0
images/news/windows.jpgMicrosoft Security Essentials (MSE), the software giant's free antimalware solution, is one of the few products that is not affected by the recently rediscovered method for disabling security software on Windows. MSE does not use SSDT hooks, so its real-time protection cannot be disabled via this method.
When the report was first published, we noticed that MSE was not on the list of affected products and contacted Microsoft for clarification. "Microsoft is aware of research published by Matousec and we are investigating the issue," a Microsoft spokesperson told Ars. "Based on available information, we do not believe our products are affected due to the design of our real-time protection. We are working to confirm this."
“Microsoft has worked directly with Matousec to confirm that Microsoft Security Essentials and Forefront Client Security products are not affected by their KHOBE research due to the design of our real-time protection,” a Microsoft spokesperson eventually followed up with.
Microsoft insists that security companies avoid using kernel patches in their software. It would be therefore rather hypocritical of Microsoft to use such hooks. Furthermore, self-defense techniques, which are usually implemented using hooks, are not common part of Microsoft's solutions. It's worth noting that Microsoft listened to security vendors and in Windows Vista and Windows 7 implemented several new documented methods to let products include self-defense mechanisms. Unfortunately, there is nothing forcing vendors to use these new methods as their old hooking-based protection still works in new versions of Windows.
This is why the list of products affected is so lengthy. Matousec is continuing to update the list, and at the time of publishing, there were 35 vulnerable products. This is another big win for MSE, which has received very positive feedback ever since its release.
ArsTechnica
When the report was first published, we noticed that MSE was not on the list of affected products and contacted Microsoft for clarification. "Microsoft is aware of research published by Matousec and we are investigating the issue," a Microsoft spokesperson told Ars. "Based on available information, we do not believe our products are affected due to the design of our real-time protection. We are working to confirm this."
“Microsoft has worked directly with Matousec to confirm that Microsoft Security Essentials and Forefront Client Security products are not affected by their KHOBE research due to the design of our real-time protection,” a Microsoft spokesperson eventually followed up with.
Microsoft insists that security companies avoid using kernel patches in their software. It would be therefore rather hypocritical of Microsoft to use such hooks. Furthermore, self-defense techniques, which are usually implemented using hooks, are not common part of Microsoft's solutions. It's worth noting that Microsoft listened to security vendors and in Windows Vista and Windows 7 implemented several new documented methods to let products include self-defense mechanisms. Unfortunately, there is nothing forcing vendors to use these new methods as their old hooking-based protection still works in new versions of Windows.
This is why the list of products affected is so lengthy. Matousec is continuing to update the list, and at the time of publishing, there were 35 vulnerable products. This is another big win for MSE, which has received very positive feedback ever since its release.
ArsTechnica
