Every Windows Anti-Virus program is exploitable
by admin on May.12, 2010, under Security
Every single one as far as the researchers can tell. The crack is pretty neat too.
It uses the hooks that are embedded in the windows kernel used by all windows anti virus programs (as far as they are aware), to trick the machine into executing malicious code by first presenting the system with some legitimate code and then once that has been security assured by the machine, swaps it for for some nasties.
The actual research paper is here
Now watch the panic as windows security product vendors desperately try to release a fix before the hacker community builds some in the wild exploits and releases them.
What’s way more interesting though is the poll on matousec’s website up there which questions whether Vendors should pay researchers when they discover exploits such as these. After all, this is vaulable information and will cost the vendors a fortune to rectify, paying a researcher to delay his announcements could take a lot of the heat off them. If we get even more paranoid, the researcher could approach one vendor and say they can have a heads up on the exploit but their competitors won’t. Once the exploit is made public the paper could say that the only vendor who is not vulnerable is ‘SECULOCK’ or whatever thus raising the reputation of that company as well as boosting sales.
May 12th, 2010 on 1:31 pm
When I don my tinfoil hat the AV thing always smells of blackmail and corruption, who’s releasing the viruses, whos finding the flaws and profiting from them?
Why don’t MS and Seculock have decent researchers on staff?