Announcement

Collapse

Attention! Please read before posting news!

We at Rage3D require that news posts be formatted in a particular way, so before you begin contributing to the front page, we ask that you study the Rage3D News Formatting Guide first.

Thanks for reading!
See more
See less

Microsoft Security Essentials Not Vulnerable to Kernel Hook Attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Flyordie
    replied
    Originally posted by gamefoo21 View Post


    I use the MSSE on this machine, and it's soon to get put onto the others.

    Oh and since the article and the source go through great pains to avoid linking to the table of naughty security software...






    I bet the Avast and Avira fanboys are sweatin bullets right now...

    As an AVAST user, not really. AVAST Corporate Edition when used on a remote server (Single host server for AV, which acts as a scanning hub for 100+ PCs) it also acts as a real-time TCP/UDP/ect.. scanner for any traffic that comes in. Whats great, is it is not allowed to write to the HDD of that machine except for updates for the VDB.

    So, Home Users of AVAST, you can worry. Corporate Edition owners, not so much.

    Leave a comment:


  • EfrainMan
    replied
    How would malware use this vulnerability? I mean, what would a person have to do to get something happen to them? Is it as simple as visiting a site, or do I have to download something like a noob?
    Last edited by EfrainMan; May 13, 2010, 08:50 PM.

    Leave a comment:


  • Dr. Zhivago
    replied
    Where do you get way sub 90%? On VB100 for April they missed 1 from the wild list and have been awarded the VB100 before. I've seen McAfee and Norton fail over and over and over in real life. They ALWAYS get high scores on these so-called tests.

    Ever since switching all my clients to one of the free AV's out there like Avast or AVG and now MSE, I never get calls from them because they have virii. Granted, nothing is 100% fail-safe, but from my experience, MSE does a great job. It saved my butt yesterday and I was at a totally legit site that had been compromised.

    Leave a comment:


  • caveman-jim
    replied
    Originally posted by daPhoenix View Post
    With way sub-90% detection rate even on top 100, you might as well be not running anything at all and be 'protected' just as well.
    If you were offered a treatment that offered sub 90% chance of preventing a fatal disease, wouldn't you take it? Which if most effective is topic of worthy discussion, and seeing as there is a free, low-resource option that has at least one unique advantage over the competition it seems obvious to include it in any shortlist.

    Leave a comment:


  • daPhoenix
    replied
    With way sub-90% detection rate even on top 100, you might as well be not running anything at all and be 'protected' just as well.

    Leave a comment:


  • gamefoo21
    replied


    I use the MSSE on this machine, and it's soon to get put onto the others.

    Oh and since the article and the source go through great pains to avoid linking to the table of naughty security software...

    3D EQSecure Professional Edition 4.2 VULNERABLE
    avast! Internet Security 5.0.462 VULNERABLE
    AVG Internet Security 9.0.791 VULNERABLE
    Avira Premium Security Suite 10.0.0.536 VULNERABLE
    BitDefender Total Security 2010 13.0.20.347 VULNERABLE
    Blink Professional 4.6.1 VULNERABLE
    CA Internet Security Suite Plus 2010 6.0.0.272 VULNERABLE
    Comodo Internet Security Free 4.0.138377.779 VULNERABLE
    DefenseWall Personal Firewall 3.00 VULNERABLE
    Dr.Web Security Space Pro 6.0.0.03100 VULNERABLE
    ESET Smart Security 4.2.35.3 VULNERABLE
    F-Secure Internet Security 2010 10.00 build 246 VULNERABLE
    G DATA TotalCare 2010 VULNERABLE
    Kaspersky Internet Security 2010 9.0.0.736 VULNERABLE
    KingSoft Personal Firewall 9 Plus 2009.05.07.70 VULNERABLE
    Malware Defender 2.6.0 VULNERABLE
    McAfee Total Protection 2010 10.0.580 VULNERABLE
    Norman Security Suite PRO 8.0 VULNERABLE
    Norton Internet Security 2010 17.5.0.127 VULNERABLE
    Online Armor Premium 4.0.0.35 VULNERABLE
    Online Solutions Security Suite 1.5.14905.0 VULNERABLE
    Outpost Security Suite Pro 6.7.3.3063.452.0726 VULNERABLE
    Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION VULNERABLE
    Panda Internet Security 2010 15.01.00 VULNERABLE
    PC Tools Firewall Plus 6.0.0.88 VULNERABLE
    PrivateFirewall 7.0.20.37 VULNERABLE
    Security Shield 2010 13.0.16.313 VULNERABLE
    Sophos Endpoint Security and Control 9.0.5 VULNERABLE
    ThreatFire 4.7.0.17 VULNERABLE
    Trend Micro Internet Security Pro 2010 17.50.1647.0000 VULNERABLE
    Vba32 Personal 3.12.12.4 VULNERABLE
    VIPRE Antivirus Premium 4.0.3272 VULNERABLE
    VirusBuster Internet Security Suite 3.2 VULNERABLE
    Webroot Internet Security Essentials 6.1.0.145 VULNERABLE
    ZoneAlarm Extreme Security 9.1.507.000 VULNERABLE



