Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Symantec Antivirus May Execute Virus Code

Zonk posted more than 9 years ago | from the antivirus-not-so-anti dept.

Security 388

An anonymous reader writes "Symantec has admitted that a serious vulnerability exists in the way its scanning engine handles Ultimate Packer for Executables. According to a ZDNet article, this means the scanner would execute the malicious program instead of catching it. Tim Hartman, senior technical director for Symantec Asia Pacific, said: "A vulnerability is not a vulnerability till somebody discovers it but because this is now known, somebody could craft an e-mail, mass mailer or a virus that takes advantage of it. It affects our firewalls, antispam, all the retail products and the enterprise products as well"" Symantec recommends you immediately patch your software.

Sorry! There are no comments related to the filter you selected.

Immediately patch? Really? (5, Informative)

dtfinch (661405) | more than 9 years ago | (#11630326)

"No updates available for this product."

I've checked several versions, starting with the corporate edition which we use.

Re:Immediately patch? Really? (5, Funny)

mrighi (855168) | more than 9 years ago | (#11630377)

That's because they gave out the wrong link. What they really meant to say was, "Symantec recommends you immediately patch [mcafee.com] your software."

Re:Immediately patch? Really? (1)

garcia (6573) | more than 9 years ago | (#11630387)

Perhaps the patches were released in yesterday's (2/9/05) update that I got?

Re:Immediately patch? Really? (3, Informative)

Anonymous Coward | more than 9 years ago | (#11630457)

RTFA, If you are using LiveUpdate, it already installed it.

Re:Immediately patch? Really? (5, Informative)

Anonymous Coward | more than 9 years ago | (#11630473)

Symantec has known about this, and they've been rolling out patches in the latest builds and maintenance releases for a little while. If you've been running liveupdate and no updates are available, you're good to go. The list of vulnerable and nonvulnerable builds is available on the Symantec advisory.

Re:Immediately patch? Really? (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11630614)

That or liveupdate failed. Yet again. I worked at a university where we rolled out a campus wide network that used symantec tools, and their technicians were stunned that we were "only" getting a 40% patch failure rate.

Here's your immediate patch for Symantec (0)

Anonymous Coward | more than 9 years ago | (#11630523)

Re:Immediately patch? Really? (5, Informative)

Sethb (9355) | more than 9 years ago | (#11630596)

If you're running Corporate Edition, you won't be getting the patch via LiveUpdate. You need to call their tech support line with your serial number or contact/contract number, and they'll give you the information (FTP site and password) for obtaining the 9.0 MR3 update for SAV Corporate Edition. This updates the software to version 9.0.3.1000

Some of the earlier Maintenance Releases aren't vulnerable either, but MR3 is the newest. If you're still on vanilla 9.0.0.338, you need to update ASAP, the same applies if you're on the update revision that made SAV CE work with the Windows SP2 Security Control Panel, version 9.0.0.1400.

Since it's "Corporate Edition", Symantec assumes that you're managing these desktops and wants to control when you push patches to them, so now you get to do just that. :) The good news is that you can use the remote client installer to just lay the new version over the old one via the network (or push a new .msi file via Group Policy, or run the update in a login script). Make sure you upgrade your servers before doing the clients, Symantec (or at least the rep I talked to) suggests completely removing the server (via add/remove programs) and installing the new version, not merely doing an upate.

Re:Corporate Edition (2, Informative)

Anonymous Coward | more than 9 years ago | (#11630598)

The support engineer that I spoke with today stated that even though we have gold support you don't get notified for anything except "major . releases".

I had been complaining that I've been trying to get 9.0.3 for a couple of days now and customer support was a runaround and why can't I get updates like I should be.

He then told me that the MR packs are "not available unless you call tech support".

I then spent 15 minutes on the phone to customer service without speaking to anyone and hanging up.

He at least sent me a link to download the latest releases.

Thanks Symantec. I had to pull at your teeth to get you to talk, and only then you just spoke the least necessary. Great service.....:)

LiveUpdate will handle patch (2, Informative)

SoumyaRay (458361) | more than 9 years ago | (#11630736)

The linked article states that:
Symantec is distributing patches to its customers through its LiveUpdate automatic update service and other mechanisms. It warned companies that do not use those services to download the patches from its Web site and apply them as soon as possible.

