Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Confirms AV Library Flaw, Promises Patch

Posted by CowboyNeal on from the watching-the-watchmen dept.

the_flyswatter writes "Anti-virus vendor Symantec Corp. has publicly acknowledged that a high-risk buffer overflow vulnerability in its AntiVirus Library could lead to code execution attacks when RAR archive files are scanned. The company confirmed the issue was a buffer overflow in the AntiVirus component used to decompose RAR (Roshal Archive) files. 'A specially crafted RAR file could potentially cause this buffer overflow to occur and execute hostile content from the RAR file,' the advisory read. The bug also affects 15 consumer products, including the widely deployed Symantec Norton AntiVirus, Symantec Norton Internet Security Professional, Norton Personal Firewall and Symantec Norton Internet Security for Macintosh."

11 of 133 comments (clear)

  1. That's what you get for by letdinosaursdie · · Score: 5, Insightful

    The Microsoft solution to the Microsoft solution to the Microsoft solution to the Microsoft solution to the...

  2. Re:Inherent problems with AV software by MichaelSmith · · Score: 4, Insightful
    No thanks, AV software!

    The exploit you really have to look out for is the one I send to you get a specific bit of information off your system, which sends the info to a maildrop and then deletes itself without ever calling attention to itself.

    The viruses which propogate all over the place and get their footprints into antivirus databases are jokes, really.

    --
    http://michaelsmith.id.au
  3. Morons by Anonymous Coward · · Score: 4, Insightful
    The Windows worlds most widely deployed AV solution uses MSHtml to render it's GUI, that doesn't exactly inspire faith in symantec products. Security products should do one thing well, the very concept of the all encompassing consumer 'security' application suite is flawed and yet almost every Windows desktop security product has additional 'features'.

    Computer security is not availiable in click-wrapped form, it's about time that companies stopped marketing software as some cure-all for lack of user education.

    1. Re:Morons by jayloden · · Score: 2, Insightful

      Tell me about it. No more ability to scan in Safe Mode, no ability to run at all if the IE security settings are jacked up, and if mshtml is exploited, then Symantec's products are screwed.

      Whose brilliant idea was it to make an HTML GUI for a *security* product using libraries from the system that are easily compromised by unrelated events (IE security levels)?

      Right around the time they started with that was when I stopped recommending their products and started recommending AntiVir.

  4. Re:Inherent problems with AV software by Zog+The+Undeniable · · Score: 2, Insightful

    I agree. Your best defence on the Internet is a hardware firewall router and a well-developed bullshit detector. Doesn't slow your computer down.

    --
    When I am king, you will be first against the wall.
  5. Tell uniformed users what AV can & can't do by Quirk · · Score: 4, Insightful
    I stopped using Symantec Products when I moved on from Windows 98 as a multimedia/game/web OS. Symatec products burrowed too deep into the OS, were impossible to elegantly uninstall, and, the Norton Tool set really wasn't as necessary as it once was.

    I figured Peter had unfolded his arms, dressed in a dinner jacket, and, gone out to celebrate having become one of the nouveau riche.

    My biggest beef is not with the AV makers, but, rather, with the retail sales people who sell AV software and tell unknowledgeable buyers that their system is now protected against all malware, because, superduper AV ware scans everything before you use it and ensures no malware can execute.

    I try to explain to people that AV is alot like a flu shot. It's good enough to give you some protection from the bugs we know are out there but is ineffective against the new, bad stuff coming down the pike.

    --
    "Academicians are more likely to share each other's toothbrush than each other's nomenclature."
    Cohen
  6. only version 10.x of Corporate Edition ... by Anonymous Coward · · Score: 4, Insightful

    So according to the Symantec advisory the vulnerability is only present in version 10.x of the Corporate Edition. And there I was, thinking it was about time to upgrade from 8.1 that we're running at work ... not anymore!

  7. Re:You know what this means - by Anonymous Coward · · Score: 1, Insightful

    Too bad clamwin is a peice of shit

    ive seen the task tray icon application, while doing nothing else but showing a small clamwin icon in the corner, use ~500MB of memory in just 1 day (only saw this once, usually it only goes to 50-150mb, which is still insane for just a damn icon, nevermind the scanner which uses a ton itself and takes like 4 days to scan 80 gigs)

  8. Re:You know what this means - by thebes · · Score: 3, Insightful

    And the 14 year old speaks! Wow, I was just waiting for that. So, tell me, when was the last time you designed and built an operating system?

  9. Re:Why AV Is Innefective from Malware POV by Egregius · · Score: 2, Insightful

    What if we encrypted our virus with a random encryption, and only the decrypter could be scanned for? Well, if we did that, we'd be doing what viruswriters were doing late eighties/early nineties. What ever came of it? Anti-virus writers outsmarted the viruswriters, by actually scanning for the decoding pieces or patterns in the code that indicated certain types of encryption.

    Now we're slightly further down the road, and we moved from encrypted to oligomorphic (weak polymorphism) to polymorhpic to metamorphic code. Metamorphic code is code that completely changes from generation to generation (read up on the MetaPHOR virus and metamorphism for more details). And yet..anti-virus writers still manage to detect these (with great difficulty however), and have been for quite a while. Metamorphic viruses are incredibly complex however, so you won't see them in the wild often because they're hard to create, and there's hardly any niche for viruses any more. Either your malware is a worm that understands open ports and/or mailing itself to others, or it's a internet-unaware virus that remains stuck on the hard disk.

    Grand-grand-parent's post thus adds little to the discussion. What he speaks of is 1.5 decennia old, and has NOTHING to do with the current article: a well-known anti-virus vendor allowing malicious code-execution through a buffer-overflow. Mods: please mod his pointlessly bolded post 'overrated'. A '5' is dissapointingly high for this geek crowd.

  10. Re:You know what this means - by Anonymous Coward · · Score: 1, Insightful
    actually, considering I cut my programming teeth way back in the early 70's and had to punch my programmes in on good old fashioned punched cards... built my first personal computer the hard way by having to solder EVERY connection, and had to code it by typing in the raw op codes, I think I'm ably qualified to tell you young whippersnappers, especially those inexperienced whippersnappers that Microsoft insists on using, where things are wrong...

    Ah yes, the "I've been using computers for 100 years so I know all about computers TODAY" argument. When I did tech support people like you were the absolute worst customers because they think they know everything and actually know jack shit about modern operating systems.

    Why would you think that using punch cards and a soldering iron gives you any insight at all into how Windows works? Great leaps of logic there old timer, you might want to look into getting checked for Alzheimers.