KHOBE ‘vulnerability’: is this game over for security software?

The last couple of days there have been a lot of headlines in the security press about a report by a firm called Matousec, which claimed that “today’s most popular security solutions simply do not work.”

The attack method, dubbed KHOBE and described by Matousec researchers as an “8.0 earthquake for desktop security software”, describes a potential bypass in the way some parts of some anti-malware products operate on some versions of Microsoft Windows.

The dramatic headlines might make you think that this is TEOTWAWKI*, but the truth is somewhat different.

Because KHOBE is not really a way that hackers can avoid detection and get their malware installed on your computer. What Matousec describes is a way of “doing something extra” if the bad guys’ malicious code manages to get past your anti-virus software in the first place.

In other words, KHOBE is only an issue if anti-virus products such as Sophos (and many others) miss the malware. And that’s one of the reasons, of course, why we – and to their credit other vendors – offer a layered approach using a variety of protection technologies.

So, before you hide yourself in the basement and prepare for nuclear winter, make sure you read this excellent piece by Paul Ducklin, which examines and discusses the KHOBE claims in greater detail.

TEOTWAWKI: The End Of The World As We Know It

By Graham Cluley, Sophos