Anonymous
Unregistered
http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/
Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender.
http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Why are user mode hooks insecure
Frique
Member
Thanks for the heads up, mate. I am glad I run Returnil. I noticed that it is not on the list, not that it means much. I suspect that it is not listed because it does not work the same as A/V, but as a sandbox program. As long as it is on, no changes will be saved to the real hard disk. I know that it has saved me on several occasions. Sometimes from my own stupidity. (read; what happens if I delete this folder?) I will warn any potential users though, it did not play well with Vista for me. (Of course, nothing I have tried plays well with Vista. A few more Vista troubles and I will try Ubuntu.)
I don't think it is worthwhile to give any credit or credibility to matousec so called "research".
Many people have said similar - this is just one blog quoting from the wilders security forums.
http://beranger.org/post/586644902/dont-buy-the-all-the-antivirus-solutions-are
As many have also pointed out - to be vulnerable you would need such to have such an exploit already on your PC installed as a rootkit. With a malicious rootkit on your PC you're pretty much screwed anyway.
The publishing of the Masoutec research is nothing more than a commercial con-job. Selling the findings of someone elses research from about 7 years ago, as something original and scary (and possible only in theory).
Anonymous
Unregistered
http://www.wilderssecurity.com/showpost.php?p=1673813&postcount=75
I put it in for fun if it was bad we know by now as fist found be for 2005
matousec.com are some boy's just out of school some say test's are no good & some say good !!
You must log in to post.
