Attack bypasses EVERY Windows security

http://www.stormfront.org/forum/t708332/

New attack bypasses EVERY Windows security product

Security researchers at Matousec.com have come up with an ingenious attack that can bypass every Windows security product tested and allow malicious code to make its way to your system.

Yes, you read that right - every Windows security product tested. And the list is both huge and sobering:

* 3D EQSecure Professional Edition 4.2
* avast! Internet Security 5.0.462
* AVG Internet Security 9.0.791
* Avira Premium Security Suite 10.0.0.536
* BitDefender Total Security 2010 13.0.20.347
* Blink Professional 4.6.1
* CA Internet Security Suite Plus 2010 6.0.0.272
* Comodo Internet Security Free 4.0.138377.779
* DefenseWall Personal Firewall 3.00
* Dr.Web Security Space Pro 6.0.0.03100
* ESET Smart Security 4.2.35.3
* F-Secure Internet Security 2010 10.00 build 246
* G DATA TotalCare 2010
* Kaspersky Internet Security 2010 9.0.0.736
* KingSoft Personal Firewall 9 Plus 2009.05.07.70
* Malware Defender 2.6.0
* McAfee Total Protection 2010 10.0.580
* Norman Security Suite PRO 8.0
* Norton Internet Security 2010 17.5.0.127
* Online Armor Premium 4.0.0.35
* Online Solutions Security Suite 1.5.14905.0
* Outpost Security Suite Pro 6.7.3.3063.452.0726
* Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION
* Panda Internet Security 2010 15.01.00
* PC Tools Firewall Plus 6.0.0.88
* PrivateFirewall 7.0.20.37
* Security Shield 2010 13.0.16.313
* Sophos Endpoint Security and Control 9.0.5
* ThreatFire 4.7.0.17
* Trend Micro Internet Security Pro 2010 17.50.1647.0000
* Vba32 Personal 3.12.12.4
* VIPRE Antivirus Premium 4.0.3272
* VirusBuster Internet Security Suite 3.2
* Webroot Internet Security Essentials 6.1.0.145
* ZoneAlarm Extreme Security 9.1.507.000
* probably other versions of above mentioned software
* possibly many other software products that use kernel hooks to implement security features

[...]More at link

These things are easy to make. "security software" is usually signature or heuristics based. A few better one have code emulators. There are fullproof ways to bypass any of those methods (signature - different code or code randomization/obfuscation/morphing/virtualization, heuristics - undocumented API calls, hook bypassing by making kernel API calls directly (works on everything, except AVs with kernel-mode hooks, but MS made those problemtic with patchguard on vista/win7 x64. a kernel-mode driver can bypass those with kernel-mode hooks as well ), some heuristics mark applications safe if certain kinds of API calls are made (like graphical APIs), some malware do this, other methods are injecting code in trusted service processes and running one's process as a foreign thread, emulation - a combination of the methods described before this, combined with sleep/delay calls would make emulation beak in realtime, as AV engines usually place time limits on total running/emulated time.

Mousetec's discovery just discusses a less known class of vulnerabilities which can be used to bypass AVs, but there are already known methods for doing this which no AV can do anything about without making major improvements in their engines.

It was also mathemathically proven that it's impossible to make an antivirus which can detect new viruses which have never been seen before with a 100% certainty.

The real solution to security is to not run code which you have not personally verified yourself(either if you have the source code, or you have reverse engineered the binaries to deem them reasonably safe) and not run that code without isolation (in case someone finds a way to exploit it).