Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Posts Fix To Vulnerability

Posted by ryuzaki0 on from the yay-for-speed dept.

An anonymous reader writes "Just a few days after it was discovered, Symantec has posted a fix to a critical flaw with its Antivirus software." From the article: "The eEye digital security firm reported the problem initially, and discovered it was present in the newest versions of the affected Symantec products. Further research noted by Symantec described the problem as a flaw that made the products vulnerable to a stack overflow. Once exploited, that overflow could have permitted an attacker to execute code on the machine, with System level rights. The issue was made worse by being one that impacted enterprise-level customers, big spenders that purchase hundreds or thousands of licenses depending on the size of the business. "

100 comments

  1. Fix-it time by SeaFox · · Score: 3, Insightful

    Just a few days after it was discovered, Symantec has posted a fix to a critical flaw [CC] with its Antivirus software.

    So how long after they confidentially reported the problem to Symantec (as I'm sure they did) did it take them to fix it?

    1. Re:Fix-it time by Anonymous Coward · · Score: 1, Informative

      Why would the parent post be modded a 5(insightful)? There is no basis in truth for such a question, and it's just rhetoric and phoney conspirecy.

      It is common knowlege that standard vulnerability reporting protocol in the security industry dictates that a vendor should be notified privately when a vulnerability is found in their product, and then given some reasonable amount of time (usually 30 days) to respond and in order to create a patch. Then at the end of the wait period the vulnerability is released to the public at the researchers discretion. So by default, of course the vendor would typically know before the public.

      In this case however, because the reserach group was Eeye, there was no private notice. Eeye's Marc Maiffret (Chief Hacking Officer) does not follow the industry standard protocol, and he immediately notified the world of the vulnerabililty, as is his standard MO. Fortunately, he does not post details on the specifics of the vulnerability which slows the development of an exploit. So in this case the article was accurate.

      Besides all that, I have first hand knowlege that Symantec as notified when the rest of the world was. And if anything, Eeye should retract a statement that Maiffret made stating that it would take Symanted about a month to patch this vulnerability, when it actually took a few long and hard days.

      Couldn't login: Force10

  2. Patched or not, IPS Signatures? by lightyear4 · · Score: 3, Informative

    Patched or not, the information presented here and in the pages linked therein make it clear that -- until all machines are patched -- there is a distinct possibility of an exploit getting through. To that end, I have no doubt some groups have been hot on the issue looking for the hole.

    The same page ^^^ implies that symantec released IPS signatures for their products. With that said, do any signatures exist for other IPS/IDS solutions (snort, etc) ? If so, I would very much like to utilize them until any possibility of a threat has passed.

    1. Re:Patched or not, IPS Signatures? by Fyre2012 · · Score: 0

      We forget about the greatest NAV bug-fix of them all...

      The Uninstall command.

      --
      This is not the greatest .sig in the world, no. This is just a tribute.
  3. As long as we use langs without memory safetey... by Anonymous Coward · · Score: 4, Interesting
    As long as we keep on using languages that allow the application to access memory directly, we will keep on having these problems. I know plenty of people will say, "program carefully", but that's like saying, "seatbelts are stupid. If we all just drove safely we wouldn't need seatbelts or airbags or bumpers."

    Yes, of course even in memory safe languages (Java, Python, etc) something somewhere needs to have memory access. That thing is the VM/interpreter. Fortunately there are very few areas of code in the VM that need to have memory access, so if you make those correct, then you can write a million lines of application code and know that there aren't any overflows in it.

    -------------
    Carry a concealed weapon in California

  4. Symantec need to turn around by Freaky+Spook · · Score: 4, Interesting

    Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts.

    I think they need to go back to square one and develop a product that is not going to give them a bad reputation if they want to stay competitive.

    After working with a lot of other anti-virus packages and seeing how un-invasive a good anti-virus package can be I refuse to use Symantec products anymore and to my clients I strongly recommend them change products when their license is up for renewal.

    If it wasn't for Symantec bundelling their software with OEM's I wonder how much of an impact they would have? Most uneducated people I do work for think of all anti-virus as "Nortons" and are amazed at how much their system performance improves when I replace it with something else.

    They used to have some good products 10 years ago, but I haven't seen a decent anti-virus release from them for a long time now.

    1. Re:Symantec need to turn around by sconeu · · Score: 3, Insightful

      Their corporate client has a decent rep (until this).

      Their consumer clients are steaming bloated piles of crap.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    2. Re:Symantec need to turn around by __aaxpkq8573 · · Score: 1

      This is just karma for all of their recent trash talking against Apple. Only thing is, it will also hurt others. Symantec is just bad news all around.

    3. Re:Symantec need to turn around by Anonymous Coward · · Score: 1

      Oh give me a break. If this was open source, the whole community would be claiming victory and using this as an example of how quick problems are fixed. I've used Norton Firewall and Antivirus for over 6 years now. Guess what, in that 6 year period, I have never once had my computer compromised or any viruses infecting my computer. I'm a perfectly happy customer and will continue to trust my security with Norton whose entire reputation is dependent on the abilities of their software. IMO, that alone is what makes Norton a good company.

    4. Re:Symantec need to turn around by Mistshadow2k4 · · Score: 2, Interesting
      Oh give me a break. If this was open source, the whole community would be claiming victory and using this as an example of how quick problems are fixed.

      I thought that too.

      I've used Norton Firewall and Antivirus for over 6 years now. Guess what, in that 6 year period, I have never once had my computer compromised or any viruses infecting my computer. I'm a perfectly happy customer and will continue to trust my security with Norton whose entire reputation is dependent on the abilities of their software. IMO, that alone is what makes Norton a good company.

