Slashdot Mirror
Symantec Antivirus May Execute Virus Code
An anonymous reader writes "Symantec has admitted that a serious vulnerability exists in the way its scanning engine handles Ultimate Packer for Executables. According to a ZDNet article, this means the scanner would execute the malicious program instead of catching it. Tim Hartman, senior technical director for Symantec Asia Pacific, said: "A vulnerability is not a vulnerability till somebody discovers it but because this is now known, somebody could craft an e-mail, mass mailer or a virus that takes advantage of it. It affects our firewalls, antispam, all the retail products and the enterprise products as well"" Symantec recommends you immediately patch your software.
"A vulnerability is not a vulnerability till somebody discovers it..."
Huh? So if someone inadvertently takes advantage of a vulnerability, it's not really a vulnerability because they didn't explicitly know they were taking advantage of it?
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
From TFA:
A vulnerability is not a vulnerability till somebody discovers it
So that's how security works! Supress knowledge of the problem!
It's nice to see that Symantec's corporate culture hasn't changed very much since the days when Peter Norton thought computer viruses were an urban legend.
"A vulnerability is not a vulnerability till somebody discovers it." This sort of rubbish is a rather amusing reflection of corpthink.
It's rather like saying "A law of Physics isn't a law of Physics until somebody discovers it."
A vulnerability is a vulnerability, period... meaning that something is vulnerable. Whether or not anyone's yet realized it's vulnerable is another story.
If you didn't put a lock on your door, would it "not be unlocked" until someone came by and realized that the door lacked a lock?
Honey, I shrunk the Cygwin
The ones who "can barely use windows" will complain that the start menu is in a different place and their screensaver won't work, otherwise they won't notice what they're using to type their memos, add up their expenses, or surf their porn. It's the "power users" who've wriiten macros and such who are the difficult ones. Budget for buying Crossover for them while you gradually wean them off.
I worked in an office that due to absorbing other small companies, had CP/M, DOS, Win 3, Win 98, MacOS 7, MacOS 8, all in use, and the staff were mostly clueless; but instead of throwing a fit were mostly willing to spend the few minutes needed to locate the icons to open a word processor. print, email... and that covers 95% of what they needed. It's strange to me that it's assumed that office workers are complete sheep who will be thrown into a panic by the slightest change in their desktop; forgetting that anyone who's worked for 15 years has probably gone through DOS, Win 3/95/98/2K/XP, not to mention Wordstar/WordPerfect/Word5/6/WinWord; Lotus 123/Excel, etc, etc.
Why should one more round of change be so hard, especially with most of the change actually being behind the scenes rather than in the interface -- "open file", "select (with mouse)" "change font", "print" are all the same except for minor cosmetic differences as far as the user is concerned, whatever platform and suite you're using.