Washington23 »Software
Print
Sunday, May 09, 2010

Matousec report says your antivirus app is way too easy to exploit

Filed under: Security, Windows
Savvy Download Squad readers are already well aware of the fact that antivirus programs don't guarantee security. There's still one exploitable vector no program can do anything about: the end user. Regardless of how good a program is at protecting a system, a careless user can still wind up getting his or her machine infected.

Regardless, it's generally regarded as a bad idea to use a computer without antivirus and malware protection. But according to a report from Matousec, there's a very good your software isn't all that hard to exploit and cripple.

In the report, Matousec outlines a bait-and-switch style attack which works via the kernel mode drivers used by almost all Windows antivirus programs. 34 are listed in the report, including favorites like Avast 5, AVG 9, Avira 10, Eset Smart Security, and just about every other big name you can think of.

The post states that the list could easily have included pretty well Windows antivirus apps, but they only had time to test so many. Interestingly enough, two very popular apps — Microsoft Security Essentials and Live OneCare — were not on the list. The post seems to indicate that every app they tested failed, but those are certainly big omissions. I'm much more interested to know how Microsoft's products would have fared than relatively obscure apps like Online Armor, PC Tools, Threatfire, and Security Shield.

Immunet's Alfred Huger informed me that their product does not use SSDT and operates outside the kernel — so it's not vulnerable in this way.

Matousec's test systems were running Windows XP SP3 and Vista SP1, though they claim that the technique should work on all versions of Windows (including 7) and that x64 software is no safer than x86. However, Huger also told me “This attack [..] will not work (or should not work) under non-XP systems.” BSODhook — the tools Matousec developed to automatically find vulnerabilities — failed to run on my Windows 7 x64 system, even with administrator permissions.Matousec report says your antivirus app is way too easy to exploit

Source: Download Squad

No comments

Leave a comment

Image Navigator

President Obama at the National Prayer BreakfastThe American Jobs Act Bus Tour: President Obama Visits West Wilkes High SchoolEnable Wireless N on the HTC EVO 4G[minis review] WizorbTOUR DATES: Guns N’ RosesFirst Look: Pro Evolution Soccer 2013 for PS3Zen Coding high-speed HTML shorthand plug-in updatedLuke Donald on Top at The Tour ChampionshipVideo: Google’s Nexus site updated with new device and ICS featuresHuawei Ascend P1 S Announced as World’s Thinnest Smartphone [CES 2012]7-inch Google Nexus tablet shipments to reach 600,000 units in June for a July launchAndroid to Grow to Almost 50% Share as Smartphone Market Doubles by 2015, Says IDCMLB 11 The Show Challenge of the Week: Win a Nike Huarache TR Low PackRovio Pulls in $42M in Funding, Angry Birds Seasons Update Available NowWhat’s More Important? The Brand? Or The Developer?Batman: Arkham City Q&A — Rocksteady Answers Your QuestionsBest Buy drops price of HTC Flyer to $100 (Update: Nope)Is There a Place Left for Innovation ?Smart TVs Abound at CES, but Ecosystems Are Destined for WarRisen 2 Release Date and New ContentOfficial: HTC Droid Incredible 2 Lands at Verizon on April 28th for $199Gartner: Huawei rises to number three smartphone maker globally, still trails Apple and SamsungChromium 9 debuts, versioning sticklers collectively howl[PSN Review] Zen Pinball 2 – Plants vs Zombies TableHigh-End Audio Gear Is Caviar for Your EarsAndy Rubin’s heart lies with entrepreneurshipSamsung SCH-I815 Passes Through Bluetooth SIG – Possible 7-inch Verizon Tablet?Samsung Acclaim To Be Launched July 9th