Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Symantec AntiVirus Hole Found

CowboyNeal posted more than 8 years ago | from the safer-than-sorry dept.


Hotwater Mountain writes "eWeek has a story about a gaping security flaw in the latest versions of Symantec's anti-virus software suite that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine 'without any user action.'"

Sorry! There are no comments related to the filter you selected.

Yay (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15407785)

Dikky is gay, Props to the GNAA

That saves time! (5, Funny)

bunbuntheminilop (935594) | more than 8 years ago | (#15407792)

Symantic will only have to make viruses for its own programs!

(ouch, that was a little harsh)

Re:That saves time! (1, Flamebait)

jon1nim (977214) | more than 8 years ago | (#15407804)

and this surprises who? I guess only the people who use this cr@p software!

Re:That saves time! (0)

bunbuntheminilop (935594) | more than 8 years ago | (#15407925)

seems our opinions are a little unpopular.

Re:That saves time! (0, Insightful)

Anonymous Coward | more than 8 years ago | (#15407958)

Yep, say something utterly stupid about Symantec and you're a jerk and a troll. But do the exact same about MS you're +1.0E+100 Insightful Funny Coolest Guy Evar. So you see, you only made two mistakes:
  1. Failed to understand the masses of drooling idiots and full-blown wackos that make up the vast majority here
  2. Simply posted in the wrong discussion
Know thy peers, for they are as predictable and easily played as they are moronic and irrational.

Re:That saves time! (2)

jon1nim (977214) | more than 8 years ago | (#15407994)

I sure hope option 3 is PHONE A FRIEND because Mcafee and Norton could suck money out of an Enron Execs. hand!

Details? (5, Insightful)

SomeGuyFromCA (197979) | more than 8 years ago | (#15407800)

Is it server-side or client-side? Is it push or pull?

If it affects the install on the clients, but needs to get access to them, I wave my paw and say "bah."

If, on the other hand, it can attack the server...

Well, then again, everything should be behind a firewall anyway, with only needed ports forwarded.

I mean that's just common sense...

Re:Details? (5, Informative)

neil.orourke (703459) | more than 8 years ago | (#15407818) [] had a writeup about this which said that Norton Internet Security guarded against this flaw in Norton AntiVirus. Go figure on the implications of that.

Re:Details? (4, Funny)

cp.tar (871488) | more than 8 years ago | (#15408137)

OK, let me try:

  • First they sell you an antivirus to protect you against viruses and other malicious code.
  • Then they sell you a security package which will protect you against malicious code which the antivirus cannot detect. Or which attacks the antivirus itself.
  • Soon they'll sell you an additional package which will make sure nothing gets past the security package.
  • And another one to keep all those in check.
  • Therefore, soon enough no code will be able to execute because all the CPU cycles will be reserved for Symantec security.

Perfect security - and the Quis custodet ipsos custodes? problem solved. Rather neat...

Re:Details? (5, Funny)

Jesus_666 (702802) | more than 8 years ago | (#15408209)

Norton Antivirus offers perfect security. Just leave it installed on a home user PC for long enough. Sooner or later the system will shut down in an unclean fashion, which NAV will take as a reason to hang at startup, taking the NIC with it.

Bang - no NIC, no malicious traffic from the internet.

Re:Details? (1)

mapkinase (958129) | more than 8 years ago | (#15408190)

Now I have to convince my laptop that not to be able to use half of the apps without annoying IS popups is better that having the security hole... Luckily, all it can say is multiple choice question: "How long do you wish to have Norton Internet Security turned off?" And the answer always is: "Until system restarts, honey".

Re:Details? (2, Interesting)

sumdumass (711423) | more than 8 years ago | (#15408225)


Just wait until some PHB or road warior brings thier laptop in and it is infected. Or my favorite, Someone (law clerk) was bringing in Files that her computer at home wouldn't open corectly to see if the work computers could open them because they seem to do more. I guess the idea was to make sure they weren't needed before they got deleted.

And what of the firewall is a nortan product? or spread VIA email too. Ohh well

It's hard to imagine.... (2)

HotNeedleOfInquiry (598897) | more than 8 years ago | (#15407810)

How a company could fsk itself more or harder. First the totally bogas licensing restriction of Ghost, the last good product they made, and now this. Sad.

Re:It's hard to imagine.... (5, Insightful)

Anonymous Coward | more than 8 years ago | (#15407886)

Symantec hasn't actually ever made a good product. They BUY good products and then drive them into the ground. Ghost was just the last of the Norton suite of products that they got arround to breaking.

Actually as far as I can tell Symantec hasn't actually ever made a product at all. I'm sure they must have once, how else did they ever get the money to buy Norton in the first place (venture capital I guess), but every Symantec product I can think of was originally aquired from someone else.

