{"title":"Self-defending security software","authors":"J. E. Kerivan, K. Brothers","doi":"10.1109/MILCOM.2005.1606134","DOIUrl":null,"url":null,"abstract":"This paper describes a series of tests designed to attack security software in real time as it provides protection for applications and operating system programs on Microsoft Windows 2000 operating platforms. One security program tested fell into the Intrusion Prevention System (IPS) category of security software. A second security solution provided Anti-Viral protection and the third security program provided Anti-Malware protection for the test systems with a principal focus on Spyware and Adware detection and removal. All security programs were run in a variety of conditions including single mode, where only the security application was running through full integration modes where all security applications were running simultaneously. Security program default configurations were used in all tests. The findings indicate that none of the tested software was capable of defending itself against attacks designed to suspend and unload them from memory. As is shown, the IPS software was more robust than the other two solutions, but was easily compromised and actually created numerous false positives and misinformed the user on the running of the other security software.","PeriodicalId":223742,"journal":{"name":"MILCOM 2005 - 2005 IEEE Military Communications Conference","volume":"181 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2005 - 2005 IEEE Military Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2005.1606134","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
This paper describes a series of tests designed to attack security software in real time as it provides protection for applications and operating system programs on Microsoft Windows 2000 operating platforms. One security program tested fell into the Intrusion Prevention System (IPS) category of security software. A second security solution provided Anti-Viral protection and the third security program provided Anti-Malware protection for the test systems with a principal focus on Spyware and Adware detection and removal. All security programs were run in a variety of conditions including single mode, where only the security application was running through full integration modes where all security applications were running simultaneously. Security program default configurations were used in all tests. The findings indicate that none of the tested software was capable of defending itself against attacks designed to suspend and unload them from memory. As is shown, the IPS software was more robust than the other two solutions, but was easily compromised and actually created numerous false positives and misinformed the user on the running of the other security software.
本文介绍了针对Microsoft Windows 2000操作平台上的应用程序和操作系统程序提供保护的一系列实时攻击安全软件的测试。测试的一个安全程序属于入侵防御系统(IPS)一类的安全软件。第二个安全解决方案提供反病毒保护,第三个安全程序为测试系统提供反恶意软件保护,主要侧重于间谍软件和广告软件的检测和删除。所有安全程序都在各种条件下运行,包括单一模式,其中只有安全应用程序运行,以及所有安全应用程序同时运行的完全集成模式。所有测试都使用安全程序的默认配置。调查结果表明,没有一款被测试的软件能够抵御旨在将它们从内存中挂起和卸载的攻击。如图所示,IPS软件比其他两种解决方案更健壮,但很容易被攻破,实际上产生了许多误报,并误导用户运行其他安全软件。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
