InformationWeek: Security firm Matousec says that it has discovered a new type of bait-and-switch attack that security software doesn't stop. The company's advisory reads, "The results can be summarized in one sentence: If a product uses SSDT [system service descriptor table ] hooks or other kinds of kernel-mode hooks on a similar level to implement security features, it is vulnerable. In other words, 100% of the tested products were found vulnerable."
The company tested the attack on Kaspersky Internet Security 2010, McAfee Total Protection 2010, Norton Internet Security 2010, Sophos Endpoint Security and Control 9.0.5 and Trend Micro Internet Security Pro 2010. They advise users not to install more than one type of security software, because that only makes the problem worse.