      Then you're a minority. Your one of two I've ever heard say that, as compared to over a hundred more people who've had to reinstall Windows because of Symantec's software. I'd had my first computer about a month in 2001, running Norton's, when it got owned by a worm that wrecked Windows so that I had to reinstall. It later got owned by another virus that also wrecked it so that I had to reinstall, it just did it more slowly. Not only that but there were other incidents related to viruses that caused me problems. Was I downloading stuff that had viruses? Not according to Norton's scanner. Finally, after I'd heard that AVG was good and free (I didn't know much about this stuff back then) I decided to give it a try. I scanned all the files on my computer and it found three OLD files that were viruses that always passed Norton's scan as clean. The youngest of these files was seven months! The oldest was 13 months. That's just plain incompentence on their part, as far as I'm concerned.

      Anyhow, after AVG I never had problems with a virus again. Of ocurse, that was urgent for only about another year as I switched to *nix later. Now viruses rarely concern me personally at all, only with regard to my customers who bring me their PCs to fix and anytime I fidn one with Norton's or McAfee's I install Avast (Win 2k/XP) or AVG (98/ME). Virtually all of them have reported that Avast or AVG did much better at catching virused files they had and weren't so invasive, so Norton's doesn't seem to have improved since I was using their products.

      Here's an idea: if you're so confident in Norton's, try uninstalling it, install AVG or Avast and scan all your backup files with it as well as your computer. You say that your system is clean and Norton's has kept it so, but how do you know? Why not check to make sure? Because if you've been using Norton's exclusively that long, I believe you most likely do have a trojan that you don't know about.

      --
      I dream of a better world... one in which chickens can cross roads without their motives being questioned.
    5. Re:Symantec need to turn around by EvanED · · Score: 2, Informative

      Your one of two I've ever heard say that, as compared to over a hundred more people who've had to reinstall Windows because of Symantec's software

      Three, now.

    6. Re:Symantec need to turn around by slowbad · · Score: 1
      seeing how un-invasive a good anti-virus package can be I refuse to use Symantec products anymore

      When Google is giving away your product for free to tens of millions of users ... why exactly is it in your interest
      to allow for easy uninstall after six months? First get a reputation for it being dangerous to remove from a system.

    7. Re:Symantec need to turn around by Velox_SwiftFox · · Score: 2, Informative

      Four, here; as a possibly relevant note I am running Symantec's AntiVirus 9, not 10 on several corporate servers (also with hardware firewalling and other best practices layering) and their newest 2005/2006 etc on about a dozen workstations (with fairly clueful users).

    8. Re:Symantec need to turn around by BCW2 · · Score: 1

      As a tech at a white box store I remove more virus/trojans from boxes with "Norton protection" than all others put together. Nortons home products are worthless. For a paid anti-virus I recomend F-prot and for free try AVG. When I get a slow box at check in I will disable Norton and reboot in front of the customer, they always want it removed as part of the clean/tune up.

      --
      Professional Politicians are not the solution, they ARE the problem.
    9. Re:Symantec need to turn around by nacturation · · Score: 3, Funny

      Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts.

      It still is. None is preferable, with Symantec coming a distant second.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    10. Re:Symantec need to turn around by jim_v2000 · · Score: 2, Informative

      Their corporate client has a decent rep (until this).

      Symantec usually takes no more than few days to release a patch for their corporate software when they are alerted of a security hole. Better than any/most other applications out there.

      Their consumer clients are steaming bloated piles of crap.

      If you're the kind of person who would notice that Norton Antivirus is "bloated", you shouldn't be using it.

      --
      Don't take life so seriously. No one makes it out alive.
    11. Re:Symantec need to turn around by MHZmaster · · Score: 2, Interesting
      Amen. I used to use Norton products exclusively for security. I finally stopped when Norton AntiVirus/Personal Firewall 2005 refused to activate on my laptop (admittedly with a very messed up install). I had a valid license, and the activation went through with no apparent problem. But after the 30 day trial period, it suddenly stopped working and said I need to activate. I used up my activation credits trying to get it to work. Symantec support was no help at all. I sort of gave up, but when I started to get viruses (virii?), I realized I had to have something and got Grisoft AVG Antivirus Free. To my surprise, the free program was better than the extremely overpriced Norton suite. Since then, I use AVG exclusively, and recommend it to everyone I know. The software is a 20 MB download as opposed to ~500 MB and takes 3 minutes instead of 30 to install. It doesn't even require a restart after the installation (and neither do updates, which seem to come nearly every day). And most importantly, my computer is faster. I hear people complaining all the time about slow computers, and Norton is always the problem (although more RAM generally wouldn't hurt). I'm planning to buy the paid version, just to support the great things Grisoft is doing.

      In my book, it's not a good sign if any program takes a half hour to install or uninstall.

      --
      RIAA + Sony = Rootkit of all Evil
    12. Re:Symantec need to turn around by sconeu · · Score: 1

      I don't -- when avoidable. My previous employment used Dells with the preinstalled Norton Bloatware on it.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    13. Re:Symantec need to turn around by offerk · · Score: 1

      strongly recommend them change products... I replace it with something else.

      Which? What other products? Do you have any hard facts (tests etc.) that prove these products provide better/as-good overall security as Norton Internet security? If you do, stop teasing and give some links!

