Hello, We have found number of vulnerabilities in implementations of SSDT hooks in many different products. Vulnerable software: * BlackICE PC Protection 3.6.cqn * G DATA InternetSecurity 2007 * Ghost Security Suite beta 1.110 and alpha 1.200 * Kaspersky Internet Security 7.0.0.125 * Norton Internet Security 2008 15.0.0.60 * Online Armor Personal Firewall 2.0.1.215 * Outpost Firewall Pro 4.0.1025.7828 * Privatefirewall 5.0.14.2 * Process Monitor 1.22 * ProcessGuard 3.410 * ProSecurity 1.40 Beta 2 * RegMon 7.04 * ZoneAlarm Pro 7.0.362.000 * probably other versions of above mentioned software * possibly many other software products that implement SSDT hooks Not vulnerable software: * Comodo Personal Firewall 2.4.18.184 * Daemon Tools Lite 4.10 X86 * Sunbelt Personal Firewall 4.5.916.0 More details and the BSODhook utility that allows everyone to find similar vulnerabilities easily are available here: Advisory: http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php Article: http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php Regards, -- Matousec - Transparent security Research http://www.matousec.com/