Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Posts Fix To Vulnerability

Posted by ryuzaki0 on from the yay-for-speed dept.

An anonymous reader writes "Just a few days after it was discovered, Symantec has posted a fix to a critical flaw with its Antivirus software." From the article: "The eEye digital security firm reported the problem initially, and discovered it was present in the newest versions of the affected Symantec products. Further research noted by Symantec described the problem as a flaw that made the products vulnerable to a stack overflow. Once exploited, that overflow could have permitted an attacker to execute code on the machine, with System level rights. The issue was made worse by being one that impacted enterprise-level customers, big spenders that purchase hundreds or thousands of licenses depending on the size of the business. "

3 of 100 comments (clear)

  1. As long as we use langs without memory safetey... by Anonymous Coward · · Score: 4, Interesting
    As long as we keep on using languages that allow the application to access memory directly, we will keep on having these problems. I know plenty of people will say, "program carefully", but that's like saying, "seatbelts are stupid. If we all just drove safely we wouldn't need seatbelts or airbags or bumpers."

    Yes, of course even in memory safe languages (Java, Python, etc) something somewhere needs to have memory access. That thing is the VM/interpreter. Fortunately there are very few areas of code in the VM that need to have memory access, so if you make those correct, then you can write a million lines of application code and know that there aren't any overflows in it.

    -------------
    Carry a concealed weapon in California

  2. Symantec need to turn around by Freaky+Spook · · Score: 4, Interesting

    Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts.

    I think they need to go back to square one and develop a product that is not going to give them a bad reputation if they want to stay competitive.

    After working with a lot of other anti-virus packages and seeing how un-invasive a good anti-virus package can be I refuse to use Symantec products anymore and to my clients I strongly recommend them change products when their license is up for renewal.

    If it wasn't for Symantec bundelling their software with OEM's I wonder how much of an impact they would have? Most uneducated people I do work for think of all anti-virus as "Nortons" and are amazed at how much their system performance improves when I replace it with something else.

    They used to have some good products 10 years ago, but I haven't seen a decent anti-virus release from them for a long time now.

  3. SWITCH TO NOD32 ALREADY!! by NiGHTSFTP · · Score: 4, Interesting

    Seriously, Nod32 owns... owns, owns, owns.

    Kaspersky is pretty good too.

    But who in their right mind, that knows *anything* about security, uses Symantec or McAfee anti-virus products?

    Check out these: http://www.av-comparatives.org/index.html?http://w ww.av-comparatives.org/seiten/comparatives.html

    And if you have a VirusBtn login, the 100% awards are alright indicators of virus scanner quality, but nowhere near as good as av-comparatives IMO.

    --
    http://www.angryburrito.com/ The best, completely unfinished software review site ever.