Symantec Antivirus Remotely Exploitable Vulnerability



This is bad – whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they’re waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus package out there. It looks as though, from Symantec’s advisory, that the Norton Antivirus product line is not affected, ONLY “Symantec Client Security 3.1″ and “Symantec Antivirus Corporate Edition 10.1″

They have released IDS updates to try to detect attempted exploits of this….


There do not appear to be exploits in the wild currently for this issue. It sounds like a VERY serious issue and a patch should be coming soon. (No word on when though.) (They are still evaluating other products for this vulnerability.)

Remotely exploitable Antivirus is a BAD thing… Which is why George Ou thinks it’s time to get rid of desktop antivirus…. he does have some decent points, that ANY software that handles files from the outside world can be a weak point. IT IS a good point that antivirus filtering/scanning should be done at the gateway. However, I still have to convince people that they need antivirus even though they just download mail from webmail and the webmail scans for viruses… George says he hasn’t had a problem with a virus on a PC, and that among the “expert users” he knows none of them have either. That’s very good, i’m glad to hear. I’ve seen many users experienced and inexperienced pick up who knows what on the web, with the neat screensaver that so and so… emailed that didn’t seem to do anything, with that neat “game” download… Or, “well I just went looking for lyrics to a **** song…” or… “I just got a highspeed connection last week and things are acting funny…..” Now, maybe I can’t claim to know any experts, myself included… ok fine.

Of course, he is pointing towards Vista and saying that IE will be sandboxed, everyone will be limited-user…. Of course, also in a corporate environment you can have proxy antivirus scanning for mail and web content and even some homes may do likewise, but frankly, MOST homes aren’t NEARLY at the point where they can move the virus scanning entirely to another machine.

YES it’s easily do-able and fairly cheap for someone with a bit of computer experience to setup an antivirus filtering gateway. In fact… with Viralator and squid it would be fairly easy to filter web traffic, add in another component for mail scanning, and that could be a stand alone proxy/scanner for web and mail. What if someone in the network uses IM – I guess Intrusion detection signatures could mitigate that threat, but I’d still be reluctant to say now’s the time to throw it out entirely. I like the idea of “layered defense”. In one particular location that I support they have desktop antivirus and mailserver antivirus (no proxy virus scanning… yet…) The desktop antivirus frankly has not gotten MUCH use as the mailserver antivirus usually picks up and cleans out the problems, however…. I use two different “flavors” of antivirus so that if the updates for one product are a bit slow, the other, hopefully will be able to defend.

Many of the comments to George’s post reflect 2 things…. 1) an impression that he said to get rid of your antivirus (period…) and 2) that the network is NOT the only way bugs can get in…

With regards to 1… that is NOT what he means, he essentially means to move your antivirus off your desktop and to a PC in the network DMZ (out in the wild internet…) I think half of that is a good point and that’s where MOST scanning should be done, however I STRONGLY disagree that desktop antivirus should not be installed. Mainly because of point 2… Most of the time, viruses infect a system because of choices the user makes. *(There are rare situations that it IS beyond their choice, maybe because it’s beyond their expertise…) Visitor at the pc, poor decision, flash card, bluetooth device, wireless card…. how many ways are there that something can STILL get in the system. Vista may make great strides. It does sound like a marked improvement, but It is NOT here. IT is NOT installed on most PC’s. It Will not be widely installed for at least 10-12 months.

Please folks, keep your desktop AV installed and up-to-date. If you want to add perimeter scanning to your home network. There are ways to do so. Maybe we’ll look at some here at some point.

—-update on the Symantec Vulnerability —— 5/27/06 ——

Looks as though I rambled a bit off the specific Symantec vulnerability above…. anyway – it looks as though today:

Symantec has released update patches for the affected products. They appear to be manual download and install only at this point, Hopefully they will be integrated into the liveupdate process (?).

Related Posts

Blog Traffic Exchange Related Posts
  • Zotob worm bites big media outlets According to several reports there are several big media outlets seeing what is reported as the zotob worm which exploits a Microsoft Windows vulnerability (MS05-039) disclosed last week. There seems to be no better way for something to make the news than for it to affect the companies that bring......
  • Vista UAP (User Account Protection) - too much? First let me tell you I have not seen first hand Microsoft's Vista UAP (User Account Protection) I cannot then claim firsthand experience with it, the following is and will be based on what I have read plus how it relates and compares to linux and "run as" functionality. George......
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
Blog Traffic Exchange Related Websites
  • Sundry Topics: Thanking Readers and Website Changes I want to thank everyone for their votes for Performancing's Best Money Blog. The competition was tough and two of those competitors have more readers than many cities. The voting came to a somewhat predictable conclusion with those two, The Simple Dollar and Get Rich Slowly taking the top two......
  • FREE AntiVirus Software FREE AVG Anti-virus Software Review Magnanimously protecting your PC... While many of my readers have heard of AVG Free Edition, many still have not so, I thought I would go over the Anti-virus software that protects many of my personal PC's from the wild west internet. As far as AV......
  • World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site