Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Flaw Found In Virtually All AV Software

Posted by Soulskill on from the if-only-there-were-something-more-monolithic-to-blame dept.

Securityemo writes "The Register is running an article about a new method to bypass antivirus software, discovered by Matousec. By sending benign code to the antivirus driver hooks, and switching it out for malicious code at the last moment, the antivirus can be completely bypassed. This attack is apparently much more reliable on multi-core systems. Here's the original research paper." El Reg notes that "The technique works even when Windows is running under an account with limited privileges," but "it requires a large amount of code to be loaded onto the targeted machine, making it impractical for shellcode-based attacks or attacks that rely on speed and stealth. It can also be carried out only when an attacker already has the ability to run a binary on the targeted PC."

2 of 279 comments (clear)

  1. Re:AHHHHHHHH by Ihmhi · · Score: 0, Troll

    Good for you. I prefer to be able to play games and use programs unavailable in Linux without performance hits (from running through WINE or a VM) so I am not as fortunate to have the same option that you do.

    I await the day that Linux is as popular as OSX - nay, as Windows - so that Linux users who make these sorts of comments ("Haha, I don't have to worry about viruses") get a few moments of glory about Linux finally being widely used on desktops and then several years of having to deal with the same shit as 90%ish of the desktop-using world does.

    As an aside, my bicycle gets great gas mileage. Never have to worry about filling it up!

    --
    Random Thoughts From A Diseased Mind (Not For Dummies)
  2. Re:Ubuntu by Bengie · · Score: 0, Troll

    Really? seems to differ and wasn't the only reference I could find for microsoft.com defaced (seventh link).

    SQL injection != Kernel Flaw

    Not an example of bad security but bad programming.

    http://www.xatrix.org/article.php?s=3640
    "They found the administration page and performed a SQL injection attack, allowing them to manage the content of the section."

    OMG!!! Linux is SUPAR UNSAFE!!! It is vulnerable to SQL injection attacks!... Every OS has this issue because some moron decided to not validate their SQL string and/or didn't use parameterized variables.

    Actually, I went through and googled a bunch myself and all the results for the past decade where SQL injection or they didn't specify but mostly SQL.

    Next time you feel like showing off how un-secure and OS is, I'll load up SELinux, set it up to let root telnet in, give root a blank password, open up all the ports on my firewall and see how long it takes for SELinux to be "hacked"