      I've been using Norton Internet Security for the last 5 years on my home PC (which of course changed over the years) and I have been extermely satisfied with it, overall. It has done its job of protecting my PC perfectly (zero virus infections). As for the whole "bloated product" issue, I wouldn't know - my PC is a gaming machine, usually way above the curve. Norton doesn't really affect its performance. Granted, that's not the case for most people, so maybe you havea point there. But I'd rather take a bloated product that does its job (and buy an additional ram stick to help the computer work) then go for a "lite" product that will allow my computer to be filled with viruses.

      Whenever there's a Symantec article on Slashdot, people love to bash them. I usually don't go defending commercial companies, but really, saying "there are better products out there" with no links given is a little annoying. No, scratch that, it's very annoying ;)

      --
      I learn from all my mistakes, I intend to be a genius at the end of my life.
    14. Re:Symantec need to turn around by club5220 · · Score: 1

      You're darn tootin'. Symantec used to, key words "USED TO" be the bomb. Is anyone else scared cuz an article reference how the US gov't uses SAV to "protect" their machines? If you want real protection, I'd reccommend TrendMicro's OfficeScan. I've switched most of my clients over, and BTWm, three years of AV plus damage cleanup services (DCS) comes in less than SAV, so it's cost effective, too. In EVERY OfficeScan install I've done, it's identified AT LEAST four pieces of malware, and I don't mean tracking cookies. I've seen new threats try to unistall SAV and I've stopped them, rebooted in SAFE MODE, scanned, cleaned, and repaired, only to find LiveUpdate no longer worked. What good is that? Symantec breaks everything they buy - anyone who also fights with BackupExec on a daily basis knows what I mean. Do yourself a favor... get your clients away from Symantec AV. Not only can you mark it up and make a penny and STILL provide value... it actually WORKS. I'm a 12 year network engineer, so take my advice with a grain of salt. But I kid you not - at least TEN of my clients had malware (nasty shtuff) that SAV did not identify. Protection?! My ass. And the US GOVT uses this stuff! I'm scared, guy n girls... You want to be a PATRIOT? Do everyone a favor and replace SAV. My $.02 worth.

    15. Re:Symantec need to turn around by Anonymous Coward · · Score: 0

      Which? What other products? Do you have any hard facts (tests etc.) that prove these products provide better/as-good overall security as Norton Internet security?


      Using Norton, and keeping it religiously updated, did not protect me from one of those nasty worms that killed executables in or about 2000-2001.

      Despite that HUGE HONKIN WARNING, I neglected to switch. I figured that since I was paid up, I was gonna get what I paid for. Stupid. I did eventually switch from Norton to Kaspersky about 2-3 years ago when I had had enough of Norton purely on the basis of how bad their installs and updates and web support and activations were, giving no thought to quality of core product. It didn't matter if it was the bestest A/V ever. There was only so much time in my life.

      Upon switching, the first scan immediately found months-old stuff that Norton A/V apparently didn't care about, and which didn't kill me only because it was in email that I hadn't fired up in some time.

      My last experience was with a VIP's laptop, some six months ago, and the Dell-packaged NIS which he apparently decided to let roam free basically brought the thing to its knees. You couldn't do anything with this laptop until you killed NIS, and the damn thing wasn't even attached to the network yet.

      I swore by their stuff a dozen years ago. What a shame.

    16. Re:Symantec need to turn around by Metshrine · · Score: 1

      5 here. I've been running corp since the 8.x days, and i've never had a virus or threat get through.

      --
      Engineers do it with less resistance
    17. Re:Symantec need to turn around by JSmooth · · Score: 1

      Point of fact:

            "Then you're a minority."

      That statement may be true of the users you have seen but since Symantec has the largest number of deployed av clients worldwide the vast majority of whom seem to be satisified judging by new sales I would say YOU are in the minority.

      Keep in mind, "tech people" make up just a tiny portion of the computer users population. This is why Dell, Microsoft, Symantec, etc will usually win. They may not have the best product but they have a decent bundle for a perceived reasonable price and good marketing.

      Warmest regards
      Mr. Smooth

    18. Re:Symantec need to turn around by rbochan · · Score: 2, Insightful

      Their reputation as an anti-virus provider used to be second to none...

      Methinks you're referring to _Norton_, not Symantec. Symantec has a habit of buying products that are really decent (think Norton Utils, Atguard, etc.) and bloating them all to hell and back and making them consume most of a machine's resources just to run. You know... like a virus might.

      --
      ...Rob
      The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
    19. Re:Symantec need to turn around by Cro+Magnon · · Score: 1

      I put Symantic in the same category as Windows & AOL. They all suck, but they come with my computer and the average person doesn't know what a steaming pile they are unless he tries something else.

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    20. Re:Symantec need to turn around by Cro+Magnon · · Score: 1

      I just found out what a steaming pile Norton is. I had been using it on a new box because it was preloaded. I already knew it wasn't worth paying for because of how it slowed down my computer, but I thought it was decent for finding virii. But when my free period expired and I switched to Avast, it found a Trojan, hiding on my recovery partition, that slipped right by Norton!

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    21. Re:Symantec need to turn around by crawling_chaos · · Score: 1
      Not to scare you or anything, but is it also not possible that Avast found a false positive on your recovery partition and has now mangled it so that it cannot perform its needed tasks? Have you run a system recovery from that partition to test that scenario, or are you blindly accepting Avast's diagnosis of the problem?

      In all likelihood, Avast is correct and Norton missed something, but I just want to raise the possibility that the error here is in Avast, not Norton, and without further testing, you don't know which case is correct.

      --
      You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
      -- Colonel Adolphus Busch
    22. Re:Symantec need to turn around by NorbMan · · Score: 1

      Except their Corporate Edition software wasn't originally written by Symantec. It was originally Intel LANDesk Virus Protect, co-written by Trend Micro, and sold to IBM before Symantec got it. Look at the registry on a machine that has Corporate Edition installed. You'll find a lot of your settings in HKLM\Software\Intel\LANDesk\VirusProtect6\CurrentV ersion.

