Multicore CPUs move attack from theoretical to practical

jmke · 11th May 2010, 16:49

The Matousec researchers found that common software tools, including Norton Internet Security 2010, McAfee Total Protection 2010, and Trend Micro Internet Security Pro all had flaws that allowed attackers to bypass the protections that these programs offer. The malicious software can do this without even having to run as an Administrator.

The common feature of the vulnerable software is that it patches the Windows kernel to enable it to intercept certain operations like opening files or killing processes, a process called hooking. Windows lists all these functions in a table, the System Service Descriptor Table (SSDT), with each function having a number specifying its position in the table. To call a kernel function from nonkernel—user-mode—software, Windows essentially tells the processor to switch into kernel mode and call the function with the desired number. By overwriting entries in the table, the security software can intercept function calls.

http://arstechnica.com/security/news...ca mpaign=rss

jmke · 11th May 2010, 16:49

combine AV + Spyware and you can keep the PC clean if you insist on running programs from unknown sources

11th May 2010, 16:49	#1
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 79,022	Multicore CPUs move attack from theoretical to practical The Matousec researchers found that common software tools, including Norton Internet Security 2010, McAfee Total Protection 2010, and Trend Micro Internet Security Pro all had flaws that allowed attackers to bypass the protections that these programs offer. The malicious software can do this without even having to run as an Administrator. The common feature of the vulnerable software is that it patches the Windows kernel to enable it to intercept certain operations like opening files or killing processes, a process called hooking. Windows lists all these functions in a table, the System Service Descriptor Table (SSDT), with each function having a number specifying its position in the table. To call a kernel function from nonkernel—user-mode—software, Windows essentially tells the processor to switch into kernel mode and call the function with the desired number. By overwriting entries in the table, the security software can intercept function calls. http://arstechnica.com/security/news...ca mpaign=rss __________________

11th May 2010, 16:49	#2
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 79,022	combine AV + Spyware and you can keep the PC clean if you insist on running programs from unknown sources __________________

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
QPI Unlocked on recent Intel Core i7 920 and 940 CPUs	jmke	WebNews	4	7th March 2009 09:37
Noctua presents NH-U12P SE1366 for Intel Core i7 CPUs	jmke	WebNews	0	12th November 2008 21:46
Athlon 64 X2 3800+ 35w and X2 4600+ 65w Low Power Usage CPUs tested	jmke	WebNews	0	13th July 2006 11:27
DDOS Attack on Webhosting - Priorweb	jmke	WebNews	3	21st December 2005 15:17
INFO: Keyboard shortcuts	jmke	FAQ / INFO / HOW-TO	3	3rd November 2003 15:32