Symantec Antivirus May Execute Virus Code 388
An anonymous reader writes "Symantec has admitted that a serious vulnerability exists in the way its scanning engine handles Ultimate Packer for Executables. According to a ZDNet article, this means the scanner would execute the malicious program instead of catching it. Tim Hartman, senior technical director for Symantec Asia Pacific, said: "A vulnerability is not a vulnerability till somebody discovers it but because this is now known, somebody could craft an e-mail, mass mailer or a virus that takes advantage of it. It affects our firewalls, antispam, all the retail products and the enterprise products as well"" Symantec recommends you immediately patch your software.
huh? (Score:5, Insightful)
Huh? So if someone inadvertently takes advantage of a vulnerability, it's not really a vulnerability because they didn't explicitly know they were taking advantage of it?
I'm happy abou this - closed source headache (Score:2, Insightful)
They have their hand out day after day for maintenance and updates and yet never REALLY bother to check if their own crap is working correctly.
A vulnerability is not a vulnerability until? (Score:3, Insightful)
a minor flaw in his logic (Score:3, Insightful)
Sheer brilliance (Score:5, Insightful)
A vulnerability is not a vulnerability till somebody discovers it
So that's how security works! Supress knowledge of the problem!
It's nice to see that Symantec's corporate culture hasn't changed very much since the days when Peter Norton thought computer viruses were an urban legend.
A vulnerability is always a vulnerability. (Score:5, Insightful)
It's rather like saying "A law of Physics isn't a law of Physics until somebody discovers it."
A vulnerability is a vulnerability, period... meaning that something is vulnerable. Whether or not anyone's yet realized it's vulnerable is another story.
If you didn't put a lock on your door, would it "not be unlocked" until someone came by and realized that the door lacked a lock?
Re:huh? (Score:4, Insightful)
In my experience.... (Score:3, Insightful)
Now they're getting into spyware/adware removal, and Norton will always find stuff, but when trying to deal with it it just gives a 'delete failed' message and that's it. And it will continue to nag you about things it finds.
People who don't know anybetter see these displays in best buy, and believe the hype and go home and install this paranoiaware. If it is NIS it promptly breaks their internet connection and screws up their email client. If they call symantec for help in configuring, symantec will refer them to their ISP.
What a bunch of fucks. Color me mofo, but i'm telling people to uninstall NIS these days (and the funny thing is that complete removal often requires registry hacking). It's more trouble than it is worth. Tech support is bad enough without this crap.
Re:Immediate patch... (Score:2, Insightful)
ask this guy http://interviews.slashdot.org/article.pl?sid=05/
Re:huh? (Score:2, Insightful)
Re:Immediate patch... (Score:3, Insightful)
My company already has a plan and fully intends to move to Linux. Unfortunately, as my post indicates, moving all of our employees and all of our applications will take a long time. As of June, 2004, we were shooting for 18 months. At this point, I think we will miss that deadline.
In short, the reality of this migration is smacking us right in the face.
Re:Immediately patch? Really? (Score:2, Insightful)
What's the point of doing it this way? Just post the damned patch to the downloads section of the web site, already.
Re:Immediately patch? Really? (Score:3, Insightful)
Luckily my product here at work does not require the update. I will however have my qmail/ClamAV mail router filter out UPX files as a precaution.
Re:A vulnerability is always a vulnerability. (Score:2, Insightful)
Uhm... Yeah. That pretty much covers it.
Sincerely,
Erwin Schrödinger
Re:huh? (Score:3, Insightful)
The User of Our Software May Feel Secure, because:
(1) Any bugs which may or may not hypothetically exist in our software do not *actually* exist until someone publicly blows the whistle (refer to the cat in the box)
(2) The whistleblower is actually the one to blame for the insecurity existing, not our poor coding and software testing standards.
(3) Ignore the [H,Cr]acker Behind the Curtain who may or may not have discovered the hypothetical security hole in our software and decided to keep the info to his/her self. Their existence, real or not, does not actually threaten your security while using our software.
Re:Immediate patch... (Score:3, Insightful)
Good grief.
Re:Immediate patch... (Score:5, Insightful)
The ones who "can barely use windows" will complain that the start menu is in a different place and their screensaver won't work, otherwise they won't notice what they're using to type their memos, add up their expenses, or surf their porn. It's the "power users" who've wriiten macros and such who are the difficult ones. Budget for buying Crossover for them while you gradually wean them off.
I worked in an office that due to absorbing other small companies, had CP/M, DOS, Win 3, Win 98, MacOS 7, MacOS 8, all in use, and the staff were mostly clueless; but instead of throwing a fit were mostly willing to spend the few minutes needed to locate the icons to open a word processor. print, email... and that covers 95% of what they needed. It's strange to me that it's assumed that office workers are complete sheep who will be thrown into a panic by the slightest change in their desktop; forgetting that anyone who's worked for 15 years has probably gone through DOS, Win 3/95/98/2K/XP, not to mention Wordstar/WordPerfect/Word5/6/WinWord; Lotus 123/Excel, etc, etc.
Why should one more round of change be so hard, especially with most of the change actually being behind the scenes rather than in the interface -- "open file", "select (with mouse)" "change font", "print" are all the same except for minor cosmetic differences as far as the user is concerned, whatever platform and suite you're using.
Re:Or... (Score:1, Insightful)
For someone who appears to be involved in security, you have a very limited imagination. Not a useful trait.
Re:Immediately patch? Really? (Score:3, Insightful)
Right? No sane person in his or her right mind would recommend McAfee in any way shape or form, would they?