Slashdot Mirror
Symantec Antivirus May Execute Virus Code
An anonymous reader writes "Symantec has admitted that a serious vulnerability exists in the way its scanning engine handles Ultimate Packer for Executables. According to a ZDNet article, this means the scanner would execute the malicious program instead of catching it. Tim Hartman, senior technical director for Symantec Asia Pacific, said: "A vulnerability is not a vulnerability till somebody discovers it but because this is now known, somebody could craft an e-mail, mass mailer or a virus that takes advantage of it. It affects our firewalls, antispam, all the retail products and the enterprise products as well"" Symantec recommends you immediately patch your software.
"No updates available for this product."
I've checked several versions, starting with the corporate edition which we use.
I use AVG on all my company systems and can say that in addition to being free, AVG provides the best anti-virus protection around. After F-Prot started losing ground to Windows-based scanners, AVG has done a remarkable job in stepping up to the plate.
AVG, free and worry free. (This was not a paid endorsement)
"A vulnerability is not a vulnerability till somebody discovers it..."
Huh? So if someone inadvertently takes advantage of a vulnerability, it's not really a vulnerability because they didn't explicitly know they were taking advantage of it?
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
May I be the first to congratulate our executable overlords!
http://fedora.redhat.com/
No time to waste! Systems may already be infected, so better get offline immediately, review what installed software is at risk and start figuring out a way to get the patches... no, wait, I run linux.
Wonder what's on TV tonight?
Trust the Computer. The Computer is your friend.
if you went in for an STD test and they gave you herpes!
The UPX license expressly prohibits modifying exes after they've been compressed.
Because it proves that tool vendors are really some of our worst enemies and closed source tool vendors are the worst of all.
They have their hand out day after day for maintenance and updates and yet never REALLY bother to check if their own crap is working correctly.
Just another reason to go to free anti-virus software, such as AVG or Avast. I have removed Norton from all my personal computers and replaced them with Avast.
I just wish big corporations would realize that by using Norton/Symantec, that they are using the most targeted [by antivirus-disabling viruses] antivirus software out today.
Come on! A cardboard door is not a vulnerability until someone figures out how to get it wet?!
Like all talking heads the guy didn't think before opening the mouth. The problem is this : you don't know if anyone had previously found this vulnerability. So you can't say it wasn't a vulnerability before *you* found it or before it was reported to *you*. The are unknowable numbers of unknown vulnerabilities and known numbers known vulnerabilities. You cannot know the size of the unknown set -- even if it is in reality the empty set.
Microsoft has tried to go this rout by trying to stifle any release of "known" vulnerabilities so that they can't be exploited by the masses. See how well THAT worked? They should work at faster release of updates instead of waiting for it to become a serious issue... Especially with something THIS severe...
I haven't lost my mind. It's backed up on disk somewhere.
From TFA:
A vulnerability is not a vulnerability till somebody discovers it
So that's how security works! Supress knowledge of the problem!
It's nice to see that Symantec's corporate culture hasn't changed very much since the days when Peter Norton thought computer viruses were an urban legend.
You know all those idiotic flamewars that spring up whenever the "irony" tag is used?
Once and for all - THIS is irony. You can shut up now.
OMFG. Who would say it's not a vulnerability until it's known? Known by whom? If a black-hat knows, and shares it quietly with other black-hats, thi scould be devastating without ever being "known." This is security by obscurity, except it isn't well obscured.
Or did Symantec know, and just not mention it to their customers (so it wasn't "known") ?
"A vulnerability is not a vulnerability till somebody discovers it." This sort of rubbish is a rather amusing reflection of corpthink.
It's rather like saying "A law of Physics isn't a law of Physics until somebody discovers it."
A vulnerability is a vulnerability, period... meaning that something is vulnerable. Whether or not anyone's yet realized it's vulnerable is another story.
If you didn't put a lock on your door, would it "not be unlocked" until someone came by and realized that the door lacked a lock?
Honey, I shrunk the Cygwin
Every time I go at someones house and they have "technical" questions, I walk to the computer to find 80% of the time... McAfee that dates back to 2000-2002 (the other 20% is NAV). No warning that it's not updating anymore or anything. People assume that the icon on the tray is there and they feel safe. I nuke it and install AVG. Work great. Less of a ressource hog (especially comparted to NAV) and oh yeah.. it's FREE as in beer!
