sb-nz logo
Story image

Windows 10 security solutions powerless against 'bashware'

14 Sep 2017

Every security solution on the market may be completely powerless to stop a vulnerability that could allow any malware to bypass Windows 10 systems, according to a discovery by Check Point.

‘Bashware’ is able to avoid detection through a new Windows 10 feature called Subsystem for Linux (WSL), which is now a fully-supported Windows feature after recently passing beta stage.

The bashware vulnerability could potentially affect more than 400 million computers worldwide that are currently running Windows 10.

“Bashware does not leverage any logic or implementation flaws in WSL’s design. In fact, WSL seems to be well designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system,” researchers explain in Check Point’s blog.

WSL allows Linux bash terminals to be access to Windows systems. The hybrid concept allows Windows and Linux systems to run simultaneously.

According to Check Point, existing security solutions are not developed to monitor Linux executables that run on Windows machines.

“Although WSL has become a stable feature and many of its issues are now resolved, it seems the industry has still not adapted to the existence of this strange hybrid concept which allows a combination of Linux and Windows systems to run at the same time. This may open a door for cyber criminals wishing to run their malicious code undetected, and allow them to use the features provided by WSL to hide from security products that have not yet integrated the proper detection mechanisms,” researchers explain.

Cyber attackers could potentially run code through the WSL system, making it completely undetectable to all security solutions that have not yet integrated the new detection mechanisms.

“Bashware is so alarming because it shows how easy it is to take advantage of the WSL mechanism to allow any malware to bypass security products. We tested this technique on most of the leading anti-virus and security products on the market, successfully bypassing them all,” researchers state.

Check Point is urging the security industry to act immediately and update their security solutions to protect against the bashware attack method.

“Bashware does not leverage any logic or implementation flaws in WSL’s design. In fact, WSL seems to be well designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system,” researchers conclude.

Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
Tesserent to acquire Secure Logic's managed security services business
Secure Logic delivered an audited turnover of $9 million in FY 2020 and a $4.2 million EBITDA, with reportedly ‘strong’ earnings going into FY 2021.More
Story image
Zscaler and CrowdStrike release integrations for end-to-end security
This collaboration between the two cloud-native security companies provides joint customers with adaptive, risk-based access control to private applications.More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More