  5. stack vs heap by Lord+Ender · · Score: 3, Informative

    For the curious: The reason they point out that this is a stack based BoF is because stack addresses are easily predictible, while heap addresses are not. So stack based overflows are much easier to write exploits for.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    1. Re:stack vs heap by jesser · · Score: 1

      The article says this is a stack overflow, which is a very different thing from a stack-based buffer overflow. It even links to a page correctly defining stack overflows. Stack overflows (aka crashes due to too much recursion) are not exploitable on sane architectures, while stack-based buffer overflows usually are exploitable. So I don't understand why the article claims this is exploitable.

      --
      The shareholder is always right.
  6. Antivirus needs to go by Anonymous Coward · · Score: 0

    Imagine that if Microsoft ever got their act together security-wise, we could do away with these Anti-Virus snake oil salesmen altogether.

    1. Re:Antivirus needs to go by QuantumG · · Score: 3, Insightful

      Was a time where we used the term "virus" to refer to a self replicating piece of code that didn't rely on exploits to move around. We used the term "worm" to refer to code that did rely on exploits. So even in the most secure operating environment you could still have a virus, but you couldn't have a worm. Of course, now-a-days everyone refers to viruses as worms and worms as viruses. As long as the operating system is performing actions on behalf of the user you will have software that does what the author wants but not what the user wants. The only real way to stop that is to make the user do everything themselves.. that is, it's completely impractical to stop. Stop-gap measures like virus/worm/spyware/malware detection, quarantine and elimination will always be necessary to mitigate the damage these nasties can do.

      --
      How we know is more important than what we know.
    2. Re:Antivirus needs to go by farrellj · · Score: 3, Insightful

      That same time, we called those who penetrated systems as Crackers, and those who wrote amazing code Hackers. Steven Levy wrote about them.

      It was a nice time.

      ttyl
                Farrell

      --
      CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
    3. Re:Antivirus needs to go by QuantumG · · Score: 1

      No, we didn't you hanger-on. The only person, ever, who has originally refered to people who break into computer systems as "crackers" is Eric S. Raymond. Everyone else who used the term "crackers" to refer to people who break into computer systems was just a sheep who read the jargon file, the entry of which was written by Eric S. Raymond. The fact that the media had (and continue to have) no interest in your prefered definition of the word and, as such, the mainstream public still consider your meaning of the word for be incorrect, does not give you warrant to rewrite history. If you wanna continue the propoganda compaign to make everything think of "hacker" as meaning a shiny happy tree friend who writes code for the good of humanity, don't do it in response to my Slashdot posts. And in case anyone is struggling to remember what "cracking" was all about, go have a look at how copy protection on software was broken back before every idiot figured out they could charge customers for a serial number. Those guys who did the cracking, we called them crackers. Eric S. Raymond probably wasn't concerned with them because he was already living a super-nerd-it-up life style over on VAX mainframes and minicomputers when the rest of us were discovering the personal computer revolution.

      --
      How we know is more important than what we know.
  7. You've gotta hand it to them.. by Anonymous Coward · · Score: 0

    They really take this stuff seriously. You don't get that kind of a response from Microsoft.

  8. People deserve it by Urtica+dioica · · Score: 2, Informative

    Folks, this is what you get for using anti-computer software.

    1. Re:People deserve it by abscissa · · Score: 1

      The vulnerability is not a bug, but a feature, since according to TFA you linked to, it's "virus software".

    2. Re:People deserve it by novus+ordo · · Score: 1

      In other news, Pro-Computer Virus Software groups held a rally where they condemned Anti-Computer Virus Software as Pro-Social. More details at 10.

      --
      "You're everywhere. You're omnivorous."
  9. Re:As long as we use langs without memory safetey. by Anonymous Coward · · Score: 0

    Well, better Java than Python. It's a strongly-typed language.

  10. Real Ultimate Computing POWER by TheDreadSlashdotterD · · Score: 2, Interesting
    I've got the solution for this vulnerability that also unleashes your computer's RUCP!

    1. Turn all Symantec products off
    2. Uninstall all said products || Reinstall OS || Use restore discs
    3. Use alternatives


    These simple steps will save you time and money, speed your computing experience, and, above all, avoid the vulnerability.

    Thank you /., and good night!
    --
    I have nothing to say.
    1. Re:Real Ultimate Computing POWER by ThePengwin · · Score: 1

      You know.. thats the only way to get rid of anything now on windows.. The ammount of crap that accumulates from any program just wont go away without a clean wipe.. I wish there was an OS that could keep the HDD clean and organised better

    2. Re:Real Ultimate Computing POWER by Raideen · · Score: 1

      These simple steps will save you time and money, speed your computing experience, and, above all, avoid the vulnerability.

      Considering that OEMs don't bundle the corporate versions of Symantec software (unless you specifically choose it), it does absolutely nothing.

  11. Re:As long as we use langs without memory safetey. by diegocgteleline.es · · Score: 3, Insightful

    Yes. Memory-safe languages running inside a VM is exactly the kind of languages that I'd choose to write antivirus software.

    After all, antivirus are not the kind apps that make your computer to underperform by a great margin, and they don't eat too many resources. Absolutely everything in software is about the algorithms, isn't it?

  12. Java vs Python by Anonymous Coward · · Score: 0

    I agree. Java is the only obvious choice for this kind of thing. I would write it in Java and use a thin layer of JNI to interface with the Windows sys calls as needed.

  13. SWITCH TO NOD32 ALREADY!! by NiGHTSFTP · · Score: 4, Interesting

    Seriously, Nod32 owns... owns, owns, owns.

    Kaspersky is pretty good too.

    But who in their right mind, that knows *anything* about security, uses Symantec or McAfee anti-virus products?

    Check out these: http://www.av-comparatives.org/index.html?http://w ww.av-comparatives.org/seiten/comparatives.html

    And if you have a VirusBtn login, the 100% awards are alright indicators of virus scanner quality, but nowhere near as good as av-comparatives IMO.

    --
    http://www.angryburrito.com/ The best, completely unfinished software review site ever.
    1. Re:SWITCH TO NOD32 ALREADY!! by Anonymous Coward · · Score: 0

      Symantec is no longer present at my worksite due to this critical flaw and HUGE Memory Footprints. NOD32 & Trend Micro PC-Cillin are now presently installed across the site.

    2. Re:SWITCH TO NOD32 ALREADY!! by alanjstr · · Score: 1

      Did you look at their comparisons? Symantec is the only one to get 100%. NOD32 only has 94.3%

    3. Re:SWITCH TO NOD32 ALREADY!! by NiGHTSFTP · · Score: 1

      Thats in polymorphic virus category, not overall. Learn to read a table.

      --
      http://www.angryburrito.com/ The best, completely unfinished software review site ever.
    4. Re:SWITCH TO NOD32 ALREADY!! by Wiz · · Score: 2, Informative

      Look more carefully. Symantec is the only one to get 100% for "On-demand detection of polymorphic viruses". For actual virus detection, it gets 97% & 98% depending on the situation.

      I think F-Secure, G Data Security & Kaspersky Labs do the best as they get 99%+ in all situations.

  14. Re:patched on a sunday? by TheaterAtHome · · Score: 2, Insightful

    1."everyone's servers" - Does US count as everyone?'
    2.Ever heard of a remote desktop?
    3.Arent't all IT people paranoid, even while "long-weekending" in US?

    Give them a credit - it's been very quick.

  15. Shades of Godel, Escher, Bach... by Dr.+Zowie · · Score: 3, Interesting

    Vulnerabilities in security software make me think of those dialogs between the Tortoise and Achilles -- particularly the one where the Tortoise and the Crab are developing ever more fancy record players. The Crab keeps getting nicer record players and the Tortoise keeps giving him records that induce fatal resonance in some mechanism of the record player...

    in GEB it was a parable about the Godel incompleteness theorem -- and, of course, designers of security software would do well to think carefully about it...

    1. Re:Shades of Godel, Escher, Bach... by sb · · Score: 1

      He's referring to this fantastic book, where dialogues between Achilles and the tortoise (c.f. Zeno's Paradoxes) are sometimes used to dramatise various concepts.

    2. Re:Shades of Godel, Escher, Bach... by novus+ordo · · Score: 1
      "and, of course, designers of security software would do well to think carefully about it..."
      Well since you say they will think about it, you mean that they should not think about it. And since they shouldn't think about it, they will want to think about it. So when you say they would do well to think carefully about it, they will not be able to think about it since that would mean that they shouldn't think about it. And they wont.
      --
      "You're everywhere. You're omnivorous."
  16. need to turn around by twitter · · Score: 0, Flamebait
    Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts. ... I refuse to use Symantec products anymore and to my clients I strongly recommend them change products when their license is up for renewal. ... Most uneducated people I do work for think of all anti-virus as "Nortons" and are amazed at how much their system performance improves when I replace it with something else.

    Why don't you really educate your clients by recommending a lean, performance improving OS that does not require an antivirus checker? That way, you can follow IBM, Lowes, Chrysler and others who must be very happy they no longer put up with bloated garbage.

    --

    Friends don't help friends install M$ junk.

    1. Re:need to turn around by Freaky+Spook · · Score: 1, Offtopic

      As much as I would love to start moving some of my clients away from a particular bloated & unsafe OS(which I have reccomended), a lot of people are lazy or just not interested in another OS, although they have problems with windows they at least understand it a little to get by.

      Some of my clients have moved to Mac and haven't been happier, others find the same problems with Mac as they have with Windows, not bugs or faults, just general usability they have the same frustrations with how to use programs because they just don't have enough knowledge behind the application.

      Moving an OS is a good idea in theory but having to re-learn different ways of doing things ,when people are busy with normal everyday life can be a chore for most, especially when you are intimidated by the machine your trying to learn.

    2. Re:need to turn around by twitter · · Score: 0, Offtopic
      Moving an OS is a good idea in theory but having to re-learn different ways of doing things ,when people are busy with normal everyday life can be a chore for most, especially when you are intimidated by the machine your trying to learn.

      You are not doing your users any favors. M$ is going to push the cosmetic changes on them anyway but nothing else will change for them.

      Is Windoze really worth the never ending exploits and all that entails? How many times can people put up with software reinstalls only to watch hopelessly as the same pop up advertisements mysteriously appear and already poor performance steadily degrades to useless?

      Now is the time to move. In the next year or so, Microsoft will release the biggest cosmetic changes to their software ever. You could buy all new hardware for the pleasure of this learning experience, or download a CD and install some software that just works. The free solution has been stable and annoyance free for eight years or so, while the M$ people have boasted the same but never delivered. The middle road, in price and freedom is Mac. I've never had to spend the money to find out if it's worth while.

      Moving away from Windoze has been great in more than theory for me.

      --

      Friends don't help friends install M$ junk.