I'm actually quite surprised that Symantec posted the notice about this publicly, rather than simply including an update in its next online patch.
br Definately a bad vulnerability, but kudos for being honest about it. I wonder though how liable they are to damages... not good when antivirus software actually ends up trigging the infection.
Is it just me, or is the patch/update download site already slashdotted? I can't get it to load.
Everytime I see a machine come into my store with a Symantec or a McAfee product I recommend a better solution. Running AntiVir or AVG on a machine with either product will almost always produce a large list of positives, even if they are spyware related trojans just waiting to be run to download tons of crap. But then I also recommend and will install Firefox (or another mozilla based browser) on anyones machine. Machines with Firefox tend not to come back broken 2 days later.
This doesn't surprise me in the least with the quality I've experienced with their products. After I recommend another solution, everyone seems to say something about it being recommended at Best Buy/CompUSA. And if the worker there thinks it's good, it must be. Wonder if they get a kick back on Symantec products?
rm -rf
....Norton Antivirus/Internet Security is the biggest piece of shit excuse for security software EVAR. It is poorly designed, poorly implemented, always breaks, and the only fix is "please reinstall NIS".
Now they're getting into spyware/adware removal, and Norton will always find stuff, but when trying to deal with it it just gives a 'delete failed' message and that's it. And it will continue to nag you about things it finds.
People who don't know anybetter see these displays in best buy, and believe the hype and go home and install this paranoiaware. If it is NIS it promptly breaks their internet connection and screws up their email client. If they call symantec for help in configuring, symantec will refer them to their ISP.
What a bunch of fucks. Color me mofo, but i'm telling people to uninstall NIS these days (and the funny thing is that complete removal often requires registry hacking). It's more trouble than it is worth. Tech support is bad enough without this crap.
do() || do_not();
> > "A vulnerability is not a vulnerability till somebody discovers it..."
> Huh?
Sir Lancelot: "I hate to go into battle with this big f*ing hole in my chainmail, but fortunately my tabard will hide it."
Sheesh, evil *and* a jerk. -- Jade
We can only hope.
Many Bothans died to bring you this sig.
#!/bin/sh /`
echo Scanning...
for file in `find
do
sudo $file
if system_still_running
then
echo File $f OK
fi
done
Got this link from Platinum support. UPX Parsing Engine Heap Overflow
It provides a bit more information on the specific builds that are a problem. Affects a great deal of their software.
The support engineer that I spoke with today stated that even though we have gold support you don't get notified for anything except "major . releases".
I had been complaining that I've been trying to get 9.0.3 for a couple of days now and customer support was a runaround and why can't I get updates like I should be.
He then told me that the MR packs are "not available unless you call tech support".
I then spent 15 minutes on the phone to customer service without speaking to anyone and hanging up.
He at least sent me a link to download the latest releases.
Thanks Symantec. I had to pull at your teeth to get you to talk, and only then you just spoke the least necessary. Great service.....:)
If you want to have a secure system you have to use less software, not more. Virus scanner et al are part of the problem, not part of the solution.
"A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." -- Antoine de Saint-Exuperyhttp://www.symantec.com/avcenter/security/Content/ 2005.02.08.html
The gist of it is that there is a heap overflow in a part of the Symantec antivirus engine that they call DEC2EXE. This is a decoder for compressed executable files. The idea is that you have to decompress it to scan the thing, this module does the decompression.
So a carefully crafted EXE file could overflow part of this code and cause arbitrary code execution.
This module isn't just in Norton Antivirus, BTW, it's in a heck of a lot of Symantec Antivirus products. So if you're running any Symantec anti-virus product, not just the home consumer stuff, you might want to head over there and get a patch.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
It's not like FOSS haven't had their share of local arbitrary code execution exploits before.
Your hair look like poop, Bob! - Wanker.
For all their pandering and pushing paranoia-ware, i sometimes suspect that maybe, just possibly, some of these worms that get released might come from Symantec themselves.
Call conspiracy theory if you want, but it seems that with a lot of the "good" worms, Symantec is the first to announce it, and they've got a full analysis of what it does, how it works, what it's written in, etc, even if they claim the worm has only been "out" or "released" for 12-24 hours. This includes details that might be hundreds or thousands of varying filenames the worm will drop, what it does on certain times or dates that haven't occured yet, and various other things that are internal to the program itself.
