Bypassing defences - when old tricks work in Windows 7 presented at Virus Bulletin 2010

by Zarestel Ferrer (Ca - hcl),

Tags: Security


Summary : "
The Windows operating system offers security features designed to improve a user's experience and protection from digital
threats. Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), PatchGuard, Windows File Protection
(WFP), User Account Control (UAC) and BitLocker Drive Encryption are some of the security features implemented in modern
Microsoft Windows operating systems. Many of these security improvements are driven by known attacks.
It is apparent that attackers will continously update and improve their offensive capabilities to bypass these security
defences. Some attackers simply 'turn off' the feature, while others takes the challenge of completely evading these
features. This paper will discuss and highlight known malware families that have been observed bypassing and taking
advantage of the weaknesses of Windows security features. It seeks to explore and discover how today's malware employs
this technique and as we take a look at Windows 7, we will investigate how security features are countering attacks.
The detection strategies and tools to identify such behaviour will also be presented.