So users with LiveUpdate should use tool to handle updates. BTW, my LiveUpdate didn't install any client patch. yet.

Re:Immediately patch? Really? (4, Interesting)

sigaar (733777) | more than 9 years ago | (#11630739)

Would it matter? Symantec's antivirus products are getting shittier by the day. I've lost count of the times that I go to a first time client who's complaining their computer is behaving "funny."

I sit down in front of the computer, and I can see it's infected with something. The signs are the, writing is on the wall. But norton/symantec enterprise, updated and all, is telling me it's clean. So I download McCaffee Stinger or BitDefender's free scanner, clean the Machine out, and sell something better to them.

Case in point. I have a client who's ISP is running Symantec antivirus gateway on the ISP side. Behind that gateway, I've got a postfix box with amavis-new and clam, h+bedv and bitdefender scanners. You won't believe the amount of virusses I still catch, stuff that make it through symantec's waste_of_cpu_cycles_software.

Symantec was the good stuff back in the good old DOS days. Now they're baking in their former glory, but they're loosing business and I'm happy so see them burn if they don't get off their butts and start improving their software.

FIRST POST (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11630327)

EAT A GIANT DICK

Antivirus (0, Offtopic)

Zlib pt (820294) | more than 9 years ago | (#11630332)

Does it remove windows with this patch ?

Better than just free (5, Informative)

Dancin_Santa (265275) | more than 9 years ago | (#11630333)

I use AVG on all my company systems and can say that in addition to being free, AVG provides the best anti-virus protection around. After F-Prot started losing ground to Windows-based scanners, AVG has done a remarkable job in stepping up to the plate.

AVG, free and worry free. (This was not a paid endorsement)

Re:Better than just free (5, Informative)

Zlib pt (820294) | more than 9 years ago | (#11630392)

"I use AVG on all my company systems and can say that in addition to being free"

On http://free.grisoft.com/freeweb.php/doc/2/ [grisoft.com]

"Use of AVG Free Edition within any organization or for commercial purposes is strictly prohibited."

Re:Better than just free (4, Funny)

lucabrasi999 (585141) | more than 9 years ago | (#11630518)

"Use of AVG Free Edition within any organization or for commercial purposes is strictly prohibited."

I guess Santa isn't Dancing anymore.

Re:Better than just free (2, Informative)

Trigun (685027) | more than 9 years ago | (#11630396)

I thought that it was free for personal use only.

What company do you work for again?

Re:Better than just free (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11630427)

What are you going to do? Sue Santa?

Are you in need of coal?

Re:Better than just free (0)

Anonymous Coward | more than 9 years ago | (#11630401)

You know it's only free for personal use, don't you?

Re:Better than just free (2, Interesting)

freshman_a (136603) | more than 9 years ago | (#11630423)


Not that one is better than the other, but I use Avast [avast.com] which is also free and has worked well for me on both Windows and Linux.

Re:Better than just free (1)

Jacco de Leeuw (4646) | more than 9 years ago | (#11630574)

I agree the software works very well but their detection is lacking. I submitted several samples and never received any response. Weeks later these sample are still not detected.

Re:Better than just free (1)

digitalchinky (650880) | more than 9 years ago | (#11630604)

I'm not sure if this is all just subjective - but over the last few days I've installed first Avast, then AVG - (only one at a time). Avast seems to slow my system down a small chunk.

It might simply be that I never set it up properly. Might be that 'on access' scanning business it does.

AVG do some pretty good deals for non-profits, Avast is free, not sure which is 'better' though.

Re:Better than just free (4, Informative)

Dot.Com.CEO (624226) | more than 9 years ago | (#11630432)

I hate to break this to you but avg is NOT free in a commercial environment.

Re:Better than just free (1)

Tony Hoyle (11698) | more than 9 years ago | (#11630689)

As long as it's not company policy ie. each employee that uses it is installing it for personal use, it's free.

I worked for a company that refused to pay for AV, and we all had it on our desktops, except the managers.

