Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Symantec Posts Fix To Vulnerability

Zonk posted more than 8 years ago | from the yay-for-speed dept.

100

An anonymous reader writes "Just a few days after it was discovered, Symantec has posted a fix to a critical flaw with its Antivirus software." From the article: "The eEye digital security firm reported the problem initially, and discovered it was present in the newest versions of the affected Symantec products. Further research noted by Symantec described the problem as a flaw that made the products vulnerable to a stack overflow. Once exploited, that overflow could have permitted an attacker to execute code on the machine, with System level rights. The issue was made worse by being one that impacted enterprise-level customers, big spenders that purchase hundreds or thousands of licenses depending on the size of the business. "

cancel ×

100 comments

Sorry! There are no comments related to the filter you selected.

FP (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15422570)

fp bitches...

huggles eosp

Fix-it time (3, Insightful)

SeaFox (739806) | more than 8 years ago | (#15422585)

Just a few days after it was discovered, Symantec has posted a fix to a critical flaw [CC] with its Antivirus software.

So how long after they confidentially reported the problem to Symantec (as I'm sure they did) did it take them to fix it?

May 28:Prostitute Schedule @ MBOT in San Francisco (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15422662)

Like Las Vegas, San Francisco offers prostitution as a tourist attraction. If you want to buy some prostitution services (i.e., hand job, blow job, or full sexual intercourse), you need to merely walk through the doors of the Mitchell Brothers O'Farrell Theater (MBOT), located at 895 O'Farrell Street, San Francisco, California.

Check out the prostitute schedule for May 28, 2006 at the MBOT [fuckedcompany.com] .

The prostitute schedule is updated daily.

Unlike Las Vegas, San Francisco does not regulate prostitution. So, the MBOT heartily welcomes everyone -- including HIV-positive customers.

If you are repulsed by the idea of receiving sex services from a prostitute (at the MBOT) who services roughly 1000 guys per year, then consider the following 2 genuine stripclubs, which prohibit prostitution.

Crazy Horse
-----------
980 Market Street
San Francisco, California

Gold Club
---------
650 Howard Street
San Francisco, California

Re:Fix-it time (1, Informative)

Anonymous Coward | more than 8 years ago | (#15426007)

Why would the parent post be modded a 5(insightful)? There is no basis in truth for such a question, and it's just rhetoric and phoney conspirecy.

It is common knowlege that standard vulnerability reporting protocol in the security industry dictates that a vendor should be notified privately when a vulnerability is found in their product, and then given some reasonable amount of time (usually 30 days) to respond and in order to create a patch. Then at the end of the wait period the vulnerability is released to the public at the researchers discretion. So by default, of course the vendor would typically know before the public.

In this case however, because the reserach group was Eeye, there was no private notice. Eeye's Marc Maiffret (Chief Hacking Officer) does not follow the industry standard protocol, and he immediately notified the world of the vulnerabililty, as is his standard MO. Fortunately, he does not post details on the specifics of the vulnerability which slows the development of an exploit. So in this case the article was accurate.

Besides all that, I have first hand knowlege that Symantec as notified when the rest of the world was. And if anything, Eeye should retract a statement that Maiffret made stating that it would take Symanted about a month to patch this vulnerability, when it actually took a few long and hard days.

Couldn't login: Force10

Patched or not, IPS Signatures? (3, Informative)

lightyear4 (852813) | more than 8 years ago | (#15422593)

Patched or not, the information presented here [symantec.com] and in the pages linked therein make it clear that -- until all machines are patched -- there is a distinct possibility of an exploit getting through. To that end, I have no doubt some groups have been hot on the issue looking for the hole.

The same page ^^^ implies that symantec released IPS signatures for their products. With that said, do any signatures exist for other IPS/IDS solutions (snort, etc) ? If so, I would very much like to utilize them until any possibility of a threat has passed.

AV Definition Set (1)

jim_v2000 (818799) | more than 8 years ago | (#15423098)

Symantec, in most cases, releases an antivirus definition to detect any threat that may attempt to exploit a hole in the product, so even if you are unpatched, so long as your defs are updated, you are protected.

Patching ASAP is still a priority though.

Re:AV Definition Set (1)

lightyear4 (852813) | more than 8 years ago | (#15423327)

Unfortunately, on a large (large) academic network like mine, the logistics of applying patches to a vast fleet of student/staff/faculty machines are quite complex. Its summer now, and the spring semester has come to a close. While machines located physically on campus are quite safe, those thousands of machines which have departed are quite a different story. Nothing could be more distant from mind than connecting to the university network for an automatic update or checking an academic email inbox for a security advisory. With a network of such variable size, many, many cans of worms (unfortunately, quite literally) are opened upon at the onset of the full academic term. Therefore, multiple preventative strategies are as equally important, if not more so, as patching in protecting the network. Thus the desire for an IPS/IDS signature, as it is a great deal easier to kill an exploit at the packet level than at host level. Such signatures not intended as a single line of defense, but indeed, to shore up those more primary.

Re:Patched or not, IPS Signatures? (1)

Fyre2012 (762907) | more than 8 years ago | (#15425453)

We forget about the greatest NAV bug-fix of them all...

The Uninstall command.

As long as we use langs without memory safetey... (4, Interesting)

Anonymous Coward | more than 8 years ago | (#15422598)

As long as we keep on using languages that allow the application to access memory directly, we will keep on having these problems. I know plenty of people will say, "program carefully", but that's like saying, "seatbelts are stupid. If we all just drove safely we wouldn't need seatbelts or airbags or bumpers."

Yes, of course even in memory safe languages (Java, Python, etc) something somewhere needs to have memory access. That thing is the VM/interpreter. Fortunately there are very few areas of code in the VM that need to have memory access, so if you make those correct, then you can write a million lines of application code and know that there aren't any overflows in it.

-------------
Carry a concealed weapon in California [californiaccw.org]

Re:As long as we use langs without memory safetey. (0)

Anonymous Coward | more than 8 years ago | (#15422615)

Well, better Java than Python. It's a strongly-typed language.

