Symantec Antivirus May Execute Virus Code

An anonymous reader writes "Symantec has admitted that a serious vulnerability exists in the way its scanning engine handles Ultimate Packer for Executables. According to a ZDNet article, this means the scanner would execute the malicious program instead of catching it. Tim Hartman, senior technical director for Symantec Asia Pacific, said: "A vulnerability is not a vulnerability till somebody discovers it but because this is now known, somebody could craft an e-mail, mass mailer or a virus that takes advantage of it. It affects our firewalls, antispam, all the retail products and the enterprise products as well"" Symantec recommends you immediately patch your software.

huh?

[justforaday]

"A vulnerability is not a vulnerability till somebody discovers it..."

Huh? So if someone inadvertently takes advantage of a vulnerability, it's not really a vulnerability because they didn't explicitly know they were taking advantage of it?

Sheer brilliance

[stinky+wizzleteats]

From TFA:

A vulnerability is not a vulnerability till somebody discovers it

So that's how security works! Supress knowledge of the problem!

It's nice to see that Symantec's corporate culture hasn't changed very much since the days when Peter Norton thought computer viruses were an urban legend.

A vulnerability is always a vulnerability.

[JessLeah]

"A vulnerability is not a vulnerability till somebody discovers it." This sort of rubbish is a rather amusing reflection of corpthink.

It's rather like saying "A law of Physics isn't a law of Physics until somebody discovers it."

A vulnerability is a vulnerability, period... meaning that something is vulnerable. Whether or not anyone's yet realized it's vulnerable is another story.

If you didn't put a lock on your door, would it "not be unlocked" until someone came by and realized that the door lacked a lock?