Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×

Symantec Posts Fix To Vulnerability 100

An anonymous reader writes "Just a few days after it was discovered, Symantec has posted a fix to a critical flaw with its Antivirus software." From the article: "The eEye digital security firm reported the problem initially, and discovered it was present in the newest versions of the affected Symantec products. Further research noted by Symantec described the problem as a flaw that made the products vulnerable to a stack overflow. Once exploited, that overflow could have permitted an attacker to execute code on the machine, with System level rights. The issue was made worse by being one that impacted enterprise-level customers, big spenders that purchase hundreds or thousands of licenses depending on the size of the business. "
This discussion has been archived. No new comments can be posted.

Symantec Posts Fix To Vulnerability

Comments Filter:
  • Fix-it time (Score:4, Insightful)

    by SeaFox ( 739806 ) on Sunday May 28, 2006 @08:04PM (#15422585)
    Just a few days after it was discovered, Symantec has posted a fix to a critical flaw [CC] with its Antivirus software.

    So how long after they confidentially reported the problem to Symantec (as I'm sure they did) did it take them to fix it?
    • Re:Fix-it time (Score:1, Informative)

      by Anonymous Coward
      Why would the parent post be modded a 5(insightful)? There is no basis in truth for such a question, and it's just rhetoric and phoney conspirecy.

      It is common knowlege that standard vulnerability reporting protocol in the security industry dictates that a vendor should be notified privately when a vulnerability is found in their product, and then given some reasonable amount of time (usually 30 days) to respond and in order to create a patch. Then at the end of the wait period the vulnerability is released
  • by lightyear4 ( 852813 ) on Sunday May 28, 2006 @08:08PM (#15422593)

    Patched or not, the information presented here [symantec.com] and in the pages linked therein make it clear that -- until all machines are patched -- there is a distinct possibility of an exploit getting through. To that end, I have no doubt some groups have been hot on the issue looking for the hole.

    The same page ^^^ implies that symantec released IPS signatures for their products. With that said, do any signatures exist for other IPS/IDS solutions (snort, etc) ? If so, I would very much like to utilize them until any possibility of a threat has passed.

    • Symantec, in most cases, releases an antivirus definition to detect any threat that may attempt to exploit a hole in the product, so even if you are unpatched, so long as your defs are updated, you are protected.

      Patching ASAP is still a priority though.
      • Unfortunately, on a large (large) academic network like mine, the logistics of applying patches to a vast fleet of student/staff/faculty machines are quite complex. Its summer now, and the spring semester has come to a close. While machines located physically on campus are quite safe, those thousands of machines which have departed are quite a different story. Nothing could be more distant from mind than connecting to the university network for an automatic update or checking an academic email inbox for a

  • by Anonymous Coward on Sunday May 28, 2006 @08:10PM (#15422598)
    As long as we keep on using languages that allow the application to access memory directly, we will keep on having these problems. I know plenty of people will say, "program carefully", but that's like saying, "seatbelts are stupid. If we all just drove safely we wouldn't need seatbelts or airbags or bumpers."

    Yes, of course even in memory safe languages (Java, Python, etc) something somewhere needs to have memory access. That thing is the VM/interpreter. Fortunately there are very few areas of code in the VM that need to have memory access, so if you make those correct, then you can write a million lines of application code and know that there aren't any overflows in it.

    -------------
    Carry a concealed weapon in California [californiaccw.org]

  • by Freaky Spook ( 811861 ) on Sunday May 28, 2006 @08:11PM (#15422599)
    Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts.

    I think they need to go back to square one and develop a product that is not going to give them a bad reputation if they want to stay competitive.

    After working with a lot of other anti-virus packages and seeing how un-invasive a good anti-virus package can be I refuse to use Symantec products anymore and to my clients I strongly recommend them change products when their license is up for renewal.

    If it wasn't for Symantec bundelling their software with OEM's I wonder how much of an impact they would have? Most uneducated people I do work for think of all anti-virus as "Nortons" and are amazed at how much their system performance improves when I replace it with something else.

    They used to have some good products 10 years ago, but I haven't seen a decent anti-virus release from them for a long time now.
    • by sconeu ( 64226 ) on Sunday May 28, 2006 @08:27PM (#15422634) Homepage Journal
      Their corporate client has a decent rep (until this).

      Their consumer clients are steaming bloated piles of crap.
      • Their corporate client has a decent rep (until this).

        Symantec usually takes no more than few days to release a patch for their corporate software when they are alerted of a security hole. Better than any/most other applications out there.

