RealTime IT News

Firm Finds Flaws in Popular Antivirus Software

The antivirus software offered by nearly three dozen top security firms might not be so secure after all, according to new research from Matousec.

The security researcher ran the software offerings of 35 firms through its KHOBE testing engine, finding that it could penetrate them using what's known as an argument-switch attack with relative ease.

That vulnerability could enable hackers to infiltrate PCs and other Windows-based devices with vast amounts of malicious code, leading Matousec to conclude that the most widely used security software applications simply don't work very well.

eSecurity Planet has the story on Matousec's latest research.


The security software offerings of 35 of the world's leading vendors can be compromised by something called an argument-switch attack that would allow a virtually limitless amount of malicious code to infiltrate Windows-based PCs and devices, according to a .

The so-called argument switch attack, which Matousec researchers also refer to as a KHOBE attack -- short for Kernel Hook Bypassing Engine -- is especially effective against user mode and kernel mode hooks. Essentially, these are considered direct code modifications made by security software programmers building security apps.

Matousec's KHOBE testing engine had little trouble infiltrating this vulnerability for some 35 popular security software applications using a technique called System Service Descriptor Table (SSDT) hooking, including those made by the likes of McAfee (NYSE: MFE), Symantec (NASDAQ: SYMC) Sophos, Panda Security and BitDefender.

Read the full story at eSecurity Planet:
Security Firm Finds Gaps in Popular AV Software