Java vs Python (0)

Anonymous Coward | more than 8 years ago | (#15422663)

I agree. Java is the only obvious choice for this kind of thing. I would write it in Java and use a thin layer of JNI to interface with the Windows sys calls as needed.

Re:As long as we use langs without memory safetey. (3, Insightful)

diegocgteleline.es (653730) | more than 8 years ago | (#15422655)

Yes. Memory-safe languages running inside a VM is exactly the kind of languages that I'd choose to write antivirus software.

After all, antivirus are not the kind apps that make your computer to underperform by a great margin, and they don't eat too many resources. Absolutely everything in software is about the algorithms, isn't it?

Re:As long as we use langs without memory safetey. (3, Informative)

abb3w (696381) | more than 8 years ago | (#15422987)

Yes. Memory-safe languages running inside a VM is exactly the kind of languages that I'd choose to write antivirus software.

Especially antivirus software that intercepts kernel hooks....

No problem with kernel hooks in Java (0)

Anonymous Coward | more than 8 years ago | (#15424760)

There's a thing called JNI. Yes that involves unsafe C (lots of pointers) but if you do it right, there's just a tiny bit of very simple JNI code and the rest of the app is in memory-safe Java.

Re:As long as we use langs without memory safetey. (1)

cgranade (702534) | more than 8 years ago | (#15423200)

Maybe the GUI to an AV package, or maybe the bulk logic. Just isolate all the risky stuff in a few thousand lines and make sure they're safe. Then you can write the other 100,000 lines in VM-based language. I mean, the file-scanning part shouldn't intercept kernel hooks or anything like that.

Re:As long as we use langs without memory safetey. (1)

asuffield (111848) | more than 8 years ago | (#15423380)

Scanning files efficiently is actually quite hard. You can write a naive scanner in a few thousand lines, but to make it competitively efficient you're going to need to do a lot more work (scheduling, sequencing, caching results, skipping safe data, etc).

Re:As long as we use langs without memory safetey. (1)

leuk_he (194174) | more than 8 years ago | (#15423583)

A language in a sandbox? why stop there if you can create an entire virutal machine [norman.no] in a sandbox.

After all security is very important and there is no reason to not spend some cheap extra cpu cycles on it.

Re:As long as we use langs without memory safetey. (0)

Anonymous Coward | more than 8 years ago | (#15422814)

If you want to have a sig, please register. I browse with signatures disabled, as do others, because I am not interested in your spam.

The safety isn't in the VM. (0)

Anonymous Coward | more than 8 years ago | (#15423003)

The safety itself is not really in a virtual machine or an interpreter. Nor is it truly present when using languages like Java or Python.

Keep in mind that neither Python or Java are statically typed. Java does have stronger typing that Python, but it isn't nearly enough to make a significant different.

Take a look at a language like Haskell. It's complete static typing is a great benefit. You won't run into typing issues at runtime, where you sometimes will with Java and (more often) Python. Unless you use a tool like PyLint, you likely won't find typing errors hidden in infrequently-used codepaths. That just isn't the case when using Haskell.

Not only that, but functions in Haskell are without side effects. This is often difficult for programmers coming from C or Java to adapt to, but it leads directly to more secure software, with a minor speed cost on uniprocessor machines. On multiprocessor systems, or even systems with a multicore processor, it's possible to automatically parallelize many computations. That's very, very difficult to do effectively in C.

Languages like Python and Java give you increased flexibility. But that flexibility allows you to make horrendous mistakes. Often, the VM or interpreter architecture of both prevent such mistakes from compromising the system. However, it's often best just to use a language like Haskell that, while more restrictive, often eliminates the problems that plague applications written in other languages.

Re:As long as we use langs without memory safetey. (1)

Anonymous Coward | more than 8 years ago | (#15423321)

No, it's more like saying, "If we made sure the gun was unloaded before attempting to clean it, we'd never have to worry about shooting ourselves in the head by accident."

Which is quite true. The biggest newbie bitch I see on Slashdot is about C. Guess what?

C has functions designed to prevent buffer overflows/etc. - and no, there is NO excuse for not using them.

Re:As long as we use langs without memory safetey. (1)

asuffield (111848) | more than 8 years ago | (#15423392)

I know plenty of people will say, "program carefully", but that's like saying, "seatbelts are stupid. If we all just drove safely we wouldn't need seatbelts or airbags or bumpers."

No, it's like saying "making cars travel at no more than 5mph and have a man with a red flag walk in front is stupid, it significantly reduces the value of travelling by car". 'Safe' languages come at a large cost to efficiency, because they involve extra checking at runtime. Safer is not always better: you reach a point where the cost of the added safety (because you have to buy more powerful hardware) outweighs the cost of the system being less safe (because you have to occasionally clean up a virus infestation). You can slap a monetary figure on both those things and compare them. If the program was already pretty safe (one break in N years), and the cost of cleanup is low (restore infected hosts from disk image), then adding more 'safety' may be a bad thing. Especially in a corporate environment where the bottom line rules.

Symantec need to turn around (4, Interesting)

Freaky Spook (811861) | more than 8 years ago | (#15422599)

Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts.

I think they need to go back to square one and develop a product that is not going to give them a bad reputation if they want to stay competitive.

After working with a lot of other anti-virus packages and seeing how un-invasive a good anti-virus package can be I refuse to use Symantec products anymore and to my clients I strongly recommend them change products when their license is up for renewal.

If it wasn't for Symantec bundelling their software with OEM's I wonder how much of an impact they would have? Most uneducated people I do work for think of all anti-virus as "Nortons" and are amazed at how much their system performance improves when I replace it with something else.

They used to have some good products 10 years ago, but I haven't seen a decent anti-virus release from them for a long time now.

Re:Symantec need to turn around (3, Insightful)

sconeu (64226) | more than 8 years ago | (#15422634)

Their corporate client has a decent rep (until this).

Their consumer clients are steaming bloated piles of crap.

Re:Symantec need to turn around (2, Informative)

jim_v2000 (818799) | more than 8 years ago | (#15423109)

Their corporate client has a decent rep (until this).

Symantec usually takes no more than few days to release a patch for their corporate software when they are alerted of a security hole. Better than any/most other applications out there.

Their consumer clients are steaming bloated piles of crap.

If you're the kind of person who would notice that Norton Antivirus is "bloated", you shouldn't be using it.

Re:Symantec need to turn around (1)

sconeu (64226) | more than 8 years ago | (#15423408)

I don't -- when avoidable. My previous employment used Dells with the preinstalled Norton Bloatware on it.

Re:Symantec need to turn around (1)

NorbMan (829255) | more than 8 years ago | (#15428197)

Except their Corporate Edition software wasn't originally written by Symantec. It was originally Intel LANDesk Virus Protect, co-written by Trend Micro, and sold to IBM before Symantec got it. Look at the registry on a machine that has Corporate Edition installed. You'll find a lot of your settings in HKLM\Software\Intel\LANDesk\VirusProtect6\CurrentV ersion.

Re:Symantec need to turn around (1)

kcslash (796856) | more than 8 years ago | (#15422689)

This is just karma for all of their recent trash talking against Apple. Only thing is, it will also hurt others. Symantec is just bad news all around.

Re:Symantec need to turn around (1)

Anonymous Coward | more than 8 years ago | (#15422734)

Oh give me a break. If this was open source, the whole community would be claiming victory and using this as an example of how quick problems are fixed. I've used Norton Firewall and Antivirus for over 6 years now. Guess what, in that 6 year period, I have never once had my computer compromised or any viruses infecting my computer. I'm a perfectly happy customer and will continue to trust my security with Norton whose entire reputation is dependent on the abilities of their software. IMO, that alone is what makes Norton a good company.

Re:Symantec need to turn around (2, Interesting)

Mistshadow2k4 (748958) | more than 8 years ago | (#15422796)

Oh give me a break. If this was open source, the whole community would be claiming victory and using this as an example of how quick problems are fixed.

I thought that too.

I've used Norton Firewall and Antivirus for over 6 years now. Guess what, in that 6 year period, I have never once had my computer compromised or any viruses infecting my computer. I'm a perfectly happy customer and will continue to trust my security with Norton whose entire reputation is dependent on the abilities of their software. IMO, that alone is what makes Norton a good company.

Then you're a minority. Your one of two I've ever heard say that, as compared to over a hundred more people who've had to reinstall Windows because of Symantec's software. I'd had my first computer about a month in 2001, running Norton's, when it got owned by a worm that wrecked Windows so that I had to reinstall. It later got owned by another virus that also wrecked it so that I had to reinstall, it just did it more slowly. Not only that but there were other incidents related to viruses that caused me problems. Was I downloading stuff that had viruses? Not according to Norton's scanner. Finally, after I'd heard that AVG was good and free (I didn't know much about this stuff back then) I decided to give it a try. I scanned all the files on my computer and it found three OLD files that were viruses that always passed Norton's scan as clean. The youngest of these files was seven months! The oldest was 13 months. That's just plain incompentence on their part, as far as I'm concerned.

Anyhow, after AVG I never had problems with a virus again. Of ocurse, that was urgent for only about another year as I switched to *nix later. Now viruses rarely concern me personally at all, only with regard to my customers who bring me their PCs to fix and anytime I fidn one with Norton's or McAfee's I install Avast (Win 2k/XP) or AVG (98/ME). Virtually all of them have reported that Avast or AVG did much better at catching virused files they had and weren't so invasive, so Norton's doesn't seem to have improved since I was using their products.

Here's an idea: if you're so confident in Norton's, try uninstalling it, install AVG or Avast and scan all your backup files with it as well as your computer. You say that your system is clean and Norton's has kept it so, but how do you know? Why not check to make sure? Because if you've been using Norton's exclusively that long, I believe you most likely do have a trojan that you don't know about.

Re:Symantec need to turn around (2, Informative)

EvanED (569694) | more than 8 years ago | (#15422822)

Your one of two I've ever heard say that, as compared to over a hundred more people who've had to reinstall Windows because of Symantec's software

Three, now.

Re:Symantec need to turn around (2, Informative)

Velox_SwiftFox (57902) | more than 8 years ago | (#15422868)

Four, here; as a possibly relevant note I am running Symantec's AntiVirus 9, not 10 on several corporate servers (also with hardware firewalling and other best practices layering) and their newest 2005/2006 etc on about a dozen workstations (with fairly clueful users).

Re:Symantec need to turn around (1)

Metshrine (674200) | more than 8 years ago | (#15423785)

5 here. I've been running corp since the 8.x days, and i've never had a virus or threat get through.

Re:Symantec need to turn around (1)

JSmooth (325583) | more than 8 years ago | (#15424199)

Point of fact:

      "Then you're a minority."

That statement may be true of the users you have seen but since Symantec has the largest number of deployed av clients worldwide the vast majority of whom seem to be satisified judging by new sales I would say YOU are in the minority.

Keep in mind, "tech people" make up just a tiny portion of the computer users population. This is why Dell, Microsoft, Symantec, etc will usually win. They may not have the best product but they have a decent bundle for a perceived reasonable price and good marketing.

Warmest regards
Mr. Smooth

Re:Symantec need to turn around (1)

Cro Magnon (467622) | more than 8 years ago | (#15427642)

I put Symantic in the same category as Windows & AOL. They all suck, but they come with my computer and the average person doesn't know what a steaming pile they are unless he tries something else.

Re:Symantec need to turn around (1)

Cro Magnon (467622) | more than 8 years ago | (#15427668)

I just found out what a steaming pile Norton is. I had been using it on a new box because it was preloaded. I already knew it wasn't worth paying for because of how it slowed down my computer, but I thought it was decent for finding virii. But when my free period expired and I switched to Avast, it found a Trojan, hiding on my recovery partition, that slipped right by Norton!

Re:Symantec need to turn around (1)

crawling_chaos (23007) | more than 8 years ago | (#15427781)

Not to scare you or anything, but is it also not possible that Avast found a false positive on your recovery partition and has now mangled it so that it cannot perform its needed tasks? Have you run a system recovery from that partition to test that scenario, or are you blindly accepting Avast's diagnosis of the problem?

