Posts tagged Intrusion prevention system
MSE (Microsoft Windows Essential) , Microsoft’s free antimalware solution, has been getting positive feedback ever since its release. Recent developments have given another positive backing to the software over other vendors. It has been shown that MSE is one of the few antimalware softwares not affected by the recently discovered method for disabling security software on windows. This has come as a major positive for MSe when other vendors are struggling to prove that their software is not affected too.
Recent research report published by Matousec revealed a list of affected products which could be attacked by KHOBE technique. This list included many of the famous Windows security softwares. MSE was not present on this list. Microsoft reveals that their product is not affected by the recent attack technique due to the design of their real time protection system.
MSE does not use SSDT hooks, which is used by many security softwares, so its real time protection can not be disabled by this method. As per the research, only the softwares using the hooking technique are vulnerable to this attack. Only some antivirus products implement hooks but many antivirus products do not use hooks at all.As told by Matousec spokesperson ” The major group of software that is affected are not antivirus products but HIPS [Host Intrusion Prevention System] software, behavior blockers, various Internet Security Suites with host protection features etc.”
Usually the security softwares implement self defense techniques using hooks, but they are not part of the Microsoft’s solutions. As the hooking mechanism still works with newer versions of Windows, vendors prefer to stick with the older hooking mechanism. Microsoft, on the other hand, had used the newer methods to enable self defense mechanisms. Thus MSE is considered to be safe from such attacks.
The list at the time of publishing had 35 vulnerable products and Matousec is continuously updating the list. This has been a major boost for MSE, which shows that their approach at developing the security software was positive and better than many of the other vendors. This adds to the positive user feedback MSE has received till now.
[via : arstechnica]