santiago silver - Fotolia
A security researcher discovered a major vulnerability called AVGater that is common to many popular antivirus products. What is the AVGater vulnerability and what is the risk? Are antivirus products more trouble than they're worth?
The information security community -- and attackers -- often scrutinize and dissect antivirus products and makers for fun, reminding us that there are no silver bullets for information security problems. As a community, we need to continue to critically evaluate how we use our security tools and how we ensure that they are managed in the same way as any other piece of software. This will ensure that the potential value these products offer is necessary to protect enterprises.
Florian Bogner, a security researcher based in Austria, found the AVGator vulnerability in several antivirus products and tools that could be used as part of a targeted attack to completely compromise an endpoint.
The AVGater vulnerability works by using the legitimate restore functionality -- accessible to unprivileged users -- to restore malicious files in a system directory. The privileged process then loads the malware in the same way a dynamic link library (DLL) is loaded, giving the attacker control over the system.
The AVGater vulnerability relies on DLL preloading techniques to avoid detection, and it will probably not be the last attack to use it. The AVGater vulnerability is low-risk because it requires users to take several manual steps. However, as McAfee notes in its guidance on AVGater, users can be tricked into taking steps against their best interests -- resulting in a higher risk of targeted attacks.
Antimalware software, or similar system security monitoring software, is absolutely critical to protect endpoints. While the question of whether signature antivirus is worth the money is still relevant, newer security tools, such as whitelisting, are emerging, and they reduce the need for endpoint antimalware tools that protect against this type of attack. Regardless of the tool in use, it will need standard care and feeding to keep it updated.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.