Anti-virus software is not the be-all and end-all of Windows PC security by a long shot. But, to claim, as David Matousec does in his paper, KHOBE-8.0 earthquake for Windows desktop security software is utter nonsense.
The gist of Matousec’s is that Windows’ SSDT (System Service Descriptor Table) can be attacked by a technique, he calls “the argument-switch attack or KHOBE (Kernel Hook Bypassing Engine) attack, which allows malicious code to bypass protection mechanisms of security applications.” The short English version of this is that, in the time between when an anti-virus program checks a file for a malicious payload and when the file actually runs, it can transform into malware and wreak havoc on your PC.
There is some truth here. Rootkits have been successfully attacking Windows via the SSDT for years now. There’s nothing new about that.