KHOBE 'vulnerability': is this game over for security software?

Filed Under: Malware, Vulnerability

The last couple of days there have been a lot of headlines in the security press about a report by a firm called Matousec, which claimed that "today's most popular security solutions simply do not work."

The attack method, dubbed KHOBE and described by Matousec researchers as an "8.0 earthquake for desktop security software", describes a potential bypass in the way some parts of some anti-malware products operate on some versions of Microsoft Windows.

KHOBE media headlines

The dramatic headlines might make you think that this is TEOTWAWKI*, but the truth is somewhat different.

Because KHOBE is not really a way that hackers can avoid detection and get their malware installed on your computer. What Matousec describes is a way of "doing something extra" if the bad guys' malicious code manages to get past your anti-virus software in the first place.

In other words, KHOBE is only an issue if anti-virus products such as Sophos (and many others) miss the malware. And that's one of the reasons, of course, why we - and to their credit other vendors - offer a layered approach using a variety of protection technologies.

So, before you hide yourself in the basement and prepare for nuclear winter, make sure you read this excellent piece by Paul Ducklin, which examines and discusses the KHOBE claims in greater detail.

TEOTWAWKI: The End Of The World As We Know It

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.