Immunet Protects Against New Attack Method That Outsmarts Desktop AVs
Thursday, May 20, 2010 at 5:46AM | Immunet Team Last week, researchers at Matousec.com revealed a new attack technique that traditional desktop AntiVirus products can’t defend against . But Matousec has confirmed that Immunet Protect is the only AntiVirus product that can protect against the vector.
According to ComputerWorld’s Gregg Keizer, this is how it works:
…attackers could exploit the kernel driver hooks that most security software use to reroute Windows system calls through their software to check for potential malicious code before it's able to execute.
What this boils down to is, a hacker can trick a computer into accepting a benign code but then swap out this code for a malicious one just before execution. ComputerWorld asked Al Huger, VP of engineering at Immunet, for his thoughts on the gravity of this new method. Huger responded:
"This is definitely very serious," said Alfred Huger, vice president of engineering at Immunet, a Palo Alto, Calif.-based antivirus company. "Probably any security product running on Windows XP can be exploited this way." Huger added that Immunet's desktop client is not vulnerable to the argument-switch attacks because the company's software uses a different method to hook into the Windows kernel.
Vulnerabilities like this highlight the necessity for added protection. It’s simply not enough to depend on traditional AntiVirus products to protect against all threats. Taking the recommended layered approach is the only surefire way to protect against the plethora of known threats – as well as the ominous unknown dangers. If you know someone who could benefit from Immunet, pass along this post or send them information on downloading Immunet.
AntiVirus, Matousec, cloud antivirus