Microsoft: MSE safe from Windows kernel hook attack

    Microsoft: MSE safe from Windows kernel hook attack


    Posted: 13 May 2010
    Microsoft: MSE safe from Windows kernel hook attack

    Microsoft Security Essentials (MSE), the software giant's free antimalware solution, is one of the few products that is not affected by the recently rediscovered method for disabling security software on Windows. MSE does not use SSDT hooks, so its real-time protection cannot be disabled via this method.
    When the report was first published, we noticed that MSE was not on the list of affected products and contacted Microsoft for clarification. "Microsoft is aware of research published by Matousec and we are investigating the issue," a Microsoft spokesperson told Ars. "Based on available information, we do not believe our products are affected due to the design of our real-time protection. We are working to confirm this."
    Source: Microsoft: MSE safe from Windows kernel hook attack


    ~Lordbob
    Lordbob75's Avatar Posted By: Lordbob75
    13 May 2010



  2. IggyAZ
    Posts : 846
    Windows 10 Pro
       New #1

    What you mean MS Security Essentials does something better than all the rest of the Antivirus software.
    I'm sure this will not reach the national media.
    And I'm sure the lovers of all those other antivirus software won't say a word how really good MS Security Essentials reallt is.....
    I just love MSE.
      My Computer
    Quote Quote

  4. seekermeister
    Posts : 6,618
    W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
       New #2

    From what I read here:

    New Attack Bypasses Anti-Malware Protection [Update] - Security Watch

    MSE may be unique in this respect, but unless I have a problem, I'm not going to use it.
      My Computer
    Quote Quote

  5. Phone Man
    Posts : 2,686
    Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
       New #3

    seekermeister said:
    From what I read here:

    New Attack Bypasses Anti-Malware Protection [Update] - Security Watch

    MSE may be unique in this respect, but unless I have a problem, I'm not going to use it.
    From reading the above article it seems that 64bit systems were not tested and because MS uses Patch Guard on 64bit systems to prevent kernel hooks this attack probably wont work on 64bit systems. Thats was one of the main reasons I chose Win 7 64bit instead of the 32bit version.

    Jim
      My Computer
    Quote Quote

  7. baarod
    Posts : 1,519
    El Capitan / Windows 10
       New #4

    seekermeister said:
    From what I read here:

    New Attack Bypasses Anti-Malware Protection [Update] - Security Watch

    MSE may be unique in this respect, but unless I have a problem, I'm not going to use it.
    Not unique. McAfee, Norton and Kaspersky all patch the kernel like crazy under x86. Under x64 the are supposed to use the new APIs because of PatchGuard. According to Wikipedia "Antivirus software made by competitors ESET,[17] Trend Micro,[18] Grisoft AVG,[19] and Sophos does not patch the kernel."

    This information is somewhat specious because we're not sure which versions we're talking about and whether these lists are inclusive.

    Either way MSE is easily the most compatible with 7 and it's performance is only getting better.
      My Computer
    Quote Quote

  8. johnwillyums
    Posts : 4,663
    Windows 7 Home Premium 64 bit
       New #5

    IggyAZ said:
    What you mean MS Security Essentials does something better than all the rest of the Antivirus software.
    I'm sure this will not reach the national media.
    And I'm sure the lovers of all those other antivirus software won't say a word how really good MS Security Essentials reallt is.....
    I just love MSE.
    Agreed. I was sceptical but now I'm sold on MSE:)
      My Computer
    Quote Quote

  9. MattRainier
    Posts : 238
    7 Ultimate x64, Vista Ultimate x64, 7 Pro x64, XP Pro x86, Linux Mint Nadia Cinnamon
       New #6

    Aha, another reason never to give up my MSE.
      My Computer
    Quote Quote

  11. Thorsen
    Posts : 3,300
    Win7 Home Premium 64x
       New #7

    good to know. I had been wondering about this for a few days since that other article had been posted. thanks Lordbob75
      My Computer
    Quote Quote

  12. KazeNoKoe23
    Posts : 554
    Windows 7 Professional x64 SP1
       New #8

    Thank God I chose MSE for my anti-malware solution on my netbook.
      My Computer
    Quote Quote

  13. Lordbob75
    Posts : 6,885
    Windows 7 Ultimate x64, Mint 9
    Thread Starter
       New #9

    Thorsen said:
    good to know. I had been wondering about this for a few days since that other article had been posted. thanks Lordbob75
    No problem. There are not always follow up articles, but in this case there was.
    There is a follow up to another one, with a rather sadder ending.

    ~Lordbob
      My Computer
    Quote Quote

 

  Related Discussions
Read more at: Microsoft Urges Users to Shut Down Windows Gadgets or Risk Attack | PCWorld If you wish to disable Gadgets, then see: https://www.sevenforums.com/tutorials/3674-gadgets-enable-disable.html
More - New Windows kernel mode flaw points to future attack vectors
Microsoft downplays Windows BitLocker attack threat: Microsoft dismissed recently-disclosed threats to its BitLocker disk-encryption technology as "relatively low risk," noting that attackers must not only have physical access to a targeted PC, but must manipulate the machine two separate times. ...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 12:18.
Find Us