Crackers Evolve to Dodge Anti-Virus Software in Windows

Dr. Roy Schestowitz

2010-05-08 18:52:33 UTC
Modified: 2010-05-08 18:52:33 UTC

Summary: A fully 'protected' and patched Windows installation cannot be secured due to new tricks and hidden vulnerabilities that Microsoft conceals from the public

A FEW days ago we wrote about Joanna Rutkowska's observations and mentioned her firm's use of GNU/Linux. Yesterday we found this article from The Register, which speaks about anti-virus software being ineffective in the face of a new pattern of attacks.

Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender.

Ghabuntu recommends Ubuntu GNU/Linux as a preventive measure and also argues that:

It is a very serious issue which can have a devastating consequence in the lives of a lot of people. However, there is still hope. The research did not make any mention of this anti-virus as being such an easy to evade guard.

Anti-virus software has been useless for quite some time. Authoritative figures spoke about these issues for years and McAfee went as far as doing more harm than good last month.

According to several independent sources, about one in two Windows PCs is a zombie PC and Microsoft carries on lying about the number of vulnerabilities/patches in order to give the illusion that things are improving when it fact they never did. Microsoft is just lying about its patches, as before. Anti-virus software can't do anything about it and here in Techrights we opine that the public has the right to know the truth. ⬆

Comments

Yuhong Bao

2010-05-13 01:50:00

The attack is on SSDT hooking, which MS and others has been warning against for years and even tried to prevent via PatchGuard in x64 versions of Windows. The Nynaeve blog by Ken Johnson, a Windows kernel-mode expert who joined MS after this was written, has an example of a buggy SSDT hook that has security problems: http://www.nynaeve.net/?p=210

