Hooked on a feeling!

Matousec have found a number of vulnerabilities in implementations of SSDT (System Service Descriptor Table) hooks in many different products.  It’s incredible that proffesional developers of products based on Windows didn’t read the Common Driver Reliability Issues paper published/updated by Microsoft on May 5, 2003. Then we all will be surprised when a rootkit based on this bad not responsible implementation will break the defenses of a goverment or a big company.

Here you are the tested vulnerable software:

     * BlackICE PC Protection 3.6.cqn
     * G DATA InternetSecurity 2007
     * Ghost Security Suite beta 1.110 and alpha 1.200
     * Kaspersky Internet Security
     * Norton Internet Security 2008
     * Online Armor Personal Firewall
     * Outpost Firewall Pro 4.0.1025.7828
     * Privatefirewall
     * Process Monitor 1.22
     * ProcessGuard 3.410
     * ProSecurity 1.40 Beta 2
     * RegMon 7.04
     * ZoneAlarm Pro 7.0.362.000
     * probably other versions of above mentioned software
     * possibly many other software products that implement SSDT hooks

Not vulnerable software:

     * Comodo Personal Firewall
     * Daemon Tools Lite 4.10 X86
     * Sunbelt Personal Firewall 4.5.916.0

More details in:

Security drivers problem