NEWS FROM THE LAB - Monday, May 10, 2010

KHOBE Not So High On The Richter Scale Posted by Mikko @ 14:07 GMT

Researchers at Matousec have announced a new vulnerability that affects several Internet security products. This is generating some media coverage: see "New attack bypasses virtually all AV protection" in The Register.

This is a serious issue and Matousec's technical findings are correct. However, this attack does not "break" all antivirus systems forever. Far from it.

First of all, any malware that we detect by our antivirus will still be blocked, just like it always was.

So the issue only affects new, unknown malware that we do not have signature detection for.

To protect our customers against such unknown malware, we have several layers of sensors and generic detection engines. Matousec's discovery is able to bypass only a few of these sensors.

We believe our multi-layer approach will provide sufficient protection level even if malicious code were to attempt use of Matousec's technique.

And if we would see such an attack, we would simply add signature detection for it, stopping it in its tracks. We haven't seen any attacks using this technique in the wild.

In a nutshell: We believe in defense in depth.