I'd find it very hard to imagine a company that has done nothing but destroy every piece of intelectual property it aquires and continues to make money. Unfortunately I've seen it...

Re:It's hard to imagine.... (0)

Anonymous Coward | more than 8 years ago | (#15408095)

Wow, I can't believe some slashbot modded this flamebait. Normally Symantec is somewhere between RealMedia and Computer Associates on the "Software Companies Every Nerd Hates" index.

Re:It's hard to imagine.... (4, Insightful)

bm5k (971998) | more than 8 years ago | (#15408279)

I'd find it very hard to imagine a company that has done nothing but destroy every piece of intelectual property it aquires and continues to make money.

Why? AOL's been doing it for YEARS. Remember ICQ? Winamp? Need I say more?

Re:It's hard to imagine.... (1)

wibwib (443857) | more than 8 years ago | (#15407928)

What's worse is they bought Ghost of a Kiwi. Antivirus companies blow

Re:It's hard to imagine.... (2, Informative)

Simon Garlick (104721) | more than 8 years ago | (#15407935)

That was the old "classic" Ghost. The new one is just a rebadged Powerquest DriveImage.

No wai- (2, Funny)

RenHoek (101570) | more than 8 years ago | (#15407812)

Protect your computer! Remove your virus scanner! .. hang on.. :) Very sloppy.. It's like the firebrigade trying to save your house with flamethrowers.

Re:No wai- (4, Funny)

B3ryllium (571199) | more than 8 years ago | (#15407854)

Well, they do say that you should fight fire with fire ...

Re:No wai- (3, Funny)

Nefarious Wheel (628136) | more than 8 years ago | (#15407891)

Dunno, I find that the cold proc of Blade of Walnan works better for fire elementals in Nadox than Fist of Ixiblat, which is a fire proc.

Oh, wait...

Re:Fire elementals (0, Offtopic)

hackwrench (573697) | more than 8 years ago | (#15407963)

But what do fire elementals feed on? If you use Fist of Ixiblat to burn up their food source, that would be using fire to fight fire as suggested.

Re:No wai- (2, Insightful)

Jesus_666 (702802) | more than 8 years ago | (#15408223)

Fighting fire with fire. Phh. Did that work in Kuwait? No, sir. Real firefighters use explosives to extinguish the fire, which is why our local fire department has completely switched over to C4. It saves a lot of water, too.

As for NAV... Maybe you could use a special NIC that detects malicious traffic and self-destructs rather than passing the packet to the rest of the system.

Re:No wai- (0, Offtopic)

Lord Kano (13027) | more than 8 years ago | (#15407857)

It's like the firebrigade trying to save your house with flamethrowers.

Or it's like politicians destroying the rights of the citizenry to protect them from terrorists.


Re:No wai- (1)

Nanpa (971527) | more than 8 years ago | (#15407862)

A better analogy would be to dam a river with swiss cheese

Re:No wai- (0)

Anonymous Coward | more than 8 years ago | (#15407874)

No, I think the flame throwers was better.

Re:No wai- (1)

HotNeedleOfInquiry (598897) | more than 8 years ago | (#15407908)

We had to 0wn the machine in order to secure it.

Re:No wai- (1)

ThePengwin (934031) | more than 8 years ago | (#15408008)

Oh no the flamethrowers arent working!!

Use the ethanol!!!

well i have dreaded the day when an antivirus program could do more damage than good.. it shows that human error can occur anywhere. on a kind of off note.. how many viruses dont work properly?? i would like to see some figures of that :)

Re:No wai- (1)

Zane Hopkins (894230) | more than 8 years ago | (#15408153)

Some firebrigades [] do use flamethrowers.

Good news, everyone! (5, Funny)

christopherfinke (608750) | more than 8 years ago | (#15407813)

"This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine."
Well that's a relief. Who would ever want to use the Windows shell? I'd call that security through, uh, suckurity.

Re:Good news, everyone! (5, Funny)

gbobeck (926553) | more than 8 years ago | (#15407851)

I'd call that security through, uh, suckurity.

Toss in the complete inability to hack that most script kiddies have... and now you also have security through stupidity.

I always loved watching my snort logs when some kiddie attempted to 0wn my FreeBSD server running Zope/Plone + Apache by tossing every IIS 5 attack they have a script for.

what a joke they are (1, Insightful)

deglr6328 (150198) | more than 8 years ago | (#15407827)

Why does anyone even use thier products at all anymore? Three little letters: A V G. after removing symantec's bloatcrap and installing AVG free its practically equivalent to gaining ~.5 GHz.

It depends (2, Insightful)

smvp6459 (896580) | more than 8 years ago | (#15407848)

I'm not a Symantec fanboy but Symantec Antivirus (SAV) - the enterprise version - is pretty lean. As for Norton Antivirus or whatever they call it now...I couldn't agree more with your estimation of its bloatedness.

