Basic Lessons

Example of PC Vulnerability, and Why Important

Leave a comment

One of the magic rules of security is to presume that the bad guys think differently than you do. (That may be what makes them bad guys.) Hopefully, they won’t think that entering the locked portion of a facility is such a good idea, and messing with your system is just to worthy of being caught.

 

But if you are paying attention, there are constantly new updates to Adobe Reader, and most of them are to plug security problems. Same with Firefox. Same with many other common programs. And if your desk computer isn’t updated, and if some blackhat figures a way to put a worm into a pdf file that will only affect a Unix machine…like that server over there…it might not trigger your virus checker. But it could get placed onto the server.

Be a professional. Stay updated. Stay aware of updates. Stay aware of what a virus or trojan horse could do. If you can’t tell your sister’s friend what the difference is between a virus and a trojan horse, learn some more.

Meanwhile, think abou the implications of a story like this, and how someone (who doesn’t think like you) could take advantage of it….to your detriment. 

Matousec has discovered a relatively simple loophole that could leave Windows PCs vulnerable to malicious code, with all commercial anti-virus packages powerless to prevent it.

By Martin James, 10 May 2010 at 11:33

Security analyst firm Matousec claims it has revealed a vulnerability in Windows PCs that could leave mainstream security software all but powerless to prevent an attack.

The flaw exploits the way anti-virus packages use System Service Descriptor Table (SSDT) hooks to access the Windows kernel. Because of the inability of multi-core systems to track threads running on other processing cores, a simple bait-and-switch attack stands no chance of being detected if the timing is right.

Once an anti-virus program is satisfied a given piece of code poses no threat, it will give the code the green light to be executed. However, at this point there is a short window where the innocent code can be replaced by malicious code without the security software being any the wiser.

Read the rest of this lesson at:

Researchers find way to bypass all Windows security software

Leave a Reply