Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Symantec (Norton) details flaws in its antivirus software
http://zdnet.com.com/2100-1009_22-5646871.html ^

Posted on 03/30/2005 9:50:57 AM PST by holymoly

Symantec has reported glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications.

In a notice posted on its Web site this week, Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works. The flaws, which could lead to computers crashing or slowing severely if attacked, are limited to versions of the software released for 2004 and 2005.

The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the problem in the AutoProtect feature of the Norton AntiVirus consumer product, Symantec said. AutoProtect is used to scan files for viruses, Trojan attacks and worms.

The flaw essentially causes Symantec's software to crash when it is asked to inspect a file specifically designed to exploit the flaw. The file could be submitted either remotely from outside a system or internally by someone with physical access to a computer, Symantec said.

The second flaw, discovered by the Japan Computer Emergency Response team, can be used to launch denial-of-service attacks by scanning specific file modifications using the SmartScan feature in Norton AntiVirus. Symantec said that any malicious use of that vulnerability would specifically require someone with authorized access to a computer to exploit the issue. SmartScan is designed to scour for viruses hidden in file extensions, as well as in executable and document files.

No attacks related to either problem have been reported so far, according to Symantec. The company also said in its warning that both vulnerabilities are "low impact" threats to its customers.

Cupertino, Calif.-based Symantec said it has informed its customers of the problems and has issued patches to correct the flaws, including sending out an automated fix to subscribers to its Automatic LiveUpdate service. The company recommended that people who have not already applied the patches do so immediately to protect against potential attacks.


TOPICS: News/Current Events
KEYWORDS: antivirus; bug; computersecurity; flaw; norton; software; symantec; vulnerability
Free Anti-Virus Software:

Antidote SuperLite
On-demand virus checker. Detects, doesn't clean. Huge virus database (excellent back-up scanner).

AntiVir® Personal Edition

AVG Anti-Virus

F-Prot Antivirus
The MS-DOS version is free

McAfee Stinger
On-demand scanner. Detects & cleans a small number of virii/trojans (around 50). Fits on a 3.5" floppy.

1 posted on 03/30/2005 9:50:58 AM PST by holymoly
[ Post Reply | Private Reply | View Replies]

To: holymoly
Woops, forgot this:

By Matt Hines
March 30, 2005
2 posted on 03/30/2005 9:52:58 AM PST by holymoly ("A lot" is TWO words.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

When I tired of Norton's glitches I changed to AVG and have never been happier. It's completely automatic and updates virtually every day.


3 posted on 03/30/2005 9:59:01 AM PST by Lady Jag (Honor and dignity)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lady Jag

I too have switched from Norton to AVG. Glad I did. I've never had a virus infect me while I had AVG installed. I can not say the same thing about Norton.


4 posted on 03/30/2005 10:01:54 AM PST by taxcontrol (People are entitled to their opinion - no matter how wrong it is.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: mewzilla

read later


5 posted on 03/30/2005 10:03:19 AM PST by mewzilla
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

I gave up on all Symantec Norton products years ago because they are such resource hogs. I switched to Trend Micro's PC-Cillin and couldn't be happier. It updates its virus definitions every hour, quietly in the background.


6 posted on 03/30/2005 10:14:42 AM PST by joebuck
[ Post Reply | Private Reply | To 1 | View Replies]

To: taxcontrol
Same here. Besides having tons of troubles with Norton, I actually did get a virus while assuming protection.

I switched over to AVG three years ago and have been virus free and trouble free . . . and there's a whole lot more money in my pocket for not buying back into Norton, too.

Three cheers for AVG!

7 posted on 03/30/2005 10:15:33 AM PST by Lady Jag (Honor and dignity)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Hodar

Ping


8 posted on 03/30/2005 10:16:27 AM PST by zlala (I used to have a handle on life but it broke.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: holymoly

Avast is also free and I've found it better than AVG.


9 posted on 03/30/2005 10:16:58 AM PST by 1L
[ Post Reply | Private Reply | To 1 | View Replies]

To: Darth Reagan

ping


10 posted on 03/30/2005 10:21:04 AM PST by marblehead17 (I love it when a plan comes together.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

I think when my subscription runs out on Norton, I'll try the other scanners too and see how they do. Bookmark Bump!


