2013
DOI: 10.1002/spe.2197
|View full text |Cite
|
Sign up to set email alerts
|

Antivirus security: naked during updates

Abstract: SUMMARYThe security of modern computer systems heavily depends on security tools, especially on antivirus software solutions. In the anti‐malware research community, development of techniques for evading detection by antivirus software is an active research area. This has led to malware that can bypass or subvert antivirus software. The common strategies deployed include the use of obfuscated code and staged malware whose first instance (usually installer such as dropper and downloader) is not detected by the … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
19
0

Year Published

2014
2014
2021
2021

Publication Types

Select...
3
2
2

Relationship

3
4

Authors

Journals

citations
Cited by 23 publications
(20 citation statements)
references
References 17 publications
0
19
0
Order By: Relevance
“…Byungho et al have discovered that a core component of Avira can be paused during an update, which leads to a total compromise of Avira; full details can be found in their work [22]. To summarise, Avira's Real-Time Protection service is restarted on some updates.…”
Section: Aviramentioning
confidence: 96%
See 1 more Smart Citation
“…Byungho et al have discovered that a core component of Avira can be paused during an update, which leads to a total compromise of Avira; full details can be found in their work [22]. To summarise, Avira's Real-Time Protection service is restarted on some updates.…”
Section: Aviramentioning
confidence: 96%
“…For example, a service and a couple of drivers are in charge of selfprotection in Avira AntiVirus 2013 product line [22]. RealTime Protection service is crucial in Avira's self-protection mechanism, because it provides real-time protection not only to the system (such as on-access detection of malware), but also to itself (self-protection such as prevention of unauthorised alteration on Avira's processes, files, and registry keys).…”
Section: Self-protection Of Anti-virusmentioning
confidence: 99%
“…Chari et al discussed unsafe component resolution on Unix, and proposed a mechanism to prevent such unsafe resolutions by detecting modifications to path names by untrusted users on the system [25]. Min et al showed that replacing protected software component of anti-virus solutions is possible [21]. They explored major anti-virus vendors such as Symantec, McAfee, AVG, and Avira, and successfully compromised antivirus solutions during their update.…”
Section: A File-based Attack Techniquesmentioning
confidence: 99%
“…Similarly, new files cannot be added to the AVG folder. Therefore, it is much harder to replace or modify AVG's files [21].…”
Section: ) Anti-virus (Avg's Case)mentioning
confidence: 99%
“…Self‐protection feature is usually implemented with one or more kernel‐mode drivers and Windows services. For example, a service and a couple of drivers are in charge of self‐protection in AVIRA ANTIVIRUS 2013 (Avira, Tettnang, Germany) product line . Real‐Time Protection service is crucial in Avira's self‐protection mechanism, because it provides real‐time protection not only to the system (such as on‐access detection of malware) but also to itself (self‐protection such as prevention of unauthorised alteration on Avira's processes, files, and registry keys).…”
Section: Introductionmentioning
confidence: 99%