode-based attacks or attacks that rely on speed and stealth. It can also be carried out only when an attacker already has the ability to run a binary on the targeted PC."

Re:Ubuntu

[Architect_sasyr]

I'd like to just step in here and point out that the security model means shit to a virus writer - so what I can't get root on your desktop, I can still encrypt your entire home directory and delete everything I have access to with just a simple program. The whole push for administration rights is only necessary when you need to hide the software, but if all these linux users aren't running AV, then what's the point of trying to hide yourself before you can get your root privileges. Someone, somewhere, will run a sudo command eventually...