        Their consumer clients are steaming bloated piles of crap.

        If you're the kind of person who would notice that Norton Antivirus is "bloated", you shouldn't be using it.
      • Except their Corporate Edition software wasn't originally written by Symantec. It was originally Intel LANDesk Virus Protect, co-written by Trend Micro, and sold to IBM before Symantec got it. Look at the registry on a machine that has Corporate Edition installed. You'll find a lot of your settings in HKLM\Software\Intel\LANDesk\VirusProtect6\CurrentV ersion.
    • This is just karma for all of their recent trash talking against Apple. Only thing is, it will also hurt others. Symantec is just bad news all around.
    • by Anonymous Coward
      Oh give me a break. If this was open source, the whole community would be claiming victory and using this as an example of how quick problems are fixed. I've used Norton Firewall and Antivirus for over 6 years now. Guess what, in that 6 year period, I have never once had my computer compromised or any viruses infecting my computer. I'm a perfectly happy customer and will continue to trust my security with Norton whose entire reputation is dependent on the abilities of their software. IMO, that alone is what
      • Oh give me a break. If this was open source, the whole community would be claiming victory and using this as an example of how quick problems are fixed.

        I thought that too.

        I've used Norton Firewall and Antivirus for over 6 years now. Guess what, in that 6 year period, I have never once had my computer compromised or any viruses infecting my computer. I'm a perfectly happy customer and will continue to trust my security with Norton whose entire reputation is dependent on the abilities of their software. IMO,

        • Your one of two I've ever heard say that, as compared to over a hundred more people who've had to reinstall Windows because of Symantec's software

          Three, now.
        • Point of fact:

          "Then you're a minority."

          That statement may be true of the users you have seen but since Symantec has the largest number of deployed av clients worldwide the vast majority of whom seem to be satisified judging by new sales I would say YOU are in the minority.

          Keep in mind, "tech people" make up just a tiny portion of the computer users population. This is why Dell, Microsoft, Symantec, etc will usually win. They may not have the best product but they have a decent bundle
        • I just found out what a steaming pile Norton is. I had been using it on a new box because it was preloaded. I already knew it wasn't worth paying for because of how it slowed down my computer, but I thought it was decent for finding virii. But when my free period expired and I switched to Avast, it found a Trojan, hiding on my recovery partition, that slipped right by Norton!
          • Not to scare you or anything, but is it also not possible that Avast found a false positive on your recovery partition and has now mangled it so that it cannot perform its needed tasks? Have you run a system recovery from that partition to test that scenario, or are you blindly accepting Avast's diagnosis of the problem?

            In all likelihood, Avast is correct and Norton missed something, but I just want to raise the possibility that the error here is in Avast, not Norton, and without further testing, you don't

    • by twitter ( 104583 )
      Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts. ... I refuse to use Symantec products anymore and to my clients I strongly recommend them change products when their license is up for renewal. ... Most uneducated people I do work for think of all anti-virus as "Nortons" and are amazed at how much their system performance improves when I replace it with something else.

      Why don't you really educate yo

      • As much as I would love to start moving some of my clients away from a particular bloated & unsafe OS(which I have reccomended), a lot of people are lazy or just not interested in another OS, although they have problems with windows they at least understand it a little to get by.

        Some of my clients have moved to Mac and haven't been happier, others find the same problems with Mac as they have with Windows, not bugs or faults, just general usability they have the same frustrations with how to use programs
        • Moving an OS is a good idea in theory but having to re-learn different ways of doing things ,when people are busy with normal everyday life can be a chore for most, especially when you are intimidated by the machine your trying to learn.

          You are not doing your users any favors. M$ is going to push the cosmetic changes on them anyway but nothing else will change for them.

          Is Windoze really worth the never ending exploits and all that entails? How many times can people put up with software reinstalls only t

    • seeing how un-invasive a good anti-virus package can be I refuse to use Symantec products anymore

      When Google is giving away your product for free to tens of millions of users ... why exactly is it in your interest
      to allow for easy uninstall after six months? First get a reputation for it being dangerous to remove from a system.

    • As a tech at a white box store I remove more virus/trojans from boxes with "Norton protection" than all others put together. Nortons home products are worthless. For a paid anti-virus I recomend F-prot and for free try AVG. When I get a slow box at check in I will disable Norton and reboot in front of the customer, they always want it removed as part of the clean/tune up.
    • Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts.

      It still is. None is preferable, with Symantec coming a distant second.
       
