KHOBE (Kernel Hook Bypassing Engine)

Hi Ryan2320, I talked with the experts on this topic and here is our point of view at this time. Although the technique described may attack our product's tamper protection, for the KHOBE technique to work, malware has to already be on the system and running. This technique does not bypass the product's protection capabilities of file scanning like AutoProtect and scheduled scans, nor does it bypass our network protection in the firewall or the IPS engine. It also does not affect our heuristic or behavior detection capabilities like those in BASH/ SONAR either. Our objective is to stop the malware long before it gets to the point that this technique can be utilized. We always recommend that users should employ multiple layers of protection so that they have the highest level of security against all attacks, found in the Norton products. Symantec closely monitors the threat space and adjust our technologies to make sure our products offer the best protection. On this topic you may also find this article useful. http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1513306,00.html Bottom line: We have not plans to address this issue in the product in the near term as we see this issue being lower priority to so many other things on our to do list. Thank you again for submitting your idea! D.