Slashdot Mirror
Bug In Windows Kernel Could Prevent Security Software From Identifying Malware (bleepingcomputer.com)
An anonymous reader writes: "Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime," reports Bleeping Computer. "The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space. The problem is that an attacker can exploit this bug in a way that PsSetLoadImageNotifyRoutine returns an invalid module name, allowing an attacker to disguise malware as a legitimate operation. The issue came to light earlier this year when enSilo researchers were analyzing the Windows kernel code. Omri Misgav, Security Researcher at enSilo and the one who discovered the issue, says the bug affects all Windows versions released since Windows 2000. Misgav's tests showed that the programming error has survived up to the most recent Windows 10 releases." In an interview, the researcher said Microsoft did not consider this a security issue. Bug technical details are available here.
Someting that doesn't allow third party anti virus software to detect malware is a feature.
It takes Microsoft-class, Apple-style courage to rename "grep" to "select-string-path" and call the result a PowerShell.
Command Prompt has always been about legacy support. For modern terminal support Microsoft offers Command Prompt... which passes your test find using Select-String. The only variant it fails on is ANSI but I suspect that file did not save properly... I opened it in a few apps and the ñ had been lost.
PS C:\Users\mzzt\Desktop> Select-String
cmdlet Select-String at command pipeline position 1
Supply values for the following parameters:
Pattern[0]: Español
Pattern[1]:
Path[0]: *.txt
Path[1]:
Unicode big endian.txt:1:Español
Unicode.txt:1:Español
UTF-8.txt:1:Español