Overblown IMHO - the example is talking about loading bad kernel code - you need to be an admin to do that - on x64 systems the bad driver would have to be signed - the AV system should have picked up the bad code being placed onto the system prior to anyone executing it - I don't see how this bypasses signature based detection. It would only, potentially, bypass some kind of "HIPS" based protection.
Cheers Ken -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Monday, 10 May 2010 12:41 PM To: NT System Admin Issues Subject: Life just keeps getting better.... How to bypass almost all AV software http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php Including VIPRE, and all of the big names that I can think of. It takes a bit of effort, but it will probably be commodified shortly, I expect. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
