SOS consultant quoted on ZDNet in relation to anti-virus vulnerability

Windows hole can cripple antivirus

It has been found that researchers have developed a way to attack desktops by bypassing a majority of antivirus software running on Windows. Popular products offered by McAfee, Trend Micro, AVG and Sophos have been identified as susceptible to the exploit.

The attack, avoids detection by antivirus software running on Windows via deploying benign code which passes the antivirus software’s signature detections and then switching that code with a piece of malicious code.

“It relies on a critical timing component. The code can’t be switched too early or too late. Switched too early, it won’t pass the security check, too late and it won’t work.

However, a user would need to click on an infected file in order to be vulnerable to this exploit, as it requires a binary to be run on the system. Users who have higher end systems, running multiple cores, are more vulnerable to the attack because multiple, parallel processes can be used to switch benign code running on one process with malicious code running on another one.

Due to the severity of such an attack, it could shut down a desktop’s antivirus software, rendering it useless. In addition to executing malicious code, the attacker can also terminate processes without administrator or privileged access. This could be used to terminate or disable antivirus on a system.

To learn more on this issue, have a read of the article in ZDNet in relation to anti-virus vulnerability, where our SOS consultant has been quoted.