New Desktop security threat


Recently some researcher found that by using system Kernel SSDT (System Service Descriptor Tables) it would be possible to bypass/stop the antivirus and Security SW on desktop PC. This means new attacks on Desk Top PC:s are anticipated shortly.

Researcher showed that attack pattern called the argument-switch attack which shows that common implementations of kernel mode hooks are not secure. This attack represents serious threat because many security software vendors base their security features on hooking. We tested the most widely used security applications and found out that all of them are vulnerable. 

The following well-known antivirus SW are among the VULNERABLE security SW.

avast! Internet Security 5.0.462
AVG Internet Security 9.0.791
CA Internet Security Suite Plus 2010
ESET Smart Security
F-Secure Internet Security 2010 10.00 build 246
Kaspersky Internet Security 2010
McAfee Total Protection 2010 10.0.580
Norman Security Suite PRO 8.0
Norton Internet Security 2010
Panda Internet Security 2010 15.01.00
Sophos Endpoint Security and Control 9.0.5
Trend Micro Internet Security Pro 2010 17.50.1647.0000
ZoneAlarm Extreme Security 9.1.507.000

The research was done on Windows XP Service Pack 3 , Windows Vista Service Pack 1 on 32-bit hardware. However, it is valid for all Windows versions including Windows 7. Even the 64-bit platform is not a limitation for the attack.

Make sure that your antivirus SW would be able to handle this new threat!

Click here if you are interested to read more.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s