The latest news that has been creating a lot of hysteria in the antivirus market is a new proof of concept virus or exploit that is essentially undetectable by all current 2010 antivirus programs including Norton 360 2010 and even McAfee Internet Security. The exploit discovered by matousec.com targets the software that’s suppose to protect us, antivirus and firewall software.  

Background:

    Whenever one installs a firewall software on Vista or Windows 7 a user is alerted to a Windows UAC prompt to allow the firewall to install a driver.  The driver allows the firewall to first integrate into the operating system’s kernel and stand in between the internet connection thereby allowing the firewall to regulate connections (block or allow).  Microsoft has released guidelines on how to write efficient and safe drivers but almost all antivirus vendors have ignored them.  Now a rouge software can access the driver through an exploit and completely bypass all current antivirus security checks to run a myriad of attacks against a host computer.  Take a look at the opening screenshot for this section it includes only a handful of the currently vulnerable internet security suites.

    While I find the actual article hard to understand (its written for expert programmers), it’s clear that the industry needs to beef up security across the board.  Unfortunately, there is no current patch or update for this type of attack.  Users will need to pressure antivirus companies to patch their software in their 2011 versions.  A simple update seems like it will not solve this vulnerability and antivirus vendors will need to completely rewrite their software. In the mean time one can only hope that this type of attack doesn’t become more mainstream as there no fix as of May 12, 2010. In the mean time, be on the extra vigilance for suspicious attachments and non necessary websites.