Attacking Antivirus presented at BlueHat 2008

by Sowhat (Nevis Labs ),

Tags: Security

Summary : This is perhaps the first comprehensive presentation that combines two important topics: how to exploit antivirus software, and how to audit it. People have indeed talked about antivirus security before; however, talks have either been from the reverse engineering point of view, or they have failed to mention exploitations and tended to lack technical detail.
This talk will concentrate on: why antivirus security is critical; why antivirus software is full of holes; what are the ways in which attackers can exploit antivirus vulnerabilities; how to audit antivirus software; and what exactly the vendors, researchers, and end-users should do. This talk will also seriously question the security of "security products": AV, firewall, IPS, IDS, etc.
Sowhat says: "I hope the developers can learn something from my presentation and know how to make Forefront and Antigen more secure than the other antivirus software."