The Register is Desperate for Money, According to The Register: I decided to check how they're doing as a business
Some Cola Formulas Aren't Secret, But the Barrier is the Branding: That's the power of the channel/distribution, marketing, and brand recognition (accomplished through endless marketing)
Tesla's Debt More Than Doubled in 2 Years and the Company Will Operate in the Red (at a Loss) Quite Soon: If your first-quarter net income is $409 million and you borrow billions from banks, plus interest to pay on those loans, then you're not far from returning to losses
On "Tragedy of the Commons in the Production of Digital Artifacts": There's a better way to do things. None of that should involve GAFAM.
Gemini Links 05/08/2025: Opel Zoo near Frankfurt and Alhena 5.2.5: Links for the day
The Inflammatory Influence of Social Control Media Giants: CPC's ByteDance says it's cool
Microsoft v Planet Earth: Is Microsoft profitable?
IRC Turns 37: Internet Relay Chat (short: IRC), which started in 1988, turns 37 this month
Shortly After a Microsofter Took Over The Register as Editor in Chief Microsoft Tim (Tim Anderson) is Back and It's Still Microsoft Propaganda, Sometimes Funded by Microsoft: Notice his focus
Stricter Enforcement of Worker Adjustment and Retraining Notification (WARN) Act is Sorely Needed: Who's keeping track anyway?
Calling Plagiarism "Intelligence" is Pure Genius, Brilliance!: One thing to "like" (or dislike) about LLMs is how they're falsely marketed using various buzzwords
Geminispace Promises Simplicity But Also Provides a "bunch of forums that get flood-filled by agitation against the very essence of Gemini itself": claims of stagnation in Geminispace started because of a person who spent a long time agitating against GNU/Linux as well
Zimbabweans Aren't Into Windows or Microsoft: This cannot be good news for GAFAM
Microsoft's Washington Layoffs Aren't Everything, They're Definitely Not Happening in Just One State in the US: Washington is just more strict with WARN notices
Gemini Links 05/08/2025: Lagrange v1.18.6, No Stagnation in Geminispace, and Fake Coding (Slop): Links for the day
The Register's Editor in Chief (Who Left for Google) Told Me "AI" Was a Bubble, But Now The Register Gets Paid to Participate in Inflating This Bubble: A lot of the online media is a scam
Introducing Mission:Libre and FreeXR (and BreakXR): efforts that accompany the foundations put there by the Free Software Foundation in 1985
Slopwatch: WebProNews, LinuxSecurity, and Some Success Stories: Google News still has a slopfarm issue
Links 05/08/2025: Hey Hi (AI) Passing Fads and GAFAM "Embracing the Military": Links for the day
Links 05/08/2025: Samsung and Microsoft Layoffs: Links for the day
Rumours of Mass Layoffs at Red Hat Next Week (August 11th, 2025): The eleventh means next Monday
IBM is Shutting Down (Piecewise): IBM is basically being liquidated
The Debian Language Police Department (PD): "there has never been complaints about anyone that was offended by this -off package"
When The Register MS Says "Linux Backdoor" It Actually Talks About Malware: The leading story in The Register US/MS this morning is Microsoft
Microsoft Windows Fell to 19% "Market Share" in Montenegro: Microsoft must be well aware of this trend
Why We Also Include Gopher Links in Our Gemini (Protocol) Links: There are still many people who use Gopher to relay their messages (like blog posts). They're mostly technical people.
Shouting is an Indication of a Lack of Convincing Argument: Beware what they are attempting to distract from
Mongolia: Microsoft Windows at All-Time Low: in 2009 when Windows was at 99.45% in Mongolia the company was "worth" less than 200 billion dollars
About a Quarter of Today's "linux" News in Google News Came From One Domain and It's a Slopfarm: Not kidding!
Gemini Links 05/08/2025: Zombie Threat and Switching to NixOS: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, August 04, 2025: IRC logs for Monday, August 04, 2025
ChatGPT in Trouble: Watch out for the newer buzzwords
The Register MS Links to the Wrong statCounter Page: They link to older data
Dr. Andy Farnell Explains How Google Turned From "Librarian" Into "Oracle", Telling Us What to Think Instead of Where to Look: Google was always a lousy librarian
Microsoft Layoffs Continue in August 2025: If Microsoft is doing so well, how come about 10 rounds of layoffs in about 7 months in 2025?
Microsoft and Windows Have Many Back Doors, But LLM Slop Keep Claiming That Linux Has "Backdoor": It's another example of LLM slop as FUD amplifier, via slopfarms as well
In Many Countries Vista 11 Adoption Stalled or Became Negative: Not just because people move to GNU/Linux
Microsofters' Lawyers Are Name-calling and Insulting Microsoft Critics, Even Their Spouses: How not to win arguments
Flagging or Tagging Slop That We Find Online: Right now we use ImageMagick
Links 04/08/2025: Very Bad Weather and Travel Restrictions in China: Links for the day
Gemini Links 04/08/2025: Misiamisia and Mobile Linux: Links for the day
Microsoft's Stock is Like a Religion, Microsoft Goes Into 'Hiding' (From Shareholders): like a religious person or devout believer, the media just parrot anything Microsoft says
Links 04/08/2025: 80 Years Since Last Nuclear War, IPv6 in China: Links for the day
Groklaw Static Site Relaunches With New Theme, But Many Pages and All the Comments Are Missing: We suppose that's still a lot better than the site being offline, as it was for several months
"For Five decades; For freedoms; For all users" (Original EMACS Turns 50 Next Year): Linus Benedict Torvalds was only 6 when EMACS started
In Spain, Microsoft's Search Engine Market Share Fell to 2%: 16 years have passed since Bing was introduced
Protecting GNU/Linux-Centric Journalism From Serial Sloppers: Unoriginal slop is taking away traffic from the people who did all the real work
It Looks Like Managers at Oracle Now Use LLM Slop to Write Blog Posts: Did he cheat by prompting LLMs for mindless text "filler"?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, August 03, 2025: IRC logs for Sunday, August 03, 2025
Gemini Links 04/08/2025: Qubes OS and Curious crypto case of certificates (CCCC): Links for the day
They Tell Us That "Cloud Storage" is Safe and Robust to Incidents Like Fires: Do you have backups? Where are they and who controls them?
"Allowing SDL to default to Wayland caused a number of customer issues so keep the default at X11 for now": 2025 is another year of Wayland ambitions. It's also a year of self-fulfilling prophecies.
In The United Kingdom (UK), Microsoft Search (Bing) Falls to All-Time Low: Grow? What grow??? It's collapsing.
GNU/Linux Reaches 5% in Oman: Some GNU/Linux distros are made in Oman
Google's "AI Mode" is a Pathetic Joke Prematurely Introduced in the UK (Like "Bard", Which Sank the Company's Shares): what Google "thinks" about PCLinuxOS
What the Free Software Foundation Started Four Decades Ago is Becoming Mainstream: "Four decades; Four freedoms; For all users"
Doing a Better Job at Labelling Slop Images: we'll label screenshots that contain slop, typically with red-coloured text overlay
Social Control Media is Out of Style: What's your excuse for wasting time on (or in) it?
Maldives: GNU/Linux at All-Time High, Windows at New Lows: data from statCounter shows a reassuring trend
Efficiency is Good, So Why Won't Governments Cull LLM Companies Using Stronger, Stringent Policies?: Like every bubble that ever existed, including some recent ones, an end will come
The Defunct Site LinuxConfig Has Published a Fake Article About Richard Stallman Using LLM Slop, Which Stallman Calls "Bullshit Generator": Worse yet, it is writing using a "Bullshit Generator" (the term used by Stallman) about Stallman's health
Microsoft Windows Falls to All-Time Lows in Morocco and Algeria: About 70% or even less
StopGenAI in the Cyber Show (C|S): covering a theme that we too covered a lot lately
Gemini Links 03/08/2025: Once-a-Decade Couch Shopping and Blessings in Disguise: Links for the day
Links 03/08/2025: Political Catch-up, Global Warming, and Hunger: Links for the day
Brittany Day Entered LLM Slop Into LinuxSecurity.com and Something Hilarious Happened: The Site is "Exploited": The brainless, effortless copypasta of "slop artists" shows its limits
Links 03/08/2025: Microsoft Exchange 0-day Exploited and Avoidable Nuclear Escalation: Links for the day
Next Month 'New Techrights' Turns Two: Next month, on the fourth week, it'll be 2 years since the migration
Definitely Not a Ponzi Scheme: Bitcoin v Microsoft
Online Safety Act Tries to Accomplish the Impossible: All I can say is, "good luck with that!"
The Electronic Frontier Foundation (EFF) is a Billionaires' Lobby: Billionaires that control tech companies
Microsoft Borrows 3 Billion Dollars Per Month, a Company Truly Worth Trillions Would Not Do This: if Windows (and Office) "market share" fell from about 90% to barely 30%, how come Microsoft is now "valued" at 20 times more?
It's Even Worse Than Microsoft Lunduke Puts It; GNOME is SLAPPing Journalists: In our experience, GNOME is so malicious - some elements of it in particular - that it would launch multiple simultaneous SLAPP campaigns not only against journalists but also their spouses
GNU/Linux Adoption Reaches All-Time Highs in Chile, statCounter Indicates: This month marks 4 years since Vista 11 came out (as a fake "leak") and some surveys still measure its adoption at less than 40%
Slop Will Not Change the World: Some of us grow up sooner and leave that nonsense behind (or altogether avoid/skip it)
Gemini Links 03/08/2025: Nostalgia and TOFU: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, August 02, 2025: IRC logs for Saturday, August 02, 2025

Crackers Evolve to Dodge Anti-Virus Software in Windows

Comments

Recent Techrights' Posts