>Applications that perform DLL injection or modify PEB or to try ring 0 escalation can already be detected in some forms by heuristic anti virus.
Process hollowing is a last resort. You can get pretty far by exploiting chrome/firefox (with their multiprocess architecture), or by using common command line utils like curl/wget.
>Think of security as a whole instead of debunking a utility because it fails to prevent other types of exploitation
If you understand the limitations, great. However I don't think most users do. As it stands now, using such programs is closer to security by obscurity than any serious security measure (eg. ublock or noscript[1]). The only reason they haven't been bypassed is because the install base is small and isn't worth the effort.
[1] technically it's still possible to achieve arbitrary communication and/or code execution, but the blocking features can't be bypassed.
Process hollowing is a last resort. You can get pretty far by exploiting chrome/firefox (with their multiprocess architecture), or by using common command line utils like curl/wget.
>Think of security as a whole instead of debunking a utility because it fails to prevent other types of exploitation
If you understand the limitations, great. However I don't think most users do. As it stands now, using such programs is closer to security by obscurity than any serious security measure (eg. ublock or noscript[1]). The only reason they haven't been bypassed is because the install base is small and isn't worth the effort.
[1] technically it's still possible to achieve arbitrary communication and/or code execution, but the blocking features can't be bypassed.