Re:Better than just free - I agree! (2, Interesting)

jla0 (644106) | more than 9 years ago | (#11630438)

Every time I go at someones house and they have "technical" questions, I walk to the computer to find 80% of the time... McAfee that dates back to 2000-2002 (the other 20% is NAV). No warning that it's not updating anymore or anything. People assume that the icon on the tray is there and they feel safe. I nuke it and install AVG. Work great. Less of a ressource hog (especially comparted to NAV) and oh yeah.. it's FREE as in beer!

Re:Better than just free (1)

Curtman (556920) | more than 9 years ago | (#11630552)

I like Avast 4 Home [avast.com] . It's also $0 (for non-commercial use), and its boot-time-scan works really well when other programs fail to remove something.

Re:Better than just free (1, Redundant)

LinuxTek (36519) | more than 9 years ago | (#11630627)

You do realize that AVG is not supposed to be free for companies. Only for personal use. If you really like AVG you should pay for it, so they get revenue and keep building the great product they have.

I do have the personal free edition for my home laptop, and it is a great program (although it had some issues with SP2 and some Nero drivers).

What about ClamWin? (1)

numbski (515011) | more than 9 years ago | (#11630726)

I've had excellent luck with ClamWin [sourceforge.net]

Re:Better than just free (1)

cybersaga (451046) | more than 9 years ago | (#11630723)

I still use F-Prot [f-prot.com] . It's not free (though it's only $29 for home users), but I haven't had any problems with it. It has much less overhead than McAfee or especially Symantec. And it doesn't assume you're stupid.

The free version is not licensed for company use (1)

sczimme (603413) | more than 9 years ago | (#11630731)


I use AVG on all my company systems and can say that in addition to being free...

Wow - good job. I would like to direct you to this paragraph on Grisoft's site [grisoft.com] :

AVG Free Edition is for private, non-commercial, single home computer use only. Use of AVG Free Edition within any organization or for commercial purposes is strictly prohibited. Your use of AVG Free Edition shall be in accordance with and is subject to the terms and conditions set forth in the AVG Free Edition License Agreement which accompanies AVG Free Edition.

Perhaps you should upgrade.

huh? (5, Insightful)

justforaday (560408) | more than 9 years ago | (#11630336)

"A vulnerability is not a vulnerability till somebody discovers it..."

Huh? So if someone inadvertently takes advantage of a vulnerability, it's not really a vulnerability because they didn't explicitly know they were taking advantage of it?

Re:huh? (4, Funny)

pegasustonans (589396) | more than 9 years ago | (#11630415)

No, you've got it all wrong. The person didn't actually exist, and all of the people who thought about the person existing didn't exist either. And all of the people who thought the person might or might not exist, but probably didn't, and should therefore be disregarded, were very clever and were hired by anti-virus companies to do their PR for them.

Re:huh? (3, Funny)

LourensV (856614) | more than 9 years ago | (#11630420)

I think he is a quantum physicist...

Re:huh? (0)

Anonymous Coward | more than 9 years ago | (#11630449)

"A vulnerability is not a vulnerability till somebody discovers it..."
Huh? So if someone inadvertently takes advantage of a vulnerability, it's not really a vulnerability because they didn't explicitly know they were taking advantage of it?

A vulnerability is not a vulnerability if it isn't. Otherwise it's a big gaping hole that you don't know about.

I love it when multi-billion dollar corporations shoot themselves in the foot like this. Oh, wait, it's not like they're really going to notice this. It's only their customers that are affected by this.

Re:huh? (3, Insightful)

drinkypoo (153816) | more than 9 years ago | (#11630530)

Yeah, I don't even have to RTFA to know that this guy is a complete idiot. Anyone who is willing to say that has his head so far up his ass that he can look out of his own nostrils. If there's a weakness in, say, the breastplate of a suit of armor, it's a vulnerability. If you get hit there, you are more likely to die. It doesn't matter if someone knows about it or not. Granted there is a serious problem with that metaphor in that you typically don't exploit problems by accident, but it seems highly likely to me that someone actually IS exploiting it out there, and that's why they discovered the hole in the first place. Symantec is not exactly known for having the highest-quality virus scan tool out there, although I do like their corporate version. Still, their software is full of bugs and inconsistencies (some places ^A works, some places it doesn't, for example) and it has been always thus.

