Slashdot Mirror
Symantec Posts Fix To Vulnerability
An anonymous reader writes "Just a few days after it was discovered, Symantec has posted a fix to a critical flaw with its Antivirus software." From the article: "The eEye digital security firm reported the problem initially, and discovered it was present in the newest versions of the affected Symantec products. Further research noted by Symantec described the problem as a flaw that made the products vulnerable to a stack overflow. Once exploited, that overflow could have permitted an attacker to execute code on the machine, with System level rights. The issue was made worse by being one that impacted enterprise-level customers, big spenders that purchase hundreds or thousands of licenses depending on the size of the business. "
Just a few days after it was discovered, Symantec has posted a fix to a critical flaw [CC] with its Antivirus software.
So how long after they confidentially reported the problem to Symantec (as I'm sure they did) did it take them to fix it?
Patched or not, the information presented here and in the pages linked therein make it clear that -- until all machines are patched -- there is a distinct possibility of an exploit getting through. To that end, I have no doubt some groups have been hot on the issue looking for the hole.
The same page ^^^ implies that symantec released IPS signatures for their products. With that said, do any signatures exist for other IPS/IDS solutions (snort, etc) ? If so, I would very much like to utilize them until any possibility of a threat has passed.
Yes, of course even in memory safe languages (Java, Python, etc) something somewhere needs to have memory access. That thing is the VM/interpreter. Fortunately there are very few areas of code in the VM that need to have memory access, so if you make those correct, then you can write a million lines of application code and know that there aren't any overflows in it.
-------------
Carry a concealed weapon in California
Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts.
I think they need to go back to square one and develop a product that is not going to give them a bad reputation if they want to stay competitive.
After working with a lot of other anti-virus packages and seeing how un-invasive a good anti-virus package can be I refuse to use Symantec products anymore and to my clients I strongly recommend them change products when their license is up for renewal.
If it wasn't for Symantec bundelling their software with OEM's I wonder how much of an impact they would have? Most uneducated people I do work for think of all anti-virus as "Nortons" and are amazed at how much their system performance improves when I replace it with something else.
They used to have some good products 10 years ago, but I haven't seen a decent anti-virus release from them for a long time now.
For the curious: The reason they point out that this is a stack based BoF is because stack addresses are easily predictible, while heap addresses are not. So stack based overflows are much easier to write exploits for.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Folks, this is what you get for using anti-computer software.
These simple steps will save you time and money, speed your computing experience, and, above all, avoid the vulnerability.
Thank you
I have nothing to say.
Yes. Memory-safe languages running inside a VM is exactly the kind of languages that I'd choose to write antivirus software.
After all, antivirus are not the kind apps that make your computer to underperform by a great margin, and they don't eat too many resources. Absolutely everything in software is about the algorithms, isn't it?
Seriously, Nod32 owns... owns, owns, owns.
w ww.av-comparatives.org/seiten/comparatives.html
Kaspersky is pretty good too.
But who in their right mind, that knows *anything* about security, uses Symantec or McAfee anti-virus products?
Check out these: http://www.av-comparatives.org/index.html?http://
And if you have a VirusBtn login, the 100% awards are alright indicators of virus scanner quality, but nowhere near as good as av-comparatives IMO.
http://www.angryburrito.com/ The best, completely unfinished software review site ever.
Was a time where we used the term "virus" to refer to a self replicating piece of code that didn't rely on exploits to move around. We used the term "worm" to refer to code that did rely on exploits. So even in the most secure operating environment you could still have a virus, but you couldn't have a worm. Of course, now-a-days everyone refers to viruses as worms and worms as viruses. As long as the operating system is performing actions on behalf of the user you will have software that does what the author wants but not what the user wants. The only real way to stop that is to make the user do everything themselves.. that is, it's completely impractical to stop. Stop-gap measures like virus/worm/spyware/malware detection, quarantine and elimination will always be necessary to mitigate the damage these nasties can do.
How we know is more important than what we know.
1."everyone's servers" - Does US count as everyone?'
2.Ever heard of a remote desktop?
3.Arent't all IT people paranoid, even while "long-weekending" in US?
Give them a credit - it's been very quick.
Vulnerabilities in security software make me think of those dialogs between the Tortoise and Achilles -- particularly the one where the Tortoise and the Crab are developing ever more fancy record players. The Crab keeps getting nicer record players and the Tortoise keeps giving him records that induce fatal resonance in some mechanism of the record player...
in GEB it was a parable about the Godel incompleteness theorem -- and, of course, designers of security software would do well to think carefully about it...
Thank you, Mr. Gates. May I have another?
Silent mantra to the many people I have to spend hours cleaning spyware and maleware off of their system and feel guilty charging them because they are friends. Mostly they buy me gifts because I refuse to charge them. I have them bring the sick virus infested computer in on company time and test the company firewall.
I really do!
Matrix
That same time, we called those who penetrated systems as Crackers, and those who wrote amazing code Hackers. Steven Levy wrote about them.
It was a nice time.
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Comment removed based on user account deletion
Especially antivirus software that intercepts kernel hooks....
//Information does not want to be free; it wants to breed.
I'm glad someone is posting it.
All antivirus software does is bog down your PC. I used it for 10 years before I realized how useless it was.
I run windows, but I don't get malware and viruses. Worst thing I ever get is an errant cookie. Why? Because I don't go to shady porn sites, I never download anything I don't know is safe, and I don't use IE.
Every few months now I take the time to install NAV long enough to scan my system and ensure that I'm not infected, and every time, clean as a whistle.
Computer security isn't hard for the home user. Have a good firewall, don't download crap, don't go to shady websites, use AdAware/Spybot every once in awhile, and be happy.
Pop-ups, spam, spyware, malware, viruses...it's all but eliminated by just being smart and using the bare minimum tools to protect yourself. It's people that just click on random shit and who fall for those "YOU WON AN XBOX 360!" and download shady software that get the issues.
I'm not saying it can never happen to me; that would be foolish. But the chances of it happening are greatly exaggerated, and if you keep decent backups it doesn't matter anyway most of the time if it does happen. It's just not worth paying the increasing prices of AV software, nor is it worth how much it slows up your PC.
AE