Symantec Antivirus May Execute Virus Code 388
An anonymous reader writes "Symantec has admitted that a serious vulnerability exists in the way its scanning engine handles Ultimate Packer for Executables. According to a ZDNet article, this means the scanner would execute the malicious program instead of catching it. Tim Hartman, senior technical director for Symantec Asia Pacific, said: "A vulnerability is not a vulnerability till somebody discovers it but because this is now known, somebody could craft an e-mail, mass mailer or a virus that takes advantage of it. It affects our firewalls, antispam, all the retail products and the enterprise products as well"" Symantec recommends you immediately patch your software.
Yet another reason (Score:2, Interesting)
I just wish big corporations would realize that by using Norton/Symantec, that they are using the most targeted [by antivirus-disabling viruses] antivirus software out today.
Re:Better than just free (Score:2, Interesting)
Not that one is better than the other, but I use Avast [avast.com] which is also free and has worked well for me on both Windows and Linux.
Re:Better than just free - I agree! (Score:2, Interesting)
Surprisingly honest (Score:5, Interesting)
br Definately a bad vulnerability, but kudos for being honest about it. I wonder though how liable they are to damages... not good when antivirus software actually ends up trigging the infection.
Re:A vulnerability is not a vulnerability until? (Score:1, Interesting)
a) The builder ?
b) The house owners ?
c) The thief ?
AVG and Anti-Vir (Score:2, Interesting)
This doesn't surprise me in the least with the quality I've experienced with their products. After I recommend another solution, everyone seems to say something about it being recommended at Best Buy/CompUSA. And if the worker there thinks it's good, it must be. Wonder if they get a kick back on Symantec products?
Re:huh? (Score:3, Interesting)
I mean, why do viruses exist in the first place? Is it because they exploit open, known vulnerabilities? Or is it because crackers *find* vulnerabilites to exploit?
Talk about stupid.
Re:Immediately patch? Really? (Score:1, Interesting)
keep it simple (Score:2, Interesting)
If you want to have a secure system you have to use less software, not more. Virus scanner et al are part of the problem, not part of the solution.
"A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." -- Antoine de Saint-ExuperyRe:Yet another reason (Score:5, Interesting)
Well, because AVG and Avast are free, they're less vulnerable, right?
Bullshit.
I like the hypocrisy of people criticizing Symantec's guy for touting security through obscurity, then turning around and preaching it themselves.
And I'd like to see how these things work in a corporate environment. Oh, wait. They don't.
Symantec has excellent corporate support and management features.
Re:In my experience.... (Score:2, Interesting)
I paid for NAV2004 (or whatever) and registered/activated it and it promptly broke, I uninstalled it and guess what? I had to reactivate it and call them on the phone! After not being able to do this bc it was a weekend, I waited on hold for an hour on Monday and promptly gave up in disgust. So I let my pay-version of NAV go unused and instead use Avast now. I tell my friends to use Avast too.
www.avast.com
-Joe4
Re:Immediately patch? Really? (Score:5, Interesting)
I sit down in front of the computer, and I can see it's infected with something. The signs are the, writing is on the wall. But norton/symantec enterprise, updated and all, is telling me it's clean. So I download McCaffee Stinger or BitDefender's free scanner, clean the Machine out, and sell something better to them.
Case in point. I have a client who's ISP is running Symantec antivirus gateway on the ISP side. Behind that gateway, I've got a postfix box with amavis-new and clam, h+bedv and bitdefender scanners. You won't believe the amount of virusses I still catch, stuff that make it through symantec's waste_of_cpu_cycles_software.
Symantec was the good stuff back in the good old DOS days. Now they're baking in their former glory, but they're loosing business and I'm happy so see them burn if they don't get off their butts and start improving their software.
Nod32 and ClamWin (Score:1, Interesting)
Has anyone looked at open source alternatives as ClamWin [clamwin.com] and ClamAV for Windows [sosdg.org]. How do they compare to the commercial couterparts?
Re:Immediate patch... (Score:4, Interesting)
If you would RTFA:
Computers are at risk if they run an unpatched version of a Symantec product that scans files to detect malicious code and if they use the Microsoft Windows, Mac OS X, Linux, Solaris and AIX operating systems, Symantec said.
This isn't an OS problem, this is an application problem.
Of course hackers are less likely to write something that runs on a non-Windows OS, but the flaw isn't fixed by moving from Windows.
Re:A vulnerability is always a vulnerability. (Score:2, Interesting)
And on another note, where exactly in the dictionary definition of the world 'vulnerability' does it say that human knowledge is a requisit of something being a vulnerability? Or are you just deciding to assign new meanings to words?
Laws of physics are the way our universe works, they just ARE, seperately to whether we know or understand them, whether they're helpful to us or not, they just ARE. By your logic the universe couldn't exist before we learnt to understand it, because there were no laws of physics.
Next time you feel the need to think, reach inside your brain not inside your arse.
Re:No offence to Symantec (Score:2, Interesting)
Re:Immediately patch? Really? (Score:2, Interesting)
Since McAfee does it, Symantec may as well, can anyone give me verification of whether they do or not?
What does Symantec rate the severity of this as? (Score:3, Interesting)
Now we discover (really not surprisingly) that they themselves are a vector.
Re:Immediately patch? Really? (Score:2, Interesting)
Or simply install Linux and forget about viruses