Re:huh? (3, Interesting)

cronius (813431) | more than 9 years ago | (#11630542)

I second that. What an incredibly stupid statement. Like as if they are the ones deciding what is known and what isn't, like as if they must know more than anyone, so if *they* don't know, nobody does.

I mean, why do viruses exist in the first place? Is it because they exploit open, known vulnerabilities? Or is it because crackers *find* vulnerabilites to exploit?

Talk about stupid.

Yeah, right. (1, Funny)

Black Parrot (19622) | more than 9 years ago | (#11630560)


> > "A vulnerability is not a vulnerability till somebody discovers it..."

> Huh?

Sir Lancelot: "I hate to go into battle with this big f*ing hole in my chainmail, but fortunately my tabard will hide it."

Re:huh? (2, Insightful)

Broiler (804077) | more than 9 years ago | (#11630570)

If a tree falls in the woods and no one is there to hear it, does it make a sound?

Re:huh? (0)

Anonymous Coward | more than 9 years ago | (#11630744)

If a deaf-mute commits suicide in the woods using a gun equipped with a silencer, does it . . . oh, fuck it.

Re:huh? (1)

MerlinTheWizard (824941) | more than 9 years ago | (#11630728)

Isn't that exactly what Microsoft has been claiming about security? "Hide everything so we're safe". What they actually mean is that their software is not safe, but THEY at Microsoft (or here, Symantec) are safe because no one knows it's their fault. ;-)

Obligatory... (2, Funny)

ral315 (741081) | more than 9 years ago | (#11630340)

May I be the first to congratulate our executable overlords!

Immediate patch... (2, Funny)

same_old_story (833424) | more than 9 years ago | (#11630354)

http://fedora.redhat.com/

Re:Immediate patch... (2, Funny)

lucabrasi999 (585141) | more than 9 years ago | (#11630407)

Thanks. Now, can you explain how my company is to quikly move all of thousands of employees and all of our internal Windows-based applications to redhat in the next 24 hours?

Re:Immediate patch... (3, Funny)

russint (793669) | more than 9 years ago | (#11630546)

Thanks. Now, can you explain how my company is to quikly move all of thousands of employees and all of our internal Windows-based applications to redhat in the next 24 hours?

Amphetamine.

Re:Immediate patch... (1)

raynet (51803) | more than 9 years ago | (#11630548)

With diskless netboot..

Re:Immediate patch... (1)

rawg (23000) | more than 9 years ago | (#11630751)

Yes, and it would only cost you half of what it would cost to move from Linux to Windows.

Damn! (3, Funny)

JanneM (7445) | more than 9 years ago | (#11630355)

No time to waste! Systems may already be infected, so better get offline immediately, review what installed software is at risk and start figuring out a way to get the patches... no, wait, I run linux.

Wonder what's on TV tonight?

Re:Damn! (2, Funny)

spiffyinferno (832679) | more than 9 years ago | (#11630406)

"Wonder what's on TV tonight?" I believe you can catch the systemic failures of windows pc's everywhere in primetime- with a Bill Gates wardrobe malfunction at the break.

Re:Damn! (1)

strider44 (650833) | more than 9 years ago | (#11630478)

Lost for me. Not sure if you live in Sydney like I do, but if you do, I've made today's vulnerability tragedy just a little better.

Re:Damn! (0)

Anonymous Coward | more than 9 years ago | (#11630532)

Sure you don't wanna play a pc game, oh wait thats right..

Re:Damn! (-1)

Anonymous Coward | more than 9 years ago | (#11630681)

WEAK

Re: Damn! (3, Funny)

Black Parrot (19622) | more than 9 years ago | (#11630597)


> no, wait, I run linux. Wonder what's on TV tonight?

Switch to Gentoo and you'll have something to do tonight.


Re:Damn! (0)

Eccles (932) | more than 9 years ago | (#11630623)

no, wait, I run linux.

How can Linux be any good? It doesn't have all these anti-virus programs available for it!

Imagine how pissed you would be (2, Funny)

Anonymous Coward | more than 9 years ago | (#11630362)

if you went in for an STD test and they gave you herpes!

No worry (1)

dtfinch (661405) | more than 9 years ago | (#11630373)

The UPX license expressly prohibits modifying exes after they've been compressed.