  17. How much lead-time did eEye give Symantec? by IcebergSlim · · Score: 1

    From the eWeek article:

    "Security researchers at eEye Digital Security have discovered a serious flaw in Symantec's enterprise antivirus software that could be used by hackers to create a self-replicating "worm" attack against Symantec users. Because Symantec has not yet confirmed the existence of the problem, much less patched it, eEye is offering few details on the vulnerability, which was first disclosed late Wednesday."

    Either Symantec is lying, or someone is guily of some very excessive and reckless self-promotion. It smells like excessive self-promotion to me, but I'm not privy to the details so who knows.

  18. TUVM by Matrix2110 · · Score: 2, Interesting

    Thank you, Mr. Gates. May I have another?

    Silent mantra to the many people I have to spend hours cleaning spyware and maleware off of their system and feel guilty charging them because they are friends. Mostly they buy me gifts because I refuse to charge them. I have them bring the sick virus infested computer in on company time and test the company firewall.

    I really do!

    Matrix

    1. Re:TUVM by lon3st4r · · Score: 1
      I have them bring the sick virus infested computer in on company time and test the company firewall.

      Do you seriously do that? Boy I sure hope you realise how much risk you're putting your company's network. Destructive testing: not recommended ;)

      * lon3st4r *

    2. Re:TUVM by Anonymous Coward · · Score: 0

      what does this story have to do with Bill Gates?
       
      i'm no MS fan, but it's stretching it to say this.on the other hand, i hate g.w.bush cause my feet are tired cause he didn't implement moving sidewalks for me.

  19. SWITCH ALREADY!! by twitter · · Score: 1
    But who in their right mind, that knows *anything* about security, uses Symantec or McAfee anti-virus products?

    Who in their right mind still uses Windoze?

    --

    Friends don't help friends install M$ junk.

    1. Re:SWITCH ALREADY!! by Anonymous Coward · · Score: 0

      People who enjoy getting work done and making money.

    2. Re:SWITCH ALREADY!! by Anonymous Coward · · Score: 0
      People who enjoy getting work done and making money.


      Right - those are the people use *Linux*. But Twitter was asking who would want to use *Windows*.
    3. Re:SWITCH ALREADY!! by truedfx · · Score: 1

      Is that the "I know you are but what am I?" for geeks?

  20. Re:As long as we use langs without memory safetey. by Anonymous Coward · · Score: 0

    If you want to have a sig, please register. I browse with signatures disabled, as do others, because I am not interested in your spam.

  21. Re:patched on a sunday? by Anonymous Coward · · Score: 0

    Actually, they released the patches Saturday night and I agree that they should have waited until Tuesday morning to announce the vuln and the patch availability. They gave the worm writers a whole two days head start by forcing Symantec to release the patches over a hliday weekend in the USA.

    eEye's report says they were notified on Wednesday and I saw the eEye disclosure on Friday. It would have been nice if eEye had waited until the patches were released, since they acknowledged that Symantec was being responsive.

    The stupid patch requires a reboot as well, at least on Server 2000 SP4 and Server 2003 SP1.

  22. Incase the patch doesnt work by oztiks · · Score: 1

    Manual virus removal instructions:

    1. Click on Start Menu
    2. Settings -> Control Panel
    3. Then click on Add and Remove Programs
    4. Scroll down until you find Symantec Anti Virus
    5. Click Remove
    1. Re:Incase the patch doesnt work by Anonymous Coward · · Score: 0

      If only that worked. Unfortunately you then have to remove the 3482379424354379847298 directories and useless files it leaves behind.

    2. Re:Incase the patch doesnt work by AudioEfex · · Score: 2, Informative

      I'm glad someone is posting it.

      All antivirus software does is bog down your PC. I used it for 10 years before I realized how useless it was.

      I run windows, but I don't get malware and viruses. Worst thing I ever get is an errant cookie. Why? Because I don't go to shady porn sites, I never download anything I don't know is safe, and I don't use IE.

      Every few months now I take the time to install NAV long enough to scan my system and ensure that I'm not infected, and every time, clean as a whistle.

      Computer security isn't hard for the home user. Have a good firewall, don't download crap, don't go to shady websites, use AdAware/Spybot every once in awhile, and be happy.

      Pop-ups, spam, spyware, malware, viruses...it's all but eliminated by just being smart and using the bare minimum tools to protect yourself. It's people that just click on random shit and who fall for those "YOU WON AN XBOX 360!" and download shady software that get the issues.

      I'm not saying it can never happen to me; that would be foolish. But the chances of it happening are greatly exaggerated, and if you keep decent backups it doesn't matter anyway most of the time if it does happen. It's just not worth paying the increasing prices of AV software, nor is it worth how much it slows up your PC.

      AE

    3. Re:Incase the patch doesnt work by AndreiK · · Score: 1

      After a year of using Firefox, going to shady porn sites, and downloading things I had no idea of their origin, I had a total of two tracking cookies after a full ad-aware scan and spybot scan.

      All in all, I think security is overrated.

  23. Comment removed by account_deleted · · Score: 2, Insightful

    Comment removed based on user account deletion

  24. Why bother? by bmo · · Score: 0, Redundant
    Every day that I see yet another article about evil bits of malware infecting Windows machines. It makes me glad that I switched off that platform long ago. Windows is no longer viable, and this article and a mountain of others is testament to that fact. No, it's not because Windows is popular. It's because it's broken as designed. You would think that there would be a tiny fraction of viruses and worms in the *ix (Linux, Macintosh, Sun) universe based on the popularity ratio, but there isn't. There isn't even a smidge of the effects seen in the Windows world. Point me at a single live virus active in the *ix universe.

