Multicore CPUs move attack from theoretical to practical
The Matousec researchers found that common software tools, including Norton Internet Security 2010, McAfee Total Protection 2010, and Trend Micro Internet Security Pro all had flaws that allowed attackers to bypass the protections that these programs offer. The malicious software can do this without even having to run as an Administrator.
The common feature of the vulnerable software is that it patches the Windows kernel to enable it to intercept certain operations like opening files or killing processes, a process called hooking. Windows lists all these functions in a table, the System Service Descriptor Table (SSDT), with each function having a number specifying its position in the table. To call a kernel function from nonkernel—user-mode—software, Windows essentially tells the processor to switch into kernel mode and call the function with the desired number. By overwriting entries in the table, the security software can intercept function calls.
combine AV + Spyware and you can keep the PC clean if you insist on running programs from unknown sources
|All times are GMT +1. The time now is 08:51.|
Powered by vBulletin® - Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO