still works on all avast processes and infact was able to kill it off entirely, except for one process, the aswupdsv.exe, which successfully resisted it.
However, an updating process isn’t much good if the antivirus itself isn’t running.
Also, I know you said you were working on kernel protection, but the Kernel kill method still is working as well (I realize this is a lot harder to protect against).
However, I think at least the crash method should be looked into some more
Of course, this will take some time as explained in your other post.
It's not possible to fix now, I suppose that will have to stay vulnerable then...kind of worries me.
Why is it not possible?
Because it’s not a “fix” - it means programming quite a lot of new features.
Building a reasonable HIPS is not something doable in a week (or month). So, it will take some time.
Quote from: AverageJoe on 26-06-2008, 11:08:55
Show me a video of a system where Kaspersky is installed before any malware is present on the machine and then show me the driver being able to terminate it…I highly doubt that will happen.
You don’t get it.
I am not going to create any videos or program any killing drivers; drivers in Windows run on ring-0 - they have all the access they want, so they can do anything the hardware supports. That’s a fact, based on Windows / Intel architecture. So, no matter how much you doubt it, it is possible to do.
I’m pretty sure that the same method could be used to kill processes from many A/V softwares. Not just an Avast failure.
I hope the programmers could drop a word here…
If there is possible method to kill avast and it was not addressed, seems it will have side-effects worse than the cure…