New attack tactic sidesteps Windows security software

'Very serious' says one antivirus exec, especially for Windows XP users

By , Computerworld |  Windows, antivirus

Matousec claimed that 64-bit versions of Windows boasting PatchGuard could be vulnerable in some instances. "[This] will work against all user mode hooks and it will also work against the kernel mode hooks if they are installed, for example, after disabling PatchGuard," Matousec's paper stated.

Microsoft did not immediately reply to a request for comment on Matousec's claim.

Other problems security vendors face in blocking argument-switch attacks could arise if or when they release updates, argued Huger. "Kernel driver programming is pretty tricky," he said. "Redeployment [of updates] will complicate things. Any vendor nervy enough to put out new kernel drivers will have to do a pretty significant gut check. If something goes wrong, millions of machines could be blue-screened."

Huger pointed to the recent fiasco with a faulty McAfee signature update that crashed thousands of PCs running the company's security software as an example. "Enterprises would be very reticent to update because of the risk," he said.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security hardware and software in Computerworld's Security Hardware and Software Knowledge Center.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness