Critical Flaw Found In Virtually All AV Software 279
Posted
by
Soulskill
from the if-only-there-were-something-more-monolithic-to-blame dept.
from the if-only-there-were-something-more-monolithic-to-blame dept.
Securityemo writes "The Register is running an article about a new method to bypass antivirus software, discovered by Matousec. By sending benign code to the antivirus driver hooks, and switching it out for malicious code at the last moment, the antivirus can be completely bypassed. This attack is apparently much more reliable on multi-core systems. Here's the original research paper."
El Reg notes that "The technique works even when Windows is running under an account with limited privileges," but "it requires a large amount of code to be loaded onto the targeted machine, making it impractical for shellcode-based attacks or attacks that rely on speed and stealth. It can also be carried out only when an attacker already has the ability to run a binary on the targeted PC."
AHHHHHHHH (Score:5, Funny)
Everybody turn your PCs off NOW! Why are you still reading?
Joke's on them! (Score:5, Funny)
Anagram? (Score:5, Funny)
"To use Mac"? Hey!
Re:Ubuntu (Score:5, Funny)
Can I call bullshit please? Y'all want to know that "magic secret" as to why even with all that money floating around Linux don't get hacked, and Windows does? Here you go...
Uuuhhhhh....I really hate to burst your reality bubble there, bud, but there is a reason why all the Linux servers aren't getting pwned and the Windows desktops are. It is because they have these things called server admins and they are usually pretty damned smart. They are also really anal retentive when it comes to anything security related. With good reason, after all they are getting paid the big bucks to be. Meet Glenn. Say hi Glenn (I'm busy, go away) not a very social creature, Glenn is a Linux server admin. He spends most of his time on security websites and learning about the latest nasty when he isn't testing a new tweak on the test server to see if he can get an extra .05% performance under load. In his free time he enjoys black hat conferences, which his employer is happy to pay him to attend.
Now we are going to meet an average Windows desktop user. Meet Velma. say hi Velma (Hi Y'all!) isn't she sweet? Little Velma works at the local insurance agency. They love her there because she can take one look at a customer and without looking up a shred of paperwork say something like this "Hi Bob! How's your oldest girl? You know she's about ready to get her learner's permit so I've already looked up the most affordable coverage for her. Does she have really good grades? She can get an extra discount if she does" and so on. Little Velma is really good at generating sales. She is sweet and friendly and always knows your name and remembers all about your family. Everybody loves little Velma.
/cue ominous music/......But we here in the PC business have a nickname for little Velma, one that she don't know about but is well earned it is....the disaster area! Dum dum dum! That is because little Velma is the trusting kind of sort, and on a computer that equals danger. Let's watch as little Velma interacts with her friendly neighborhood PC repairman, a big but lovable biker looking chap known on the net as hairyfeet.../feet/Now Velma, we have talked about this. you shouldn't mess with email attachments, I don't care who they are from. And if it is a .zip that you have to put a password to open it is a virus and you shouldn't touch it! /Velma/ But my bff Kim sent me this! See there is her name and everything! I'm sure it will be safe! /feet/Velma look, it is an executable and NOT happy puppy pictures! Do NOT run that! /Velma/ Oh, you worry too much. My bff Kim wouldn't send me anything bad. (inputs password, runs .exe, porn popups start flooding the screen while the network gets pounded) ooops. /feet/ ....... [roflposters.com]
And now you have seen an actual demonstration of why Linux is safe on servers. It is safe on servers because it is administered by guys like Glenn, say goodbye Glenn (I'm busy!) and does NOT have any Velma types mucking it up. Say goodbye Velma (Bye Y'all!). If you were to let Velma and all her friends loose on Linux if they didn't break them immediately they would become spambots in no time. It is because the malware writers have already figured out how to use a sinister concept called social engineering to target Velma and her types VERY effectively. Glenn isn't very social (Bite Me!) and is a naturally cynical creature and therefor social engineering really isn't an effective tool on his type. This is why Linux can enjoy the freedom to operate on some many servers across America without the constant malware like poor Velma gets. Tune in next week when we meet Bob, the Windows network admin, also known as the "where the hell is the damned disk?" guy.
Re:Ubuntu (Score:1, Funny)
First: my Nvidia 7600GO stopped working, reinstalled the drivers.. no joy, whent to the irc help channel, noone responded. looked through the forums, found a few others with similar problems, but no solutions.
gah, so i reinstalled ubuntu. Shit worked now!
Then wifi suddenly started toggling on and off.. no help from forums or irc
after a whole day of use, with no problems, screen started flickering... GAH.. reboot doesnt help, i boot to windows see if the problems there aswell, nope. works great in windows!
I uninstalled the piece of shit OS, 3 major issues in 3 days.
4 years of windows on the same machine, without any reason to reinstall the OS. ( i upgraded from XP->Vista->Windows 7 ).
Im not a ms chill, i really wanted to like ubuntu.
PS Windows 7 is faster ( after boot ) then Ubuntu... with Aero on.
Re:Ubuntu (Score:2, Funny)
And if Velma's desktop were set up properly, with her having a non-administrative account and the home partition mounted non-executable? Oh right, she wouldn't be able to run the malware.
Re:Ubuntu (Score:5, Funny)