11 posted on 03/30/2005 10:21:19 AM PST by Nowhere Man (I hope you enjoyed your dinner, Terri Schindler can't. B-()
[ Post Reply | Private Reply | To 1 | View Replies]

To: 1L

As I recall, while free, Avast requires "registration", and this regsitration must be renewed every 12 months.

IMO If it's free, it should jus that - free. No strings attached.


12 posted on 03/30/2005 10:22:27 AM PST by holymoly ("A lot" is TWO words.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: 1L
I use avast too, for me, better than AVG. The registration is free, so it costs me nothing.

There ARE better AV programs out there, like Kaspersky, but Avast is doing alright. I used Norton for many years, stopped last year when I got a few viruses.

Just in case, I'll occasionally run a couple of online scanners. They have caught a few things for me (Trend Micro and Panda).

13 posted on 03/30/2005 10:29:16 AM PST by Paradox (Occam was probably right.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Lady Jag

I use F-Prot, which is a yearly subscription with free updates. I've been very satisfied with it.


14 posted on 03/30/2005 10:31:41 AM PST by Doohickey ("This is a hard and dirty war, but when it's over, nothing will ever be too difficult again.)
[ Post Reply | Private Reply | To 3 | View Replies]

Just watch... to fix these flaws, that will require the user to pay for the update...


15 posted on 03/30/2005 10:32:19 AM PST by oolatec
[ Post Reply | Private Reply | To 14 | View Replies]

To: oolatec

I should have added... eventually... ;)


16 posted on 03/30/2005 10:32:48 AM PST by oolatec
[ Post Reply | Private Reply | To 15 | View Replies]

To: holymoly
Symantec will never get another penny of my money. They:

1. Screwed me out of about 9 months of updates for which I paid.
2. Screwed me out of a mail-in rebate.
3. Gave me no end of trouble with a certain email-borne virus. For some reason, they could not detect it until the email that carried it was added to the inbox file. Once that happened, they locked up the whole file and couldn't fix it, so all I could do was delete the file. Then my entire inbox was gone. Their support people were unable or unwilling to do anything about it.

17 posted on 03/30/2005 10:36:58 AM PST by Fresh Wind
[ Post Reply | Private Reply | To 1 | View Replies]

To: 1L

Better, how so? Serious question.


18 posted on 03/30/2005 10:37:42 AM PST by savedbygrace ("No Monday morning quarterback has ever led a team to victory" GW Bush)
[ Post Reply | Private Reply | To 9 | View Replies]

To: savedbygrace

It picked up more viruses after I ran it following the use of AVG. Unless these were false positives, I'd call that better.


19 posted on 03/30/2005 10:39:28 AM PST by 1L
[ Post Reply | Private Reply | To 18 | View Replies]

To: holymoly
I've switched to Clamwin and just love it.
20 posted on 03/30/2005 10:46:33 AM PST by gura
[ Post Reply | Private Reply | To 12 | View Replies]

To: USF

read later


21 posted on 03/30/2005 10:48:09 AM PST by USF (I see your Jihad and raise you a Crusade )
[ Post Reply | Private Reply | To 1 | View Replies]

To: Fresh Wind
Symantec will never get another penny of my money. They: 1. Screwed me out of about 9 months of updates for which I paid. 2. Screwed me out of a mail-in rebate. 3. Gave me no end of trouble with a certain email-borne virus. For some reason, they could not detect it until the email that carried it was added to the inbox file. Once that happened, they locked up the whole file and couldn't fix it, so all I could do was delete the file. Then my entire inbox was gone. Their support people were unable or unwilling to do anything about it.

I was also diddled by Symantec when I sent in a rebate form for Norton Systemworks. I meticulously and carefully fulfilled all of the rebate requirements and sent it it. After about a month, I went online to see the status. It said that my rebate could not be found. About a month later I received a post card stating that my rebate was rejected because I did not abide by the rebate rules. Nonsense.

This rebate game has become a tiresome racket. I avoid products with mail-in rebates.

22 posted on 03/30/2005 10:49:57 AM PST by Blennos (hoste, opto ut seis felicior.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: holymoly
SmartScan is designed to scour for viruses hidden in file extensions, as well as in executable and document files.

Does anyone have a clue what this means, or is this just another Dumb Journalist Alert?


