Researchers spot widespread antivirus flaw

Report details technique for bypassing some protections offered by Windows security software, including programs from McAfee and Trend Micro.

by Matthew Broersma May 11, 2010 8:53 AM PDT

Security research firm Matousec has published details of a technique for bypassing some of the protections offered by widely used Windows security software, including programs from McAfee and Trend Micro.

However, the attack has serious limitations, including the requirement that the attacker must already have the ability to execute code on a system, Matousec acknowledged. That means the method would have to be used in combination with another attack vector, or employed by an attacker with local access to a system.

The method, called an argument-switch attack, can be used against Windows security programs that use a technique called System Service Descriptor Table (SSDT) hooking. All of the 35 applications tested by Matousec featured this technique, including products from BitDefender, F-Secure, Kaspersky, and Sophos, as well as McAfee and Trend Micro.

Read more of "Attack defeats 'most' antivirus software" at ZDNet UK.

Don't Miss

Another idea for Apple's rumored TV: An 'iDevice'
Apple
Here comes Yahoo's own Web browser -- Axis
Internet & Media
The secret of how to live at AOL (pictures)
Slideshow
Review: Is new Cyber-shot the top compact camera?
Review

Apple Byte

Is 4 inches big enough?...for the iPhone

Size matters in the smartphone world, and new parts hint at a 4-inch iPhone and iPod Touch. Also this week, IBM's not a fan of Siri, and get jamming on the gTar.

Play Video

Researchers spot widespread antivirus flaw

Don't Miss

Featured Posts

Most Popular

About Security & Privacy

RSS

my Yahoo

Google

MSN

CNET Mobile Apps