Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Antivirus May Execute Virus Code

Posted by Zonk on from the antivirus-not-so-anti dept.

An anonymous reader writes "Symantec has admitted that a serious vulnerability exists in the way its scanning engine handles Ultimate Packer for Executables. According to a ZDNet article, this means the scanner would execute the malicious program instead of catching it. Tim Hartman, senior technical director for Symantec Asia Pacific, said: "A vulnerability is not a vulnerability till somebody discovers it but because this is now known, somebody could craft an e-mail, mass mailer or a virus that takes advantage of it. It affects our firewalls, antispam, all the retail products and the enterprise products as well"" Symantec recommends you immediately patch your software.

3 of 388 comments (clear)

  1. Surprisingly honest by phorm · · Score: 5, Interesting

    I'm actually quite surprised that Symantec posted the notice about this publicly, rather than simply including an update in its next online patch.
    br Definately a bad vulnerability, but kudos for being honest about it. I wonder though how liable they are to damages... not good when antivirus software actually ends up trigging the infection.

  2. Re:Yet another reason by Pionar · · Score: 4, Interesting

    Yada yada yada.

    Well, because AVG and Avast are free, they're less vulnerable, right?

    Bullshit.

    I like the hypocrisy of people criticizing Symantec's guy for touting security through obscurity, then turning around and preaching it themselves.

    And I'd like to see how these things work in a corporate environment. Oh, wait. They don't.

    Symantec has excellent corporate support and management features.

  3. Re:Immediately patch? Really? by sigaar · · Score: 4, Interesting

    Would it matter? Symantec's antivirus products are getting shittier by the day. I've lost count of the times that I go to a first time client who's complaining their computer is behaving "funny."

    I sit down in front of the computer, and I can see it's infected with something. The signs are the, writing is on the wall. But norton/symantec enterprise, updated and all, is telling me it's clean. So I download McCaffee Stinger or BitDefender's free scanner, clean the Machine out, and sell something better to them.

    Case in point. I have a client who's ISP is running Symantec antivirus gateway on the ISP side. Behind that gateway, I've got a postfix box with amavis-new and clam, h+bedv and bitdefender scanners. You won't believe the amount of virusses I still catch, stuff that make it through symantec's waste_of_cpu_cycles_software.

    Symantec was the good stuff back in the good old DOS days. Now they're baking in their former glory, but they're loosing business and I'm happy so see them burn if they don't get off their butts and start improving their software.

    --
    sigaar