Author Topic: Does Avast know about the SSDT hooking problem from Matousec latest news  (Read 4395 times)

0 Members and 1 Guest are viewing this topic.

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v24.3.6108 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

doktornotor

  • Guest
Yeah, huge earthquake Haiti-style, Matousec got 'em all... the world ends now.  ::)

Frankly, fed up with this type of yellow journalism. Has nothing to do with serious security research, and has nothing to do with good journalistic style either. Nor it brings anything new on the table, this is no discovery at all. If you read Hoglund, Butler - Rootkits: Subverting the Windows Kernel published 6 years ago, they tell you how to write rootkits that evade HIPS. They tell you about these hooks and other stuff and all. But that "this paper does not disclose our solutions of the problem" - read: gimme money and I'll tell you t3h ultimate secret" is not part of that book. See, that's a serious research, not publishing similar sensationalist crap. Funny enough, "t3h ultimate Matousec's secret" about 4 years ago was to use kernel-mode hooks (not usermode hooks) when he published similar piece of "research" paper in ~2007.

He's been "well-known" for another "masterpiece" - the infamous security challenge which made most of leading vendors develop "features" solely for passing Matousec "tests". As a result of that, it's very hard to get a standalone commercial firewall product these days, they all bundle various HIPS nonsense under different names and flood users w/ popups. A trained monkey could pass the "challenge" as well if you give it an app that will trigger an alert on every test (remember, the "test suite" requires you to block all the stuff, so... everything is considered harmful there). Just keep hitting the monkey w/ 220V shock everytime it presses Allow instead of Deny button and it's gonna get 100% score  :P His latest move here - Matousec refused to test DefenseWall b/c (to quote the lead developer) - "DefenseWall does not comply with this statement:
'This means that it allows its users to control selected actions of applications.'" See, you must flood users with junky pop-ups, otherwise there's no security according to Matousec. Products that protect you silently and therefore are PEBKAC-error-resistant are not good enough. Sure, the average secretary that's sitting there 8 hours a day 5 days a week typing into Word and producing Powerpoint presentations  will definitely know how to properly answer endless popups about SSDT hooking, direct disk access etc.  ;D

Shrug. This guy has lost all his credibility long time ago, similar junk can't make it much more worse.
« Last Edit: May 06, 2010, 02:53:06 PM by doktornotor »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Matousec is not independent. It's paid for that. Will you trust it?
The best things in life are free.