Online reports about the safety of security products can be very alarming, which is why we want to address those concerns and provide assurance that we take them very seriously.
You may recently have read about the discovery of a vulnerability in a number of online security products, specifically regarding ‘code hooking.’ The issue, when originally found, affected a number of antivirus companies, including AVG.
We took this vulnerability in our products very seriously when we first learned of it in December 2015, and we resolved it within two days. In fact, enSilo, the research company that identified the issue, credited our fast response in an article titled ‘Learning from AVG on Doing it Right’.
The new articles on this topic arose from enSilo’s ‘Captain Hook’ report, which details potential security issues regarding the incorrect implementation of code hooking and injection techniques. There is no reference to AVG in this report, and any media articles mentioning AVG in conjunction with this report are inaccurate.
enSilo has not disclosed any new vulnerability or security issue with our products, which they confirmed when we contacted them. Our previous experience with enSilo indicates they are a responsible company that reports issues to vendors prior to disclosing them publicly.
AVG encourages developers and researchers to report any issues with our products through our proactive bug bounty program. This process allows us to investigate potential issues fully and take the steps to fix or mitigate as necessary without unduly alarming our users.
I would like to thank enSilo for their valued partnership to date in helping us to protect our customers in an ever-changing security landscape.
August 9, 2016