Thursday, April 24, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Facebook Enjoys High First-quarter Revenue
Qualcomm Reports Less Than Expected 2Q Revenue
iPhone Sales Drive Apple's Record March Quarter Revenue
Travelling Through Time On Updated Google Maps
OnePlus One To Launch Next Month
LG Display Reports First Quarter Results
Toshiba Announces Canvio AeroMobile Wireless SSD
Global Chip Revenue Rises in 2013
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Symante...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, December 23, 2005
Symantec Antivirus Flaw Leaves Systems Open to Exploits


An independent security researcher has found a critical vulnerability in Symantec's antivirus software. The flaw, revealed Tuesday by Alex Wheeler, could provide a way in for malware -- the malicious code the antivirus software has been designed to detect and prevent.

The vulnerability affects a vast array of Symantec corporate antivirus software as well as consumer products, including Norton Antivirus, Norton Internet Security Professional, Norton System Works, Norton Personal Firewall, as well as recent versions in Symantec's line of antivirus software for Macintosh and handhelds.

According to Wheeler, formerly of Internet Security Systems, the problem lies in the manner in which Symantec's antivirus library handles compressed files in the RAR format. RAR is the open-source equivalent to the ZIP format.

In a written statement, Symantec said it "takes the security and proper functionality of its products very seriously" and that its "product teams are creating the necessary product updates to further protect against any possible threat."

Fatal Exception
Wheeler's findings showed that a specially engineered RAR file containing a virus or other malicious program could infiltrate a user's computer. Once that happens, attackers have carte-blanche access to the system and can take complete control over computers on which their programs have been downloaded.

"The flaw is potentially serious because it allows an attacker to gain remote control of a system," said Andrew Jaquith, a Yankee Group analyst. "However, it requires getting the malicious payload on to the target system first. The most likely way would be e-mail."

Symantec is not the first antivirus software firm to get caught with its pants down. Companies such as Trend Micro, F-Secure, and McAfee all have had to deal with the discovery of serious vulnerabilities in their software. The problem for Symantec is that, as an industry leader, there are a significant number of vendors as well as consumers whose products and services could be affected.

According to Jaquith, the discovery of the RAR vulnerability indicates that security researchers believe that security products represent a new frontier for hacking. Where vulnerabilities are discovered, said Jaquith, attacks soon follow.

The Layered Approach
However, the threat is probably not as widespread as it might seem, said Rob Ayoub, an analyst at Frost & Sullivan, because RAR files are not as prevalent as other compressed files, such as ZIP files. In addition, WinZIP, the most popular compression software used for opening RAR files, does not open RAR files automatically.

"It is a very dangerous exploit and it is important," said Ayoub. "But is everyone's system about to be left wide open? Probably not."

If the flaw had been discovered in WinZIP or in ZIP files, it would have been a lot more dangerous, said Ayoub. "While it is dangerous, the potential for opening the files is a lot more limited than we see in a lot of other virus attacks."

Ayoub agreed that the most common form of attack to exploit this vulnerability most likely would be through spam. While this exploit is a bit different than more commonly seen bugs because it attacks the scanning engine in security software and does not require user intervention, Ayuob said this discovery simply highlights the need for consumers to adopt a multitiered approach to protecting their computers.

"It points to the fact that we should all opt for the layered approach," Ayoub recommended. "If a virus comes out for this, the most common way it will spread is through spam. So it goes back to [the idea that] you need a spam filter in addition to an antivirus application."

The Real Story
Both Ayoub and Jaquith expressed concern, however, over the manner in which Wheeler disclosed the vulnerability. Many industry experts believe that researchers who make these exploit discoveries and then fail to notify software developers before going public with the information do more harm than good.

"The real story is how the researcher chose to reveal the vulnerability," Jaquith said. "He sprang it on Symantec without giving them a chance to correct the issue and release a patch to the public. By releasing vulnerability details that could be useful to attackers seeking to construct automated exploits, he has needlessly placed the public at risk. This should be seen as a publicity stunt by Wheeler. He has acted badly."

The final verdict for Symantec and its position in the security industry will depend on how well the company responds to the problem. The timing for Symantec could not have been worse for a discovery of this nature, Ayoub explained, because Microsoft recently released the beta version of its own, competing antivirus product.

One factor working in Symantec's favor, though, is that any needed updates will be distributed quickly through the company's LiveUpdate program. "The one advantage they have is that, once the patch is available, it will be easy to update," Ayoub pointed out. "It's not so much that [the flaw] will work against [Symantec] at this moment, but it depends on how they handle it."

Consumers need to understand that all products have bugs, even antivirus software, Ayoub added.

From TopTech News



Previous
Next
ASUS Leads with Exclusive Intellectual Property Rights in 3G Core Technologies        All News        Nero 7 Premium Review
France votes to legalize flat-fee P2P downloads     General Computing News      Microsoft Risks a 2 mln Eur Daily Fine

Source Link Get RSS feed Easy Print E-Mail this Message

Related News
Stuxnet Roots Found Back in 2005
Microsoft and Symantec Take Down Bamital Botnet
Symantec Releases Enterprise Security Software For Mobiles
Norton Update Makes Some PCs Inoperable
Symantec Report Reveals Increase in Malicious Attacks in 2011
Symantec Dissolves Alliance With Huawei
New avast! 7 Free Antivirus Available For Download
Anonymous Released Symantec's pcAnywhere Source Code Online
Symantec Releases Latest NetBackup, Cloud-based Backup Exec 2012
Symantec Gives pcAnywhere All-clear
Symantec: Disable Our pcAnywhere Software
Symantec Confirms Hackers Accessed Its Source Code

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .