Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec AntiVirus Hole Found

Posted by ryuzaki0 on from the safer-than-sorry dept.

Hotwater Mountain writes "eWeek has a story about a gaping security flaw in the latest versions of Symantec's anti-virus software suite that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine 'without any user action.'"

15 of 241 comments (clear)

  1. That saves time! by bunbuntheminilop · · Score: 5, Funny
    Symantic will only have to make viruses for its own programs!

    (ouch, that was a little harsh)

  2. Details? by SomeGuyFromCA · · Score: 5, Insightful

    Is it server-side or client-side? Is it push or pull?

    If it affects the install on the clients, but needs to get access to them, I wave my paw and say "bah."

    If, on the other hand, it can attack the server...

    Well, then again, everything should be behind a firewall anyway, with only needed ports forwarded.

    I mean that's just common sense...

    --
    if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright
    1. Re:Details? by neil.orourke · · Score: 5, Informative

      http://www.smh.com.au/ had a writeup about this which said that Norton Internet Security guarded against this flaw in Norton AntiVirus. Go figure on the implications of that.

    2. Re:Details? by Jesus_666 · · Score: 5, Funny

      Norton Antivirus offers perfect security. Just leave it installed on a home user PC for long enough. Sooner or later the system will shut down in an unclean fashion, which NAV will take as a reason to hang at startup, taking the NIC with it.

      Bang - no NIC, no malicious traffic from the internet.

      --
      USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
    3. Re:Details? by Anonymous Coward · · Score: 5, Funny

      From all the installations I've had to fix, I believe that by "Norton Internet Security" what they really mean is that "it protects the internet from YOU".

  3. Good news, everyone! by christopherfinke · · Score: 5, Funny
    "This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine."
    Well that's a relief. Who would ever want to use the Windows shell? I'd call that security through, uh, suckurity.
    1. Re:Good news, everyone! by gbobeck · · Score: 5, Funny
      I'd call that security through, uh, suckurity.


      Toss in the complete inability to hack that most script kiddies have... and now you also have security through stupidity.

      I always loved watching my snort logs when some kiddie attempted to 0wn my FreeBSD server running Zope/Plone + Apache by tossing every IIS 5 attack they have a script for.
      --
      Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
  4. So people have discovered Nortons DRM Rootkit? by oztiks · · Score: 5, Funny

    They are just calling it an exploit just so they dont get into trouble ;)

  5. Who has heard that conspiracy theory by Sentri · · Score: 5, Funny

    That the Antivirus people are the ones putting the virus's out there to keep their businesses running

    *grabs tinfoil hat*

    --
    Can't we all just get along
  6. Throw me a friggin bone! by BarryLoper · · Score: 5, Insightful

    OK that leaves about every question unanswered.

    At least give us a little bit on how this vulnerability could be exploited other than: This flaw does not require any end user interaction
    • Do I have to browse to a malicious website?
    • Do I have to download an infected file for it to scan?
    • Does it somehow come in on Live Update?
    • What if I have a firewall?

    Throw me a friggin bone here! I'm the user... Need the info...

    I suppose the important part is they got the scoop!

  7. Consumer versions not affected by Anonymous Coward · · Score: 5, Informative

    Coverage on http://www.cnn.com/2006/TECH/internet/05/25/antivi rus.flaw.ap/index.html CNN notes that it appears only the corporate version is affected.

    "eEye said it appeared consumer versions of Symantec's Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw, though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected."

  8. Re:It's hard to imagine.... by Anonymous Coward · · Score: 5, Insightful

    Symantec hasn't actually ever made a good product. They BUY good products and then drive them into the ground. Ghost was just the last of the Norton suite of products that they got arround to breaking.

    Actually as far as I can tell Symantec hasn't actually ever made a product at all. I'm sure they must have once, how else did they ever get the money to buy Norton in the first place (venture capital I guess), but every Symantec product I can think of was originally aquired from someone else.

    I'd find it very hard to imagine a company that has done nothing but destroy every piece of intelectual property it aquires and continues to make money. Unfortunately I've seen it...

  9. DUH! we've been calling it Norton Virus for years! by aaron_pet · · Score: 5, Insightful

    I've never seen a program cause as many problems as some of these name brand anti-virus programs.. they're worse than having the viruses!!! and they add extra complexity that gives attackers more possibilities for exploitation.

    Keep your patches up to date, or don't connect to the internet...
    Don't open ANY freaking attachments, unless you expect it, and you know where it came from... or don't connect to the network.

    My mom's computer has their security suite? set up on it... it basically just nags her when programs try to do anything... it's nice that it warns about Real Player's nasties... but we all know to unistall that basterd and just use the codec... ... I'm saying stuff that everybody already knew... but nobody cared enough to nuke that company for the good of the world.

    --
    Please use [ informative / summarizing ] SUBJECT LINES
    Flame me here
  10. Alternatives to Symantec Antivirus? by Anonymous Coward · · Score: 5, Interesting

    My company has invested in Symantec Antivirus Corporate Edition, and while I do like the centralized management features and the Symantec Antivirus Client's unobtrusive nature, these exploits (and there have been several for version 10 alone) are getting ridiculous. With antivirus on the gateway catching 99.9% of the incoming viruses, and account restrictions for users preventing them from doing any real damage if they do get infected, it seems like Symantec Antivirus serves more as a vector of virus and worm attacks than a layer of protection against them. The fact that we pay thousands of dollars a year for the privilege makes it that much worse.

    Has anyone deployed something other than Symantec Antivirus in a 250 PC company? If so, I'd like to hear your experiences.

  11. But if they want to save development cycles... by Dystopian+Rebel · · Score: 5, Funny

    All they have to do is rebrand their anti-virus product "PC Anywhere SE".

    --
    Rich And Stupid is not so bad as Working For Rich And Stupid.