Story image

Windows 10 security solutions powerless against 'bashware'

14 Sep 17

Every security solution on the market may be completely powerless to stop a vulnerability that could allow any malware to bypass Windows 10 systems, according to a discovery by Check Point.

‘Bashware’ is able to avoid detection through a new Windows 10 feature called Subsystem for Linux (WSL), which is now a fully-supported Windows feature after recently passing beta stage.

The bashware vulnerability could potentially affect more than 400 million computers worldwide that are currently running Windows 10.

“Bashware does not leverage any logic or implementation flaws in WSL’s design. In fact, WSL seems to be well designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system,” researchers explain in Check Point’s blog.

WSL allows Linux bash terminals to be access to Windows systems. The hybrid concept allows Windows and Linux systems to run simultaneously.

According to Check Point, existing security solutions are not developed to monitor Linux executables that run on Windows machines.

“Although WSL has become a stable feature and many of its issues are now resolved, it seems the industry has still not adapted to the existence of this strange hybrid concept which allows a combination of Linux and Windows systems to run at the same time. This may open a door for cyber criminals wishing to run their malicious code undetected, and allow them to use the features provided by WSL to hide from security products that have not yet integrated the proper detection mechanisms,” researchers explain.

Cyber attackers could potentially run code through the WSL system, making it completely undetectable to all security solutions that have not yet integrated the new detection mechanisms.

“Bashware is so alarming because it shows how easy it is to take advantage of the WSL mechanism to allow any malware to bypass security products. We tested this technique on most of the leading anti-virus and security products on the market, successfully bypassing them all,” researchers state.

Check Point is urging the security industry to act immediately and update their security solutions to protect against the bashware attack method.

“Bashware does not leverage any logic or implementation flaws in WSL’s design. In fact, WSL seems to be well designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system,” researchers conclude.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.