Viruses can remove anti-viruses again: Trojan.VkBase.1

Interesting.

 

Password protect is a simple answer, is it not?

 

yeah but what about those AntiVirus like Avira Free that does not have a password protect ?

 

When you uninstall Avast it pops up a warning asking if this is you or malware that's doing it.

 

Then password protect is not the simple answer.

 

hm weird..
but can anyone answer how come avira free has not a password protect? to not exit or disable avira ?

 

AV companies have tools for forgotten password or removal tools for bad installs. I would guess that malware writers could easily reverse engineer these apps.

 

The fact there is malware named as Trojan.VkBase.1 means there is detection for it. No doubt vendors other than DrWeb will have definitions for this new trend. Once again, it's a cat-and-mouse game.

 

Password protect is only going to help if the process is running. Most AV's do not start in safe mode. Hence the following:

 

If the malware is running with the same level of privileges as the security software it's trying to disable it'll always have a fighting chance of success.

 

Good point about privileges. Which leads to the question of drop rights-type features, like Online Armor's Run Safer. If malware enters via a vector that is protected by dropped rights, the chance of success you refer to is no longer a fighting one, am I right?

 

Yes, you would think a limited user account with UAC on in Vista or Win 7 would defeat this. Wouldn't UAC alert to privilage escalation to install or reboot? It would be interesting to see what happens in this situation.

 

No for reboot . And in Safe mode UAC is by design off.

Additionally UAC can easily be disabled by modern malware one an application gains admin access - I remember even here I have posted a screen with such an example . All that is required for malware - a simple tweak in the registry.

 

It certainly makes life a great deal tougher for the bad guys without doubt.

The advocates of SRP & LUA,etc. here often put forward the argument that 'why run software such as browsers with rights any higher than they need to function correctly?' It's hard to dispute their logic.