23 posted on 03/30/2005 10:53:55 AM PST by Nick Danger (You can stick a fork in the Mullahs -- they're done.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Nick Danger

You just never know when a virus will be lurking in between the "h" and the "t" in ".html" :^/


24 posted on 03/30/2005 10:57:17 AM PST by general_re ("Frantic orthodoxy is never rooted in faith, but in doubt." - Reinhold Niebuhr)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Blennos
About a month later I received a post card stating that my rebate was rejected because I did not abide by the rebate rules.

That's EXACTLY what they did to me.

25 posted on 03/30/2005 11:02:44 AM PST by Fresh Wind
[ Post Reply | Private Reply | To 22 | View Replies]

To: Blennos

all my Microsoft court settlement rebates were rejected.

Oh well.


26 posted on 03/30/2005 11:02:47 AM PST by BurbankKarl (ua)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Blennos

Of course, when I reformatted my hard drive at home last week, and reinstalled NAV 2004 it restarted my subscription for another year....


27 posted on 03/30/2005 11:03:53 AM PST by BurbankKarl (ua)
[ Post Reply | Private Reply | To 22 | View Replies]

To: holymoly

Symantec (Norton) = BLOATWARE...


28 posted on 03/30/2005 11:04:34 AM PST by MD_Willington_1976
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

AVG is the best. I would highly recommend it over Norton or MaCafee (and I've had both.)


29 posted on 03/30/2005 11:09:14 AM PST by reagan_fanatic ("Darwinism is a belief in the meaninglessness of existence" - R. Kirk)
[ Post Reply | Private Reply | To 2 | View Replies]

To: gura
ClamWin is OK for a back-up scanner only, since it doesn't offer full/real time system protection (unless this has been changed with the 0.83 relase)

I see no mention of full/real-time protection being added in the 0.83 release announcement.

There were some other things I personally didn't like about ClamWin. As I recall, it didn't offer the option to clean infected files (only quarantine or delete), and it didn't completely un-install on my test machine.
30 posted on 03/30/2005 11:18:12 AM PST by holymoly ("A lot" is TWO words.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Fresh Wind
I think most of the rebates are handled by a subcontractor, a firm that specializes in this sort of thing. They probably are paid on a sliding scale: the more rebates that are actually sent out, the less money this outfit gets to keep. Thus rebates are an annoying racket.

Some of electronics retailers such as Circuitcity and bestBuy have 2 or 3 three different rebates on a single item. Thus they can advertise a much lower price.

I let salesmen in the store know that I do like the rebate game

31 posted on 03/30/2005 11:45:46 AM PST by Blennos (hoste, opto ut seis felicior.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: holymoly

AVG is very good and I recommend it to students in the classes I teach. I personally prefer McAfee, but that's me. Symantic is crapware.


32 posted on 03/30/2005 12:05:33 PM PST by RJS1950 (The rats are the "enemies foreign and domestic" cited in the federal oath)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lady Jag
I changed to AVG and have never been happier.

Me too. I really like it because it's free, simple, free, intuitive, and did I mention free?

33 posted on 03/30/2005 12:13:16 PM PST by Terabitten (A quick reminder to the liberals. The election in Iraq was done NOT IN YOUR NAME.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Terabitten

On top of that, it works, it's free, it's reliable, quirk-free, and just plain free as well as being free.


34 posted on 03/30/2005 12:26:06 PM PST by Lady Jag (Honor and dignity)
[ Post Reply | Private Reply | To 33 | View Replies]

To: 1L
"it picked up more viruses after I ran it following the use of AVG."

You had multiple viruses? Are you talking about spyware or something similar instead of actual viruses?
35 posted on 03/30/2005 1:19:06 PM PST by oldcomputerguy
[ Post Reply | Private Reply | To 19 | View Replies]

To: Fresh Wind
There was an article (Znet?) about how Symantec hasn't updated NAV's engine in years, so it really slows down the
machine, when compared to "real" companies.

What a pain in trying to disable NAV so I could test
other vendors' products.

36 posted on 03/30/2005 1:48:55 PM PST by Calvin Locke
[ Post Reply | Private Reply | To 17 | View Replies]

To: Blennos
I let salesmen in the store know that I do like the rebate game

Oops. I let salesmen in the store know that I do NOT like the rebate game

37 posted on 03/30/2005 6:21:22 PM PST by Blennos (hoste, opto ut seis felicior.)
[ Post Reply | Private Reply | To 31 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson