Members
Stats
  • Total Posts: 28530
  • Total Topics: 8241
  • Online Today: 870
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Windows Flaw Lets Malware Sneak Past Almost All Security Software  (Read 4976 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Researchers at Matousec have discovered a new and particularly worrisome flaw in the Windows ecosystem that allows malware to completely bypass security software.

Anti-virus software works by standing between applications and the Windows kernel, inspecting code before it has a chance to execute. Matousec passes benign code through a security suite, thus clearing the way for a program to run, and then swaps it out for malicious code after it passes inspection. The flaw affects nearly every piece of security software on the market, including Norton, McAfee, AVG, Kaspersky and F-Secure. (The entire list of vulnerable software can be found at the end of Matousec's report here: http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php#table-of-vulnerable-software ) While researchers only tested the vulnerability against 32-bit versions of Windows XP and Vista, the company says that 64-bit versions of those operating systems, as well as Windows 7, are also at risk.

The only anti-virus tool confirmed to be immune to the attack is the appropriately named Immunet: http://www.immunet.com/ , but that doesn't mean you should immediately jump ship to its product. For the moment, there is no known malware that exploits this security hole. Additionally, it is particularly difficult to exploit in Vista and Windows 7 PCs due to an extra layer of protection called PatchGuard. But perhaps the biggest hurdle to hackers taking advantage of what has been dubbed an "argument-switch attack" is that it can only be executed by malware that has already snuck past a computer's defenses.

The "argument-switch attack" won't give hackers some new way to steal your data, but it does give them a way to open the floodgates once they've already gained access. As always, the best defense is to keep your software up-to-date, and to avoid risky online behavior. Because the flaw is particularly serious for XP users, this is just one more reason to upgrade to Windows 7.

(Switched)

Samker's Computer Forum - SCforum.info





haz

  • SCF Advanced Member
  • ***
  • Posts: 117
  • KARMA: 26
  • Gender: Male
No system is 100% safe,,  :-[
Thanks Samker, Hope a solution is found soon.
But this "Immunet" software, did anybody use it before ? how good / bad is it ??

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Quote
But this "Immunet" software, did anybody use it before ? how good / bad is it ??

I wasn't try them, but it's designed to work alongside over 30 Anti-Virus products including current versions of Symantec, Kaspersky, AVG, Avira, Mcafee, Trend and many other security packages to provide significantly improved detection rates in those products. Immunet works by providing its own fast and light layer of cloud based virus detection on top of existing Anti-Virus product. You can also install it alone.
More info's: http://www.immunet.com/protect

I would also like to hear experience from other SCF Members??

haz

  • SCF Advanced Member
  • ***
  • Posts: 117
  • KARMA: 26
  • Gender: Male
Thanks Samker, maybe I will give it a try, I will post the results I get :)

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
... maybe I will give it a try, I will post the results I get :)

Thanks haz.

That's excellent idea, "HAZ's Review!" :up:


luffy

  • SCF Member
  • **
  • Posts: 44
  • KARMA: 13
Yes, I have Immunet on my computer. It's a good extra layer for your safety.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Yes, I have Immunet on my computer. It's a good extra layer for your safety.

Thanks for info's Luffy :up: , did you use Immunet with some other AV or it's your only protection from Malware??

I hope We'll also have review from Haz these days.

Fireberg

  • SCF Advanced Member
  • ***
  • Posts: 163
  • KARMA: 21
Security is never enough.....extra protection are welcome!!!!

Thanx

luffy

  • SCF Member
  • **
  • Posts: 44
  • KARMA: 13
Yes, I have Immunet on my computer. It's a good extra layer for your safety.

Thanks for info's Luffy :up: , did you use Immunet with some other AV or it's your only protection from Malware??

Yes, I use Immunet with Avira on a laptop. Immunet with Vipre on a desktop. You can use Immunet alone. The Windows Security Center sees Immunet as an AV software.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Yes, I have Immunet on my computer. It's a good extra layer for your safety.

Thanks for info's Luffy :up: , did you use Immunet with some other AV or it's your only protection from Malware??

Yes, I use Immunet with Avira on a laptop. Immunet with Vipre on a desktop. You can use Immunet alone. The Windows Security Center sees Immunet as an AV software.

Vipre?  ??? I never heard for Vipre AntiVirus.

I was find them now with Google help :) : http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/ but it'll be even better to some user provide us info's about them. Hope you'll be that user?? ;)

Thanks in advance, also one KARMA point from me for information's about Imunnet...  :up:









 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising