SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Windows 10 security solutions powerless against 'bashware'
Thu, 14th Sep 2017
FYI, this story is more than a year old

Every security solution on the market may be completely powerless to stop a vulnerability that could allow any malware to bypass Windows 10 systems, according to a discovery by Check Point.

‘Bashware' is able to avoid detection through a new Windows 10 feature called Subsystem for Linux (WSL), which is now a fully-supported Windows feature after recently passing beta stage.

The bashware vulnerability could potentially affect more than 400 million computers worldwide that are currently running Windows 10.

“Bashware does not leverage any logic or implementation flaws in WSL's design. In fact, WSL seems to be well designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system,” researchers explain in Check Point's blog.

WSL allows Linux bash terminals to be access to Windows systems. The hybrid concept allows Windows and Linux systems to run simultaneously.

According to Check Point, existing security solutions are not developed to monitor Linux executables that run on Windows machines.

“Although WSL has become a stable feature and many of its issues are now resolved, it seems the industry has still not adapted to the existence of this strange hybrid concept which allows a combination of Linux and Windows systems to run at the same time. This may open a door for cyber criminals wishing to run their malicious code undetected, and allow them to use the features provided by WSL to hide from security products that have not yet integrated the proper detection mechanisms,” researchers explain.

Cyber attackers could potentially run code through the WSL system, making it completely undetectable to all security solutions that have not yet integrated the new detection mechanisms.

“Bashware is so alarming because it shows how easy it is to take advantage of the WSL mechanism to allow any malware to bypass security products. We tested this technique on most of the leading anti-virus and security products on the market, successfully bypassing them all,” researchers state.

Check Point is urging the security industry to act immediately and update their security solutions to protect against the bashware attack method.

“Bashware does not leverage any logic or implementation flaws in WSL's design. In fact, WSL seems to be well designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors, due to the fact that this technology is relatively new and expands the known borders of the Windows operating system,” researchers conclude.