Linked by David Adams on Sun 9th May 2010 03:54 UTC
Bugs & Viruses According to The Register, "Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender. The method, developed by software security researchers at matousec.com, works by exploiting the driver hooks the anti-virus programs bury deep inside the Windows operating system. In essence, it works by sending them a sample of benign code that passes their security checks and then, before it's executed, swaps it out with a malicious payload."
Permalink for comment 423489
To read all comments associated with this story, please click here.
PlatformAgnostic
Member since:
2006-01-02

I don't know the extent of the hooking on 32-bit in those products (though I have seen some funny bits of code in crashdumps that were apparently known hooks of AV software).

On 64-bit, NT has taken active measures to discourage hooking, and I haven't encountered anything so far. As far as I undertstand it, MSE does not interact with the OS in an undocumented way.

Reply Parent Score: 2