A security researcher discovered a major vulnerability called AVGater that is common to many popular antivirus...
products. What is the AVGater vulnerability and what is the risk? Are antivirus products more trouble than they're worth?
The information security community -- and attackers -- often scrutinize and dissect antivirus products and makers for fun, reminding us that there are no silver bullets for information security problems. As a community, we need to continue to critically evaluate how we use our security tools and how we ensure that they are managed in the same way as any other piece of software. This will ensure that the potential value these products offer is necessary to protect enterprises.
Florian Bogner, a security researcher based in Austria, found the AVGator vulnerability in several antivirus products and tools that could be used as part of a targeted attack to completely compromise an endpoint.
The AVGater vulnerability works by using the legitimate restore functionality -- accessible to unprivileged users -- to restore malicious files in a system directory. The privileged process then loads the malware in the same way a dynamic link library (DLL) is loaded, giving the attacker control over the system.
The AVGater vulnerability relies on DLL preloading techniques to avoid detection, and it will probably not be the last attack to use it. The AVGater vulnerability is low-risk because it requires users to take several manual steps. However, as McAfee notes in its guidance on AVGater, users can be tricked into taking steps against their best interests -- resulting in a higher risk of targeted attacks.
Antimalware software, or similar system security monitoring software, is absolutely critical to protect endpoints. While the question of whether signature antivirus is worth the money is still relevant, newer security tools, such as whitelisting, are emerging, and they reduce the need for endpoint antimalware tools that protect against this type of attack. Regardless of the tool in use, it will need standard care and feeding to keep it updated.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
Android malware was discovered by Kaspersky Labs and named Skygofree. This Trojan targets smartphones and tablets using spyware and gathers user ... Continue Reading
A report detailed how Maersk recovered its infrastructure from a NotPetya ransomware attack along with its chosen recovery option. Expert Nick Lewis ... Continue Reading
A Mirai variant has the ability to put billions of devices at risk of becoming part of a botnet. Discover how this works and what devices are at risk... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.