Saturday, April 21, 2018
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Apple to Replace Some MacBook Pro Laptop Batteries
ZTE's Nubia Red Gaming Phone Released
LG Display's OLED Smartphone Screens Still Not Ready For Apple
Nintendo Labo Kits Now Available
June's VLSI Symposium Focuses on Next Generation Transistor Technology and MRAM
Samsung Not Interested in Nokia's Health Unit
ZTE Says Company's Survival at Risk
2nd Generation AMD Ryzen Desktop Processors Arrive to Offer Great Value
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Symante...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, December 23, 2005
Symantec Antivirus Flaw Leaves Systems Open to Exploits

An independent security researcher has found a critical vulnerability in Symantec's antivirus software. The flaw, revealed Tuesday by Alex Wheeler, could provide a way in for malware -- the malicious code the antivirus software has been designed to detect and prevent.

The vulnerability affects a vast array of Symantec corporate antivirus software as well as consumer products, including Norton Antivirus, Norton Internet Security Professional, Norton System Works, Norton Personal Firewall, as well as recent versions in Symantec's line of antivirus software for Macintosh and handhelds.

According to Wheeler, formerly of Internet Security Systems, the problem lies in the manner in which Symantec's antivirus library handles compressed files in the RAR format. RAR is the open-source equivalent to the ZIP format.

In a written statement, Symantec said it "takes the security and proper functionality of its products very seriously" and that its "product teams are creating the necessary product updates to further protect against any possible threat."

Fatal Exception
Wheeler's findings showed that a specially engineered RAR file containing a virus or other malicious program could infiltrate a user's computer. Once that happens, attackers have carte-blanche access to the system and can take complete control over computers on which their programs have been downloaded.

"The flaw is potentially serious because it allows an attacker to gain remote control of a system," said Andrew Jaquith, a Yankee Group analyst. "However, it requires getting the malicious payload on to the target system first. The most likely way would be e-mail."

Symantec is not the first antivirus software firm to get caught with its pants down. Companies such as Trend Micro, F-Secure, and McAfee all have had to deal with the discovery of serious vulnerabilities in their software. The problem for Symantec is that, as an industry leader, there are a significant number of vendors as well as consumers whose products and services could be affected.

According to Jaquith, the discovery of the RAR vulnerability indicates that security researchers believe that security products represent a new frontier for hacking. Where vulnerabilities are discovered, said Jaquith, attacks soon follow.

The Layered Approach
However, the threat is probably not as widespread as it might seem, said Rob Ayoub, an analyst at Frost & Sullivan, because RAR files are not as prevalent as other compressed files, such as ZIP files. In addition, WinZIP, the most popular compression software used for opening RAR files, does not open RAR files automatically.

"It is a very dangerous exploit and it is important," said Ayoub. "But is everyone's system about to be left wide open? Probably not."

If the flaw had been discovered in WinZIP or in ZIP files, it would have been a lot more dangerous, said Ayoub. "While it is dangerous, the potential for opening the files is a lot more limited than we see in a lot of other virus attacks."

Ayoub agreed that the most common form of attack to exploit this vulnerability most likely would be through spam. While this exploit is a bit different than more commonly seen bugs because it attacks the scanning engine in security software and does not require user intervention, Ayuob said this discovery simply highlights the need for consumers to adopt a multitiered approach to protecting their computers.

"It points to the fact that we should all opt for the layered approach," Ayoub recommended. "If a virus comes out for this, the most common way it will spread is through spam. So it goes back to [the idea that] you need a spam filter in addition to an antivirus application."

The Real Story
Both Ayoub and Jaquith expressed concern, however, over the manner in which Wheeler disclosed the vulnerability. Many industry experts believe that researchers who make these exploit discoveries and then fail to notify software developers before going public with the information do more harm than good.

"The real story is how the researcher chose to reveal the vulnerability," Jaquith said. "He sprang it on Symantec without giving them a chance to correct the issue and release a patch to the public. By releasing vulnerability details that could be useful to attackers seeking to construct automated exploits, he has needlessly placed the public at risk. This should be seen as a publicity stunt by Wheeler. He has acted badly."

The final verdict for Symantec and its position in the security industry will depend on how well the company responds to the problem. The timing for Symantec could not have been worse for a discovery of this nature, Ayoub explained, because Microsoft recently released the beta version of its own, competing antivirus product.

One factor working in Symantec's favor, though, is that any needed updates will be distributed quickly through the company's LiveUpdate program. "The one advantage they have is that, once the patch is available, it will be easy to update," Ayoub pointed out. "It's not so much that [the flaw] will work against [Symantec] at this moment, but it depends on how they handle it."

Consumers need to understand that all products have bugs, even antivirus software, Ayoub added.

From TopTech News

ASUS Leads with Exclusive Intellectual Property Rights in 3G Core Technologies        All News        Nero 7 Premium Review
France votes to legalize flat-fee P2P downloads     General Computing News      Microsoft Risks a 2 mln Eur Daily Fine

Source Link Get RSS feed Easy Print E-Mail this Message

Related News
Western Energy Sector Targeted by Dragonfly Cyber Espionage Group
Symantec Points at North Korean Hackers in Ransomware Attacks
Symantec to Buy LifeLock for $2.3 Billion to Form Digital Safety Platform
Symantec Announces $4.7 billion Acquisition Of Blue Coat and Strengthen Its Enterprise Cybersecurity Offerings
Symantec to Offload Veritas
Symantec To Sell Veritas Storage Unit: report
Symantec to Pay $17 mln For Patent Infringement
Symantec to Separate into Two Technology Companies
China To bar Symantec, Kaspersky Anti-virus: report
Symantec Says Antivirus Software Is Dead, Focuses On Zero-day Attacks
Stuxnet Roots Found Back in 2005
Microsoft and Symantec Take Down Bamital Botnet

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .