Researchers spot widespread antivirus flaw

Report details technique for bypassing some protections offered by Windows security software, including programs from McAfee and Trend Micro.

Security research firm Matousec has published details of a technique for bypassing some of the protections offered by widely used Windows security software, including programs from McAfee and Trend Micro.

However, the attack has serious limitations, including the requirement that the attacker must already have the ability to execute code on a system, Matousec acknowledged. That means the method would have to be used in combination with another attack vector, or employed by an attacker with local access to a system.

The method, called an argument-switch attack, can be used against Windows security programs that use a technique called System Service Descriptor Table (SSDT) hooking. All of the 35 applications tested by Matousec featured this technique, including products from BitDefender, F-Secure, Kaspersky, and Sophos, as well as McAfee and Trend Micro.

Read more of "Attack defeats 'most' antivirus software" at ZDNet UK.

About the author
 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Tech industry's high-flying 2014
Uber's tumultuous ups and downs in 2014 (pictures)
The best and worst quotes of 2014 (pictures)
A roomy range from LG (pictures)
This plain GE range has all of the essentials (pictures)
Sony's 'Interview' heard 'round the world (pictures)