Q
Manage Learn to apply best practices and optimize your operations.

AVGater vulnerability: How are antivirus products impacted?

A security researcher recently discovered a new vulnerability -- the AVGater vulnerability -- that puts antivirus products at risk. Discover how this vulnerability works with Nick Lewis.

A security researcher discovered a major vulnerability called AVGater that is common to many popular antivirus...

products. What is the AVGater vulnerability and what is the risk? Are antivirus products more trouble than they're worth?

The information security community -- and attackers -- often scrutinize and dissect antivirus products and makers for fun, reminding us that there are no silver bullets for information security problems. As a community, we need to continue to critically evaluate how we use our security tools and how we ensure that they are managed in the same way as any other piece of software. This will ensure that the potential value these products offer is necessary to protect enterprises.

Florian Bogner, a security researcher based in Austria, found the AVGator vulnerability in several antivirus products and tools that could be used as part of a targeted attack to completely compromise an endpoint.

The AVGater vulnerability works by using the legitimate restore functionality -- accessible to unprivileged users -- to restore malicious files in a system directory. The privileged process then loads the malware in the same way a dynamic link library (DLL) is loaded, giving the attacker control over the system.

The AVGater vulnerability relies on DLL preloading techniques to avoid detection, and it will probably not be the last attack to use it. The AVGater vulnerability is low-risk because it requires users to take several manual steps. However, as McAfee notes in its guidance on AVGater, users can be tricked into taking steps against their best interests -- resulting in a higher risk of targeted attacks.

Antimalware software, or similar system security monitoring software, is absolutely critical to protect endpoints. While the question of whether signature antivirus is worth the money is still relevant, newer security tools, such as whitelisting, are emerging, and they reduce the need for endpoint antimalware tools that protect against this type of attack. Regardless of the tool in use, it will need standard care and feeding to keep it updated.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in June 2018

Dig Deeper on Emerging cyberattacks and threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What antivirus products does your organization use? Has a vulnerability ever impacted them?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close