It is currently Fri Jun 22, 2018 10:46 pm

All times are UTC - 5 hours [ DST ]


Register for Windows Forums


New posts Register

Register for Windows Forums now to gain access to: post messages, download free books, competitions for great prizes, and get to know others. Members also see NO ADVERTS. Join today!




 Page 1 of 1 [ 1 post ] 
Message Author
 Post subject: Multicore CPUs move attack from theoretical to practical  Topic is solved
New postPosted: Tue May 11, 2010 1:37 pm 

Ars Technica wrote:
Many of us use software firewalls, virus scanners, and other security software on our PCs. We expect this software to make our computers safer, but some new research suggests that it contains a whole host of exploitable vulnerabilities.

The Matousec researchers found that common software tools, including Norton Internet Security 2010, McAfee Total Protection 2010, and Trend Micro Internet Security Pro all had flaws that allowed attackers to bypass the protections that these programs offer. The malicious software can do this without even having to run as an Administrator.

The common feature of the vulnerable software is that it patches the Windows kernel to enable it to intercept certain operations like opening files or killing processes, a process called hooking. Windows lists all these functions in a table, the System Service Descriptor Table (SSDT), with each function having a number specifying its position in the table. To call a kernel function from nonkernel—user-mode—software, Windows essentially tells the processor to switch into kernel mode and call the function with the desired number. By overwriting entries in the table, the security software can intercept function calls.


More...



_________________
Image
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
User avatar
Site Admin
Site Admin
Windows Guru²
Windows Guru²

Joined: Sat Jun 07, 2008 9:08 am
Posts: 3186
Thanks given: 375 times
Thanks received: 441 times
Location: 0x7C00
OS: 8 RT
 Profile E-mail  
 
Offline
Display posts from previous:  Sort by  
 Page 1 of 1 [ 1 post ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 27 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to: