http://www.matousec.com/info/articles.php Articles on www.matousec.com http://www.matousec.com/matousec/blog.php?blog=147-Proactive_Security_Challenge_vs._real_malware_ <p><a href="http://www.matousec.com/projects/proactive-security-challenge/">Proactive Security Challenge</a> is a project devoted mostly to testing abilities of security software to protect against actions of malware. Currently, Proactive Security Challenge consists of 148 different tests. Sometimes we hear people arguing that the techniques used in our tests do not correspond with techniques used by the real malware. In order to find out how much Proactive Security Challenge reflects the real world of malware, we have performed the following research. <p class="perex">We have collected a set of 20 malware samples that were not detected by two popular anti-virus engines. This means that downloading these samples to the computer and executing them would be possible even with a fully updated anti-virus installed. Then we have run the samples and analyzed the techniques they used. 2010-11-01T09:00:00Z http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php <p>In September 2007, we have published an article about a great disease that affected tens of Windows security products. The article called <a href="http://www.matousec.com/info/articles/plague-in-security-software-drivers.php">Plague in (security) software drivers</a> revealed awful quality of kernel mode drivers installed by all the major desktop security products for Windows. The revealed problems could cause random system crashes, freezes and in some cases more severe security issues.</p> <p class="perex">Today, we reveal even more serious problem of the Windows desktop security products that can be exploited to bypass a big portion of security features implemented by the affected products. The protection implemented by kernel mode drivers of today's security products can be bypassed effectively by a code running on an unprivileged user account. If you ever heard of SSDT hooks or similar techniques to implement various security features such as products' self-defense, we will show you how to bypass the protection easily. 2010-05-05T09:00:00Z http://www.matousec.com/matousec/blog.php?blog=102-Firewall_engines_connections <p>During the update of our list of personal firewalls and HIPS for Windows we have gained some interesting information about the connections between several products. We have also identified a number of projects that were stopped. 2008-04-26T18:37:32Z http://www.matousec.com/http://www.securityteacher.com/2008/02/26/david-matousek-matousec-transparent-security-shares-his-views-of-internet-security/ <p>David was asked to answer some questions for Security Teacher. If you are interested in his answers to general questions about our group, Internet security and research, just follow the link. 2008-02-26T11:47:17Z http://www.matousec.com/info/articles/plague-in-security-software-drivers.php <p>During our security analyses of personal firewalls and other security-related software that uses SSDT hooking, we found out that many vendors simply do not implement the hooks in a proper way. This allows local Denial of Service by unprivileged users or even privilege escalations exploits to be created. 100% of tested personal firewalls that implement SSDT hooks do or did suffer from this vulnerability! This article reviews the results of our testing and describes how a proper SSDT hook handler should be implemented. We also introduce BSODhook &ndash; a handy tool for every developer that deals with SSDT hooks and a possible cure for the plague in today's Windows drivers world. 2007-09-18T18:00:22Z http://www.matousec.com/info/articles/introduction-firewall-leak-testing.php <p>This article covers the basics of Firewall Leak-testing. If you do not know what leak-tests are, or why your firewall should be able to stop them, we recommend you to read this article. More skilled readers may be interested in the information about leak-testing techniques and/or in the list of currently available leak-testing software with download links. 2006-11-25T16:10:26Z http://www.matousec.com/info/articles/top-five-comparison.php <p>This article is a final report of the first phase of Windows Personal Firewall Analysis project. It is based on our analyses of these five personal firewalls: ZoneAlarm, Kerio, Norton, BlackICE and Outpost. You can find a brief comparison of these products not only from the security point of view in this article. We also mention responses from product vendors and reactions we have received from end users. 2006-10-31T13:15:02Z http://www.matousec.com/matousec/blog.php?blog=24-ICMP-blocking_-bad-idea-or-security-improvement_ <p>Are you invisible to hackers on the Internet? Do your personal firewall hides your computer on the network? Many personal firewalls implement features that hide your computer on the network. You may wonder how this works but have you ever thought about what is this feature good for? 2006-07-19T00:00:00Z