ISSSource White Papers

Posts Tagged ‘32-bit’

Thursday, May 17, 2012 @ 12:05 PM gHale

Avira fixed the problems caused by a Service Pack released for its Windows products earlier this week.

To download the fix, users should trigger a manual update. Once installed, the update should prevent the program from blocking legitimate Windows applications on systems running Avira.

Avira Updates Antivirus
RTFs Fall Victim to APTs
Security a Weak Link for States
Security First; Not in Smart Grid

On Monday, Avira released “Service Pack 0″ for all of its Windows products. Once the update installed, the “ProActiv” behavioral monitoring component in Avira Antivirus Premium 2012 and Avira Internet Security 2012 blocked the execution of essential programs and trusted system processes. In one case, ProActiv blocked the Windows registry editor (regedit.exe) and the task scheduler (taskeng.exe).

As the behavior recognition is only included in the company’s commercial products for 32-bit versions of Windows, the problem does not affect Avira Free Antivirus or users who run a 64-bit version of Windows.

Those affected by the problem need to update Avira manually.

Once the user installs the update, the ProActiv module can then undergo reactivation. For systems where Windows is having difficulty booting, users should start their systems in safe mode and install the Avira update.

Tuesday, March 20, 2012 @ 12:03 PM gHale

A new Windows 7 Trojan can elevate the privileges of any restricted process to administrator level, without the user’s permission or knowledge, Symantec researchers said.

The latest fully patched versions of Windows 7 are vulnerable to backdoor.Conpee Trojan, said Mircea Ciubotariu, a security response engineer at Symantec.

Digitally Signed Malware Growing
Cisco Patches Security Appliance Holes
Embedded Systems Still Unprotected
Patched Hole Doesn’t Stop Attackers

The new Trojan targets 32-bit and 64-bit versions of Windows 7, adding to the theory malware authors are redesigning software to bypass security features in 64-bit Windows, Ciubotariu said.

The 64-bit version of Windows 7 and Vista included Kernel Mode Code Signing and Kernel Patch Protection, intended to make them less vulnerable to malware.

But the backdoor.Conpee and Backdoor.Hackersdoor Trojans have been able to infect 64-bit operating systems, Ciubotariu said.

The Hackersdoor Trojan is able to bypass the driver signing system used in 64-bit Windows using stolen certificates.

Symantec first detected this infection in December 2011, and while the number of infections seen in the wild since then have been modest, it appears malware writers have been using it as a test case, Ciubotariu said.

Archived Entries