In all likelihood, Avast is correct and Norton missed something, but I just want to raise the possibility that the error here is in Avast, not Norton, and without further testing, you don't know which case is correct.

need to turn around (0, Flamebait)

twitter (104583) | more than 8 years ago | (#15422766)

Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts. ... I refuse to use Symantec products anymore and to my clients I strongly recommend them change products when their license is up for renewal. ... Most uneducated people I do work for think of all anti-virus as "Nortons" and are amazed at how much their system performance improves when I replace it with something else.

Why don't you really educate your clients by recommending a lean, performance improving OS that does not require an antivirus checker? That way, you can follow IBM, Lowes, Chrysler and others who must be very happy they no longer put up with bloated garbage.

Re:need to turn around (1, Offtopic)

Freaky Spook (811861) | more than 8 years ago | (#15422856)

As much as I would love to start moving some of my clients away from a particular bloated & unsafe OS(which I have reccomended), a lot of people are lazy or just not interested in another OS, although they have problems with windows they at least understand it a little to get by.

Some of my clients have moved to Mac and haven't been happier, others find the same problems with Mac as they have with Windows, not bugs or faults, just general usability they have the same frustrations with how to use programs because they just don't have enough knowledge behind the application.

Moving an OS is a good idea in theory but having to re-learn different ways of doing things ,when people are busy with normal everyday life can be a chore for most, especially when you are intimidated by the machine your trying to learn.

Re:need to turn around (0, Offtopic)

twitter (104583) | more than 8 years ago | (#15422921)

Moving an OS is a good idea in theory but having to re-learn different ways of doing things ,when people are busy with normal everyday life can be a chore for most, especially when you are intimidated by the machine your trying to learn.

You are not doing your users any favors. M$ is going to push the cosmetic changes on them anyway but nothing else will change for them.

Is Windoze really worth the never ending exploits and all that entails? How many times can people put up with software reinstalls only to watch hopelessly as the same pop up advertisements mysteriously appear and already poor performance steadily degrades to useless?

Now is the time to move. In the next year or so, Microsoft will release the biggest cosmetic changes to their software ever. You could buy all new hardware for the pleasure of this learning experience, or download a CD and install some software that just works [mepis.org] . The free solution has been stable and annoyance free for eight years or so, while the M$ people have boasted the same but never delivered. The middle road, in price and freedom is Mac. I've never had to spend the money to find out if it's worth while.

Moving away from Windoze has been great in more than theory for me.

Re:Symantec need to turn around (1)

slowbad (714725) | more than 8 years ago | (#15422825)

seeing how un-invasive a good anti-virus package can be I refuse to use Symantec products anymore

When Google is giving away your product for free to tens of millions of users ... why exactly is it in your interest
to allow for easy uninstall after six months? First get a reputation for it being dangerous to remove from a system.

Re:Symantec need to turn around (1)

BCW2 (168187) | more than 8 years ago | (#15422945)

As a tech at a white box store I remove more virus/trojans from boxes with "Norton protection" than all others put together. Nortons home products are worthless. For a paid anti-virus I recomend F-prot and for free try AVG. When I get a slow box at check in I will disable Norton and reboot in front of the customer, they always want it removed as part of the clean/tune up.

Re:Symantec need to turn around (3, Funny)

nacturation (646836) | more than 8 years ago | (#15423060)

Their reputation as an anti-virus provider used to be second to none, now after bloated software and software bugs a lot of people are having second thoughts.

It still is. None is preferable, with Symantec coming a distant second.
 

Re:Symantec need to turn around (2, Interesting)

MHZmaster (875950) | more than 8 years ago | (#15423209)

Amen. I used to use Norton products exclusively for security. I finally stopped when Norton AntiVirus/Personal Firewall 2005 refused to activate on my laptop (admittedly with a very messed up install). I had a valid license, and the activation went through with no apparent problem. But after the 30 day trial period, it suddenly stopped working and said I need to activate. I used up my activation credits trying to get it to work. Symantec support was no help at all. I sort of gave up, but when I started to get viruses (virii?), I realized I had to have something and got Grisoft AVG Antivirus Free. To my surprise, the free program was better than the extremely overpriced Norton suite. Since then, I use AVG exclusively, and recommend it to everyone I know. The software is a 20 MB download as opposed to ~500 MB and takes 3 minutes instead of 30 to install. It doesn't even require a restart after the installation (and neither do updates, which seem to come nearly every day). And most importantly, my computer is faster. I hear people complaining all the time about slow computers, and Norton is always the problem (although more RAM generally wouldn't hurt). I'm planning to buy the paid version, just to support the great things Grisoft is doing.

In my book, it's not a good sign if any program takes a half hour to install or uninstall.

Re:Symantec need to turn around (1)

offerk (764276) | more than 8 years ago | (#15423450)

strongly recommend them change products... I replace it with something else.

Which? What other products? Do you have any hard facts (tests etc.) that prove these products provide better/as-good overall security as Norton Internet security? If you do, stop teasing and give some links!

I've been using Norton Internet Security for the last 5 years on my home PC (which of course changed over the years) and I have been extermely satisfied with it, overall. It has done its job of protecting my PC perfectly (zero virus infections). As for the whole "bloated product" issue, I wouldn't know - my PC is a gaming machine, usually way above the curve. Norton doesn't really affect its performance. Granted, that's not the case for most people, so maybe you havea point there. But I'd rather take a bloated product that does its job (and buy an additional ram stick to help the computer work) then go for a "lite" product that will allow my computer to be filled with viruses.

Whenever there's a Symantec article on Slashdot, people love to bash them. I usually don't go defending commercial companies, but really, saying "there are better products out there" with no links given is a little annoying. No, scratch that, it's very annoying ;)

Re:Symantec need to turn around (0)

Anonymous Coward | more than 8 years ago | (#15423771)


Which? What other products? Do you have any hard facts (tests etc.) that prove these products provide better/as-good overall security as Norton Internet security?


