Symantec AntiVirus Hole Found

Hotwater Mountain writes "eWeek has a story about a gaping security flaw in the latest versions of Symantec's anti-virus software suite that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine 'without any user action.'"

That saves time!

[bunbuntheminilop]

Symantic will only have to make viruses for its own programs!

(ouch, that was a little harsh)

No wai-

[RenHoek]

Protect your computer! Remove your virus scanner! .. hang on.. :) Very sloppy.. It's like the firebrigade trying to save your house with flamethrowers.

Good news, everyone!

[christopherfinke]

"This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine."

Well that's a relief. Who would ever want to use the Windows shell? I'd call that security through, uh, suckurity.

So people have discovered Nortons DRM Rootkit?

[oztiks]

They are just calling it an exploit just so they dont get into trouble ;)

Who has heard that conspiracy theory

[Sentri]

That the Antivirus people are the ones putting the virus's out there to keep their businesses running

*grabs tinfoil hat*

Re:Good news, everyone!

[gbobeck]

I'd call that security through, uh, suckurity.

Toss in the complete inability to hack that most script kiddies have... and now you also have security through stupidity.

I always loved watching my snort logs when some kiddie attempted to 0wn my FreeBSD server running Zope/Plone + Apache by tossing every IIS 5 attack they have a script for.

Re:No wai-

[B3ryllium]

Well, they do say that you should fight fire with fire ...

startkeylogger

[DrunkenTerror]

startkeylogger

Re:No wai-

[Nefarious Wheel]

Dunno, I find that the cold proc of Blade of Walnan works better for fire elementals in Nadox than Fist of Ixiblat, which is a fire proc.

Oh, wait...

idiots

[chiseen]

probably found their own exploit. :P

Best Example of Irony

[kie]

Teachers look no further...

this has to be one of the best examples of irony, ever.

Re:Details?

[cp.tar]

OK, let me try:

• First they sell you an antivirus to protect you against viruses and other malicious code.
• Then they sell you a security package which will protect you against malicious code which the antivirus cannot detect. Or which attacks the antivirus itself.
• Soon they'll sell you an additional package which will make sure nothing gets past the security package.
• And another one to keep all those in check.
• Therefore, soon enough no code will be able to execute because all the CPU cycles will be reserved for Symantec security.

Perfect security - and the Quis custodet ipsos custodes? problem solved. Rather neat...

Re:Details?

[Jesus_666]

Norton Antivirus offers perfect security. Just leave it installed on a home user PC for long enough. Sooner or later the system will shut down in an unclean fashion, which NAV will take as a reason to hang at startup, taking the NIC with it.

Bang - no NIC, no malicious traffic from the internet.

Thank you

[kanzels]

Now I'm happy that my Windows is safe inside vmware and running only twice a month using Linux as host and firewall :)

Re:Details?

[Fred_A]

Therefore, soon enough no code will be able to execute because all the CPU cycles will be reserved for Symantec security.

I thought everybody agreed that this was the purpose of dual core CPUs for Windows machines. One to run the bundled Norton crud, one to run the apps.

Of course some people follow the advice of their more enlightened friends/neighbours/family and switch to other products or other systems.

(note: this does not apply to corporate networks unless they are handled by idiots. Um. Doesn't apply to *all* corporate networks.)

Re:Free alternatives to Symantec Antivirus

[Anonymous Coward]

Sorry, but Gentoo is no good: while I like Lunix, I could never switch to it until it runs all the essential Windows applications I rely on, like Firefox, Openoffice.org, GIMP, and Cygwin.

Re:Details?

[Anonymous Coward]

From all the installations I've had to fix, I believe that by "Norton Internet Security" what they really mean is that "it protects the internet from YOU".

Re:That saves time!

[thc69]

Pardon my grammar naziesque intrusion, but...sometimes funky grammar is merely a minor annoyance, and other times, it has quite an effect on readability.

For example, when I read "could suck money out of an Enron Execs. hand!", I thought you meant that they could suck money out of Enron executives, and just had a gratuitous "an" shoved in there (or accidentally pluralized "Exec"); and I couldn't understand the seemingly misplaced exclamation "hand!" So, I read it as follows:

"...could suck money out of an Enron executive.

Hand!"

This thoroughly confused me. It took me way too long to determine that you were attempting to properly abbreviate the word "executive" while also making it posessive. While probably not more gramatically correct, a clearer way to write it would be:

"...could suck money out of an Enron exec's hand!"

Now, if I thought it took a long time to figure out what you meant, imagine how much time I've wasted writing this!

ObSymantec: I try to discourage people from using Symantec products. In my ~14 years experience with their stuff, I've found that their antivirus is expensive, slows the computer down way too much, and is no more effective than any other; and I've also found that their other utilities tend to be mostly snake oil. It wasn't always that way -- DOS and even Windows 3.1 versions of Norton Utilities were actually useful _and_ unique. Since the program that gazillions of folks use to secure their machine is opening holes, maybe it's time for everybody to move on.

Oh yeah, and...

Hand!

But if they want to save development cycles...

[Dystopian Rebel]

All they have to do is rebrand their anti-virus product "PC Anywhere SE".

Re:Details?

[brix_zx2]

I thought everybody agreed that this was the purpose of dual core CPUs for Windows machines. One to run the bundled Norton crud, one to run the apps.

Unfortunately this is only half right. With the release of Windows Vista it'll be one processor for the OS and one for Norton.

Trio Core CPU next??

Unitentional release of new feature

[sjonke]

This gaping hole is intentional, but it wasn't suppose to be released yet. That was a mistake. It's a new Symantec Anti-Virus feature called "Wide Open Front Door". WOFD opens up many large security holes in your system, with the intention of confusing attackers - when a potential attacker finds a system with so many massive, gaping security flaws, they figure their must not be anything interesting inside because if there were the system would certainly be locked down tight. The potential attacker will figure it's not worth the trouble and attack some other system instead.

surreal irony

[stinky wizzleteats]

That is so ironic it's almost surreal.

That's like making an operating system that causes a computer not to operate.

Oh, wait...