Slashdot Mirror
Symantec Posts Fix To Vulnerability
An anonymous reader writes "Just a few days after it was discovered, Symantec has posted a fix to a critical flaw with its Antivirus software." From the article: "The eEye digital security firm reported the problem initially, and discovered it was present in the newest versions of the affected Symantec products. Further research noted by Symantec described the problem as a flaw that made the products vulnerable to a stack overflow. Once exploited, that overflow could have permitted an attacker to execute code on the machine, with System level rights. The issue was made worse by being one that impacted enterprise-level customers, big spenders that purchase hundreds or thousands of licenses depending on the size of the business. "
Just a few days after it was discovered, Symantec has posted a fix to a critical flaw [CC] with its Antivirus software.
So how long after they confidentially reported the problem to Symantec (as I'm sure they did) did it take them to fix it?
Their corporate client has a decent rep (until this).
Their consumer clients are steaming bloated piles of crap.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Yes. Memory-safe languages running inside a VM is exactly the kind of languages that I'd choose to write antivirus software.
After all, antivirus are not the kind apps that make your computer to underperform by a great margin, and they don't eat too many resources. Absolutely everything in software is about the algorithms, isn't it?
Was a time where we used the term "virus" to refer to a self replicating piece of code that didn't rely on exploits to move around. We used the term "worm" to refer to code that did rely on exploits. So even in the most secure operating environment you could still have a virus, but you couldn't have a worm. Of course, now-a-days everyone refers to viruses as worms and worms as viruses. As long as the operating system is performing actions on behalf of the user you will have software that does what the author wants but not what the user wants. The only real way to stop that is to make the user do everything themselves.. that is, it's completely impractical to stop. Stop-gap measures like virus/worm/spyware/malware detection, quarantine and elimination will always be necessary to mitigate the damage these nasties can do.
How we know is more important than what we know.
1."everyone's servers" - Does US count as everyone?'
2.Ever heard of a remote desktop?
3.Arent't all IT people paranoid, even while "long-weekending" in US?
Give them a credit - it's been very quick.
That same time, we called those who penetrated systems as Crackers, and those who wrote amazing code Hackers. Steven Levy wrote about them.
It was a nice time.
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Comment removed based on user account deletion
Their reputation as an anti-virus provider used to be second to none...
Methinks you're referring to _Norton_, not Symantec. Symantec has a habit of buying products that are really decent (think Norton Utils, Atguard, etc.) and bloating them all to hell and back and making them consume most of a machine's resources just to run. You know... like a virus might.
...Rob
The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.