Interesting! ..the tester in the article refers to 2 library files only so Kaspersky is probably one of the few. Which is the others?Hi Nikos!
Kaspersky is one of the few products to have a very good exploit prevention technology embedded in it!
ASLR is used heavily by Kaspersky!But Kaspersky also has it's own unique technology in preventing exploits very efficiently!
Take a look at this technical article:
https://www.securelist.com/en/analysis/204792303/Filling_a_BlackHole
"The Automatic Exploit Prevention engine relies heavily on Address Space Layout Randomization, or ASLR. Many malware packages rely on finding vulnerable data at specific memory addresses where such data is customarily stored. ASLR randomly shifts such data around in RAM, thwarting malware’s attempt to find it. Kasperky claims that Automatic Exploit Prevention blocked the BlackHole exploit pack 100 percent of the time. That kit drives 95 percent of phishing exploits, according to company. Kasperky is the first security firm to include ASLR in its products for Windows 7. It’s already in iOS, Android, and will be included in Windows 8."
Regards
Breaking AV Software
- Thread starter Petrovic
- Start date
To be honest Nikos I don't know the answer to that question!
However, Kaspersky was the "first" to implement such technology!
Thanks!
You can take a look at this report from MRG regarding exploit prevention:
http://www.mrg-effitas.com/wp-content/uploads/2012/06/MRG-Effitas-Exploit-Prevention-Test2.pdf
Regards!
Interesting graph! I 've also seen somewhere else, a similar test where Kaspersky is also on top, and Avast is 2nd.To be honest Nikos I don't know the answer to that question!
However, Kaspersky was the "first" to implement such technology!
Thanks!
You can take a look at this report from MRG regarding exploit prevention:
http://www.mrg-effitas.com/wp-content/uploads/2012/06/MRG-Effitas-Exploit-Prevention-Test2.pdf
Regards!
All security products run at the Software Level on Windows and have vulnerabilities wherever they are known or unknown.
They all can be exploited if some hacker puts time and effort into finding ways to bypass them.
That is why UAC still offers better protection since it runs at the Windows kernel level above all software.
So the more software you have installed including security software, then more vulnerable you will make your system to be exploited.
Each installed software opens a gate to be exploited. But the best thing is UAC can block software level exploits. HIPS, sandboxing or even virtualization can be bypassed more easily.
On Windows 8, Windows Defender also runs at Windows Kernel level making it harder to bypass compared to third-party security products.
But MSE just runs at software level like the rest of the security products.
Enjoy!!
They all can be exploited if some hacker puts time and effort into finding ways to bypass them.
That is why UAC still offers better protection since it runs at the Windows kernel level above all software.
So the more software you have installed including security software, then more vulnerable you will make your system to be exploited.
Each installed software opens a gate to be exploited. But the best thing is UAC can block software level exploits. HIPS, sandboxing or even virtualization can be bypassed more easily.
On Windows 8, Windows Defender also runs at Windows Kernel level making it harder to bypass compared to third-party security products.
But MSE just runs at software level like the rest of the security products.
Enjoy!!
You may also like...
-
-
Hackers Exploiting PDF24 App to Deploy Stealthy PDFSIDER Backdoor- Started by Brownie2019
- Replies: 1
-
-
-
Phishing Breaks More Defenses Than Ever. Here’s the Fix
- Started by Brownie2019
- Replies: 1