Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Symantec AntiVirus Hole Found 241

Hotwater Mountain writes "eWeek has a story about a gaping security flaw in the latest versions of Symantec's anti-virus software suite that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine 'without any user action.'"
This discussion has been archived. No new comments can be posted.

Symantec AntiVirus Hole Found

Comments Filter:
  • Re:Details? (Score:5, Informative)

    by neil.orourke ( 703459 ) on Friday May 26, 2006 @02:04AM (#15407818)
    http://www.smh.com.au/ [smh.com.au] had a writeup about this which said that Norton Internet Security guarded against this flaw in Norton AntiVirus. Go figure on the implications of that.
  • by Anonymous Coward on Friday May 26, 2006 @02:17AM (#15407858)
    Coverage on http://www.cnn.com/2006/TECH/internet/05/25/antivi rus.flaw.ap/index.html [cnn.com] CNN notes that it appears only the corporate version is affected.

    "eEye said it appeared consumer versions of Symantec's Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw, though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected."
  • by skiflyer ( 716312 ) on Friday May 26, 2006 @02:36AM (#15407922)
    I didn't read this link, but I read it on CNN, and to answer your first two questions no... they very specifically said the real concern here is that a user can be attacked without doing anything.

    As far as #3, the hows were unaddressed.

    #4, it seems that at least several firewall packages block it just fine... but there was no discussion as to whether or not it was something special about the packages mentioned, or if it's just blocking some specific port that makes you safe.
  • by Simon Garlick ( 104721 ) on Friday May 26, 2006 @02:42AM (#15407935)
    That was the old "classic" Ghost. The new one is just a rebadged Powerquest DriveImage.
  • by Parham ( 892904 ) on Friday May 26, 2006 @03:19AM (#15408020)
    Everything you said is absolutely right... except that only someone with a firm understanding of computers and software would be able to accomplish them. I don't know of many normal people that virus scan every file that first comes into their computer, backs up their MOST important documents, and uses Firefox.

    The fact is that, even as a computer science student, I don't use Firefox always (because I'm currently using Windows), I don't make daily backups because they can sometimes waste a lot of time, and I let my virus scanner scan regularly even after I know my computer has no viruses (luckily I use AVG which doesn't hog resources).
  • eEye close to MS? (Score:5, Informative)

    by fv ( 95460 ) * <fyodor@insecure.org> on Friday May 26, 2006 @04:29AM (#15408174) Homepage
    I don't know why you think eEye has such close ties to MS. They have been embarrassing and exploiting the hell out of MS for years [eeye.com]. They drive MS crazy by releasing powerful exploit code and giving conference presentations such as "Remote Windows Kernel Exploitation" (BlackHat 2005). I like these guys a lot :).

    -Fyodor (Insecure.Org [insecure.org])
  • Gentoo [gentoo.org].

    Ahhh, much better.
  • by b0wl0fud0n ( 887462 ) on Friday May 26, 2006 @06:01AM (#15408355)
    They also bought out Sygate Personal Firewall [sygate.com]. Fortunately you can still get the old version here [oldversion.com].
  • Re:Details? (Score:3, Informative)

    by BiggyP ( 466507 ) <philh@theopenc[ ]rg ['d.o' in gap]> on Friday May 26, 2006 @09:44AM (#15409249) Homepage Journal
    "I thought everybody agreed that this was the purpose of dual core CPUs for Windows machines. One to run the bundled Norton crud, one to run the apps."

    That hadn't occured to me, it could certainly make a big difference cutting down the effect of the overhead from norton antivirus and firewall software, not to mention the worms it feels like letting in to join the party.
    "Of course some people follow the advice of their more enlightened friends/neighbours/family and switch to other products or other systems."

    most can't manage it without help though, norton/symantec AV and the various internet security packages, and mcafee to a lesser extent, are pretty insidious and can sometimes be a real pain to remove, most likely a deliberate attempt by the software publishers to stop users from switching to a free version when their demo expirese a few months after purchasing the new PC it came with. At this point an average user will invariably glance at their windows security center with a look of fear and simply pay to extend the subscription.
  • Re:That saves time! (Score:2, Informative)

    by Jerf ( 17166 ) on Friday May 26, 2006 @10:32AM (#15409574) Journal
    Adding to your confusion, "HAND" is an ancient Usenet acronym for "Have A Nice Day!", which usually shows up in the full acronym phrase "YHBT. YHL. HAND!", which is of course "You Have Been Trolled. You Have Lost. Have A Nice Day!"

    "hand!" really looks like someone just lowercased the acronym.
  • by dballanc ( 100332 ) on Friday May 26, 2006 @12:35PM (#15410499)
    The difference between the home and enterprise version of Norton are absolutely huge. One sucks, one seems to work fairly well. The home version is awful. I mean really, I don't think I could possibly design a worse product. What genius decided that massive dependencies on Internet Explorer is a good idea for an antivirus program. Internet Explorer and related components are usually the ones raped in virus and malware attacks. IE breaks, and the interface to NIS breaks. Brilliant!

    Can't uninstall in safe mode. Uninstall works so poorly they even release a standalone uninstaller, which in my experience is necessary almost 50% of the time for broken Norton installs.

    The silent breakage. NIS is absolutely famous for this. I get clients call with the broken net access, sluggish response, programs not running correctly, scripting engines not working under IE despite being enabled, etc. Malware, virus, spyware? Nope. It's NIS. I can't count the number of quirky problems fixed simply by uninstalling NIS. It's generally a first step for me anymore.

    Learning firewalls are totally pointless for home users. The typical home user can barely check email, and clicks OK to every web-popup. Do you really think they are up to allowing/denying outoing port traffic? Even in the corporate environment, you should never trust a user to make decisions like that. It's not their job. If you're an admin, they pay YOU to do that.

    And no NAV, I don't give rats ass unless you actually find an infection. Take your little balloon popups and shove them. If you don't have anything valid to say, leave me the hell alone. All of the major AV programs these days are pretty much adware. "hey look at us, we're working. You paid for us and we're doing something, yeah!". Damn attention whores.

No problem is so large it can't be fit in somewhere.