Bypassing defences - when old tricks work in Windows 7

Zarestel Ferrer CA - HCL

The Windows operating system offers security features designed to improve a user's experience and protection from digital threats. Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), PatchGuard, Windows File Protection (WFP), User Account Control (UAC) and BitLocker Drive Encryption are some of the security features implemented in modern Microsoft Windows operating systems. Many of these security improvements are driven by known attacks.

It is apparent that attackers will continously update and improve their offensive capabilities to bypass these security defences. Some attackers simply 'turn off' the feature, while others takes the challenge of completely evading these features. This paper will discuss and highlight known malware families that have been observed bypassing and taking advantage of the weaknesses of Windows security features. It seeks to explore and discover how today's malware employs this technique and as we take a look at Windows 7, we will investigate how security features are countering attacks. The detection strategies and tools to identify such behaviour will also be presented.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.