Re:It depends (1)

Amouth (879122) | more than 8 years ago | (#15407894)

yea the corprate editions of norton rock.. none of the flashy bloated crap.. jsut install and forget.. talks to the managed server and does it's job.. with less overhead than i have ever seen any other virus scan for windows.

Re:It depends (4, Interesting)

MillionthMonkey (240664) | more than 8 years ago | (#15407977)

I work at a big stupid company that has a site license for Rational Clearcase, a totally retarded product we are forced to use by upper management. Fortunately, SAV 10 is incompatible with the Clearcase Windows client- it diagnoses it as malware and attempts to remove the "infection". So we cannot upgrade from SAV 9. When they were doing the automated rollouts a few days ago, we had to send our machine names to the CC administrator to prevent the upgrade process from installing SAV 10 on our machines.

So now we don't have to worry about this security hole, which means we can finally say that something good came out of using Rational Clearcase.

Re:It depends (1)

tomstdenis (446163) | more than 8 years ago | (#15408266)

No, take that back. Clearcase is the bane of all existence. Slowest POS ever...

Sure virtual file systems "views" sounds great on paper, the reality of it, specially over the 100Mbit at my work, is it's slow as fuck. You can take any 2 hour build and turn it into a 4, 6, 8 and I've even seen 10 hours on a dedicated box [e.g. only sharing the network not the CPU].

Give me CVS any day :-) At least when I check out 10GB of source [once] I can build it locally as much as I fucking want!


Re:It depends (0)

Anonymous Coward | more than 8 years ago | (#15408274)

I'm with SAV on this one: ClearCase is malware that should be removed. Actually, base ClearCase is quite powerful but UCM+ClearCase is totally retarded. Speaking of retarded, did your managers clobber you with the whole ir-Rational suite of RUP, UCM, ClearCase, ClearQuest, RequisitePro, XDE, RSM? They are all crap. 30-40% of project time is wasted on this crap. Following RUP, to put 120 lines of SQL into production required 32 "work products" - the new RUP term for artifacts (can't we just call them documents?) - and took 3 people 5 months. Crap, crap, crap.

Re:It depends (1)

homer_ca (144738) | more than 8 years ago | (#15408048)

Symantec Antivirus Corporate Edition is okay, but try loading the firewall too (the bundle is called Symantec Client Security). All the processes use over 100MB of RAM. The interface is clean, but the bloat is still there.

Re:what a joke they are (1)

jofi (908156) | more than 8 years ago | (#15407889)

No kidding.

I installed the 2006 trial on a clean test pc, it took an hour to install, and the PC is by no means slow. After rebooting when told, ccApp.exe and CfgWiz.exe were using the CPU 50/50 and continued to do so with nothing showing up. So the install technically never finished. Same thing with 2005, and 2005 SE from the Google pack.

Re:what a joke they are (0, Insightful)

Anonymous Coward | more than 8 years ago | (#15407920)

People use Norton Antivirus for it's virus detections. People use AVG because it's free. When it comes to detecting viruses, AVG doesn't compare to Norton.

Re:what a joke they are (1)

Macthorpe (960048) | more than 8 years ago | (#15408146)

That's the funniest thing I've seen all day.

When I switched from Norton to AVG because I was a penniless student, AVG found 3 viruses that Norton completely missed. When my father used Norton for his business he lost 2 days of chargeable business to a virus (SirCam) that was widely known about for weeks but wasn't detected by Norton because it hid in the Recycle Bin.

People use Norton because it's called Norton. It's bloated and it's useless.

Re:what a joke they are (3, Insightful)

Mistshadow2k4 (748958) | more than 8 years ago | (#15408159)

Pure, unadulterated BS. I've used both and Nortons absolutely sucks compared to AVG. With Norton's my computer got so badly infected that I had to reinstall the OS two different times. Installed AVG and never had that problem again. Did I download anything that had the virus in it? No! Both times the viruses downlaoded themselves straight into my computer from the internet -- which means Norton's firewall didn't do anything to stop them. On top of this, one time I uninstalled it in order to reinstall it and I couldn't boot Windows afterward.

Nevertheless, I think Avast! is the best antivirus, but I've heard a great deal of good aobut NOD32 and Kaspersky's. Any of them beat Norton's. Hell, as bad as Norton's can screw up your computer no antivirus is sometimes better. I don't know how many times I had to reinstall it because it started screwing up or just didn't install right in the first place. All of that applies equally to McAffee too.

I don't know what the deal is here with you and whoever is modding anything critical of Symantec as "flamebait" and your BS as insightful, but you can't quit with the outright lying. You've both made yourselves as transparent as freshly-cleaned glass. Normally, I'd think someone who made such an accusation was paranoid, but that's how blindlingly obvious you guys have been. And the thread is still young. Too bad the people running this site aren't involved enough to care anymore.

Re:what a joke they are (1)

EvilMonkeySlayer (826044) | more than 8 years ago | (#15408175)

I call bs on that.
Give us proof.

oh piffle (2, Interesting)

OctaviusIII (969957) | more than 8 years ago | (#15408056)

My NAV is using a total of 9Mb RAM on my system as I type. It's always been more reliable in catching viruses than AVG, too.

Re:what a joke they are (1)

HaydnH (877214) | more than 8 years ago | (#15408169)

Cool, I can turn my PII 300 into a 800mhz?? Why wasn't I told about this before?!?

Re:what a joke they are (0)

Anonymous Coward | more than 8 years ago | (#15408192)

Actually SAV turns a P4 3GHz into something that feels like a PII 300. (I have the unpleasant job of persuading SAV not to cripple our network and/or servers whilst actually preventing infections from dodgy discs and pen drives brought in by users)

So people have discovered Nortons DRM Rootkit? (5, Funny)

oztiks (921504) | more than 8 years ago | (#15407835)

They are just calling it an exploit just so they dont get into trouble ;)

Symantec Corporation (1)

Alien Being (18488) | more than 8 years ago | (#15407838)

With friends like us, who needs enemies?

stating the obvious (0)

Anonymous Coward | more than 8 years ago | (#15407842)

All your SAV are belong to us?

Who has heard that conspiracy theory (5, Funny)

Sentri (910293) | more than 8 years ago | (#15407843)

That the Antivirus people are the ones putting the virus's out there to keep their businesses running

*grabs tinfoil hat*

Re:Who has heard that conspiracy theory (0)

Anonymous Coward | more than 8 years ago | (#15407940)

LOL, they don't need to. And if they did, chances are they'd just move on to something else.

Re:Who has heard that conspiracy theory (1)

wraithgar (317805) | more than 8 years ago | (#15408040)

That the Antivirus people are the ones putting the virus's out there to keep their businesses running

I remember saying that quite awhile ago [] , or at least something vaguely along those lines.

Re:Who has heard that conspiracy theory (2, Insightful)

Half a dent (952274) | more than 8 years ago | (#15408180)

Who HASN'T heard that conspiracy theory? No really I'm interested, I might even get a grant for a study.

Throw me a friggin bone! (5, Insightful)

BarryLoper (928015) | more than 8 years ago | (#15407846)

OK that leaves about every question unanswered.

At least give us a little bit on how this vulnerability could be exploited other than: This flaw does not require any end user interaction
  • Do I have to browse to a malicious website?
  • Do I have to download an infected file for it to scan?
  • Does it somehow come in on Live Update?
  • What if I have a firewall?

Throw me a friggin bone here! I'm the user... Need the info...

I suppose the important part is they got the scoop!

Re:Throw me a friggin bone! (4, Informative)

skiflyer (716312) | more than 8 years ago | (#15407922)

I didn't read this link, but I read it on CNN, and to answer your first two questions no... they very specifically said the real concern here is that a user can be attacked without doing anything.

As far as #3, the hows were unaddressed.

#4, it seems that at least several firewall packages block it just fine... but there was no discussion as to whether or not it was something special about the packages mentioned, or if it's just blocking some specific port that makes you safe.

The Hows: A well reasoned theory and some impacts (4, Interesting)

allroy63 (571629) | more than 8 years ago | (#15408269)

How the exploit functions (a loose theory) 1. It is widely accepted that the Corporate versions of the software are those that are affected. The major difference between the Symantec corporate and home use anti-virus clients is their ability to be managed by a centralized server. From the server environment one can initiate any number of tasks - including a remote installation of the client, remote scans, etc. IIRC this functionality is accomplished through connection to a listening port on the client machine. This would fit the theory of what it is that is so different and that a user needs to do absolutely nothing but have the machine on a network with the Symantec service running. 2. The current CNN coverage located here ( irus.flaw.ap/index.html) indicates that home use editions of the software are not affected, "though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected." [] Many of these same users are also granted secure access to remote servers behind their companies' firewalls... 3. This is a major concern because it means that we're not looking at a situation of massive numbers of zombie bots that are all deployed to do some low level inane task like e-mailing tons of spam to people. It means that the firewalls of the various institutions of power, privilege and profit around the globe who have purchased Symantec's products become functionally useless as employees head home to plug into their non-firewalled-my-cousin-set-it-up-for-me cable or DSL connection at home. It also means that any confidential data stored on those remote machines is more likely to theft. Consider the recent stories in the U.S. media of the theft of a laptop containing thousands of citizens social security numbers. Now magnify that situation by imagining that everyone with access to confidential data on a laptop running Symantec place the laptop on the front porch of their home each night. It will be interesting to see how Symantec handles this. I am hopeful that a LiveUpdate can correct the situation and will be looking into turning off the remote management features on the client machines I manage as a precaution. I don't know that there's a link, but it seems like a fairly plausible source of exploit that is clearly delineated from the home version... 2.

Re:Throw me a friggin bone! (3, Interesting)

LordFolken (731855) | more than 8 years ago | (#15408115)

The advisory is rather bleak at the moment, so following is pure speculation:

Past exploits in software firewalls where issues in the packet inspection engine. The engine packs itself infront of the tcpip stack of windows and inspects _every_ packet that goes in or out, regardless of wheter it connects to some port or not. This is done in order to log the packet and to reassure the user with annoying popups that his investment was worth his money.

Back to antivirus: This thing also scans email. It does this by scanning the traffic on pop3 and imap ports. My suspicion is that it does this regardless of the connection state. E.g. if you send packets from port 110 to the target machine it probably inspects them, even if the target machine isn't currently downloading any email. Again: this is speculation on my part.

To answer the parent's questions:

If the above is the case:

- Do I have to browse to a malicious website?
Probably not.

- Do I have to download an infected file for it to scan?
It's possible that the worm also works when an email is scanned. So if you recieve an email that has such a virus attached your machine would be also infected even if you'd use a hardware firewall.

- Does it somehow come in on Live Update?
Unlikley. You'd have to do a man in the middle attack for that. E.g. capture the users dns traffic or route his traffic through the mitm. Both rather unlikley in an Internet scenario unless you have a _really_ lousy provider.

- What if I have a firewall?
In a connection-state tracking software firewall it would matter in what comes first: the antivirus or the firewall. A hardware firewall would protect you better as it comes first in any case, but it wouldn't protect you from an exploit that travels from your e-mail account to your machine.

IMO symantec products all suffer from bloat:
  - Way too many features, no average user can comprehend. (and i have a suspicion that the devlopers don't either.)
  - The install base from the complete package is probably above 100MB. I think a firewall and
antivirus should be doable in a fraction of that. (excluding signature files)
  - They slow the systems they are installed to to a crawl.
  - I get 5+ support calls a day that deal with broken symantec products. (e-mail and internet related.)

Please use FreeAVG, AntiVir or learn how to use ClamAV!

Better yet: install FOSS software like i have done years ago, and get rid of _all_ these problems in an instant.

Older Versions? (3, Insightful)

tecker (793737) | more than 8 years ago | (#15407850)

I noted that the eEye details [] point out this:
Symantec Antivirus 10.x
Symantec Client Security 3.x
(Other Symantec Antivirus products are also potentially affected, waiting for vendor list)

Question 1: Are norton Consumer level products (Norton/symantec Antivirus 2006 for example) in this list.

Question 2: Where does this security vulnerability lie? In the scanning engine or in the GUI appliation wrapper or helper dll. This could let us know if the Symantec Antivirus 9 -> 1 are bad.

Im holding Slashdot to a Slashback on this as this unfolds.

BTW, any takers on the ammount of time till patch. Clock starts now.

Re:Older Versions? (2, Interesting)

Amouth (879122) | more than 8 years ago | (#15407906)

i bet June 7th 2006

jsut because they release updates on wensdays and i don't thing they will have a cert'ed patch ready by wensday as this is a holiday weekend and their customers don't matter to them (at least the ones that could be infected)

Consumer versions not affected (5, Informative)

Anonymous Coward | more than 8 years ago | (#15407858)

Coverage on rus.flaw.ap/index.html [] CNN notes that it appears only the corporate version is affected.

"eEye said it appeared consumer versions of Symantec's Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw, though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected."

Re:Consumer versions not affected (0)

Anonymous Coward | more than 8 years ago | (#15408105)

It figures. They use the Corp version at work and naturally we have had repeated virus attacks inside the network anyway, and worse, the attitude that the viruses can't be here because big name, big dollar Symantec is protecting us. So we're safe and that's that.

We have had to nearly beg to get servers fixed. "Bargain.exe is supposed to be taking 100% of the CPU and network. No it doesn't matter if SQL server has every port in use by unknown processes. Symantec would never let a virus run amok so it can't be a virus so it's not a problem. Q.E.D."

Not to say Norton at home is any better: I tried AVG on a machine that had been running Norton and found a virus that had apparently been inside a zip file that had been on the drive for three years, totally undetected. Norton said nothing the entire time despite having been set to scan zips.

But AVG is not free of faults either: one of my AVG-protected machines got hit hard by a virus that just completely bypassed AVG. It was no protection at all. So much for free.

I use NOD32 now.

