Symantec Posts Fix To Vulnerability 100
An anonymous reader writes "Just a few days after it was discovered, Symantec has posted a fix to a critical flaw with its Antivirus software." From the article: "The eEye digital security firm reported the problem initially, and discovered it was present in the newest versions of the affected Symantec products. Further research noted by Symantec described the problem as a flaw that made the products vulnerable to a stack overflow. Once exploited, that overflow could have permitted an attacker to execute code on the machine, with System level rights. The issue was made worse by being one that impacted enterprise-level customers, big spenders that purchase hundreds or thousands of licenses depending on the size of the business. "
As long as we use langs without memory safetey... (Score:4, Interesting)
Yes, of course even in memory safe languages (Java, Python, etc) something somewhere needs to have memory access. That thing is the VM/interpreter. Fortunately there are very few areas of code in the VM that need to have memory access, so if you make those correct, then you can write a million lines of application code and know that there aren't any overflows in it.
-------------
Carry a concealed weapon in California [californiaccw.org]
Symantec need to turn around (Score:5, Interesting)
I think they need to go back to square one and develop a product that is not going to give them a bad reputation if they want to stay competitive.
After working with a lot of other anti-virus packages and seeing how un-invasive a good anti-virus package can be I refuse to use Symantec products anymore and to my clients I strongly recommend them change products when their license is up for renewal.
If it wasn't for Symantec bundelling their software with OEM's I wonder how much of an impact they would have? Most uneducated people I do work for think of all anti-virus as "Nortons" and are amazed at how much their system performance improves when I replace it with something else.
They used to have some good products 10 years ago, but I haven't seen a decent anti-virus release from them for a long time now.
Real Ultimate Computing POWER (Score:2, Interesting)
These simple steps will save you time and money, speed your computing experience, and, above all, avoid the vulnerability.
Thank you
SWITCH TO NOD32 ALREADY!! (Score:4, Interesting)
Kaspersky is pretty good too.
But who in their right mind, that knows *anything* about security, uses Symantec or McAfee anti-virus products?
Check out these: http://www.av-comparatives.org/index.html?http://
And if you have a VirusBtn login, the 100% awards are alright indicators of virus scanner quality, but nowhere near as good as av-comparatives IMO.
Shades of Godel, Escher, Bach... (Score:4, Interesting)
in GEB it was a parable about the Godel incompleteness theorem -- and, of course, designers of security software would do well to think carefully about it...
TUVM (Score:3, Interesting)
Silent mantra to the many people I have to spend hours cleaning spyware and maleware off of their system and feel guilty charging them because they are friends. Mostly they buy me gifts because I refuse to charge them. I have them bring the sick virus infested computer in on company time and test the company firewall.
I really do!
Matrix
Re:Symantec need to turn around (Score:3, Interesting)
I thought that too.
Then you're a minority. Your one of two I've ever heard say that, as compared to over a hundred more people who've had to reinstall Windows because of Symantec's software. I'd had my first computer about a month in 2001, running Norton's, when it got owned by a worm that wrecked Windows so that I had to reinstall. It later got owned by another virus that also wrecked it so that I had to reinstall, it just did it more slowly. Not only that but there were other incidents related to viruses that caused me problems. Was I downloading stuff that had viruses? Not according to Norton's scanner. Finally, after I'd heard that AVG was good and free (I didn't know much about this stuff back then) I decided to give it a try. I scanned all the files on my computer and it found three OLD files that were viruses that always passed Norton's scan as clean. The youngest of these files was seven months! The oldest was 13 months. That's just plain incompentence on their part, as far as I'm concerned.
Anyhow, after AVG I never had problems with a virus again. Of ocurse, that was urgent for only about another year as I switched to *nix later. Now viruses rarely concern me personally at all, only with regard to my customers who bring me their PCs to fix and anytime I fidn one with Norton's or McAfee's I install Avast (Win 2k/XP) or AVG (98/ME). Virtually all of them have reported that Avast or AVG did much better at catching virused files they had and weren't so invasive, so Norton's doesn't seem to have improved since I was using their products.
Here's an idea: if you're so confident in Norton's, try uninstalling it, install AVG or Avast and scan all your backup files with it as well as your computer. You say that your system is clean and Norton's has kept it so, but how do you know? Why not check to make sure? Because if you've been using Norton's exclusively that long, I believe you most likely do have a trojan that you don't know about.
Re:Symantec need to turn around (Score:2, Interesting)
In my book, it's not a good sign if any program takes a half hour to install or uninstall.