A security researcher discovered a major vulnerability called AVGater that is common to many popular antivirus...
products. What is the AVGater vulnerability and what is the risk? Are antivirus products more trouble than they're worth?
The information security community -- and attackers -- often scrutinize and dissect antivirus products and makers for fun, reminding us that there are no silver bullets for information security problems. As a community, we need to continue to critically evaluate how we use our security tools and how we ensure that they are managed in the same way as any other piece of software. This will ensure that the potential value these products offer is necessary to protect enterprises.
Florian Bogner, a security researcher based in Austria, found the AVGator vulnerability in several antivirus products and tools that could be used as part of a targeted attack to completely compromise an endpoint.
The AVGater vulnerability works by using the legitimate restore functionality -- accessible to unprivileged users -- to restore malicious files in a system directory. The privileged process then loads the malware in the same way a dynamic link library (DLL) is loaded, giving the attacker control over the system.
The AVGater vulnerability relies on DLL preloading techniques to avoid detection, and it will probably not be the last attack to use it. The AVGater vulnerability is low-risk because it requires users to take several manual steps. However, as McAfee notes in its guidance on AVGater, users can be tricked into taking steps against their best interests -- resulting in a higher risk of targeted attacks.
Antimalware software, or similar system security monitoring software, is absolutely critical to protect endpoints. While the question of whether signature antivirus is worth the money is still relevant, newer security tools, such as whitelisting, are emerging, and they reduce the need for endpoint antimalware tools that protect against this type of attack. Regardless of the tool in use, it will need standard care and feeding to keep it updated.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Emerging cyberattacks and threats
Related Q&A from Nick Lewis
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how ... Continue Reading
IBM X-Force found MnuBot -- a new banking Trojan -- manipulating C&C servers in an unusual way. Learn how this is possible and how this malware ... Continue Reading
Researchers at Trend Micro found a new strain of malware -- dubbed FacexWorm -- that targets users via a malicious Chrome extension. Discover how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.