Zarestel Ferrer CA - HCL
The Windows operating system offers security features designed to improve a user's experience and protection from digital threats. Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), PatchGuard, Windows File Protection (WFP), User Account Control (UAC) and BitLocker Drive Encryption are some of the security features implemented in modern Microsoft Windows operating systems. Many of these security improvements are driven by known attacks.
It is apparent that attackers will continously update and improve their offensive capabilities to bypass these security defences. Some attackers simply 'turn off' the feature, while others takes the challenge of completely evading these features. This paper will discuss and highlight known malware families that have been observed bypassing and taking advantage of the weaknesses of Windows security features. It seeks to explore and discover how today's malware employs this technique and as we take a look at Windows 7, we will investigate how security features are countering attacks. The detection strategies and tools to identify such behaviour will also be presented.