10. May 2010 · Comments Off on New attack bypasses all tested anti-virus products · Categories: Innovation, Malware, Research · Tags:

Researchers at matousec.com, a security research and consulting group, released a paper describing a vulnerability in the way that anti-virus vendors integrate their products with Windows – System Service Descriptor Table (SSDT). They also built code that exploits this vulnerability which enables them to bypass these anti-virus programs. The Register has a good summary.

My first reaction is "so what?" Anti-virus programs have become almost irrelevant as the primary attack vector has shifted to browser-based applications. On the other hand, this vulnerability could lead to a resurgence of more direct viruses.

Second, how and how quickly will Microsoft and the anti-virus vendors react? 

Third, what are the implications for Intel's vPro technology?

Fourth, is there an anti-virus vendor out there that does not use SSDT to integrate with Windows?