Using Norton, and keeping it religiously updated, did not protect me from one of those nasty worms that killed executables in or about 2000-2001.

Despite that HUGE HONKIN WARNING, I neglected to switch. I figured that since I was paid up, I was gonna get what I paid for. Stupid. I did eventually switch from Norton to Kaspersky about 2-3 years ago when I had had enough of Norton purely on the basis of how bad their installs and updates and web support and activations were, giving no thought to quality of core product. It didn't matter if it was the bestest A/V ever. There was only so much time in my life.

Upon switching, the first scan immediately found months-old stuff that Norton A/V apparently didn't care about, and which didn't kill me only because it was in email that I hadn't fired up in some time.

My last experience was with a VIP's laptop, some six months ago, and the Dell-packaged NIS which he apparently decided to let roam free basically brought the thing to its knees. You couldn't do anything with this laptop until you killed NIS, and the damn thing wasn't even attached to the network yet.

I swore by their stuff a dozen years ago. What a shame.

Re:Symantec need to turn around (1)

club5220 (895154) | more than 8 years ago | (#15423632)

You're darn tootin'. Symantec used to, key words "USED TO" be the bomb. Is anyone else scared cuz an article reference how the US gov't uses SAV to "protect" their machines? If you want real protection, I'd reccommend TrendMicro's OfficeScan. I've switched most of my clients over, and BTWm, three years of AV plus damage cleanup services (DCS) comes in less than SAV, so it's cost effective, too. In EVERY OfficeScan install I've done, it's identified AT LEAST four pieces of malware, and I don't mean tracking cookies. I've seen new threats try to unistall SAV and I've stopped them, rebooted in SAFE MODE, scanned, cleaned, and repaired, only to find LiveUpdate no longer worked. What good is that? Symantec breaks everything they buy - anyone who also fights with BackupExec on a daily basis knows what I mean. Do yourself a favor... get your clients away from Symantec AV. Not only can you mark it up and make a penny and STILL provide value... it actually WORKS. I'm a 12 year network engineer, so take my advice with a grain of salt. But I kid you not - at least TEN of my clients had malware (nasty shtuff) that SAV did not identify. Protection?! My ass. And the US GOVT uses this stuff! I'm scared, guy n girls... You want to be a PATRIOT? Do everyone a favor and replace SAV. My $.02 worth.

Re:Symantec need to turn around (2, Insightful)

rbochan (827946) | more than 8 years ago | (#15424238)

Their reputation as an anti-virus provider used to be second to none...

Methinks you're referring to _Norton_, not Symantec. Symantec has a habit of buying products that are really decent (think Norton Utils, Atguard, etc.) and bloating them all to hell and back and making them consume most of a machine's resources just to run. You know... like a virus might.

 

stack vs heap (3, Informative)

Lord Ender (156273) | more than 8 years ago | (#15422603)

For the curious: The reason they point out that this is a stack based BoF is because stack addresses are easily predictible, while heap addresses are not. So stack based overflows are much easier to write exploits for.

Re:stack vs heap (1)

jesser (77961) | more than 8 years ago | (#15422638)

The article says this is a stack overflow, which is a very different thing from a stack-based buffer overflow. It even links to a page correctly defining stack overflows. Stack overflows (aka crashes due to too much recursion) are not exploitable on sane architectures, while stack-based buffer overflows usually are exploitable. So I don't understand why the article claims this is exploitable.

Antivirus needs to go (0)

Anonymous Coward | more than 8 years ago | (#15422604)

Imagine that if Microsoft ever got their act together security-wise, we could do away with these Anti-Virus snake oil salesmen altogether.

Re:Antivirus needs to go (3, Insightful)

QuantumG (50515) | more than 8 years ago | (#15422675)

Was a time where we used the term "virus" to refer to a self replicating piece of code that didn't rely on exploits to move around. We used the term "worm" to refer to code that did rely on exploits. So even in the most secure operating environment you could still have a virus, but you couldn't have a worm. Of course, now-a-days everyone refers to viruses as worms and worms as viruses. As long as the operating system is performing actions on behalf of the user you will have software that does what the author wants but not what the user wants. The only real way to stop that is to make the user do everything themselves.. that is, it's completely impractical to stop. Stop-gap measures like virus/worm/spyware/malware detection, quarantine and elimination will always be necessary to mitigate the damage these nasties can do.
   

Re:Antivirus needs to go (3, Insightful)

farrellj (563) | more than 8 years ago | (#15422781)

That same time, we called those who penetrated systems as Crackers, and those who wrote amazing code Hackers. Steven Levy wrote about them.

It was a nice time.

ttyl
          Farrell

Re:Antivirus needs to go (1)

QuantumG (50515) | more than 8 years ago | (#15442835)

No, we didn't you hanger-on. The only person, ever, who has originally refered to people who break into computer systems as "crackers" is Eric S. Raymond. Everyone else who used the term "crackers" to refer to people who break into computer systems was just a sheep who read the jargon file, the entry of which was written by Eric S. Raymond. The fact that the media had (and continue to have) no interest in your prefered definition of the word and, as such, the mainstream public still consider your meaning of the word for be incorrect, does not give you warrant to rewrite history. If you wanna continue the propoganda compaign to make everything think of "hacker" as meaning a shiny happy tree friend who writes code for the good of humanity, don't do it in response to my Slashdot posts. And in case anyone is struggling to remember what "cracking" was all about, go have a look at how copy protection on software was broken back before every idiot figured out they could charge customers for a serial number. Those guys who did the cracking, we called them crackers. Eric S. Raymond probably wasn't concerned with them because he was already living a super-nerd-it-up life style over on VAX mainframes and minicomputers when the rest of us were discovering the personal computer revolution.

You've gotta hand it to them.. (0)

Anonymous Coward | more than 8 years ago | (#15422605)

They really take this stuff seriously. You don't get that kind of a response from Microsoft.

patched on a sunday? (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15422608)

i'm glad they released this on sunday of a holiday weekend... leaving everyone's servers quite vulnerable till at least tuesday morning...

