sb-as logo
Story image

Windows 10 security solutions powerless against 'bashware'

14 Sep 2017

Every security solution on the market may be completely powerless to stop a vulnerability that could allow any malware to bypass Windows 10 systems, according to a discovery by Check Point.

‘Bashware’ is able to avoid detection through a new Windows 10 feature called Subsystem for Linux (WSL), which is now a fully-supported Windows feature after recently passing beta stage.

The bashware vulnerability could potentially affect more than 400 million computers worldwide that are currently running Windows 10.

“Bashware does not leverage any logic or implementation flaws in WSL’s design. In fact, WSL seems to be well designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system,” researchers explain in Check Point’s blog.

WSL allows Linux bash terminals to be access to Windows systems. The hybrid concept allows Windows and Linux systems to run simultaneously.

According to Check Point, existing security solutions are not developed to monitor Linux executables that run on Windows machines.

“Although WSL has become a stable feature and many of its issues are now resolved, it seems the industry has still not adapted to the existence of this strange hybrid concept which allows a combination of Linux and Windows systems to run at the same time. This may open a door for cyber criminals wishing to run their malicious code undetected, and allow them to use the features provided by WSL to hide from security products that have not yet integrated the proper detection mechanisms,” researchers explain.

Cyber attackers could potentially run code through the WSL system, making it completely undetectable to all security solutions that have not yet integrated the new detection mechanisms.

“Bashware is so alarming because it shows how easy it is to take advantage of the WSL mechanism to allow any malware to bypass security products. We tested this technique on most of the leading anti-virus and security products on the market, successfully bypassing them all,” researchers state.

Check Point is urging the security industry to act immediately and update their security solutions to protect against the bashware attack method.

“Bashware does not leverage any logic or implementation flaws in WSL’s design. In fact, WSL seems to be well designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system,” researchers conclude.

Link image
How to leverage backup best practices to repel ransomware
Here's how a ransomware kit with a whitepaper, webinar and 30 day free trial can help your business effectively prevent, detect and restore from a ransomware attack.More
Story image
Phishing scam imitates SharePoint & OneNote for nefarious clicks
Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
VPN Trust Initiative releases VPN principles for providers and users
The VTI Principles offer a comprehensive set of best practices for VPNs providers to bolster consumer confidence and provider accountability and ultimately increase VPN adoption and access to the technology's benefits.More