“Yes, you read that right – every Windows security product tested,” Kingsley-Hughes reports. “And the list is both huge and sobering.”
“The attack, called KHOBE (Kernel HOok Bypassing Engine), leverages a Windows module called the System Service Descriptor Table, or SSDT, which is hooked up to the Windows kernel,” Kingsley-Hughes reports. “Unfortunately, SSDT is utilized by antivirus software.”
Kingsley-Hughes reports, “Oh, and don’t think that just because you are running as a standard user that you’re safe, you’re not. This attack doesn’t need admin rights.”
Full article here.
MacDailyNews Take: Life’s too short. Stop wasting your time. Stop stressing out. Get a Mac.
[Updated: 1:04pm EDT: Added XP in headline and XP info in first quoted paragraph. Thanks “Islandgirl for the heads up]
Poor poor saps.
Bloodbath!
Sent from my iPhone 3GS
This is music to the ears of IT professionals everywhere. not only does it make them necessary in the Windows world, it gives them another excuse to consolidate power; “It’s dangerous out there!”
It’s going to be slow going, but over the next 10 years I believe Windows will eventually be rooted out and eradicated, kind of like Small Pox.
Running Windows is like parking you brand new BMW on a dark street in the ghetto, leaving the windows open, the keys in the ignition, and then walking away.
Why do I think Windows 8 will again follow the Apple OS model and cut ties with backwards compatibility?
Shouldn’t some legal eagle begin a class action suit against M$ for having a monopoly on virus, trojans and malware? Inquiring minds want to know!
Hahaha, using SSDT, brilliant!
Only last weekend I finished reading Richard Clarke’s “Cyber War”, which deals with threats to our very vulnerable cyber-infrastructure. He notes some actual government initiated events and some of the very realistic potential scenarios we may be facing.
He touches on the role played by Windows of course in that overall vulnerability. He also relates Microsoft resistance to pressure to take security more seriously, as over banking security.
You neglected to point out it’s XP only, but still ain’t good…Geez XP is as easy to break open as a $3 lock, eh?
SSDT is not far away from STD
Just sayin’
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
Yea, well, some poor saps (like a friend of mine) will never get it. He just bought a 15″ ThinkPad for $630 at Best Buy. The 13″ MacBook Pro costs $1100. He felt he couldn’t justify the extra cost. Just wait till he’s infected and loses everything. I tried to warn him, but that kind of price difference was just too hard to fight.
@zeke – well said!
My standard retort to those who scream that Apple’s OS will soon be as riddled with malware as Windows follows:
Mac OS is not impregnable. There are currently several Trojans which can be downloaded and run on a Mac. They have to be actively downloaded and run by the user.
Having said that, OS X is a version of UNIX, which was designed to be networked, unlike Windows, which was designed to be stand-alone. Windows has massive holes and spaghetti code where all sorts of malware can run without the user knowing.
In UNIX, nothing can run unless it’s been approved to run by an administrator. Also, every piece of software resides in a library, and there are a limited number of them. There’s really not much room to hide; if the virus is not running on the Admin account, very little damage can be done. Read more about that here: http://daringfireball.net/2004/06/broken_windows
Additionally, Macs are virtually invisible on the internet right out of the box. Even without a firewall on, you are essentially in “stealth mode,” so Macs are safer from crap that’s out there being passed around. “… by default, OS X doesn’t leave many ports open. In contrast, most versions of Windows ship with a bunch of open ports, which is one reason that operating system is a riper target for malicious hackers. And while Leopard leaves open more ports than earlier versions of Mac OS X, so far there have been no known attacks on those default services.” http://www.macworld.com/article/132558/2008/03/connect2504.html
Because Macs are hard to crack, and Windows is easy, the goons target Windows. But that doesn’t mean they haven’t tried. Read about the “Hack-my-Mac” challenge here: http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=181502078
To anyone who uses the illogical argument that the Mac is only malware free because of so little market share, “So? It doesn’t matter what the reason is. Macs are safer. Period.”
Oops. Tried to defeat my own points. Should have concluded with, “So? It doesn’t matter if it’s market share or the reasons I’ve listed. Macs are safer. Period.”
How come no one is talking about Apple Tax anymore? Because it was all BS!!!! This is the real deal. Windows guaranteed TAX that keeps pulling money out of your ass for buying into Windows!!! hahahaha
Re: The Microsoft Tax: New attack bypasses every Windows security product tested; Macintosh unaffected
The linked article says this affects Windows XP, only, not Vista or Windows 7.
In the interest of accuracy and fairness, I’ve emailed MDN asking that be made clear in the headline and take.
I no longer feel pitty for these idiots. By now everyone knows about the superiority of OSX.
So if they choose to be jackasses, so be it.
Let Darwin sort them out. Long live the master race. ;o
In the article, a quote from Paul Ducklin the Sophos Head of Technology:
The fuss about Khobe is in my opinion unwarranted, and the claims that it “bypasses virtually all anti-virus software” is scaremongering.”
Sophos accusing anybody of scaremongering is an irony I am incapable of describing. Except to say that it’s ironic.
Probably created by Microsoft to find a way to get all those XP users to upgrade. Hopefully, many will wake up and turn to Mac.
I remember this story from (Physics Nobel Prize Laureate) Richard Feynman. While working on the bomb at Los Alamos, they had lockable file cabinets. One specific model had a lockable drawer — except that one could slide out the drawer above or below, and then reach in and grab the files from the locked drawer.
Windows XP is like these cabinets. Adding security software to it is adding just another lock on the drawer, but that doesn’t help when the drawer is open to its neighbors.
@ MDN,
Let me update your headline again,
Microsoft and PC Manufacturers pay a security company to code an XP only exploit that drives users to buy new PC’s with Windows 7.
Ballmer says, “It’s our best scam ever!”
Well, except that… From Matousec’s page:
“The research was done on Windows XP Service Pack 3 and Windows Vista Service Pack 1 on 32-bit hardware. However, it is valid for all Windows versions including Windows 7. Even the 64-bit platform is not a limitation for the attack. It will work there against all user mode hooks and it will also work against the kernel mode hooks if they are installed, for example after disabling the PatchGuard.”
Did I miss something?
“Iwonder
Probably created by Microsoft to find a way to get all those XP users to upgrade. Hopefully, many will wake up and turn to Mac.”
Or at least DC their windows comp from the internet/keep it for offline games.