Re:patched on a sunday? (2, Insightful)

TheaterAtHome (930630) | more than 8 years ago | (#15422676)

1."everyone's servers" - Does US count as everyone?'
2.Ever heard of a remote desktop?
3.Arent't all IT people paranoid, even while "long-weekending" in US?

Give them a credit - it's been very quick.

Re:patched on a sunday? (0)

Anonymous Coward | more than 8 years ago | (#15422827)

Actually, they released the patches Saturday night and I agree that they should have waited until Tuesday morning to announce the vuln and the patch availability. They gave the worm writers a whole two days head start by forcing Symantec to release the patches over a hliday weekend in the USA.

eEye's report says they were notified on Wednesday and I saw the eEye disclosure on Friday. It would have been nice if eEye had waited until the patches were released, since they acknowledged that Symantec was being responsive.

The stupid patch requires a reboot as well, at least on Server 2000 SP4 and Server 2003 SP1.

good timing on weekends! (0)

Anonymous Coward | more than 8 years ago | (#15423104)

wouldn't you rather patch and reboot when your clients aren't hammering your servers during the normal work week? Seems a long weekend is the perfect time to do this, with the caveat as a sysadmin you KNOW weekends-off are "optional".

People deserve it (2, Informative)

Urtica dioica (973533) | more than 8 years ago | (#15422611)

Folks, this is what you get for using anti-computer [foxnews.com] software.

Re:People deserve it (1)

abscissa (136568) | more than 8 years ago | (#15422632)

The vulnerability is not a bug, but a feature, since according to TFA you linked to, it's "virus software".

Re:People deserve it (1)

novus ordo (843883) | more than 8 years ago | (#15426452)

In other news, Pro-Computer Virus Software groups held a rally where they condemned Anti-Computer Virus Software as Pro-Social. More details at 10.

Real Ultimate Computing POWER (2, Interesting)

TheDreadSlashdotterD (966361) | more than 8 years ago | (#15422630)

I've got the solution for this vulnerability that also unleashes your computer's RUCP!

  1. Turn all Symantec products off
  2. Uninstall all said products || Reinstall OS || Use restore discs
  3. Use alternatives


These simple steps will save you time and money, speed your computing experience, and, above all, avoid the vulnerability.

Thank you /., and good night!

Re:Real Ultimate Computing POWER (1)

ThePengwin (934031) | more than 8 years ago | (#15423612)

You know.. thats the only way to get rid of anything now on windows.. The ammount of crap that accumulates from any program just wont go away without a clean wipe.. I wish there was an OS that could keep the HDD clean and organised better

Re:Real Ultimate Computing POWER (1)

Raideen (975130) | more than 8 years ago | (#15424769)

These simple steps will save you time and money, speed your computing experience, and, above all, avoid the vulnerability.

Considering that OEMs don't bundle the corporate versions of Symantec software (unless you specifically choose it), it does absolutely nothing.

SWITCH TO NOD32 ALREADY!! (4, Interesting)

NiGHTSFTP (515896) | more than 8 years ago | (#15422664)

Seriously, Nod32 owns... owns, owns, owns.

Kaspersky is pretty good too.

But who in their right mind, that knows *anything* about security, uses Symantec or McAfee anti-virus products?

Check out these: http://www.av-comparatives.org/index.html?http://w ww.av-comparatives.org/seiten/comparatives.html [av-comparatives.org]

And if you have a VirusBtn login, the 100% awards are alright indicators of virus scanner quality, but nowhere near as good as av-comparatives IMO.

SWITCH ALREADY!! (1)

twitter (104583) | more than 8 years ago | (#15422773)

But who in their right mind, that knows *anything* about security, uses Symantec or McAfee anti-virus products?

Who in their right mind still uses Windoze?

Re:SWITCH ALREADY!! (0)

Anonymous Coward | more than 8 years ago | (#15422939)

People who enjoy getting work done and making money.

Re:SWITCH ALREADY!! (0)

Anonymous Coward | more than 8 years ago | (#15423203)

People who enjoy getting work done and making money.


Right - those are the people use *Linux*. But Twitter was asking who would want to use *Windows*.

Re:SWITCH ALREADY!! (1)

truedfx (802492) | more than 8 years ago | (#15423250)

Is that the "I know you are but what am I?" for geeks?

Re: Who in their right mind still uses Windoze? (1)

Emetophobe (878584) | more than 8 years ago | (#15423515)

I do, primarly because I am a gamer. When I can play Oblivion, Half-life 2, Call of Duty 2 and all my games under Linux, I will switch to linux fulltime. Until then, I will continue to use Windows XP Pro. There are some real world uses for Windows that Linux still cannot provide. Gaming is one of them. Even Mac has some of the major game titles, but not even close to 50% of the games that are available to Windows users. There is no ultimate OS, each has it's own benefits and drawbacks. If you're a gamer, you're stuck with Windows, if you run a server, you probably use linux. It's about using the right tool for the right job. I first tried slackware back in `95 and I loved it, I would love to be able to use linux for gaming, but that won't be happening anytime soon (if ever). Mainly because the majority of people own Windows computers, so the majority of game developers will make their product for that platform, as it has the biggest user base.

I don't even have a virus scanner installed on this computer, this is my gaming pc and I keep it clean of any and all software not including games. As long as you aren't downloading some unknown crap off the internet you shouldn't need antivirus software. I haven't gotten a virus in more then 7 years and I have used antivirus software in the past, mainly Mcafee and Norton. Once in a while I will use Mcafee's Avert Stinger [nai.com] to do a quick scan for the latest virus/worms. It's free and you don't have to install it or any bloated software, just download and run it from the download directory. I believe Symantec and a few other companies also provide some useful free virus removal tools that don't need to be installed to run.

Re: Who in their right mind still uses Windoze? (0)

Anonymous Coward | more than 8 years ago | (#15423557)

There are some real world uses for Windows that Linux still cannot provide. Gaming is one of them.


