Kaspersky Lab comments on a published article concerning SSDT hooks
Kaspersky Lab wishes to respond to issues raised in a recent article published by the Matousec research team. The authors have stated that modern security products use vulnerable kernel mode SSDT hooks which can be exploited to bypass protection.
Kaspersky Lab’s experts have analyzed the published material and concluded that the issue is only linked to certain features of the Company’s products. The System Service Descriptor Table (SSDT) contains the addresses of all of the operating system services and it is important to use SSDT hooks to provide better protection. However Kaspersky Lab products implement not only SSDT hooks, but a wide range of technologies, including secure sandboxing and other methods of restricting suspicious kernel mode activity.
All of today’s security solutions have to work with operating systems, adapting to their specifics and shortcomings.
We thank the Matousec research team for helping us identify the potential problems with our software. We are always working to make our products as effective, secure, and stable as possible.
Kaspersky Lab reiterates that it embraces the principles of openness and collaboration with independent researchers working in the field of software vulnerabilities.