Techly NewsGet the app

Get the latest tech news

Security Researchers Create Proof-of-Concept Program that Evades Linux Syscall-Watching Antivirus


Slashdot reader Mirnotoriety shared this report from the Register: A proof-of-concept program has been released to demonstrate a so-called monitoring "blind spot" in how some Linux antivirus and other endpoint protection tools use the kernel's io_uring interface. That interface allows application...

Slashdot reader Mirnotoriety shared this report from the Register: A proof-of-concept program has been released to demonstrate a so-called monitoring "blind spot" in how some Linux antivirus and other endpoint protection tools use the kernel's io_uring interface. That interface allows applications to make IO requests without using traditional system calls [to enhance performance by enabling asynchronous I/O operations between user space and the Linux kernel through shared ring buffers]. Because it avoids system calls, the program apparently went undetected by tools including Falco, Tetragon, and Microsoft Defender in their default configurations.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Linux

Linux

Photo of program

program

Photo of Proof

Proof

Related news:

News photo

Sensor Monitoring For The ASUS ROG MAXIMUS Z690 FORMULA Coming For Linux 6.16

News photo

Initial AMDGPU User Mode Queues Support Prepped For Linux 6.16

News photo

A proof of concept tool to verify estimates

« ‘Clown’ Donald Trump slammed for AI-generated pope post
The Garmin Instinct 3 AMOLED is a pretty face on a classic experience »