Does Avast know about the SSDT hooking problem from Matousec latest news

Hi all,

Just like to check if Avast know about the SSDT hooking problem from Matousec latest news http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php#table-of-vulnerable-software

Table of vulnerable software: http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php#table-of-vulnerable-software

Ta.

Yeah, huge earthquake Haiti-style, Matousec got 'em all… the world ends now. ::slight_smile:

Frankly, fed up with this type of yellow journalism. Has nothing to do with serious security research, and has nothing to do with good journalistic style either. Nor it brings anything new on the table, this is no discovery at all. If you read Hoglund, Butler - Rootkits: Subverting the Windows Kernel published 6 years ago, they tell you how to write rootkits that evade HIPS. They tell you about these hooks and other stuff and all. But that “this paper does not disclose our solutions of the problem” - read: gimme money and I’ll tell you t3h ultimate secret" is not part of that book. See, that’s a serious research, not publishing similar sensationalist crap. Funny enough, “t3h ultimate Matousec’s secret” about 4 years ago was to use kernel-mode hooks (not usermode hooks) when he published similar piece of “research” paper in ~2007.

He’s been “well-known” for another “masterpiece” - the infamous security challenge which made most of leading vendors develop “features” solely for passing Matousec “tests”. As a result of that, it’s very hard to get a standalone commercial firewall product these days, they all bundle various HIPS nonsense under different names and flood users w/ popups. A trained monkey could pass the “challenge” as well if you give it an app that will trigger an alert on every test (remember, the “test suite” requires you to block all the stuff, so… everything is considered harmful there). Just keep hitting the monkey w/ 220V shock everytime it presses Allow instead of Deny button and it’s gonna get 100% score :stuck_out_tongue: His latest move here - Matousec refused to test DefenseWall b/c (to quote the lead developer) - “DefenseWall does not comply with this statement:
‘This means that it allows its users to control selected actions of applications.’” See, you must flood users with junky pop-ups, otherwise there’s no security according to Matousec. Products that protect you silently and therefore are PEBKAC-error-resistant are not good enough. Sure, the average secretary that’s sitting there 8 hours a day 5 days a week typing into Word and producing Powerpoint presentations will definitely know how to properly answer endless popups about SSDT hooking, direct disk access etc. ;D

Shrug. This guy has lost all his credibility long time ago, similar junk can’t make it much more worse.

Matousec is not independent. It’s paid for that. Will you trust it?