    I bet the Avast and Avira fanboys are sweatin bullets right now...
    Last edited by gamefoo21; May 13, 2010, 12:45 PM.

    Leave a comment:


  • Dr. Zhivago
    replied
    MSSE FTMFW!

    Good article.

    Forwarding this to lots of people.

    Leave a comment:


  • Microsoft Security Essentials Not Vulnerable to Kernel Hook Attack

    Remember when Microsoft, Symantec and McAfee went at it because Microsoft wouldn't let them have kernel access for their Anti-Virus software? This was why:

    Microsoft Security Essentials (MSE), the software giant's free antimalware solution, is one of the few products that is not affected by the recently rediscovered method for disabling security software on Windows. MSE does not use SSDT hooks, so its real-time protection cannot be disabled via this method.

    When the report was first published, we noticed that MSE was not on the list of affected products and contacted Microsoft for clarification. "Microsoft is aware of research published by Matousec and we are investigating the issue," a Microsoft spokesperson told Ars. "Based on available information, we do not believe our products are affected due to the design of our real-time protection. We are working to confirm this."

    Microsoft said someone would get back to us, but we figured it would be quicker to go straight to the source. "As we assumed, MSE does not implement any hooks and hence it can not be attacked by KHOBE technique," a Matousec spokesperson told Ars. "It might be confusing when you read various media comments on KHOBE research that mention that all antivirus products are vulnerable, but they miss the most important thing, which is that only software that implements hooking can be vulnerable. Only some antivirus products implement hooks but many antivirus products do not use hooks at all. The major group of software that is affected are not antivirus products but HIPS [Host Intrusion Prevention System] software, behavior blockers, various Internet Security Suites with host protection features etc."

    Update: “Microsoft has worked directly with Matousec to confirm that Microsoft Security Essentials and Forefront Client Security products are not affected by their KHOBE research due to the design of our real-time protection,” a Microsoft spokesperson eventually followed up with.

    Microsoft insists that security companies avoid using kernel patches in their software. It would be therefore rather hypocritical of Microsoft to use such hooks. Furthermore, self-defense techniques, which are usually implemented using hooks, are not common part of Microsoft's solutions. It's worth noting that Microsoft listened to security vendors and in Windows Vista and Windows 7 implemented several new documented methods to let products include self-defense mechanisms. Unfortunately, there is nothing forcing vendors to use these new methods as their old hooking-based protection still works in new versions of Windows.

    This is why the list of products affected is so lengthy. Matousec is continuing to update the list, and at the time of publishing, there were 35 vulnerable products. This is another big win for MSE, which has received very positive feedback ever since its release.


    Source - Ars Technica
    Last edited by Android1; May 13, 2010, 09:50 AM.
Working...
X