    You can't.

    It's so much work to just get a Windows system secure that it's simply no longer worth it to even bother. Save your sanity and switch to another platform.

    Don't deal with the dirty hobos anymore.

    http://slashdot.org/comments.pl?sid=186704&cid=154 06582

    --

    BMO

    1. Re:Why bother? by jofi · · Score: 0

      I changed my account's group to Users. It was tough but I got through it.. changing the setting I mean.

      --
      Blame the user, not the software.
    2. Re:Why bother? by Anonymous Coward · · Score: 0

      Bullshit.

      Both my home and work computers run Windows (XP and 2000 respectively) and I did not spend excessive amounts of time securing it. I just installed AVG and a software firewall (in XP, I just used the XP firewall).

      The reason there are so many viruses and exploits for Windows is due to its popularity; it is because there is more software mass produced low quality software for the platform. MOST exploits effect applications, not windows . . . and most viruses now days install themselves via exploits. Yes some of the exploits are in Microsoft applications, but by far the majority are not.

    3. Re:Why bother? by bmo · · Score: 1

      "The reason there are so many viruses and exploits for Windows is due to its popularity;"

      That argument doesn't work, because if it did, we'd see at least a few worms and viruses for Linux and OS/X. At least 1 or two persistent ones in the wild. But there aren't any, are there? If there was, it would be BIG NEWS if someone made a widely propagated virus for *nix and that person would have made a name for himself in certain circles.

      But the fact is, virus propagation in *nix sucks, and it's not because of popularity and it's not for lack of trying from the people who write such things.

      The only bullshit here is yours, Mr. Anonymous.

      --
      BMO

    4. Re:Why bother? by slugstone · · Score: 1

      Lions, tigers and bears do not go after the most abuntant, but the easiest prey.

  25. Re:As long as we use langs without memory safetey. by abb3w · · Score: 3, Informative
    Yes. Memory-safe languages running inside a VM is exactly the kind of languages that I'd choose to write antivirus software.

    Especially antivirus software that intercepts kernel hooks....

    --
    //Information does not want to be free; it wants to breed.
  26. The safety isn't in the VM. by Anonymous Coward · · Score: 0

    The safety itself is not really in a virtual machine or an interpreter. Nor is it truly present when using languages like Java or Python.

    Keep in mind that neither Python or Java are statically typed. Java does have stronger typing that Python, but it isn't nearly enough to make a significant different.

    Take a look at a language like Haskell. It's complete static typing is a great benefit. You won't run into typing issues at runtime, where you sometimes will with Java and (more often) Python. Unless you use a tool like PyLint, you likely won't find typing errors hidden in infrequently-used codepaths. That just isn't the case when using Haskell.

    Not only that, but functions in Haskell are without side effects. This is often difficult for programmers coming from C or Java to adapt to, but it leads directly to more secure software, with a minor speed cost on uniprocessor machines. On multiprocessor systems, or even systems with a multicore processor, it's possible to automatically parallelize many computations. That's very, very difficult to do effectively in C.

    Languages like Python and Java give you increased flexibility. But that flexibility allows you to make horrendous mistakes. Often, the VM or interpreter architecture of both prevent such mistakes from compromising the system. However, it's often best just to use a language like Haskell that, while more restrictive, often eliminates the problems that plague applications written in other languages.

  27. AV Definition Set by jim_v2000 · · Score: 1

    Symantec, in most cases, releases an antivirus definition to detect any threat that may attempt to exploit a hole in the product, so even if you are unpatched, so long as your defs are updated, you are protected.

    Patching ASAP is still a priority though.

    --
    Don't take life so seriously. No one makes it out alive.
    1. Re:AV Definition Set by lightyear4 · · Score: 1

      Unfortunately, on a large (large) academic network like mine, the logistics of applying patches to a vast fleet of student/staff/faculty machines are quite complex. Its summer now, and the spring semester has come to a close. While machines located physically on campus are quite safe, those thousands of machines which have departed are quite a different story. Nothing could be more distant from mind than connecting to the university network for an automatic update or checking an academic email inbox for a security advisory. With a network of such variable size, many, many cans of worms (unfortunately, quite literally) are opened upon at the onset of the full academic term. Therefore, multiple preventative strategies are as equally important, if not more so, as patching in protecting the network. Thus the desire for an IPS/IDS signature, as it is a great deal easier to kill an exploit at the packet level than at host level. Such signatures not intended as a single line of defense, but indeed, to shore up those more primary.

  28. good timing on weekends! by Anonymous Coward · · Score: 0

    wouldn't you rather patch and reboot when your clients aren't hammering your servers during the normal work week? Seems a long weekend is the perfect time to do this, with the caveat as a sysadmin you KNOW weekends-off are "optional".

  29. Re:As long as we use langs without memory safetey. by cgranade · · Score: 1

    Maybe the GUI to an AV package, or maybe the bulk logic. Just isolate all the risky stuff in a few thousand lines and make sure they're safe. Then you can write the other 100,000 lines in VM-based language. I mean, the file-scanning part shouldn't intercept kernel hooks or anything like that.

    --

    #define DRM chmod 000

  30. Re:As long as we use langs without memory safetey. by Anonymous Coward · · Score: 1

    No, it's more like saying, "If we made sure the gun was unloaded before attempting to clean it, we'd never have to worry about shooting ourselves in the head by accident."

    Which is quite true. The biggest newbie bitch I see on Slashdot is about C. Guess what?

    C has functions designed to prevent buffer overflows/etc. - and no, there is NO excuse for not using them.