    • Amen. I used to use Norton products exclusively for security. I finally stopped when Norton AntiVirus/Personal Firewall 2005 refused to activate on my laptop (admittedly with a very messed up install). I had a valid license, and the activation went through with no apparent problem. But after the 30 day trial period, it suddenly stopped working and said I need to activate. I used up my activation credits trying to get it to work. Symantec support was no help at all. I sort of gave up, but when I started to g
    • strongly recommend them change products... I replace it with something else.

      Which? What other products? Do you have any hard facts (tests etc.) that prove these products provide better/as-good overall security as Norton Internet security? If you do, stop teasing and give some links!

      I've been using Norton Internet Security for the last 5 years on my home PC (which of course changed over the years) and I have been extermely satisfied with it, overall. It has done its job of protecting my PC perfectly (z

    • You're darn tootin'. Symantec used to, key words "USED TO" be the bomb. Is anyone else scared cuz an article reference how the US gov't uses SAV to "protect" their machines? If you want real protection, I'd reccommend TrendMicro's OfficeScan. I've switched most of my clients over, and BTWm, three years of AV plus damage cleanup services (DCS) comes in less than SAV, so it's cost effective, too. In EVERY OfficeScan install I've done, it's identified AT LEAST four pieces of malware, and I don't mean tracki
    • Their reputation as an anti-virus provider used to be second to none...

      Methinks you're referring to _Norton_, not Symantec. Symantec has a habit of buying products that are really decent (think Norton Utils, Atguard, etc.) and bloating them all to hell and back and making them consume most of a machine's resources just to run. You know... like a virus might.

       
  • stack vs heap (Score:4, Informative)

    by Lord Ender ( 156273 ) on Sunday May 28, 2006 @08:13PM (#15422603) Homepage
    For the curious: The reason they point out that this is a stack based BoF is because stack addresses are easily predictible, while heap addresses are not. So stack based overflows are much easier to write exploits for.
    • The article says this is a stack overflow, which is a very different thing from a stack-based buffer overflow. It even links to a page correctly defining stack overflows. Stack overflows (aka crashes due to too much recursion) are not exploitable on sane architectures, while stack-based buffer overflows usually are exploitable. So I don't understand why the article claims this is exploitable.
  • Folks, this is what you get for using anti-computer [foxnews.com] software.
  • I've got the solution for this vulnerability that also unleashes your computer's RUCP!

    1. Turn all Symantec products off
    2. Uninstall all said products || Reinstall OS || Use restore discs
    3. Use alternatives


    These simple steps will save you time and money, speed your computing experience, and, above all, avoid the vulnerability.

    Thank you /., and good night!
    • You know.. thats the only way to get rid of anything now on windows.. The ammount of crap that accumulates from any program just wont go away without a clean wipe.. I wish there was an OS that could keep the HDD clean and organised better
    • These simple steps will save you time and money, speed your computing experience, and, above all, avoid the vulnerability.

      Considering that OEMs don't bundle the corporate versions of Symantec software (unless you specifically choose it), it does absolutely nothing.
  • by NiGHTSFTP ( 515896 ) <NiGHTSFTP@nOspam.yahoo.com> on Sunday May 28, 2006 @08:39PM (#15422664) Homepage
    Seriously, Nod32 owns... owns, owns, owns.

    Kaspersky is pretty good too.

    But who in their right mind, that knows *anything* about security, uses Symantec or McAfee anti-virus products?

    Check out these: http://www.av-comparatives.org/index.html?http://w ww.av-comparatives.org/seiten/comparatives.html [av-comparatives.org]

    And if you have a VirusBtn login, the 100% awards are alright indicators of virus scanner quality, but nowhere near as good as av-comparatives IMO.
    • But who in their right mind, that knows *anything* about security, uses Symantec or McAfee anti-virus products?

      Who in their right mind still uses Windoze?

      • I do, primarly because I am a gamer. When I can play Oblivion, Half-life 2, Call of Duty 2 and all my games under Linux, I will switch to linux fulltime. Until then, I will continue to use Windows XP Pro. There are some real world uses for Windows that Linux still cannot provide. Gaming is one of them. Even Mac has some of the major game titles, but not even close to 50% of the games that are available to Windows users. There is no ultimate OS, each has it's own benefits and drawbacks. If you're a gamer, yo
    • Did you look at their comparisons? Symantec is the only one to get 100%. NOD32 only has 94.3%
      • Thats in polymorphic virus category, not overall. Learn to read a table.
      • by Wiz ( 6870 )
        Look more carefully. Symantec is the only one to get 100% for "On-demand detection of polymorphic viruses". For actual virus detection, it gets 97% & 98% depending on the situation.

        I think F-Secure, G Data Security & Kaspersky Labs do the best as they get 99%+ in all situations.
  • by Dr. Zowie ( 109983 ) <slashdot&deforest,org> on Sunday May 28, 2006 @09:05PM (#15422739)
    Vulnerabilities in security software make me think of those dialogs between the Tortoise and Achilles -- particularly the one where the Tortoise and the Crab are developing ever more fancy record players. The Crab keeps getting nicer record players and the Tortoise keeps giving him records that induce fatal resonance in some mechanism of the record player...

    in GEB it was a parable about the Godel incompleteness theorem -- and, of course, designers of security software would do well to think carefully about it...
  • From the eWeek article:

    "Security researchers at eEye Digital Security have discovered a serious flaw in Symantec's enterprise antivirus software that could be used by hackers to create a self-replicating "worm" attack against Symantec users. Because Symantec has not yet confirmed the existence of the problem, much less patched it, eEye is offering few details on the vulnerability, which was first disclosed late Wednesday."

    Either Symantec is lying, or someone is guily of some very excessive and reckle
  • TUVM (Score:3, Interesting)

    by Matrix2110 ( 190829 ) * on Sunday May 28, 2006 @09:18PM (#15422772) Journal
    Thank you, Mr. Gates. May I have another?

    Silent mantra to the many people I have to spend hours cleaning spyware and maleware off of their system and feel guilty charging them because they are friends. Mostly they buy me gifts because I refuse to charge them. I have them bring the sick virus infested computer in on company time and test the company firewall.

    I really do!

    Matrix
    • I have them bring the sick virus infested computer in on company time and test the company firewall.

      Do you seriously do that? Boy I sure hope you realise how much risk you're putting your company's network. Destructive testing: not recommended ;)

      * lon3st4r *

  • Manual virus removal instructions:

    1. Click on Start Menu
    2. Settings -> Control Panel
    3. Then click on Add and Remove Programs
    4. Scroll down until you find Symantec Anti Virus
    5. Click Remove
    • I'm glad someone is posting it.

      All antivirus software does is bog down your PC. I used it for 10 years before I realized how useless it was.

      I run windows, but I don't get malware and viruses. Worst thing I ever get is an errant cookie. Why? Because I don't go to shady porn sites, I never download anything I don't know is safe, and I don't use IE.

      Every few months now I take the time to install NAV long enough to scan my system and ensure that I'm not infected, and every time, clean as a whistle.

      Computer
      • After a year of using Firefox, going to shady porn sites, and downloading things I had no idea of their origin, I had a total of two tracking cookies after a full ad-aware scan and spybot scan.

        All in all, I think security is overrated.
  • Why bother? (Score:1, Redundant)

    by bmo ( 77928 )
    Every day that I see yet another article about evil bits of malware infecting Windows machines. It makes me glad that I switched off that platform long ago. Windows is no longer viable, and this article and a mountain of others is testament to that fact. No, it's not because Windows is popular. It's because it's broken as designed. You would think that there would be a tiny fraction of viruses and worms in the *ix (Linux, Macintosh, Sun) universe based on the popularity ratio, but there isn't. There is
  • Comment removed based on user account deletion
    • Very good guy, too bad this topic was SYMANTEC ANTIVIRUS CORPORATE EDITION, not the norton line of products. RTFA next time ;-)
    • you forgot to mention the indiscutable performance... norton anti virus and internet security make your machine so slow - it would be faster if you had no AV program and several worms instead...
      I just reinstalled the system on the PC of my girlfriends father who had NAV and NIS... his Athlon 1.8GHz performed like an 80486 and he couldn't beleive how fast his PC became after I didn't reinstall those programs, but installed AVG and zonealarm instead...
  • Has anyone seen this "fix"? Unless I'm blind, it doesn't appear to be on Symantec's site. TFA says there's a fix, but never says where to get it from. From Symantec's page:

    Symantec Response
    This advisory will be updated when product updates to address this issue are available.
  • Having been too lazy these past few months to uninstall their 'Security Suite' this flaw was the motivation to dump the suckers and stick Free AVG on my system. I always knew the Symantec solution was a resource hog, but didn't realize quite how much until I replaced it.

"There is no statute of limitations on stupidity." -- Randomly produced by a computer program called Markov3.

Working...