Symantec AntiVirus Hole Found 241
Hotwater Mountain writes "eWeek has a story about a gaping security flaw in the latest versions of Symantec's anti-virus software suite that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine 'without any user action.'"
That saves time! (Score:5, Funny)
(ouch, that was a little harsh)
But if they want to save development cycles... (Score:5, Funny)
Re:That saves time! (Score:5, Funny)
For example, when I read "could suck money out of an Enron Execs. hand!", I thought you meant that they could suck money out of Enron executives, and just had a gratuitous "an" shoved in there (or accidentally pluralized "Exec"); and I couldn't understand the seemingly misplaced exclamation "hand!" So, I read it as follows:
This thoroughly confused me. It took me way too long to determine that you were attempting to properly abbreviate the word "executive" while also making it posessive. While probably not more gramatically correct, a clearer way to write it would be:
Now, if I thought it took a long time to figure out what you meant, imagine how much time I've wasted writing this!
ObSymantec: I try to discourage people from using Symantec products. In my ~14 years experience with their stuff, I've found that their antivirus is expensive, slows the computer down way too much, and is no more effective than any other; and I've also found that their other utilities tend to be mostly snake oil. It wasn't always that way -- DOS and even Windows 3.1 versions of Norton Utilities were actually useful _and_ unique. Since the program that gazillions of folks use to secure their machine is opening holes, maybe it's time for everybody to move on.
Oh yeah, and...
Hand!
Re:That saves time! (Score:2)
(and, of course, Midnight Commander if you want something that's been updated in the past 15 years)
Details? (Score:5, Insightful)
If it affects the install on the clients, but needs to get access to them, I wave my paw and say "bah."
If, on the other hand, it can attack the server...
Well, then again, everything should be behind a firewall anyway, with only needed ports forwarded.
I mean that's just common sense...
Re:Details? (Score:5, Informative)
Re:Details? (Score:5, Funny)
OK, let me try:
Perfect security - and the Quis custodet ipsos custodes? problem solved. Rather neat...
Re:Details? (Score:5, Funny)
Bang - no NIC, no malicious traffic from the internet.
Re:Details? (Score:5, Funny)
Re:Details? (Score:5, Funny)
I thought everybody agreed that this was the purpose of dual core CPUs for Windows machines. One to run the bundled Norton crud, one to run the apps.
Of course some people follow the advice of their more enlightened friends/neighbours/family and switch to other products or other systems.
(note: this does not apply to corporate networks unless they are handled by idiots. Um. Doesn't apply to *all* corporate networks.)
Re:Details? (Score:3, Informative)
That hadn't occured to me, it could certainly make a big difference cutting down the effect of the overhead from norton antivirus and firewall software, not to mention the worms it feels like letting in to join the party.
Re:Details? (Score:2)
Re:Details? (Score:2)
Re:Details? (Score:3, Interesting)
Just wait until some PHB or road warior brings thier laptop in and it is infected. Or my favorite, Someone (law clerk) was bringing in Files that her computer at home wouldn't open corectly to see if the work computers could open them because they seem to do more. I guess the idea was to make sure they weren't needed before they got deleted.
And what of the firewall is a nortan product? or spread VIA email too. Ohh well
It's hard to imagine.... (Score:3)
Re:It's hard to imagine.... (Score:5, Insightful)
Actually as far as I can tell Symantec hasn't actually ever made a product at all. I'm sure they must have once, how else did they ever get the money to buy Norton in the first place (venture capital I guess), but every Symantec product I can think of was originally aquired from someone else.
I'd find it very hard to imagine a company that has done nothing but destroy every piece of intelectual property it aquires and continues to make money. Unfortunately I've seen it...
Re:It's hard to imagine.... (Score:4, Insightful)
Why? AOL's been doing it for YEARS. Remember ICQ? Winamp? Need I say more?
AS A SYMANTEC EMPLOYEE, I AGREE (Score:2, Interesting)
Re:AS A SYMANTEC EMPLOYEE, I AGREE (Score:2)
Just let's hope that you're not the only one who answered "strongly disagrees" to all questions, or management will have your name despite the Anonymous Coward.
Re:It's hard to imagine.... (Score:2, Informative)
Re:It's hard to imagine.... (Score:2)
computer associates....
Re:It's hard to imagine.... (Score:3, Informative)
No wai- (Score:2, Funny)
Re:No wai- (Score:5, Funny)
Re:No wai- (Score:4, Funny)
Oh, wait...