Ladies and gentlemen, I believe that ends the thread. Move along, nothing to see here. :)

Re:SWITCH TO NOD32 ALREADY!! (0)

Anonymous Coward | more than 8 years ago | (#15422800)

Symantec is no longer present at my worksite due to this critical flaw and HUGE Memory Footprints. NOD32 & Trend Micro PC-Cillin are now presently installed across the site.

Re:SWITCH TO NOD32 ALREADY!! (1)

alanjstr (131045) | more than 8 years ago | (#15422848)

Did you look at their comparisons? Symantec is the only one to get 100%. NOD32 only has 94.3%

Re:SWITCH TO NOD32 ALREADY!! (1)

NiGHTSFTP (515896) | more than 8 years ago | (#15422874)

Thats in polymorphic virus category, not overall. Learn to read a table.

Re:SWITCH TO NOD32 ALREADY!! (2, Informative)

Wiz (6870) | more than 8 years ago | (#15422876)

Look more carefully. Symantec is the only one to get 100% for "On-demand detection of polymorphic viruses". For actual virus detection, it gets 97% & 98% depending on the situation.

I think F-Secure, G Data Security & Kaspersky Labs do the best as they get 99%+ in all situations.

Shades of Godel, Escher, Bach... (3, Interesting)

Dr. Zowie (109983) | more than 8 years ago | (#15422739)

Vulnerabilities in security software make me think of those dialogs between the Tortoise and Achilles -- particularly the one where the Tortoise and the Crab are developing ever more fancy record players. The Crab keeps getting nicer record players and the Tortoise keeps giving him records that induce fatal resonance in some mechanism of the record player...

in GEB it was a parable about the Godel incompleteness theorem -- and, of course, designers of security software would do well to think carefully about it...

Re:Shades of Godel, Escher, Bach... (2, Insightful)

asifyoucare (302582) | more than 8 years ago | (#15422858)

Well, you've achieved your apparent aim of proving that the mods are on crack. Interesting indeed.

Re:Shades of Godel, Escher, Bach... (1)

sb (18459) | more than 8 years ago | (#15423348)

He's referring to this fantastic book [amazon.co.uk] , where dialogues between Achilles and the tortoise (c.f. Zeno's Paradoxes [wolfram.com] ) are sometimes used to dramatise various concepts.

Definitely (0)

Anonymous Coward | more than 8 years ago | (#15423533)

if we keep recursing on the idea of having meta-programs watching the programs, we'll only really increase complexity.

However, unlike the concept of having a language to determine the truths of all mathematical statements, I've yet to see why the incompleteness theorem (or any analogous theorem) would apply when the underlying software (OS & applications) is correct.

Any mathematicians/logicians out there who'd care to elaborate on such reasons?

OT b.t.w. never quite made the connection between Hofstadter and the letterness of the anti-spam human verification box.. he does provide some interesting insights as to why they should always stay one or two steps ahead of automatic machine recognition.

Re:Shades of Godel, Escher, Bach... (1)

novus ordo (843883) | more than 8 years ago | (#15426521)

"and, of course, designers of security software would do well to think carefully about it..."
Well since you say they will think about it, you mean that they should not think about it. And since they shouldn't think about it, they will want to think about it. So when you say they would do well to think carefully about it, they will not be able to think about it since that would mean that they shouldn't think about it. And they wont.

How much lead-time did eEye give Symantec? (1)

IcebergSlim (450399) | more than 8 years ago | (#15422771)

From the eWeek article:

"Security researchers at eEye Digital Security have discovered a serious flaw in Symantec's enterprise antivirus software that could be used by hackers to create a self-replicating "worm" attack against Symantec users. Because Symantec has not yet confirmed the existence of the problem, much less patched it, eEye is offering few details on the vulnerability, which was first disclosed late Wednesday."

Either Symantec is lying, or someone is guily of some very excessive and reckless self-promotion. It smells like excessive self-promotion to me, but I'm not privy to the details so who knows.

TUVM (2, Interesting)

Matrix2110 (190829) | more than 8 years ago | (#15422772)

Thank you, Mr. Gates. May I have another?

Silent mantra to the many people I have to spend hours cleaning spyware and maleware off of their system and feel guilty charging them because they are friends. Mostly they buy me gifts because I refuse to charge them. I have them bring the sick virus infested computer in on company time and test the company firewall.

I really do!

Matrix

Re:TUVM (1)

lon3st4r (973469) | more than 8 years ago | (#15423566)

I have them bring the sick virus infested computer in on company time and test the company firewall.

Do you seriously do that? Boy I sure hope you realise how much risk you're putting your company's network. Destructive testing: not recommended ;)

* lon3st4r *

Re:TUVM (0)

Anonymous Coward | more than 8 years ago | (#15424385)

what does this story have to do with Bill Gates?
 
i'm no MS fan, but it's stretching it to say this.on the other hand, i hate g.w.bush cause my feet are tired cause he didn't implement moving sidewalks for me.

Incase the patch doesnt work (1)

oztiks (921504) | more than 8 years ago | (#15422857)

Manual virus removal instructions:

  1. Click on Start Menu
  2. Settings -> Control Panel
  3. Then click on Add and Remove Programs
  4. Scroll down until you find Symantec Anti Virus
  5. Click Remove

Re:Incase the patch doesnt work (0)

Anonymous Coward | more than 8 years ago | (#15423243)

If only that worked. Unfortunately you then have to remove the 3482379424354379847298 directories and useless files it leaves behind.

Re:Incase the patch doesnt work (2, Informative)

AudioEfex (637163) | more than 8 years ago | (#15423303)

I'm glad someone is posting it.

All antivirus software does is bog down your PC. I used it for 10 years before I realized how useless it was.

I run windows, but I don't get malware and viruses. Worst thing I ever get is an errant cookie. Why? Because I don't go to shady porn sites, I never download anything I don't know is safe, and I don't use IE.

Every few months now I take the time to install NAV long enough to scan my system and ensure that I'm not infected, and every time, clean as a whistle.

Computer security isn't hard for the home user. Have a good firewall, don't download crap, don't go to shady websites, use AdAware/Spybot every once in awhile, and be happy.