Yes i know you can take an executable and reverse engineer it to see how it works, but i'm sure some things will get lost in translation. Plus, in their description of their buzzwords and jargon, they define "Zoo Threats" as worms that "only exist in antivirus labs".
I'm not saying that there *aren't* plenty of mofos around the world writing worms out of spite, but I think that sometimes the actions of Symantec might belie a hidden agenda.
Business is business.
do() || do_not();
...until someone discovers it?
Not a good way to think. That's like saying Iran having nukes isn't a concern becuase we haven't uncovered any direct evidence. The idea is to expose the vulnerability so you can do something about it.
---Technology will liberate us if it doesn't enslave us first.
I've had excellent luck with ClamWin
Karma: Chameleon (mostly due to the fact that you come and go).
I use AVG on all my company systems and can say that in addition to being free...
Wow - good job. I would like to direct you to this paragraph on Grisoft's site:
AVG Free Edition is for private, non-commercial, single home computer use only. Use of AVG Free Edition within any organization or for commercial purposes is strictly prohibited. Your use of AVG Free Edition shall be in accordance with and is subject to the terms and conditions set forth in the AVG Free Edition License Agreement which accompanies AVG Free Edition.
Perhaps you should upgrade.
I want to drag this out as long as possible. Bring me my protractor.
The linked article states that:
Symantec is distributing patches to its customers through its LiveUpdate automatic update service and other mechanisms. It warned companies that do not use those services to download the patches from its Web site and apply them as soon as possible.
So users with LiveUpdate should use tool to handle updates. BTW, my LiveUpdate didn't install any client patch. yet.
One more thing in my massive list of blocked attachments.
This remind me of Jennifer Government -
http://www.maxbarry.com/jennifergovernment/
One of the characters writes a trojan that works by exploiting a buffer overflow in the virus scanner (thus running even if the user never ran it, without needing bugs in further products), and also adds itself to central AV servers' virus signatures, which causes it to infect all AV clients when they update the signatures.
BTW, great book, and the "big companies taking over the world" theme is very Slashdot style .
Did Microsoft buy out Norton last week?
To be able to unpack a PE file, you must either get the official unpacking code from the developer (which is in many cases not possible), or you must make your own (well, obviously). Now, to make it yourself, you can extract the unpacking code from any file known to be compressed by the packer, and add that to your unpacking code, or you can actually copy out the code from the file you're currently unpacking and patch it so it fits your program. This works because you know the signature of the unpacking code and you know where in memory it will read/write.
The problem occurs if a known packer's unpacking code is amended do something else, but still fit the signature.
The main reason why they'd want to piggyback on the executable's code is due to the high number of versions of the packing code. They could quite easily crack them all as they appear, but if you use the file's own code, you have a generic unpacking routine that saves you lots of time and money.
If that's not proof enough that companies tend to patch only AFTER their products are directly threatened, I don't know what is.
...because you never know who you're dealing with.
"A vulnerability is not a vulnerability till somebody discovers it" - Tim Hartman / Symantec
Hartman is saying a tree falling in a forest with no one to hear doesn't make a sound (actually, it makes the sound of one hand clapping). The severe problem with his philosophy as security corporation policy is that they don't know when it's discovered by someone. Saying it's only been discovered now that it's been published is a total misstatement of actual security: you have to assume that any hole is vulnerable as soon as it exists, and that you don't know who knows. This hole in their software has revealed more than a buffer overflow risk. It has revealed that Symantec can't be trusted with security when their own reputation is on the line: any day of the week.
--
make install -not war
You can download the patch here
Today's news is F-Secure Security Bulletin FSC-2005-1 Code execution vulnerability in ARJ-archive handling!
I submitted this yesterday with a more Insightful^W Interesting^W Funny headline.
Worlds... colliding... *yeeaarrgh*
I want to drag this out as long as possible. Bring me my protractor.
Around 1994, the NATAS virus stormed computers all around the world. It was the first polymorphic virus. And it was undetectable with traditional means (didn't alter the exes' CRC).
McAffee released a new (experimental?) version of their antivirus, so that it would clean NATAS. Unfortunately, sometimes if you pressed CTRL-C, part of your programs' code would execute randomly (later, they released a completely different version, which effectively cleaned NATAS and similar viruses, without having such nasty bugs).
Frankly, this execute-to-test-for-viruses was always a bad idea. I don't know why Symantec fell into that. Unless of course, it's more like a buffer overflow, which is understandable.
http://www.symantec.com/avcenter/security/Content/ 2005.02.08.html
I've been waiting for something like this for a while now. A virus that either is triggered by antivirus software, or a virus that attacks and alters antivirus software. I'm surprised that it's taken this long. If the antivirus software is corrupt, the average home user is in a heap of trouble.
Granted, I don't know that it hasn't been done yet, but I don't recall hearing about it.
"No fair, you changed the outcome by measuring it!" - Professor Hubert J. Farnsworth
Huh? Have you ever used AVG? It's got NO spyware and no adware. The "signature" at the bottom of emails can be turned off or personalized. I have it setup to sign in (and IN only) emails with attachments that tells me the email is virus free. Please don't make false claims. Especially on great products like AVG.
Has anyone looked at open source alternatives as ClamWin and ClamAV for Windows. How do they compare to the commercial couterparts?
And other scan engines running in crossroad points in the network. If Syamentec ignores it is because sophos already deleted the virus.
Tal about putting all your eggs in one basket.\
Have a good one.
===== "Every head is a different world so don't invade mine you FREAK!" smartSAGA said
So as unlikely as it is that many Linux users are using a Symantec product, or that someone will target a Linux box, anything that is running a scanner(such as an email server) is vulnerable. Everyone needs to patch on this, not just the Windows guys.
Ha! Every single person whose computer I've serviced that runs Norton is running a copy of 2002 with a virus dat from 2001.
:)
But once again, I'd like to thank the virus writers and the goof up from Norton. You drive my business
Please don't make false claims. Especially on great products like AVG.
He probably works for McAfee.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
You mean this is a manual upgrade? How insane is that? We can't do this manually on hundreds of machines.
Symantec recommends you immediately patch your software
Or, you can fire your mail admin for allowing executable files to even get to the point where they need to be scanned and get one that knows what they're doing. Your incoming SMTP should be rejecting any e-mail that has one, why bother scanning it? There are ways that were designed for transporting these things, e-mail was not it!
And, remember: when bitching about this, make absolutely sure you're loudly and clearly proclaiming this to be the fault of MS or Symantec. Otherwise, you run the risk of someone actually placing the blame where it really belongs: with the administrator who shouldn't have been affected by this in any way.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
Why doesn't anyone mention antivir as a good free antivirus. It boasts a smaller memory footprint then avg or avast. Personally I use clamav, but I always thought antivir would be a good choice.
Tim Hartman, senior technical director for Symantec Asia Pacific, said:
"A vulnerability is not a vulnerability till somebody discovers it...
Impressive foresight. Another great security through obscurity business model.
No tiny Tim, if your tire can be flattened, it will be. It's that simple.
What does he think the term "known vulnerability" refers to? Does he think the converse doesn't exist?
NOD32 provides the best antivirus protection and has consistently won numerous awards that Norton can't even touch.
Want evidence of how solid it is? NOD32 is the antivirus app used on Microsoft's corporate networks...
I just got off the phone with my symantec rep, and he says any corporate edition anti-virus product 9.0.1.1000 or newer is not affected.
Anyone with a valid license can go to Symantec's fileconnect website and download the newest version.
-ted
I have a copy of NAV 2005 and I run LiveUpdate almost daily. I just ran it again and all it did was download a new virus definition. How can I tell if it's patched or not?
BTW, HP's entire corporate network rests in the hands of Norton AntiVirus Corporate Edition. I can recall several mornings of cleaning up the Blaster virus at the DataCenter then being insulted and abused when I couldn't clean up a new variant for which we had no documentation. They've made it the corporate standard along with Mozilla, however, failed to announce Mozilla to their employees - so, the majority of them still use unsecured Internet Explorer browsers because their IT department doesn't recognize the potential exploits for the browser. They keep an old image file of a preconfigured OS build per system model and image the systems through Altiris' Carbon Copy. I knew Carly was cutting corners/costs, but I didn't think she'd be so gung-ho about exporting her own position! >:-D
-- Game Developers: Stop porting badly-textured games from crappy console systems!
Here are some helpful resources on Virus Scanner tests if you can't decide which one to use:
m l? 3 9,pg,5,00.asp
http://www.virusbtn.com/vb100/archives/products.x
http://www.pcworld.com/reviews/article/0,aid,1159
Syamantec pretty much assume that if you are running SAV CE, than you use login scripts to push patches to machines. There is a section in the docs on the various flags to give the MSI for automated mode (eg, how to specify the group server).
(S(SKK)(SKK))(S(SKK)(SKK))
Perhaps you mean basking in their former glory?
Symantec Antivirus May Execute Virus Code
I don't care if Symantec runs virus code, just as long as windows doesn't.
Coder's Stone: The programming language quick ref for iPad
What's a virus?
http://illhostit.com/ - Webhosting
How do you think that anyone can take anything you say seriously if you try to say something AND contradict it, within the same sentense???
A vulnerability cannot be a none-vulnerability, it's a breach of definition. As for: Those of us who don't reach up our arses for thoughts have this amazing ability to recognise the existance of things that aren't just every day objects, we've moved past "A is for Apple". And that's totally ignoring the fact that we CAN *physically* test laws of *physics* (notice how similar those words are? Do you think there could be a link?). Why do you remind me of the video that everybody's seen of the monkey trying to drink it's piss? Nope, it's a mystery.
I'm vulnerable to high speed bullets ripping my flesh apart... yet I've never been shot! I bet you're one of those people who think that trees fall silently when there's no person around to hear them aren't you?
The revolution will not be televised... but it will have a page on Wikipedia
Something tells me this is the case at most PHB-run companies. Yay for brand recognition! This is what has allowed Symantec to keep pumping out shitty software for so long.
http://www.gentoo.org
Gentoo, the Linux distro for Real Men.
I'm glad I switched from Symantec Corp to McAfee Enterprise a few months ago. While I'm not terribly happy with McAfee(uses lots of CPU when browsing directories with many gigs of files), Symantec really pissed me of when I removed it. I had to spend about an hour removing reg. keys that their uninstaller was too lazy to remove. It couldn't have been that difficult for them to have the installre remove them, but instead they give you a three pages of crap that you must remove from various locations in the registry. That has totally made me rethink using Symantec stuff again.
Every time you post an article on Slashdot, I kill a server. Think of the servers!
Norton Antivirus has been the biggest pile of $hit AV I've ever used. It routinely misses well-known trojans/viruses. I've gotten my system infected twice in the past by simply visiting a page in IE. Norton just shut down and my system got infected. Doing a free scan at housecall.trendmicro.com, Trendmicro was able to detec the virus easily. Norton just kept telling me no virus was found.
Stay far away from Norton. It's worthless.
eTrade SUCKS
A couple of days back they rated a hack that could theoretically forge you root access to a Mac OS X box if you (a) already had an account and (b) had physical access to the machine as 6.9/10.
Now we discover (really not surprisingly) that they themselves are a vector.
I wonder how long Symantec has been setting on this ugly beast, and how many have gotten "owned" because of it?
A month? Six months? A year?
Some of the holes in IE have been open for over a year.
Running with Linux for over 20 years!
I don't see this anywhere in the linked-to article. Maybe someone could point it out to me. If a spokesman for Symantec said this, he should immediately put out a correction since I'm confident his thinking was of an exploit as compared to a vulnerability.
But why is the rum gone?
The advisory also says says Symantec Antivirus Corporate Edition 9.01.1000 is "non-vulnerable." This update was also required for XP SP2 so it should already be widely deployed. This is the version I have installed and there is no Dec2EXE.dll present.
Peter Norton vs. Evil Virus:
BANG! Your dead!
RIP one Evil Virus.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
After a 30-minute call with Symantec (most of which was being on hold), I found out this information:
Go to http://licensing.symantec.com/. From there, you can select the Product Media link on the bottom of the page and Click to Download. Select your language, and then on the next page, enter your product's serial number. The serial number will probably be either on your product media or on your support certificate. This will take you to a link where you can download the entire product media for Symantec AntiVirus Corporate Edition v9.0.2.1000. Note that this is a 218MB download, so it may take a while, though I'm currently getting about 275KB/sec. I hope this helps everyone out!
Lemme ask you oh oracle of fucking wisdom. I have say, 300,000 desktops and another 100,000 servers running Symantec code. My licencing costs are close to the GDP of an African nation.
A software vendor with product on each and every one of them comes to me and says - hey we have this massive problem with 100% coverage and we honestly don't know how it's been there or been your problem because to tell you the truth we never do any post hoc failure analysis and if we did you'd suspect us of boning you anyhow and making up things just to sell you more product which you probably feel is the case right now anyway.....
That's helpful indeed, but after reading their website, I found that MR3, that is release 9.03.1000 is the latest, and it isn't available through the https: website. You still have to call them if you want MR3, whereupon they'll e-mail you a link to the FTP site containing the files, along with a login/password that is changed on a daily basis.
I was on hold for around 30-40minutes, which included being transferred from Licensing to Tech Support when Licensing couldn't find the 9.02.1000 on the https: website either.
Never look down your nose at others. Someday, someone is bound to see your boogers.
Actually, there isn't a patch for this per se. They are releasing a bloodhound signature that should catch any currently unknown viruses that try to exploit this. This really isn't a patch. The only way to fully protect any machine with these Symantec Products is to upgrade to the latest version of the software.
But why is the rum gone?
And cancer is not cancer until diagnosed?
Who still believes the 'security through obscurity' mantra these days?
--
Search is going mobile.
I have finally dumped symantec antivirus. Repeating de-activations, despite having a genuine copy of the software. Persistant inability to remove viruses. Program bloat. Plus, NAV must be a target for all the virus authors.
I am so over that software. It's too old and fat.
I got a security notice form F-Secure today that outlined a similar vulnerability in several of their products (execute code).
http://www.f-secure.com/security/fsc-2005-1.shtml
Just the first time Symantec has admitted it, I guess.
See the link in my sig blatantly pimping a software product? A while back, that product was compressed with UPX to make the download faster - UPX did a much better job of compressing the executable than either ZIP or Inno Setup. Things were good.
But that had to stop when I got mysterious complaints from users who said their computer would freeze for a minute or so each time they ran my program. Even stranger, their computer froze in exactly the same way when they installed the program. Turns out these users were all running Norton AntiVirus, and when NAV scans some (but not all) executables compressed with UPX, it just sucks. CPU time, that is. I searched the web and found some other reports of the same problem with other compressed apps.
I reported it to Symantec, and what did they tell me? Why, I must be mistaken! There's no incompatibility between NAV and UPX! Go away.
So I'm pleasantly surprised that they're actually admitting that a problem with UPX exists, even if it might not be the same one I encountered. Maybe once everyone has upgraded, I can go back to compressing the software I distribute.
Visual IRC: Fast. Powerful. Free.
Forget Crossover unless you KNOW the "power user" apps needed by a user are supported. Crossover/WINE works on a very small subset of Windows apps.
Win4Lin uses an actual copy of Windows (the version supporting W2000 should be out by now) and russ just about anything that ran on Windows to begin with. Win4Lin made it possible for me to run Linux (there is no good solution for porting Eudora mailboxes and address books) and wait for the Open Source graphics apps to grow up to the usable point.
You are right in that it's the power Windows users who are going to have trouble... plus anyone who wants to send documents outside an organization that's switched.
Little differences become big ones when an outside client or editor is the one that is complaining about them.
Tech Public Policy stuff
I think this was a (minor) plot point in Jennifer Government by Max Barry. Someone designs a virus that uses an overflow in NAV to get itself distributed to all the workstations in a company. I think in the book it was program designed to get NAV to create a pattern on the server that would crash the workstations when they were updated with it, but it still seems strangely similar.
For once, I'd like an honest, unbiased report on some important news on Slashdot.org. It seams to me that the common article posters word their posting in such a way to daemonize the coporate companies regardless of circumstances. In this particular post for example, Symantec has acknoledged several older products without recent updates are vulnerable to this attack, but recent products and even older software with recent updates are protected against such threats. http://www.techtree.com/techtree/jsp/showstory.jsp ?storyid=57565
Please control your anger against the corportate companies and recheck your facts. Thank you,
Dan Brown
Asheville, NC
Their product is not broken. Only if you have 2003 or earlier, and it has not been updated within the last 30 days. If that is the case, then my friend it is your own fault for not keeping you software up to date.
Wow, after freaking out trying to find a serial for our copy of SAV9.0 Corporate, they revised the original advisory saying that it's not vulnerable.