Symantec Antivirus Remotely Exploitable Vulnerability



This is bad – whose defending the defender? eEye security has a bulletin announced that regards a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x They say other versions MAY be vulnerable they’re waiting for information from Symantec. Now, Symantec is probably the biggest selling antivirus package out there. It looks as though, from Symantec’s advisory, that the Norton Antivirus product line is not affected, ONLY “Symantec Client Security 3.1″ and “Symantec Antivirus Corporate Edition 10.1″

They have released IDS updates to try to detect attempted exploits of this….


There do not appear to be exploits in the wild currently for this issue. It sounds like a VERY serious issue and a patch should be coming soon. (No word on when though.) (They are still evaluating other products for this vulnerability.)

Remotely exploitable Antivirus is a BAD thing… Which is why George Ou thinks it’s time to get rid of desktop antivirus…. he does have some decent points, that ANY software that handles files from the outside world can be a weak point. IT IS a good point that antivirus filtering/scanning should be done at the gateway. However, I still have to convince people that they need antivirus even though they just download mail from webmail and the webmail scans for viruses… George says he hasn’t had a problem with a virus on a PC, and that among the “expert users” he knows none of them have either. That’s very good, i’m glad to hear. I’ve seen many users experienced and inexperienced pick up who knows what on the web, with the neat screensaver that so and so… emailed that didn’t seem to do anything, with that neat “game” download… Or, “well I just went looking for lyrics to a **** song…” or… “I just got a highspeed connection last week and things are acting funny…..” Now, maybe I can’t claim to know any experts, myself included… ok fine.

Of course, he is pointing towards Vista and saying that IE will be sandboxed, everyone will be limited-user…. Of course, also in a corporate environment you can have proxy antivirus scanning for mail and web content and even some homes may do likewise, but frankly, MOST homes aren’t NEARLY at the point where they can move the virus scanning entirely to another machine.

YES it’s easily do-able and fairly cheap for someone with a bit of computer experience to setup an antivirus filtering gateway. In fact… with Viralator and squid it would be fairly easy to filter web traffic, add in another component for mail scanning, and that could be a stand alone proxy/scanner for web and mail. What if someone in the network uses IM – I guess Intrusion detection signatures could mitigate that threat, but I’d still be reluctant to say now’s the time to throw it out entirely. I like the idea of “layered defense”. In one particular location that I support they have desktop antivirus and mailserver antivirus (no proxy virus scanning… yet…) The desktop antivirus frankly has not gotten MUCH use as the mailserver antivirus usually picks up and cleans out the problems, however…. I use two different “flavors” of antivirus so that if the updates for one product are a bit slow, the other, hopefully will be able to defend.

Many of the comments to George’s post reflect 2 things…. 1) an impression that he said to get rid of your antivirus (period…) and 2) that the network is NOT the only way bugs can get in…

With regards to 1… that is NOT what he means, he essentially means to move your antivirus off your desktop and to a PC in the network DMZ (out in the wild internet…) I think half of that is a good point and that’s where MOST scanning should be done, however I STRONGLY disagree that desktop antivirus should not be installed. Mainly because of point 2… Most of the time, viruses infect a system because of choices the user makes. *(There are rare situations that it IS beyond their choice, maybe because it’s beyond their expertise…) Visitor at the pc, poor decision, flash card, bluetooth device, wireless card…. how many ways are there that something can STILL get in the system. Vista may make great strides. It does sound like a marked improvement, but It is NOT here. IT is NOT installed on most PC’s. It Will not be widely installed for at least 10-12 months.

Please folks, keep your desktop AV installed and up-to-date. If you want to add perimeter scanning to your home network. There are ways to do so. Maybe we’ll look at some here at some point.

—-update on the Symantec Vulnerability —— 5/27/06 ——

Looks as though I rambled a bit off the specific Symantec vulnerability above…. anyway – it looks as though today:

Symantec has released update patches for the affected products. They appear to be manual download and install only at this point, Hopefully they will be integrated into the liveupdate process (?).

Related Posts

Blog Traffic Exchange Related Posts
  • Phish down - finally Finally, I just checked and ~80 hours since my first emails the Bank of the West phishing site is finally down. (~32 hours since contacting the ISP and 8-10 hours since contacting Bank of the West.) I suspect the ISP probably is the one responsible as I've found 24-48 hour......
  • How to Remove PC Scout | PC Scout Removal Guide PC Scout is another rogue application with a similar look and feel to the Windows Security Center. (It's also apparently a clone of the same family as ActiveSecurity (ActiveSecurity Removal) It likely installs through malware and the use of web popups. Once it's installed on your system it tries to......
  • The end of antivirus definition updates? Well, frankly, there has been talk of the end of definition based antivirus scanning for years. You see the achilles heel of any AV scanner is that it has to have signatures of what known viruses look like, so there will always be a reflex window, where there's a new......
Blog Traffic Exchange Related Websites
  • Comparison Between Free Of Charge And Paid Web Comparison between free of charge and paid Web security software has turn into a main subject of discussion amongst probably the most of all computer users recently. Numerous people who have employed both free of charge as well as paid Web security software place their strong opinions. Although many people......
  • Principles for Good Blog Design, pt 1 Most of the open source blogging platforms out there are going to come with at least a few different basic blogging designs. Some platforms call them themes, others call them templates, and others still have completely unique names for them. Most of these basic themes or templates have nothing inherently......
  • Is it a Sales Letter or a Corporate Blog Post? One of the most common mistakes that corporate blog owners make is turning their blog into a glorified sales letter. While there is a place for sales copy on a blog, it should only be used when absolutely necessary, and never as the main form of communication. No one really......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site