  31. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  32. Re:As long as we use langs without memory safetey. by asuffield · · Score: 1

    Scanning files efficiently is actually quite hard. You can write a naive scanner in a few thousand lines, but to make it competitively efficient you're going to need to do a lot more work (scheduling, sequencing, caching results, skipping safe data, etc).

  33. Re:As long as we use langs without memory safetey. by asuffield · · Score: 1

    I know plenty of people will say, "program carefully", but that's like saying, "seatbelts are stupid. If we all just drove safely we wouldn't need seatbelts or airbags or bumpers."

    No, it's like saying "making cars travel at no more than 5mph and have a man with a red flag walk in front is stupid, it significantly reduces the value of travelling by car". 'Safe' languages come at a large cost to efficiency, because they involve extra checking at runtime. Safer is not always better: you reach a point where the cost of the added safety (because you have to buy more powerful hardware) outweighs the cost of the system being less safe (because you have to occasionally clean up a virus infestation). You can slap a monetary figure on both those things and compare them. If the program was already pretty safe (one break in N years), and the cost of cleanup is low (restore infected hosts from disk image), then adding more 'safety' may be a bad thing. Especially in a corporate environment where the bottom line rules.

  34. Re: Who in their right mind still uses Windoze? by Emetophobe · · Score: 1

    I do, primarly because I am a gamer. When I can play Oblivion, Half-life 2, Call of Duty 2 and all my games under Linux, I will switch to linux fulltime. Until then, I will continue to use Windows XP Pro. There are some real world uses for Windows that Linux still cannot provide. Gaming is one of them. Even Mac has some of the major game titles, but not even close to 50% of the games that are available to Windows users. There is no ultimate OS, each has it's own benefits and drawbacks. If you're a gamer, you're stuck with Windows, if you run a server, you probably use linux. It's about using the right tool for the right job. I first tried slackware back in `95 and I loved it, I would love to be able to use linux for gaming, but that won't be happening anytime soon (if ever). Mainly because the majority of people own Windows computers, so the majority of game developers will make their product for that platform, as it has the biggest user base.

    I don't even have a virus scanner installed on this computer, this is my gaming pc and I keep it clean of any and all software not including games. As long as you aren't downloading some unknown crap off the internet you shouldn't need antivirus software. I haven't gotten a virus in more then 7 years and I have used antivirus software in the past, mainly Mcafee and Norton. Once in a while I will use Mcafee's Avert Stinger to do a quick scan for the latest virus/worms. It's free and you don't have to install it or any bloated software, just download and run it from the download directory. I believe Symantec and a few other companies also provide some useful free virus removal tools that don't need to be installed to run.

  35. Definitely by Anonymous Coward · · Score: 0

    if we keep recursing on the idea of having meta-programs watching the programs, we'll only really increase complexity.

    However, unlike the concept of having a language to determine the truths of all mathematical statements, I've yet to see why the incompleteness theorem (or any analogous theorem) would apply when the underlying software (OS & applications) is correct.

    Any mathematicians/logicians out there who'd care to elaborate on such reasons?

    OT b.t.w. never quite made the connection between Hofstadter and the letterness of the anti-spam human verification box.. he does provide some interesting insights as to why they should always stay one or two steps ahead of automatic machine recognition.

  36. Re: Who in their right mind still uses Windoze? by Anonymous Coward · · Score: 0
    There are some real world uses for Windows that Linux still cannot provide. Gaming is one of them.


    Ladies and gentlemen, I believe that ends the thread. Move along, nothing to see here. :)
  37. Re:As long as we use langs without memory safetey. by leuk_he · · Score: 1

    A language in a sandbox? why stop there if you can create an entire virutal machine in a sandbox.

    After all security is very important and there is no reason to not spend some cheap extra cpu cycles on it.

  38. Re:Symantic Norton Antivirus ..... Not good at all by Metshrine · · Score: 1

    Very good guy, too bad this topic was SYMANTEC ANTIVIRUS CORPORATE EDITION, not the norton line of products. RTFA next time ;-)

    --
    Engineers do it with less resistance
  39. don't forget the performance by AlgorithMan · · Score: 1

    you forgot to mention the indiscutable performance... norton anti virus and internet security make your machine so slow - it would be faster if you had no AV program and several worms instead...
    I just reinstalled the system on the PC of my girlfriends father who had NAV and NIS... his Athlon 1.8GHz performed like an 80486 and he couldn't beleive how fast his PC became after I didn't reinstall those programs, but installed AVG and zonealarm instead...

    --
    The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
  40. No problem with kernel hooks in Java by Anonymous Coward · · Score: 0

    There's a thing called JNI. Yes that involves unsafe C (lots of pointers) but if you do it right, there's just a tiny bit of very simple JNI code and the rest of the app is in memory-safe Java.

  41. What? by bl00d6789 · · Score: 1
    Has anyone seen this "fix"? Unless I'm blind, it doesn't appear to be on Symantec's site. TFA says there's a fix, but never says where to get it from. From Symantec's page:

    Symantec Response
    This advisory will be updated when product updates to address this issue are available.
    1. Re:What? by Anonymous Coward · · Score: 0

      http://securityresponse.symantec.com/avcenter/secu rity/Content/2006.05.25.html

      this is the url with the downloads. if you have LiveUpdate working properly it will probably propagate by itself but if you want the patches now they are there.

  42. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  43. Too Late by CodeArtisan · · Score: 1

    Having been too lazy these past few months to uninstall their 'Security Suite' this flaw was the motivation to dump the suckers and stick Free AVG on my system. I always knew the Symantec solution was a resource hog, but didn't realize quite how much until I replaced it.