Jump to content

Recommended Posts

Posted

Antivirus software is, naturally enough, designed to defend your PC from malicious attacks, but it seems that some of these security apps are suffering from a worrying vulnerability which has been dubbed AVGater.

The flaw in question was discovered by security researcher Florian Bogner, and here’s what it does on a basic level: the antivirus software quarantines a malicious file as it appears on the user’s PC, but the exploit allows an attacker to manipulate the restore process from quarantine, effectively letting the malware back onto the system. Where it can subsequently wreak its own particular brand of havoc.

However, before you start to fret too much, the good news is that this can’t be executed online; rather the attacker must be physically present at the victim PC.

So obviously, for the home user this isn’t going to be much of a threat – unless you’re in the habit of letting strangers into your house to use the PC for a quick bit of net surfing.

But in a business environment, with plentiful PCs, visitors to the office milling about and so forth, there could certainly be some risk.

Patched pronto

Not every antivirus product is affected by any means, and Bogner has listed a number of affected parties who have already released a fix for their AV software: Emsisoft, Ikarus, Kaspersky, Malwarebytes, Trend Micro, and ZoneAlarm.

A few more software makers have still to patch their applications, but the researcher doesn’t name any names, for obvious reasons.

On an overall level for all PC users, this is just another reminder that antivirus apps can suffer from vulnerabilities, just as with any piece of software. Indeed, last year, Tavis Ormandy – who is part of Google’s Project Zero team – found multiple flaws in major antivirus products.

As ever, always ensure your antivirus software is kept up-to-date to the latest version, and you may even want to consider running some kind of multi-layered security on your PC beyond just one antivirus app.

Via: Digital Trends

fgCip1Yt0AE
  • Like 1
Posted

TL;DR from confusing links: EMSI, Ikarus, Kaspersky, Malwarebytes, Trend Micro, and Zonealarm were affected. Never heard of Ikarus myself, but the rest I have. Not too surprised about Zonealarm, they've been riding on their old reputation for awhile now.

I wonder if Malwarebyte's Anti-exploit product would've detected this. (Probably not) I might check in a VM just for grins. Have used MSE/Win Defender at home for 8 years now or so? Haven't gotten a virus (at least on my primary PC) in 10 years. Workplace is a completely different story. Currently using Vipre there. What a steaming heap of sh-t. We only started getting Ransomware attacks after migrating to Vipre. Before we were using an outdated version of Symantec Endpoint Protection. Gonna cut this contract and move to Sophos.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.