Antivirus software is, naturally enough, designed to defend your PC from malicious attacks, but it seems that some of these security apps are suffering from a worrying vulnerability which has been dubbed AVGater.
The flaw in question was discovered by security researcher Florian Bogner, and here’s what it does on a basic level: the antivirus software quarantines a malicious file as it appears on the user’s PC, but the exploit allows an attacker to manipulate the restore process from quarantine, effectively letting the malware back onto the system. Where it can subsequently wreak its own particular brand of havoc.
However, before you start to fret too much, the good news is that this can’t be executed online; rather the attacker must be physically present at the victim PC.
So obviously, for the home user this isn’t going to be much of a threat – unless you’re in the habit of letting strangers into your house to use the PC for a quick bit of net surfing.
But in a business environment, with plentiful PCs, visitors to the office milling about and so forth, there could certainly be some risk.
Not every antivirus product is affected by any means, and Bogner has listed a number of affected parties who have already released a fix for their AV software: Emsisoft, Ikarus, Kaspersky, Malwarebytes, Trend Micro, and ZoneAlarm.
A few more software makers have still to patch their applications, but the researcher doesn’t name any names, for obvious reasons.
On an overall level for all PC users, this is just another reminder that antivirus apps can suffer from vulnerabilities, just as with any piece of software. Indeed, last year, Tavis Ormandy – who is part of Google’s Project Zero team – found multiple flaws in major antivirus products.
As ever, always ensure your antivirus software is kept up-to-date to the latest version, and you may even want to consider running some kind of multi-layered security on your PC beyond just one antivirus app.
Via: Digital Trends