"Incomplete" Windows Defender has been moved to Linux!

And in the native version, not with the Wine project.

Tavis Ormandy, a researcher from the Google Project Zero security team, is known for finding vulnerabilities in the software. This time, he provided a tool that would enable the Windows Defender anti-virus DLLs to be ported to the Linux system. Of course, this is not a full-fledged application equipped with a GUI, but scanning from the terminal is possible.

The operation of partial transfer of the anti-virus was successful thanks to fuzzing - passing pseudorandom data to the application as part of its operation. Data that can affect quite random events: program crash, data leak from memory, the ability to run other code or inject malicious DLLs. When testing security applications, thanks to fuzzing, repeating the same operations becomes much easier and faster. This is the case here - a fuzzing tool for the Linux system has been developed (Travis points out that the Linux system offers much better tools for security tests) gives the possibility to run DLLs in the Linux system.

As evidence, Travis published the result of a Windows Defender scan transferred to a "penguin". Demonstrates this running code by detecting the EICAR file.

$ ./mpclient eicar.com
main (): Scanning eicar.com ...
EngineScanCallback (): Scanning input
EngineScanCallback (): Threat Virus: DOS / EICAR_Test_File identified. 

The provided tool may be used by the developers of your applications to run code from Windows. Will the users finally be able to transfer the Office package to Linux?

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.