Symantec (1, Troll)

ikejam (821818) | more than 8 years ago | (#15407870)

Symantec seems to be pulling a lot of crap these days, that is charecteristic of a company struggling to stay relevant and by making up for the degradation of quality in its products by othe means (like the other big one) - writing threat exaggeration articles trying scare customers, bloated inefficient personal antivirus solutions, and now vulnerabilities!

Re:Symantec (1)

balevine (925407) | more than 8 years ago | (#15407899)

Would you rather have VISTA take care of it?! I'm sure they've been holding out their super-secert-super-duper virus scanners that will make all future Windows systems as safe and secure as Linux or OS X........right?

Re:Symantec (1)

bobcat7677 (561727) | more than 8 years ago | (#15408001)

What does Microsoft have to do with Symantec/Norton's problems? The Symantec/Norton line of products have not offered an acceptable level of virus protection since mid-2001 or so and have suffered from bloat and incompatabilities for much longer then that. I can remember telling more clients then I can even count to "uninstall Norton" in order for them to be able to install or even run some other program back in the '90s. There are probably a whole lot of software companies out there that deserve to have about 60% of their support costs charged back to Symantec. These products have been suffering from poor development and general code bloat for years. I'm guessing it's not the developer's fault, they have probably been downsized and overworked for years to match. The only surprise to me is that it's taken this long for the serious issues with these products to actually make the headlines.

Exploits! (0)

Anonymous Coward | more than 8 years ago | (#15407871)

I expect to see exploits, if possible, in short order. Sounds like a nice little thing to add to one's bot nets... You must think like the spammers to defeat them, only with rapid patching will we be safe from their scum, or maybe not. Alot of things really depend on user ignorance, and that is always availible.

startkeylogger (4, Funny)

DrunkenTerror (561616) | more than 8 years ago | (#15407872)


DUH! we've been calling it Norton Virus for years! (5, Insightful)

aaron_pet (530223) | more than 8 years ago | (#15407895)

I've never seen a program cause as many problems as some of these name brand anti-virus programs.. they're worse than having the viruses!!! and they add extra complexity that gives attackers more possibilities for exploitation.

Keep your patches up to date, or don't connect to the internet...
Don't open ANY freaking attachments, unless you expect it, and you know where it came from... or don't connect to the network.

My mom's computer has their security suite? set up on it... it basically just nags her when programs try to do anything... it's nice that it warns about Real Player's nasties... but we all know to unistall that basterd and just use the codec... ... I'm saying stuff that everybody already knew... but nobody cared enough to nuke that company for the good of the world.

no proof of concept yet? (3, Insightful)

themysteryman73 (771100) | more than 8 years ago | (#15407901)

"there are no publicly shared proof-of-concept exploits or other information to suggest an attack is imminent"

Great, so lets just advertise that it's vulnerable instead of fixing it! How many h4x0rz are going to try to 'sploit this now as opposed to before for a quick ego trip?

Re:no proof of concept yet? (1)

A beautiful mind (821714) | more than 8 years ago | (#15408029)

Let me correct it for you.

"there are no publicly shared proof-of-concept exploits or other information to suggest an attack is imminent that we know of "

The best approach to vulnerabilities is to assume by default that the blackhats already know about them and are actively exploiting it, because you can't prove otherwise, so what you need asap is to inform the people about it.

Ever since Symantec took on Microsoft... (1, Flamebait)

jkrise (535370) | more than 8 years ago | (#15407912)

This was bound to happen.

0 Day and Away we GOOO!! (1)

mycall (802802) | more than 8 years ago | (#15407916)

This is a job for a 0 day attack. Attack!!

Yet again . . . (1, Flamebait)

pembo13 (770295) | more than 8 years ago | (#15407918)

. . . it sucks to be a Windows user.

AntiVirus is for Newbs (2, Interesting)

Anonymous Coward | more than 8 years ago | (#15407938)

I got the 'Stoned Virus' in 1989. Had another one that I can't remember about 4-5 years ago. Those are the only two virii I have ever gotten.

I had a bit of a problem a few years ago with SpyWare, first I Installed a IE plugin and then moved to FireFox.

These 'Security' behemoths are insane. They hog 20%+ of computer resources with their 'real time scanning'. The only time anything needs to be scanned is when it's first comming to your computer. Downloads need to be scanned, that's it! If I download something questionable, I'll run it through Trend Micro online scan before running.

Daily backups are the key. And not Whole Fucking Hard Drive Backups like most insane backup programs want to do. Backup your damn documents and data.

Firefox and a little common sense and this whole virus/spyware thing is just not an issue for me. I haven't run SpyBot/AdAware since last year. I occasionally scan my download folder with TM Online.

Re:AntiVirus is for Newbs (2, Informative)

Parham (892904) | more than 8 years ago | (#15408020)

Everything you said is absolutely right... except that only someone with a firm understanding of computers and software would be able to accomplish them. I don't know of many normal people that virus scan every file that first comes into their computer, backs up their MOST important documents, and uses Firefox.

The fact is that, even as a computer science student, I don't use Firefox always (because I'm currently using Windows), I don't make daily backups because they can sometimes waste a lot of time, and I let my virus scanner scan regularly even after I know my computer has no viruses (luckily I use AVG which doesn't hog resources).

Re:AntiVirus is for Newbs (1)

atarione (601740) | more than 8 years ago | (#15408058)

~~~ I don't use Firefox always (because I'm currently using Windows), I don't make daily backups because they can sometimes waste a lot of time, and I let my virus scanner scan regularly even after I know my computer has no viruses (luckily I use AVG which doesn't hog resources). ~~~

ummm..... you do realize they make firefox for windows too right =p

tit for tat? (3, Interesting)

mysticgoat (582871) | more than 8 years ago | (#15407943)

Recent history:

  1. Symantic files suit against Microsoft with some kind of anticompetitive or abuse of license beef involving Vista.
  2. A day or so later, Symantic announces a zero-day exploit of Word. The malware in the Word document drops the ginwui worm that opens a backdoor and uses rootkit technology to hide itself and its activities. Symantic says that some companies have been victimized by this perhaps for months.
  3. And now a day or so later, a company with close ties to Microsoft announces that a major Symantic product contains a massive security flaw.

Does anyone else feel that this time line suggests that the last item or two might be part of a hidden agenda? Are we witnessing the start of a FUD throwing contest between two of the industry's major players?

I am so confused. What web news publishers should I now put my faith in?

Re:tit for tat? (0)

Anonymous Coward | more than 8 years ago | (#15408067)


eEye close to MS? (4, Informative)

fv (95460) | more than 8 years ago | (#15408174)

I don't know why you think eEye has such close ties to MS. They have been embarrassing and exploiting the hell out of MS for years [] . They drive MS crazy by releasing powerful exploit code and giving conference presentations such as "Remote Windows Kernel Exploitation" (BlackHat 2005). I like these guys a lot :).

-Fyodor (Insecure.Org [] )

Alternatives to Symantec Antivirus? (5, Interesting)

Anonymous Coward | more than 8 years ago | (#15407960)

My company has invested in Symantec Antivirus Corporate Edition, and while I do like the centralized management features and the Symantec Antivirus Client's unobtrusive nature, these exploits (and there have been several for version 10 alone) are getting ridiculous. With antivirus on the gateway catching 99.9% of the incoming viruses, and account restrictions for users preventing them from doing any real damage if they do get infected, it seems like Symantec Antivirus serves more as a vector of virus and worm attacks than a layer of protection against them. The fact that we pay thousands of dollars a year for the privilege makes it that much worse.

Has anyone deployed something other than Symantec Antivirus in a 250 PC company? If so, I'd like to hear your experiences.

Re:Alternatives to Symantec Antivirus? (2, Interesting)

smash (1351) | more than 8 years ago | (#15408042)

We run trend officescan in a ~1000 PC corporate network and have only ever had one problem, with a bung pattern file that chewed up 100% cpu - which was fixed within a day or so (affected people world-wide).

Fairly happy with it.


Re:Alternatives to Symantec Antivirus? (2, Interesting)

myxiplx (906307) | more than 8 years ago | (#15408092)

Been running Sophos Anti-Virus in the last two companies I worked for. It's always been far faster and more stable than either McAffee or Symantec's offerings. It's more CPU and memory intensive these days, but that's an unavoidable side-effect of signature scanners and 35MB of RAM isn't excessive on a modern machine.

The downside is that it's not as user friendly as the others. Sophos only sell to business customers and hence expect it to be installed by a competant sysadmin. Once you've learnt how to manage it though it's beautiful. One of the products I can install on a network and then ignore for the next 18 months with 100% confidence that it'll sit there and do its job, and will warn me if it can't.

In 4 years I can remember only one bad update, they had a workaround within hours and a fix within a day or two.

Sophos technical support is another good reason for dealing with them. You get straight through to a native english speaking team and even their first line staff have a depth of experience with the product that makes a welcome change from the usual idiots.

Re:Alternatives to Symantec Antivirus? (1)

grolschie (610666) | more than 8 years ago | (#15408186)

NOD32 [] has awesome corporate anti-virus software. Very lean on memory/cpu resources and the remote admin features are very powerful. I tend to remove Symantec products from pcs where possible, because they are so bloated and resource hungry that they slow the pcs down to a crawl.


Anonymous Coward | more than 8 years ago | (#15407975)

Why is it that whenever a horiffic security lapse is discovered, the technology media feels the need to broadcast it so that every net-malcontent can take advantage of it before the company can patch it?

I'll bet the wanna-be hackers and script kiddies are already cooking up something rude.

I'm getting tired trying to keep up. (2, Interesting)

Anonymous Coward | more than 8 years ago | (#15408000)

I'm getting tired, keep up with all these holes that need to get fixed to save my employment of a basic pay cheque.

We need to fix root cause of the problem. Not restore service, but fix it.

It's time to tackle this problem at the compiler level. Get rid of the various IDE wizards, where the latest summer student can spend 5 minutes building a so called enterprise class application.

Instead of the next dual core processor, maybe the industry could spend some time on software and get it right.

heh (1)

smash (1351) | more than 8 years ago | (#15408023)

As someone who has witnessed the norton (now symantec) suite go from being a decent bit of software in the DOS days, to the steaming pile of shit that it is now, this does not surprise me in the least :)


idiots (3, Funny)

chiseen (846098) | more than 8 years ago | (#15408028)

probably found their own exploit. :P

Best Example of Irony (1, Funny)

kie (30381) | more than 8 years ago | (#15408091)

Teachers look no further...

this has to be one of the best examples of irony, ever.

Only affects Norton Antivirus Version 10 (1)

dalroth5 (63007) | more than 8 years ago | (#15408129)

"Researchers from eEye Digital Security Inc. of California., discovered the vulnerability and provided evidence to Symantec engineers this week, said eEye's chief hacking officer, Marc Maiffret. He demonstrated the attack for The Associated Press."

So it's probably genuine.

"Maiffret said eEye's testing showed the problem affects Norton Antivirus Version 10, including its corporate editions."

"He said Symantec's current security suite - which includes both antivirus and firewall features - did not appear to be vulnerable."

But it doesn't affect the Symantec most used by consumers.

Nothing to see here. Move along.


insomnyuk (467714) | more than 8 years ago | (#15408149)

I've almost always convinced people I've helped with spyware and virus problems to just uninstall Symantec AV, as well as McAfee. They are resource hogs and not really very helpful in my experience. It's an easy sell given these people were running the "anti-virus" software before, during, and after they got infected.

They're better off with two or more good anti-spyware apps, a good firewall, Firefox as the primary browser (I've converted at least a dozen or more people to it), and updated Windows.

Symantec has noly been good for the odd virus removal tool executable (same for McAfee stinger), even their online scan is pretty limited.


Anonymous Coward | more than 8 years ago | (#15408261)

Symantec / Norton is an OK AV engine *provided you keep it up to date*, but it is indeed horribly bloated with worthless crap these days. We got a new Dell for the office recently and it's noticeably sluggish despite being easily our fastest machine, due mostly to the Symantec 'security suite' crap.

McAfee AV is the worst big commercial player IMO ... it's basically stuck in the 90's with almost wholly signature-based detection. Sure it'll probably catch anything it KNOWS about, but some of the first COM and EXE viruses I ever wrote went through its heuristic engine like it wasn't there. AVG free caught them all.

and what better place than announce it than on (1)

Rooked_One (591287) | more than 8 years ago | (#15408156)

the site where quite a few people of intellegence read their news daily. Both good and bad, of course.

ClamWinAV (1)

digitalhermit (113459) | more than 8 years ago | (#15408158)

I've been using ClamWinAV for a couple months now. It seems to do as good a job as the commercial products that shipped with my laptops. And it's free... It does not do live scanning (or, I don't think it does), but works perfectly for scanning the computers at night when it will run unnoticed. It may not be perfect for everyone but is great for me.

Re:ClamWinAV (1)

joe 155 (937621) | more than 8 years ago | (#15408193)

if you like that you'll love clamav for Linux machines - although I do find symantec faster for scanning big files.

Re:ClamWinAV (0)

Anonymous Coward | more than 8 years ago | (#15408194)

Similarly, there's ClamXAV for macs. Works fast, well, unobtrustively, and doesn't suffer the stupid bloat PLUS fee PLUS breaking when they can make you pay again for a new version that Norton Virus does.

meanwhile... (1, Troll)

devhen (593554) | more than 8 years ago | (#15408173)

symantec is buying out anyone who begins to compete with them, limiting user choice to a single application suite that is both badly engineered and insecure. sounds like a perfect match for Windows.

Re:meanwhile... (1)

tomstdenis (446163) | more than 8 years ago | (#15408256)

But but but free markets and all that jazz. Monopolies aren't bad. That's what the folk here keep saying about MSFT. :-)


Free alternatives to Symantec Antivirus (3, Interesting)

mlow82 (889294) | more than 8 years ago | (#15408218)

Avast! []
AVG Anti-Virus []

Re:Free alternatives to Symantec Antivirus (1, Informative)

tomstdenis (446163) | more than 8 years ago | (#15408232)

Gentoo [] .

Ahhh, much better.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?