This is bad – whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they’re waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus package out there. It looks as though, from Symantec’s advisory, that the Norton Antivirus product line is not affected, ONLY “Symantec Client Security 3.1″ and “Symantec Antivirus Corporate Edition 10.1″
They have released IDS updates to try to detect attempted exploits of this….
There do not appear to be exploits in the wild currently for this issue. It sounds like a VERY serious issue and a patch should be coming soon. (No word on when though.) (They are still evaluating other products for this vulnerability.)
Remotely exploitable Antivirus is a BAD thing… Which is why George Ou thinks it’s time to get rid of desktop antivirus…. he does have some decent points, that ANY software that handles files from the outside world can be a weak point. IT IS a good point that antivirus filtering/scanning should be done at the gateway. However, I still have to convince people that they need antivirus even though they just download mail from webmail and the webmail scans for viruses… George says he hasn’t had a problem with a virus on a PC, and that among the “expert users” he knows none of them have either. That’s very good, i’m glad to hear. I’ve seen many users experienced and inexperienced pick up who knows what on the web, with the neat screensaver that so and so… emailed that didn’t seem to do anything, with that neat “game” download… Or, “well I just went looking for lyrics to a **** song…” or… “I just got a highspeed connection last week and things are acting funny…..” Now, maybe I can’t claim to know any experts, myself included… ok fine.
Of course, he is pointing towards Vista and saying that IE will be sandboxed, everyone will be limited-user…. Of course, also in a corporate environment you can have proxy antivirus scanning for mail and web content and even some homes may do likewise, but frankly, MOST homes aren’t NEARLY at the point where they can move the virus scanning entirely to another machine.
YES it’s easily do-able and fairly cheap for someone with a bit of computer experience to setup an antivirus filtering gateway. In fact… with Viralator and squid it would be fairly easy to filter web traffic, add in another component for mail scanning, and that could be a stand alone proxy/scanner for web and mail. What if someone in the network uses IM – I guess Intrusion detection signatures could mitigate that threat, but I’d still be reluctant to say now’s the time to throw it out entirely. I like the idea of “layered defense”. In one particular location that I support they have desktop antivirus and mailserver antivirus (no proxy virus scanning… yet…) The desktop antivirus frankly has not gotten MUCH use as the mailserver antivirus usually picks up and cleans out the problems, however…. I use two different “flavors” of antivirus so that if the updates for one product are a bit slow, the other, hopefully will be able to defend.
Many of the comments to George’s post reflect 2 things…. 1) an impression that he said to get rid of your antivirus (period…) and 2) that the network is NOT the only way bugs can get in…
With regards to 1… that is NOT what he means, he essentially means to move your antivirus off your desktop and to a PC in the network DMZ (out in the wild internet…) I think half of that is a good point and that’s where MOST scanning should be done, however I STRONGLY disagree that desktop antivirus should not be installed. Mainly because of point 2… Most of the time, viruses infect a system because of choices the user makes. *(There are rare situations that it IS beyond their choice, maybe because it’s beyond their expertise…) Visitor at the pc, poor decision, flash card, bluetooth device, wireless card…. how many ways are there that something can STILL get in the system. Vista may make great strides. It does sound like a marked improvement, but It is NOT here. IT is NOT installed on most PC’s. It Will not be widely installed for at least 10-12 months.
Please folks, keep your desktop AV installed and up-to-date. If you want to add perimeter scanning to your home network. There are ways to do so. Maybe we’ll look at some here at some point.
—-update on the Symantec Vulnerability —— 5/27/06 ——
Looks as though I rambled a bit off the specific Symantec vulnerability above…. anyway – it looks as though today:
Symantec has released update patches for the affected products. They appear to be manual download and install only at this point, Hopefully they will be integrated into the liveupdate process (?).
Related PostsRelated Posts
- WMF vulnerability advisory update Microsoft has updated their security bulletin on the WMF vulnerability to note a couple things. One, they acknowledge that embedded images within a document can trigger the exploit. Previously they said this needed further investigation. Second, they are seconding what I've been finding that Windows 98 and other pre-XP systems......
- The end of antivirus definition updates? Well, frankly, there has been talk of the end of definition based antivirus scanning for years. You see the achilles heel of any AV scanner is that it has to have signatures of what known viruses look like, so there will always be a reflex window, where there's a new......
- Network Security guide for the home or small business network - Part 3 - Antivirus Ok, the first two entries thus far, hardware firewalls and software firewalls have been fairly operating system independant. A hardware firewall is best, but if that's not possible a software firewall will do until you get a hardware firewall setup. This next item is (currently) a must have for Windows......
- Comparison Between Free Of Charge And Paid Web Comparison between free of charge and paid Web security software has turn into a main subject of discussion amongst probably the most of all computer users recently. Numerous people who have employed both free of charge as well as paid Web security software place their strong opinions. Although many people......
- 3 Ways of Repairing the Windows Blue Screen The most frustrating computer error of all, the blue screen that pops up out of no where and almost always when you're in the middle of something very important. The screen appears listing some strange cryptic message of numbers and letters about something going wrong. For us average computer users......
- FREE AntiVirus Software FREE AVG Anti-virus Software Review Magnanimously protecting your PC... While many of my readers have heard of AVG Free Edition, many still have not so, I thought I would go over the Anti-virus software that protects many of my personal PC's from the wild west internet. As far as AV......
- Serious Symantec Antivirus Vulnerability
- Linux Antivirus
- Grisoft AVG Antivirus and other antivirus alternatives
- Network Security guide for the home or small business network – Part 3 – Antivirus
- I’ve NEVER liked UPNP…. now I have another reason….