I'm happy abou this - closed source headache (1, Insightful)

gelfling (6534) | more than 9 years ago | (#11630374)

Because it proves that tool vendors are really some of our worst enemies and closed source tool vendors are the worst of all.

They have their hand out day after day for maintenance and updates and yet never REALLY bother to check if their own crap is working correctly.

Whatta loada crap (0)

Anonymous Coward | more than 9 years ago | (#11630588)

Yeah right, like OSS NEVER ships with any exploitable code. It's not that some code can be exploited, it's what happens when the exploit is found. It appears that Symantec is addressing the issue quickly, which is the best that can be hoped for, open or closed source.

I hope you're just trolling and you don't actually believe the crap that you're spewing.

Yet another reason (2, Interesting)

Second_Infinity (810308) | more than 9 years ago | (#11630386)

Just another reason to go to free anti-virus software, such as AVG or Avast. I have removed Norton from all my personal computers and replaced them with Avast.

I just wish big corporations would realize that by using Norton/Symantec, that they are using the most targeted [by antivirus-disabling viruses] antivirus software out today.

Re:Yet another reason (4, Interesting)

Pionar (620916) | more than 9 years ago | (#11630661)

Yada yada yada.

Well, because AVG and Avast are free, they're less vulnerable, right?

Bullshit.

I like the hypocrisy of people criticizing Symantec's guy for touting security through obscurity, then turning around and preaching it themselves.

And I'd like to see how these things work in a corporate environment. Oh, wait. They don't.

Symantec has excellent corporate support and management features.

A vulnerability is not a vulnerability until? (2, Insightful)

Jeff DeMaagd (2015) | more than 9 years ago | (#11630394)

Come on! A cardboard door is not a vulnerability until someone figures out how to get it wet?!

Re:A vulnerability is not a vulnerability until? (1)

D4MO (78537) | more than 9 years ago | (#11630410)

Yes. A bomb is not a bomb until someone figures how to make it explode.

Re:A vulnerability is not a vulnerability until? (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11630482)

True, but if a builder (let's call him Bill Gates), left such a door on a new house, and a thief came along, threw a bucket of water on the door and walked off with the stereo, who's fault is it ?

a) The builder ?

b) The house owners ?

c) The thief ?

Re:A vulnerability is not a vulnerability until? (1)

Trigun (685027) | more than 9 years ago | (#11630611)

I would say all three, and I would throw in a fourth person so we can split up round numbers. We don't want the pesky $1,000,000 split three ways problem. Who pays for the extra penny?

Re:A vulnerability is not a vulnerability until? (1)

donharper (857802) | more than 9 years ago | (#11630491)

I don't exist because you don't know me.

**Freud is rolling over in his grave as we speak.

Re:A vulnerability is not a vulnerability until? (0)

Anonymous Coward | more than 9 years ago | (#11630581)

Yes, Symantec is good. If they say a vulnerability is not a vulnerability until its discovered, then it isn't. Now if you don't mind, I need to restart my computer.

a minor flaw in his logic (3, Insightful)

Anonymous Coward | more than 9 years ago | (#11630403)

Like all talking heads the guy didn't think before opening the mouth. The problem is this : you don't know if anyone had previously found this vulnerability. So you can't say it wasn't a vulnerability before *you* found it or before it was reported to *you*. The are unknowable numbers of unknown vulnerabilities and known numbers known vulnerabilities. You cannot know the size of the unknown set -- even if it is in reality the empty set.

Re:a minor flaw in his logic (1, Informative)

Anonymous Coward | more than 9 years ago | (#11630703)

Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know.

bad practice (1)

opposume (600667) | more than 9 years ago | (#11630413)

Microsoft has tried to go this rout by trying to stifle any release of "known" vulnerabilities so that they can't be exploited by the masses. See how well THAT worked? They should work at faster release of updates instead of waiting for it to become a serious issue... Especially with something THIS severe...

Sheer brilliance (5, Insightful)

stinky wizzleteats (552063) | more than 9 years ago | (#11630414)

From TFA:

A vulnerability is not a vulnerability till somebody discovers it

So that's how security works! Supress knowledge of the problem!

It's nice to see that Symantec's corporate culture hasn't changed very much since the days when Peter Norton thought computer viruses were an urban legend.

Re:Sheer brilliance (1)

Laurentiu (830504) | more than 9 years ago | (#11630664)

Repeat after me: there is no ROT13. There is no ROT13. There is no ROT13.

See? You CAN have privacy online.

Okay, Farkers... (5, Funny)

Mmm coffee (679570) | more than 9 years ago | (#11630416)

You know all those idiotic flamewars that spring up whenever the "irony" tag is used?

Once and for all - THIS is irony. You can shut up now.

Symantic owes us money for a broken product. (0, Redundant)

BrentRJones (68067) | more than 9 years ago | (#11630418)

I gave up on NAV. Always wanting subscription cash. Always wanting you to upgrade.

AVG for free is for me.

If I'm the CEO, this guy gets fired now. (1)

lythander (21981) | more than 9 years ago | (#11630430)

OMFG. Who would say it's not a vulnerability until it's known? Known by whom? If a black-hat knows, and shares it quietly with other black-hats, thi scould be devastating without ever being "known." This is security by obscurity, except it isn't well obscured.

Or did Symantec know, and just not mention it to their customers (so it wasn't "known") ?

Re:If I'm the CEO, this guy gets fired now. (1)

shrubya (570356) | more than 9 years ago | (#11630677)

...which is why you're a techie instead of a manager.

Not a flame, just a fact about the way the world works.

A vulnerability is always a vulnerability. (5, Insightful)

JessLeah (625838) | more than 9 years ago | (#11630436)

"A vulnerability is not a vulnerability till somebody discovers it." This sort of rubbish is a rather amusing reflection of corpthink.

It's rather like saying "A law of Physics isn't a law of Physics until somebody discovers it."

A vulnerability is a vulnerability, period... meaning that something is vulnerable. Whether or not anyone's yet realized it's vulnerable is another story.

If you didn't put a lock on your door, would it "not be unlocked" until someone came by and realized that the door lacked a lock?

Re:A vulnerability is always a vulnerability. (1)

DingerX (847589) | more than 9 years ago | (#11630663)

Actually, no, that's quite true. A vulnerability that is undiscovered is not a vulnerability. Just as a word (e.g., "miostizr") is not a word until somebody assigns meaning to it.

Of course, someone other than Symantec's friendly competitors may already have discovered the vulnerability. He didn't say "A vulnerability isn't a vulnerability until we discover it".

And, yeah, sure, "A law of Physics isn't a law of Physics until somebody discovers it." After all, if it doesn't help us understand our world, what good is it?

Re:A vulnerability is always a vulnerability. (1)

JessLeah (625838) | more than 9 years ago | (#11630693)

I'm pretty glad there was gravity before it started helping us understand our world.

Re:A vulnerability is always a vulnerability. (1)

Querty (1128) | more than 9 years ago | (#11630733)

Nah, a law of Physics is a flaw of Physics until somebody discovers it.

Surprisingly honest (5, Interesting)

phorm (591458) | more than 9 years ago | (#11630453)

I'm actually quite surprised that Symantec posted the notice about this publicly, rather than simply including an update in its next online patch.
br Definately a bad vulnerability, but kudos for being honest about it. I wonder though how liable they are to damages... not good when antivirus software actually ends up trigging the infection.

Slashdotted already? (1)

sm8000 (780163) | more than 9 years ago | (#11630475)

Is it just me, or is the patch/update download site already slashdotted? I can't get it to load.

AVG and Anti-Vir (2, Interesting)

dlZ (798734) | more than 9 years ago | (#11630494)

Everytime I see a machine come into my store with a Symantec or a McAfee product I recommend a better solution. Running AntiVir or AVG on a machine with either product will almost always produce a large list of positives, even if they are spyware related trojans just waiting to be run to download tons of crap. But then I also recommend and will install Firefox (or another mozilla based browser) on anyones machine. Machines with Firefox tend not to come back broken 2 days later.

This doesn't surprise me in the least with the quality I've experienced with their products. After I recommend another solution, everyone seems to say something about it being recommended at Best Buy/CompUSA. And if the worker there thinks it's good, it must be. Wonder if they get a kick back on Symantec products?