Pop-ups, spam, spyware, malware, viruses...it's all but eliminated by just being smart and using the bare minimum tools to protect yourself. It's people that just click on random shit and who fall for those "YOU WON AN XBOX 360!" and download shady software that get the issues.

I'm not saying it can never happen to me; that would be foolish. But the chances of it happening are greatly exaggerated, and if you keep decent backups it doesn't matter anyway most of the time if it does happen. It's just not worth paying the increasing prices of AV software, nor is it worth how much it slows up your PC.

AE

Re:Incase the patch doesnt work (1)

AndreiK (908718) | more than 8 years ago | (#15423592)

After a year of using Firefox, going to shady porn sites, and downloading things I had no idea of their origin, I had a total of two tracking cookies after a full ad-aware scan and spybot scan.

All in all, I think security is overrated.

Why bother? (0, Redundant)

bmo (77928) | more than 8 years ago | (#15422860)

Every day that I see yet another article about evil bits of malware infecting Windows machines. It makes me glad that I switched off that platform long ago. Windows is no longer viable, and this article and a mountain of others is testament to that fact. No, it's not because Windows is popular. It's because it's broken as designed. You would think that there would be a tiny fraction of viruses and worms in the *ix (Linux, Macintosh, Sun) universe based on the popularity ratio, but there isn't. There isn't even a smidge of the effects seen in the Windows world. Point me at a single live virus active in the *ix universe.

You can't.

It's so much work to just get a Windows system secure that it's simply no longer worth it to even bother. Save your sanity and switch to another platform.

Don't deal with the dirty hobos anymore.

http://slashdot.org/comments.pl?sid=186704&cid=154 06582 [slashdot.org]

--

BMO

Re:Why bother? (1)

jofi (908156) | more than 8 years ago | (#15422919)

I changed my account's group to Users. It was tough but I got through it.. changing the setting I mean.

Re:Why bother? (0)

Anonymous Coward | more than 8 years ago | (#15422925)

Bullshit.

Both my home and work computers run Windows (XP and 2000 respectively) and I did not spend excessive amounts of time securing it. I just installed AVG and a software firewall (in XP, I just used the XP firewall).

The reason there are so many viruses and exploits for Windows is due to its popularity; it is because there is more software mass produced low quality software for the platform. MOST exploits effect applications, not windows . . . and most viruses now days install themselves via exploits. Yes some of the exploits are in Microsoft applications, but by far the majority are not.

Re:Why bother? (1)

bmo (77928) | more than 8 years ago | (#15423019)

"The reason there are so many viruses and exploits for Windows is due to its popularity;"

That argument doesn't work, because if it did, we'd see at least a few worms and viruses for Linux and OS/X. At least 1 or two persistent ones in the wild. But there aren't any, are there? If there was, it would be BIG NEWS if someone made a widely propagated virus for *nix and that person would have made a name for himself in certain circles.

But the fact is, virus propagation in *nix sucks, and it's not because of popularity and it's not for lack of trying from the people who write such things.

The only bullshit here is yours, Mr. Anonymous.

--
BMO

Re:Why bother? (1)

slugstone (307678) | more than 8 years ago | (#15423516)

Lions, tigers and bears do not go after the most abuntant, but the easiest prey.

Symantic Norton Antivirus ..... Not good at all (1)

DrBuzzo (913503) | more than 8 years ago | (#15423377)

I do IT work, which often involves security/virus/spyware removal or prevention. I can tell you this from experience: Norton Antivirus is just not very good. It doesn't do a good job of catching viruses, it frequently causes problems, it confuses users, it fails to update properly. Basically, it's just...not good for much. I realize this may come as a shock to some, becasue it always seems to get recomended. People assume it's the best, because it's the most well known. Well, it's not. Perhaps it was at one time. (I recall it working decently in the 1990's, but that was a different world). I know that I have heard the same thing from many techs. Those who work in the field know not to use Symantec. Personally, for home users, I recomend AVG or Avast. They both have good free versions, however the AVG free version sometimes cannot remove viruses which have used file-protection to protect themselves. Avast usually has no problem removing viruses, however. Depending on your situation, do some research. But I'd recomend you stay away from Norton.

Re:Symantic Norton Antivirus ..... Not good at all (1)

Metshrine (674200) | more than 8 years ago | (#15423802)

Very good guy, too bad this topic was SYMANTEC ANTIVIRUS CORPORATE EDITION, not the norton line of products. RTFA next time ;-)

Re:Symantic Norton Antivirus ..... Not good at all (1)

DrBuzzo (913503) | more than 8 years ago | (#15426216)

Ok sorry. Got a little mixed up. Used both. Corporate may be *slightly* better. But it's not near the top of my list either.

don't forget the performance (1)

AlgorithMan (937244) | more than 8 years ago | (#15424139)

you forgot to mention the indiscutable performance... norton anti virus and internet security make your machine so slow - it would be faster if you had no AV program and several worms instead...
I just reinstalled the system on the PC of my girlfriends father who had NAV and NIS... his Athlon 1.8GHz performed like an 80486 and he couldn't beleive how fast his PC became after I didn't reinstall those programs, but installed AVG and zonealarm instead...

What? (1)

bl00d6789 (714958) | more than 8 years ago | (#15425210)

Has anyone seen this "fix"? Unless I'm blind, it doesn't appear to be on Symantec's site. TFA says there's a fix, but never says where to get it from. From Symantec's page:

Symantec Response
This advisory will be updated when product updates to address this issue are available.

Re:What? (0)

Anonymous Coward | more than 8 years ago | (#15425749)

http://securityresponse.symantec.com/avcenter/secu rity/Content/2006.05.25.html [symantec.com]

this is the url with the downloads. if you have LiveUpdate working properly it will probably propagate by itself but if you want the patches now they are there.

Too Late (1)

CodeArtisan (795142) | more than 8 years ago | (#15427788)

Having been too lazy these past few months to uninstall their 'Security Suite' this flaw was the motivation to dump the suckers and stick Free AVG on my system. I always knew the Symantec solution was a resource hog, but didn't realize quite how much until I replaced it.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>