Breaking AV Software

Nikos751

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
969
venustus said:
Hi Nikos!
Kaspersky is one of the few products to have a very good exploit prevention technology embedded in it!
ASLR is used heavily by Kaspersky!But Kaspersky also has it's own unique technology in preventing exploits very efficiently!

Take a look at this technical article:
https://www.securelist.com/en/analysis/204792303/Filling_a_BlackHole
"The Automatic Exploit Prevention engine relies heavily on Address Space Layout Randomization, or ASLR. Many malware packages rely on finding vulnerable data at specific memory addresses where such data is customarily stored. ASLR randomly shifts such data around in RAM, thwarting malware’s attempt to find it. Kasperky claims that Automatic Exploit Prevention blocked the BlackHole exploit pack 100 percent of the time. That kit drives 95 percent of phishing exploits, according to company. Kasperky is the first security firm to include ASLR in its products for Windows 7. It’s already in iOS, Android, and will be included in Windows 8."

Regards:)
Click to expand...
Interesting! ..the tester in the article refers to 2 library files only so Kaspersky is probably one of the few. Which is the others?
 
  • Like
Reactions: Venustus
Venustus

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Nikos751 said:
Interesting! ..the tester in the article refers to 2 library files only so Kaspersky is probably one of the few. Which is the others?
Click to expand...
To be honest Nikos I don't know the answer to that question!
However, Kaspersky was the "first" to implement such technology!
Thanks!:)

You can take a look at this report from MRG regarding exploit prevention:
http://www.mrg-effitas.com/wp-content/uploads/2012/06/MRG-Effitas-Exploit-Prevention-Test2.pdf

ed-emkfbxxjamijeetjkkup.jpg


Regards!
 
  • Like
Reactions: Nikos751
Nikos751

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
969
  • Like
Reactions: Venustus
Littlebits

Littlebits

Retired Staff
May 3, 2011
3,893
All security products run at the Software Level on Windows and have vulnerabilities wherever they are known or unknown.
They all can be exploited if some hacker puts time and effort into finding ways to bypass them.

That is why UAC still offers better protection since it runs at the Windows kernel level above all software.

So the more software you have installed including security software, then more vulnerable you will make your system to be exploited.
Each installed software opens a gate to be exploited. But the best thing is UAC can block software level exploits. HIPS, sandboxing or even virtualization can be bypassed more easily.

On Windows 8, Windows Defender also runs at Windows Kernel level making it harder to bypass compared to third-party security products.
But MSE just runs at software level like the rest of the security products.

Enjoy!! :D
 
  • Like
Reactions: Jaspion, Nikos751, Venustus and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
Security News Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024
Replies
0
Views
1,137
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News Omni Hotels experiencing nationwide IT outage since Friday
Replies
0
Views
1,153
Security News
Gandalf_The_Grey
Gandalf_The_Grey
MuzzMelbourne
    • Like
    • +Reputation
CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security
Replies
1
Views
813
News Archive
Zero Knowledge
Z

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top