Symantec Admits Its Networks Were Hacked in 2006 113
Orome1 writes "After having first claimed that the source code leaked by Indian hacking group Dharmaraja was not stolen through a breach of its networks, but possibly by compromising the networks of a third-party entity, Symantec backpedalled and announced that the code seems to have exfiltrated during a 2006 breach of its systems. Symantec spokesman Cris Paden has confirmed that unknown hackers have managed to get their hands on the source code to the following Symantec solutions: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere."
Surely this is a good thing... (Score:5, Insightful)
Surely this is a good thing, the hackers might release an anti-virus for Norton
Re:Thanks a bunch (Score:5, Insightful)
Realize that no piece of security software will keep you safe indefinitely from a determined hacker. That applies to security companies as well.
Re:Thanks a bunch (Score:3, Insightful)
You are saying (with a straight face) that having the source code that describes in detail how the software goes about removing viruses is of no use to the people who write them? Go to a doctor immediately and get checked out for massive brain tumors.
Re:Thanks a bunch (Score:4, Insightful)
Other than perhaps finding sploits in Symantec itself no I don't expect looking at virus removal code to be terribly useful to those developing malicious code.
Look yes the AV stuff gets its hooks in pretty deep but until they start implementing their own filesystem drivers and stuff like that (they don't, not on desktops anyway) then there is a finite set of APIs and syscalls they can use. They are mostly documented, or otherwise known. Reading the source to Symantec's AV scanner is not going to give you a lot of insight into how to write something it can't clean up.
Re:Thanks a bunch (Score:5, Insightful)
How they use their signatures and heuristics to detect threats is of great use to attackers. Thinking otherwise is naive.
Re:Thanks a bunch (Score:4, Insightful)
Horrible analogy, because the scenario is adversarial in nature.
A far better one would be that the other team just stole your playbook. Your QB still throws the same, your receivers run just as fast, your linebackers still do their thing, but now the other team can anticipate all your plays and outwit you far more often.