Breaking AV Software

Nikos751

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
977
venustus said:
Hi Nikos!
Kaspersky is one of the few products to have a very good exploit prevention technology embedded in it!
ASLR is used heavily by Kaspersky!But Kaspersky also has it's own unique technology in preventing exploits very efficiently!

Take a look at this technical article:
https://www.securelist.com/en/analysis/204792303/Filling_a_BlackHole
"The Automatic Exploit Prevention engine relies heavily on Address Space Layout Randomization, or ASLR. Many malware packages rely on finding vulnerable data at specific memory addresses where such data is customarily stored. ASLR randomly shifts such data around in RAM, thwarting malware’s attempt to find it. Kasperky claims that Automatic Exploit Prevention blocked the BlackHole exploit pack 100 percent of the time. That kit drives 95 percent of phishing exploits, according to company. Kasperky is the first security firm to include ASLR in its products for Windows 7. It’s already in iOS, Android, and will be included in Windows 8."

Regards:)
Click to expand...
Interesting! ..the tester in the article refers to 2 library files only so Kaspersky is probably one of the few. Which is the others?
 
  • Like
Reactions: Venustus
Venustus

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Nikos751 said:
Interesting! ..the tester in the article refers to 2 library files only so Kaspersky is probably one of the few. Which is the others?
Click to expand...
To be honest Nikos I don't know the answer to that question!
However, Kaspersky was the "first" to implement such technology!
Thanks!:)

You can take a look at this report from MRG regarding exploit prevention:
http://www.mrg-effitas.com/wp-content/uploads/2012/06/MRG-Effitas-Exploit-Prevention-Test2.pdf

ed-emkfbxxjamijeetjkkup.jpg


Regards!
 
  • Like
Reactions: Nikos751
Nikos751

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
977
  • Like
Reactions: Venustus
Littlebits

Littlebits

Retired Staff
May 3, 2011
3,893
All security products run at the Software Level on Windows and have vulnerabilities wherever they are known or unknown.
They all can be exploited if some hacker puts time and effort into finding ways to bypass them.

That is why UAC still offers better protection since it runs at the Windows kernel level above all software.

So the more software you have installed including security software, then more vulnerable you will make your system to be exploited.
Each installed software opens a gate to be exploited. But the best thing is UAC can block software level exploits. HIPS, sandboxing or even virtualization can be bypassed more easily.

On Windows 8, Windows Defender also runs at Windows Kernel level making it harder to bypass compared to third-party security products.
But MSE just runs at software level like the rest of the security products.

Enjoy!! :D
 
  • Like
Reactions: Jaspion, Nikos751, Venustus and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
Security News Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack
Replies
0
Views
317
Security News
Gandalf_The_Grey
Gandalf_The_Grey
GoodMeasure
    • Like
Serious Discussion Which AV from a privacy respecting perspective ??
Replies
29
Views
1,837
General Security Discussions
Sandbox Breaker - DFIR
Sandbox Breaker - DFIR
Gandalf_The_Grey
    • Like
    • Thanks
AV-Comparatives AV-C Survey 2025
Replies
6
Views
1,353
Security Statistics and Reports
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top