Re:No wai- (Score:2, Insightful)
As for NAV... Maybe you could use a special NIC that detects malicious traffic and self-destructs rather than passing the packet to the rest of the system.
Re:No wai- (Score:3, Insightful)
Re:No wai- (Score:2)
If you have flamethrowers big enough, this will work, since they use up all the oxygen and the fire in the house will go out. If you have observed some Steven Segal movies, you've seen the same trick on the oil drilling stuff, that's the easiest way to put something out, remove the oxygen.
I suppose you should use something that burns at really low temperatures in that flamethrower, otherwise when the natural oxygen from the environment r
Re:No wai- (Score:2)
Good news, everyone! (Score:5, Funny)
Re:Good news, everyone! (Score:5, Funny)
Toss in the complete inability to hack that most script kiddies have... and now you also have security through stupidity.
I always loved watching my snort logs when some kiddie attempted to 0wn my FreeBSD server running Zope/Plone + Apache by tossing every IIS 5 attack they have a script for.
So people have discovered Nortons DRM Rootkit? (Score:5, Funny)
Who has heard that conspiracy theory (Score:5, Funny)
*grabs tinfoil hat*
Re:Who has heard that conspiracy theory (Score:2)
I remember saying that quite awhile ago [slashdot.org], or at least something vaguely along those lines.
Re:Who has heard that conspiracy theory (Score:2, Insightful)
Re:Who has heard that conspiracy theory (Score:2)
Re:Who has heard that conspiracy theory (Score:2)
Throw me a friggin bone! (Score:5, Insightful)
OK that leaves about every question unanswered.
At least give us a little bit on how this vulnerability could be exploited other than: This flaw does not require any end user interactionThrow me a friggin bone here! I'm the user... Need the info...
I suppose the important part is they got the scoop!
Re:Throw me a friggin bone! (Score:5, Informative)
As far as #3, the hows were unaddressed.
#4, it seems that at least several firewall packages block it just fine... but there was no discussion as to whether or not it was something special about the packages mentioned, or if it's just blocking some specific port that makes you safe.
The Hows: A well reasoned theory and some impacts (Score:4, Interesting)
Re:Throw me a friggin bone! (Score:3, Interesting)
Past exploits in software firewalls where issues in the packet inspection engine. The engine packs itself infront of the tcpip stack of windows and inspects _every_ packet that goes in or out, regardless of wheter it connects to some port or not. This is done in order to log the packet and to reassure the user with annoying popups that his investment was worth his money.
Back to antivirus: This thing also scans email. It does this b
Older Versions? (Score:3, Insightful)
Question 1: Are norton Consumer level products (Norton/symantec Antivirus 2006 for example) in this list.
Question 2: Where does this security vulnerability lie? In the scanning engine or in the GUI appliation wrapper or helper dll. This could let us know if the Symantec Antivirus 9 -> 1 are bad.
Im holding Slashdot to a Slashback on this as this unfolds.
BTW, any takers on the ammount of time till patch. Clock starts now.
Re:Older Versions? (Score:3, Interesting)
jsut because they release updates on wensdays and i don't thing they will have a cert'ed patch ready by wensday as this is a holiday weekend and their customers don't matter to them (at least the ones that could be infected)
Consumer versions not affected (Score:5, Informative)
"eEye said it appeared consumer versions of Symantec's Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw, though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected."
Re:Consumer versions not affected (Score:2)
Then the listener code is bugged and has a hole in it, and now, courtesy of No
Re:Consumer versions not affected (Score:2)
Pretty good at finding viruses (the best if you listen to them, but hey, thats marketing), comparitively lightweight, and with lots of options that don't result in blaring alerts when you configure them in "unapproved" ways.
I found that NOD uses about 17MB of memory, compared to more than 60 for Norton's (home).
startkeylogger (Score:5, Funny)
DUH! we've been calling it Norton Virus for years! (Score:5, Insightful)
Keep your patches up to date, or don't connect to the internet...
Don't open ANY freaking attachments, unless you expect it, and you know where it came from... or don't connect to the network.
My mom's computer has their security suite? set up on it... it basically just nags her when programs try to do anything... it's nice that it warns about Real Player's nasties... but we all know to unistall that basterd and just use the codec...
Re:DUH! we've been calling it Norton Virus for yea (Score:2)
Security isn't easy at best, and the more computers, applications and disparate networks you have to manage the worse it gets. Name for me a software firewall that doesn't require "teaching"? Eventually, you'll install something that will not work until you open the port it needs. The newer swfws will at least popup a quick box asking you if you'd like to permanently allow the connection. I've used zone alarm, tpf, netpeeker, scs and, yes, XP
no proof of concept yet? (Score:3, Insightful)
Great, so lets just advertise that it's vulnerable instead of fixing it! How many h4x0rz are going to try to 'sploit this now as opposed to before for a quick ego trip?
Re:no proof of concept yet? (Score:2)
"there are no publicly shared proof-of-concept exploits or other information to suggest an attack is imminent that we know of "
The best approach to vulnerabilities is to assume by default that the blackhats already know about them and are actively exploiting it, because you can't prove otherwise, so what you need asap is to inform the people about it.
Ever since Symantec took on Microsoft... (Score:2, Flamebait)
AntiVirus is for Newbs (Score:2, Interesting)
I had a bit of a problem a few years ago with SpyWare, first I Installed a IE plugin and then moved to FireFox.
These 'Security' behemoths are insane. They hog 20%+ of computer resources with their 'real time scanning'. The only time anything needs to be scanned is when it's first comming to your computer. Downloads need to be scanned, that's it! If I download
Re:AntiVirus is for Newbs (Score:3, Informative)
The fact is that, even as a computer science student, I don't use Firefox always (because I'm currently using Windows), I don't make daily backups because they can sometimes waste a lot of time, and
Re:AntiVirus is for Newbs (Score:2, Insightful)
The problem in Windows is even knowing where your documents and data are stored. Some programs still store settings and documents created under them in their program folder. Without a whole hard drive backup, most non-expert computer users would probably miss some of their important documents and data in their backup.
Re:AntiVirus is for Newbs (Score:3, Insightful)
It's possible to have the best of both worlds. Use a free app like Rsync and the first run, yes it will be a full backup. Once it has completed that, the next time you run it, it only updates the backup to match the changes you've made to your hard drive recently. In most cases it only needs to move a few megabytes. The compare process takes about 5 minutes
tit for tat? (Score:3, Interesting)
Recent history:
Does anyone else feel that this time line suggests that the last item or two might be part of a hidden agenda? Are we witnessing the start of a FUD throwing contest between two of the industry's major players?
I am so confused. What web news publishers should I now put my faith in?
eEye close to MS? (Score:5, Informative)
-Fyodor (Insecure.Org [insecure.org])
Re:tit for tat? (Score:2)
Alternatives to Symantec Antivirus? (Score:5, Interesting)
Has anyone deployed something other than Symantec Antivirus in a 250 PC company? If so, I'd like to hear your experiences.
Re:Alternatives to Symantec Antivirus? (Score:3, Interesting)
Fairly happy with it.
smash.
Re:Alternatives to Symantec Antivirus? (Score:2, Interesting)
The downside is that it's not as user friendly as the others. Sophos only sell to business customers and hence expect it to be installed by a competant sysadmin. Once you've learnt how to m
Re:Alternatives to Symantec Antivirus? (Score:4, Insightful)
(This is on a corporate network, I haven't got anything to do with how/why it's running )
Re:Alternatives to Symantec Antivirus? (Score:2)
Re:Alternatives to Symantec Antivirus? (Score:2)
Re:Alternatives to Symantec Antivirus? (Score:2)
I'm getting tired trying to keep up. (Score:2, Interesting)
We need to fix root cause of the problem. Not restore service, but fix it.
It's time to tackle this problem at the compiler level. Get rid of the various IDE wizards, where the latest summer student can spend 5 minutes building a so called enterprise class application.
Instead of the next dual core processor, maybe the industry could spend some time on software and get it right.
heh (Score:2)
smash.
idiots (Score:3, Funny)
Information from Symantec (Score:2, Informative)
GAH SYMANTEC (Score:2)
They're better off with two or more good anti-spyware apps, a good firewall, Firefox as the primary browser (I've converted at least a dozen or more people to it), and updated Windows.
Symantec
and what better place than announce it than on (Score:2)
ClamWinAV (Score:2)
Re:ClamWinAV (Score:2)
Free alternatives to Symantec Antivirus (Score:3, Interesting)
AVG Anti-Virus [wikipedia.org]
Re:Free alternatives to Symantec Antivirus (Score:2, Informative)
Ahhh, much better.