Re:AVG and Anti-Vir (0)

Anonymous Coward | more than 9 years ago | (#11630743)

Computers: By Geeks, For Geeks. If the rest of the world cannot figure out how to use a PC, too bad for them. right?

Mass market solutions like Windows & Norton exist because it is what the majority of people want. Yes firefox is better than IE, yes AVG is better than Norton but mind share counts when it comes to the dollars. John Thompsons (Symantec CEO) is very successful and Bill Gates, king of the world ma? Ask the average person who Linus Torvalds is...

You want money, you want fame, the best does not always win.

Now leave me alone while I use my betamax tape player to record another laser disc for archival purposes while I listen to another minidisc recording.

Cheers!

Less is more... (0)

Anonymous Coward | more than 9 years ago | (#11630537)

If you eliminate the need for an extra layer of tools such as the anti-virus products, you'll reduce complexity.

Less complex systems fail less often and when they do fail they tend to fail in more predictable ways only partially because there are fewer dependencies for people to track.

  1. ((I include in the people category the programmers who create the tools as well as someone using interactive software that is both focused on a specific task as well as more along the lines of a canned wizard with some interactive options.))

In my experience.... (2, Insightful)

devphaeton (695736) | more than 9 years ago | (#11630549)

....Norton Antivirus/Internet Security is the biggest piece of shit excuse for security software EVAR. It is poorly designed, poorly implemented, always breaks, and the only fix is "please reinstall NIS".

Now they're getting into spyware/adware removal, and Norton will always find stuff, but when trying to deal with it it just gives a 'delete failed' message and that's it. And it will continue to nag you about things it finds.

People who don't know anybetter see these displays in best buy, and believe the hype and go home and install this paranoiaware. If it is NIS it promptly breaks their internet connection and screws up their email client. If they call symantec for help in configuring, symantec will refer them to their ISP.

What a bunch of fucks. Color me mofo, but i'm telling people to uninstall NIS these days (and the funny thing is that complete removal often requires registry hacking). It's more trouble than it is worth. Tech support is bad enough without this crap.

Re:In my experience.... (2, Interesting)

joejoejoejoe (231600) | more than 9 years ago | (#11630718)

NAV/NIS - I hate them too, with a passion, maybe not as much passion as you, but I HATE THEM. I use avast ( www.avast.com ) - it's free, and WORKS.

I paid for NAV2004 (or whatever) and registered/activated it and it promptly broke, I uninstalled it and guess what? I had to reactivate it and call them on the phone! After not being able to do this bc it was a weekend, I waited on hold for an hour on Monday and promptly gave up in disgust. So I let my pay-version of NAV go unused and instead use Avast now. I tell my friends to use Avast too.

www.avast.com
-Joe4

NAV Sucks Ass (0, Troll)

http101 (522275) | more than 9 years ago | (#11630553)

That's because your fucking software is built to run in ActiveX! So when I get a virus in ActiveX, it shuts down ActiveX after embedding itself on my system, therefore Norton AV will NOT run and fails to clean up the virus. Congrats, I'm now a zombie. Thanks you stupid mother fuckers.

Symantec AntiVirus/Filtering for Exchange 3.0 (0)

Anonymous Coward | more than 9 years ago | (#11630562)

Anyone can find reference to it on Symantec site?
Is it vulnerable?

and what if *.exe files are blocked via the extension name rule? the vulnerability still exists?

The easy solution for this... (0)

Anonymous Coward | more than 9 years ago | (#11630567)

Reboot your computer.

The bios will make sure, that the correct kernel is loaded. The kernel will make sure, that the newest update from Norton is installed, and the newest update from Norton will remove the viruses.

Obligatory Joke... (1)

TooMuchEspressoGuy (763203) | more than 9 years ago | (#11630568)

Antivirus software may execute virus code... What's next: Windows will *not* execute virus code?

We can only hope.

Here's the scanner source code: (2, Funny)

Anonymous Coward | more than 9 years ago | (#11630572)

#!/bin/sh
echo Scanning...
for file in `find /`
do
sudo $file
if system_still_running
then
echo File $f OK
fi
done

Ah, Irony (1)

GatesGhost (850912) | more than 9 years ago | (#11630584)

the antivirus program has become the very thing that it has been programmed to stop.

Actual Vulnerability Link (4, Informative)

Talian (746379) | more than 9 years ago | (#11630589)

Got this link from Platinum support. UPX Parsing Engine Heap Overflow [sarc.com]

It provides a bit more information on the specific builds that are a problem. Affects a great deal of their software.

The flaw is Windows(TM) itself (0)

Anonymous Coward | more than 9 years ago | (#11630595)


Viruses (not that i have seen a real one in ages)/spyware/trojans/rads/ already kill scanners because they can,
they just find the process and kill it even "protected processes", they even do firewalls too, many just carry a list of the most popular filenames and if it spots the process it kills it, rips it registry entries out and voila , no protection, disabling a virus scanner or software firewall is trivial at best (of course the key is if the malware is not identified by the scanner first)

i have had 0-day worms infect my customers who had Symantec protection (with daily! updates) and because that signature had never been seen before it ignored the worm until it had sent 200 emails from the contact list (with a copy of itself) and the user spotted the Word was slow because the scanner was scanning 200 outgoing mails

which meant that the antivirus failed its job , and could no longer be trusted, symantec was at that point a waste of money

the flaw is in the way Windows works itself not the virus scanner

No offence to Symantec (0)

Anonymous Coward | more than 9 years ago | (#11630613)

but some of us have seen this for ages, bitched and moaned about it, and switched people ultimately to other software because this has been happening for a LONG time. Ever notice how fully patched systems with Norton's on it (which is fully up to date, on broadband so it gets the updates immediately, etc) seem to still get viruses that Norton's just doesn't pick up. Hate to say this but this is common knowledge to most who deal with this everyday. For everyone else, here's your wakeup call. All of the major AV players are under attack.

keep it simple (2, Interesting)

oreaq (817314) | more than 9 years ago | (#11630635)

  • Every software has bugs.
  • Some of the bugs are security related.

If you want to have a secure system you have to use less software, not more. Virus scanner et al are part of the problem, not part of the solution.

"A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." -- Antoine de Saint-Exupery

More details here... (5, Informative)

Otto (17870) | more than 9 years ago | (#11630637)

http://www.symantec.com/avcenter/security/Content/ 2005.02.08.html

The gist of it is that there is a heap overflow in a part of the Symantec antivirus engine that they call DEC2EXE. This is a decoder for compressed executable files. The idea is that you have to decompress it to scan the thing, this module does the decompression.

So a carefully crafted EXE file could overflow part of this code and cause arbitrary code execution.

This module isn't just in Norton Antivirus, BTW, it's in a heck of a lot of Symantec Antivirus products. So if you're running any Symantec anti-virus product, not just the home consumer stuff, you might want to head over there and get a patch.

To People Bashing Symantec (2)

OverlordQ (264228) | more than 9 years ago | (#11630687)

It's not like FOSS haven't had their share of local arbitrary code execution exploits before.

I'm suspicious of Symantec anyways (1)

devphaeton (695736) | more than 9 years ago | (#11630698)

For all their pandering and pushing paranoia-ware, i sometimes suspect that maybe, just possibly, some of these worms that get released might come from Symantec themselves.

Call conspiracy theory if you want, but it seems that with a lot of the "good" worms, Symantec is the first to announce it, and they've got a full analysis of what it does, how it works, what it's written in, etc, even if they claim the worm has only been "out" or "released" for 12-24 hours. This includes details that might be hundreds or thousands of varying filenames the worm will drop, what it does on certain times or dates that haven't occured yet, and various other things that are internal to the program itself.

Yes i know you can take an executable and reverse engineer it to see how it works, but i'm sure some things will get lost in translation. Plus, in their description of their buzzwords and jargon, they define "Zoo Threats" as worms that "only exist in antivirus labs".

I'm not saying that there *aren't* plenty of mofos around the world writing worms out of spite, but I think that sometimes the actions of Symantec might belie a hidden agenda.

Business is business.

A vulnerability is not a vulnerability... (1)

nysus (162232) | more than 9 years ago | (#11630699)

...until someone discovers it?

Not a good way to think. That's like saying Iran having nukes isn't a concern becuase we haven't uncovered any direct evidence. The idea is to expose the vulnerability so you can do something about it.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?