That's a very good read.   Thanks!

Just read SANS ISC's take on this subject. Patchguard might provide some protection, but it'll only work with x64 editions of Windows.
http://isc.sans.org/diary.html?storyid=8773&rss

Paul Ducklin, Sophos's Head of Technology, Asia Pacific published an article on his blog. He argues that the khobe attack is just an overrated vulnerability. According to him, the attack works if the malicious code has already bypassed the antivirus in the first place.
http://www.sophos.com/blogs/duck/g/2010/05/11/khobe-vulnerability-earth-shaker/

The sample "attack" describes a way in which the tamper protection implemented by some anti-malware products might potentially be bypassed. Assuming you can get your malicious code past the anti-malware product in the first place, of course.

The attack needs a multiprocessor CPU, a security product which is using SSDT hooks and a bit of luck. It also requires that you evade detection by the security product in the first place in order to launch your Khobe code.

For what it's worth, only the optional Host Intrusion Prevention System component (HIPS) in Sophos's anti-malware software uses SSDT hooks. This is the behavioural part of our software, used for monitoring processes which we have already allowed to run. And HIPS doesn't even use SSDT hooks on Windows versions after XP, because Vista and Windows 7 include Microsoft's Kernel Patch Protection, which precludes the use of SSDT hooking.

The fuss about Khobe is in my opinion unwarranted, and the claims that it "bypasses virtually all anti-virus software" is scaremongering.

But these blog posts appear nothing more than 'saving face' kind of a thing. Unless other antivirus vendors come up with strong defenses we should believe that attackers have a good method at hand which they can and will use.