Re:Free alternatives to Symantec Antivirus (Score:2)
Yet another... (Score:3, Insightful)
So, how *do* they manage to stay in business with such a large share of the security market?
(bustling off to buy put options...)
Re:Yet another... (Score:2)
Well, my last 2 computers had Symantic pre-installed. Kinda like AOL and Windows.
Thank you (Score:2, Funny)
This was to be expected (Score:2)
For one thing, the closed-source nature of the whole anti-malware market is a fertile breeding ground for exactly this sort of problem.
Fort another thing, if your whole business depends on the very existence and high market penetration of malware, you stand to lose out massively if you actually manage somehow to eliminate it altogether. Symantec et al need the virus writers, the script kiddies, the crackers and the spyware merchants. If it wasn't f
Unitentional release of new feature (Score:4, Funny)
Nothing suprising about this "development" (Score:4, Interesting)
I normally recommend something along the lines of AVG or Avast! to customers after that little experience. People normally learn after their wallet gets hit a few good times for computer repair.
surreal irony (Score:3, Funny)
That's like making an operating system that causes a computer not to operate.
Oh, wait...
It depends (Score:2, Insightful)
Re:It depends (Score:2)
Re:It depends (Score:5, Interesting)
So now we don't have to worry about this security hole, which means we can finally say that something good came out of using Rational Clearcase.
Re:It depends (Score:2)
Sure virtual file systems "views" sounds great on paper, the reality of it, specially over the 100Mbit at my work, is it's slow as fuck. You can take any 2 hour build and turn it into a 4, 6, 8 and I've even seen 10 hours on a dedicated box [e.g. only sharing the network not the CPU].
Give me CVS any day
Tom
Re:It depends (Score:2)
One shop that I worked at ran ClearCase on Solaris and Linux (RH 7.3) and it was fine. No noticable difference between ClearCase and any other build over an NFS mount.
Running it on Windows was miserable. It didn't matter what the back end was (NFS or CIFS) it just sucked.
Re:It depends (Score:3, Insightful)
Re:It depends (Score:2)
oh piffle (Score:2, Interesting)
Re:what a joke they are (Score:2)
Re:what a joke they are (Score:5, Insightful)
There's more to AV than your home computer. Managing 1000s of machines across the country takes more than the tinyest AV program you can stick on one computer. Our needs are first and foremost having an AV install on each system, with good virus defs, and that we can actually manage remotely. SAV is still the best for that in our opinion....
Re:what a joke they are (Score:4, Insightful)
Pure, unadulterated BS. I've used both and Nortons absolutely sucks compared to AVG. With Norton's my computer got so badly infected that I had to reinstall the OS two different times. Installed AVG and never had that problem again. Did I download anything that had the virus in it? No! Both times the viruses downlaoded themselves straight into my computer from the internet -- which means Norton's firewall didn't do anything to stop them. On top of this, one time I uninstalled it in order to reinstall it and I couldn't boot Windows afterward.
Nevertheless, I think Avast! is the best antivirus, but I've heard a great deal of good aobut NOD32 and Kaspersky's. Any of them beat Norton's. Hell, as bad as Norton's can screw up your computer no antivirus is sometimes better. I don't know how many times I had to reinstall it because it started screwing up or just didn't install right in the first place. All of that applies equally to McAffee too.
I don't know what the deal is here with you and whoever is modding anything critical of Symantec as "flamebait" and your BS as insightful, but you can't quit with the outright lying. You've both made yourselves as transparent as freshly-cleaned glass. Normally, I'd think someone who made such an accusation was paranoid, but that's how blindlingly obvious you guys have been. And the thread is still young. Too bad the people running this site aren't involved enough to care anymore.
Re:what a joke they are (Score:2)
Recently though it didn't detect a couple of p2p trojans on clients' machines and a demo of Kaspersky did. I'm considering switching to Kaspersky when my Nod32 license expires.
Re:what a joke they are (Score:2)
Give us proof.
Re:Symantec (Score:2)
Re:meanwhile... (Score:2)
Tom
Re:Was it a buffer overflow? or a bad pointer? (Score:2, Insightful)
Sadly, morons who can't figure out how to check buffer length and pointer cromulence is what the industry really has to 'put up with'.