Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Critical bug found in anti-virus software
New Scientist news service ^ | 22 December 2005 | Will Knight

Posted on 12/23/2005 9:05:03 AM PST by george76

A critical software bug has been discovered in several of the most widely used anti-virus programs. It could be exploited to take control of a computer or to steal information, according to an analysis produced by the independent security analyst who made the discovery.

The glitch affects 39 different Symantec products - including both home and enterprise versions of its anti-virus software. It resides within the Symantec anti-virus library, which is used by all of the packages.

The analyst, Alex Wheeler, discovered that a critical error occurs when the Symantec anti-virus library decompresses files from "RAR" format for analysis

Symantec has confirmed the problem and produced an advisory of its own. It is currently working on a permanent fix but has released an update so that computers running its anti-virus software should automatically detect and block attempts to exploit the bug.

(Excerpt) Read more at newscientist.com ...


TOPICS: Business/Economy; Crime/Corruption; Extended News; Government; News/Current Events; War on Terror
KEYWORDS: antivirus; avast; avg; bitdefender; computer; mcafee; n00bs; nod32; norton; panda; rar; rarformat; software; sophos; spying; symantec; trendmicro; zonealarm
Navigation: use the links below to view more comments.
first 1-5051-76 next last

1 posted on 12/23/2005 9:05:03 AM PST by george76
[ Post Reply | Private Reply | View Replies]

To: george76

I use Trend Micro. A much "leaner" program that catches things Norton does not, and it doesn't try to take over your computer.


2 posted on 12/23/2005 9:06:27 AM PST by iPod Shuffle
[ Post Reply | Private Reply | To 1 | View Replies]

To: iPod Shuffle

I don't use anti-virus software at all. It's for n00bs.


3 posted on 12/23/2005 9:08:22 AM PST by xrp (Conservative votes are to Republicans what 90% of black votes are to Democrats (taken for granted))
[ Post Reply | Private Reply | To 2 | View Replies]

To: iPod Shuffle

I switched from Norton to Nod32 and I love it.


4 posted on 12/23/2005 9:08:23 AM PST by Jimbaugh (Fear the Base !!!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: george76

"A critical software bug has been discovered in several of the most widely used anti-virus programs. It could be exploited to take control of a computer or to steal information..."

Irony works in mysterious ways.


5 posted on 12/23/2005 9:09:00 AM PST by ndt
[ Post Reply | Private Reply | To 1 | View Replies]

To: iPod Shuffle

What do you think of AVG?

I use it and near as I can tell, it works well.


6 posted on 12/23/2005 9:09:27 AM PST by MplsSteve
[ Post Reply | Private Reply | To 2 | View Replies]

To: george76

I dumped Norton for McAfee earlier this year and have found it superior in virus/spyware detection and does not slow my computer down...Norton failed on both counts.


7 posted on 12/23/2005 9:09:59 AM PST by LostInBayport (Massachusetts liberals refuse to admit we exist...we are the 37% of MA voters who voted for GWB)
[ Post Reply | Private Reply | To 1 | View Replies]

To: george76
I like AVG, myself.
8 posted on 12/23/2005 9:10:05 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: george76

norton software turned to crap when peter sold out to symantec


9 posted on 12/23/2005 9:10:16 AM PST by NoClones
[ Post Reply | Private Reply | To 1 | View Replies]

To: iPod Shuffle
Trend Micro and Panda provide excellent online scans. Don't forget about BitDefender:

http://www.bitdefender.com/scan8/ie.html

BD finds and cleans viruses and trojans that even Ewido and the others will miss.
10 posted on 12/23/2005 9:10:19 AM PST by jdm (I'm not blunting.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: ndt

I punt Norton/Symantec off every system I'm responsible for. AVG and Sophos do a much better job.

This just reinforces my experience with and low opinion of their products.


11 posted on 12/23/2005 9:10:45 AM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: xrp
:) that's funny. Mainly because I don't use anti-virus software because it's more convenient to zap what ever comes my way than it is to have a firewall/norton/panda/and 16 other protection programs that will "protect" my computer running at any given time.
12 posted on 12/23/2005 9:11:42 AM PST by tfecw (It's for the children)
[ Post Reply | Private Reply | To 3 | View Replies]

To: MplsSteve
I like AVG. I use the free version and make sure the latest definition updates are set for auto-download.

Norton was great back in the mid 90s -- now it's a POS, IMHO. A true memory hog and not thorough.
13 posted on 12/23/2005 9:12:16 AM PST by jdm (I'm not blunting.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: iPod Shuffle

I have been using Zone Alarm Security Suite.

I've had great results, the program errs on the side of peranoid which i'm greatful for. I got away from Noron/Symantec because for some reason i always felt it didn't do enough to protect my system.

I would like some feedback from the rest of you if you know how Zone Alarm rates, also if you know of a better product i would be interested in upgrading. Zone Alarm was a top rated program when i was looking around at the time, i haven't kept up on the A/V news lately because i've been happy with what i got. No i don't work for Zone Alarm.

I'm now also looking for a "vault" program that i can use to easily "lock" and "encrypt" my files so if my laptop gets stolen, or hacked, they won't be able to access certain personal data files. Your recommendations would be greatly appreciated :) ** When i say "your opinion" i mean any Freepers :) Thanks!


14 posted on 12/23/2005 9:13:25 AM PST by 1FASTGLOCK45 (FreeRepublic: More fun than watching Dem'Rats drown like Turkeys in the rain! ! !)
[ Post Reply | Private Reply | To 2 | View Replies]

To: george76

See also:

Symantec, McAfee Battle Flaws
http://www.freerepublic.com/focus/f-news/1545631/posts


15 posted on 12/23/2005 9:13:41 AM PST by Boundless
[ Post Reply | Private Reply | To 1 | View Replies]

To: george76

Symantec is junk. While it has a nice library and catches a lot of viruses, dware and spyware when it runs, the simplest adware can disable the thing and make reinstallation an nours long project.

As a result it doesn't work when you need it too.


16 posted on 12/23/2005 9:13:49 AM PST by Fido969 ("And ye shall know the truth, and the truth shall make you free" (John 8:32).)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MplsSteve

I've been using Grisoft AVG on three WinXP Pro computers for a good long while now without any problems. I'd recommend the purchased version of it, though. The free version gives you updates from an overused server, so they are slow to download, and sometimes the download isn't available.

If you buy it, you get your updates from servers that respond quickly without a problem.


17 posted on 12/23/2005 9:13:56 AM PST by savedbygrace (SECURE THE BORDERS FIRST (I'M YELLING ON PURPOSE))
[ Post Reply | Private Reply | To 6 | View Replies]

To: george76

Discussed here too

http://www.freerepublic.com/focus/f-news/1545631/posts


18 posted on 12/23/2005 9:14:24 AM PST by UB355 (Slower traffic keep right >>>>>>>>>>>>>>)
[ Post Reply | Private Reply | To 1 | View Replies]

To: iPod Shuffle
" and it doesn't try to take over your computer"

You mean that this isn't the united state of symantec?

19 posted on 12/23/2005 9:15:57 AM PST by editor-surveyor (Atheist and Fool are synonyms; Evolution is where fools hide from the sunrise)
[ Post Reply | Private Reply | To 2 | View Replies]

To: george76

Went from McAfee to AVG and have never looked back.
McAfee allowed a trojan in on my home PC and I gave up on it after that.


20 posted on 12/23/2005 9:16:05 AM PST by gimme1ibertee (Merry CHRISTmas to all....damn the PC police!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MplsSteve

AVG has missed two invasions of my system over the last two months. I found them in standard scans. I use AVG, AdAware SE and Spybot Search and Destroy in combination.


21 posted on 12/23/2005 9:18:12 AM PST by Colonel_Flagg ("Defeatism may have its partisan uses but it is not justified by the facts.")
[ Post Reply | Private Reply | To 6 | View Replies]

To: xrp

I too quite all anti-virus swft. Too much of a resourse hog, and slows things down. I NEVER email in html, txt only, delete cookies daily, and dump cache several times daily.


22 posted on 12/23/2005 9:18:36 AM PST by devane617 (An Alley-Cat mind is a terrible thing to waste)
[ Post Reply | Private Reply | To 3 | View Replies]

To: LostInBayport; All

I am going to ditch Norton when my subscription runs out next month.

Thanks to all for the suggestions on this thread about Trend Micro and some of the other good ones.

I couldn't figure out why my 'puter slowed down more and more after each Symantec update. I'm a little behind the curve, not being a computer professional--just an ordinary user.

I finally figured out that if I deleted the calendar in Microsoft Works, it would solve a Norton glitch. Just look for wks.cal.exe on your hard drive and get rid of it.

Better yet, get rid of Norton altogether.


23 posted on 12/23/2005 9:19:41 AM PST by Palladin (Merry Christmas! God bless us, every one!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Spktyr
AVG is a good system.

The best prevention of infection is the person sitting at the keyboard.

I generally do not have antivirus software installed on my computer (Windows Server 2003 / Ubuntu) while my wifes (XP Pro) does have AVG installed along with antisypware software. I will periodically and temporarily install AVG and AdAware on my system just to check and have never found anything (apart from the standard cookies and java.byte.verify) while my wife's computer I have to clean every month.
24 posted on 12/23/2005 9:19:55 AM PST by ndt
[ Post Reply | Private Reply | To 11 | View Replies]

To: NoCmpromiz

ping


25 posted on 12/23/2005 9:24:54 AM PST by DJ MacWoW (If you think you know what's coming next....You don't know Jack.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: All
Help for viruses and malware:
 
 Ad-Aware ... Spybot ... Peper Uninstaller ... HijackThis... CWShredder ... Spyware Blaster ... IE Spyad ... BitDefender Free online Virus scan ... Trend Micro Free online Virus scan ... Kaspersky Free online Virus scan ... Ewido Anti-Malware ... LSPfix ... How to Show Hidden Files ... How to boot into Safe Mode ... How did I get infected in the first place?


Things you need--(all FREE)

Anti-Virus
AVG

 Avast
Firewall
Kerio(Direct Download) Zone Alarm
 If are using zone alarm it may slow your PC. Try Outpost Firewall http://www.agnitum.com/products/outpost or Sygate Firewall http://www.sygate.com/, both have FREE and Pro versions and are heads above ZA.
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update- you must keep updated, it is the start of a secure system-
get all CRITICAL Updates

26 posted on 12/23/2005 9:25:19 AM PST by jdm (I'm not blunting.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: xrp

I don't even use a computer. Just pen and paper for me.


27 posted on 12/23/2005 9:26:49 AM PST by Maceman (Fake but accurate -- and now double-sourced)
[ Post Reply | Private Reply | To 3 | View Replies]

To: iPod Shuffle; LostInBayport; NoClones
I dropped Symantec too. I read a review that said that Symantec hadn't updated the engine in eons, therefore,
it was slow, and a resource hog.

That, and I remember it having install problems, granted, the site had the workaround info, but still a pain, and a few
other annoying problems. I guess they considered them FAD or "features" that couldn't be disabled, either permanently, or
temporarily.

28 posted on 12/23/2005 9:26:49 AM PST by Calvin Locke
[ Post Reply | Private Reply | To 2 | View Replies]

To: jdm

Sorry about the errors. I just realized a few links are dead.


29 posted on 12/23/2005 9:27:40 AM PST by jdm (I'm not blunting.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: jdm

Thank you for that.

Now will you come to my house and fix everything for me?


30 posted on 12/23/2005 9:28:19 AM PST by Palladin (Merry Christmas! God bless us, every one!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: george76

bump


31 posted on 12/23/2005 9:29:17 AM PST by Maceman (Fake but accurate -- and now double-sourced)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Maceman

"I don't even use a computer. Just pen and paper for me."

LOL. Me, I prefer Lotus Notes.


32 posted on 12/23/2005 9:29:28 AM PST by jdm (I'm not blunting.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: 1FASTGLOCK45

One of my old machines that still runs on w98 crashed badly during the latest ZoneAlarm update. Took me about six hours over a month to debug it and now I don't think I will reload their Shareware firewall on it again.


33 posted on 12/23/2005 9:30:10 AM PST by KC Burke (Men of intemperate minds can never be free....)
[ Post Reply | Private Reply | To 14 | View Replies]

To: george76
Critical software bug or FBI back-door?

You decide:


AV vendors split over FBI Trojan snoops:

Keystroke loggerheads

By John Leyden
Published Tuesday 27th November 2001 18:44 GMT

Antivirus vendors are at loggerheads over whether they should include in their software packages detection for a Trojan horse program reportedly under development by the FBI.

A keystroke logging Trojan, called Magic Lantern, will enable investigators to discover break PGP encoded messages sent by suspects under investigation, MSNBC reports. By logging what a suspect types, and transmitting this back to investigators, the FBI could use Magic Lantern to work out a suspect's passphrase. Getting a target's private PGP keyring is easy in comparison, and with the two any message can be broken.

MSNBC quotes unnamed sources who says that Magic Lantern could be sent to a target by email or planted on a suspect's PC by exploiting common operating system vulnerabilities.

Although unconfirmed, the reports are been taken seriously in the security community, and are consistent with the admitted use of key-logging software in the investigation of suspected mobster Nicodemo Scarfo. In that case, FBI agents obtained a warrant to enter Scarfo's office and install keystroke logging software on his machine.

Magic Lantern, which would be an extension of the Carnivore Internet surveillance program, takes the idea one step further by enabling agents to place a Trojan on a target's computer without having to gain physical access.

The suggested technique creates a clutch of legal, ethical and technical issues. Greater powers in the Patriot Act, which Congress is considering, may allow the tool to be used. But what if it was modified for use by hackers?

And antivirus vendors are mulling over the rights and wrongs of putting Magic Lantern on their virus definition list.

Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan.

Symantec is yet to hear back from the FBI on its enquiries about Magic Lantern.

"If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."

Graham Cluley, senior technology consultant at Sophos, disagrees. He says it it wrong to deliberately refrain from detecting the virus, because its customers outside the US would expect protection against the Trojan. Such a move also creates an awkward precedent.

Cluley adds: "What if the French intelligence service, or even the Greeks, created a Trojan horse program for this purpose? Should we ignore those too?"

34 posted on 12/23/2005 9:30:15 AM PST by Ol' Dan Tucker (Karen Ryan reporting...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: 1FASTGLOCK45
Best protection. Two computers. Only one that does not contain my valuable files is connected to the Internet.
35 posted on 12/23/2005 9:31:48 AM PST by Logical me (Oh, well!!!)
[ Post Reply | Private Reply | To 14 | View Replies]

To: george76

AVG is the best I've found so far. Much easier on system resources too. Norton is garbage.


36 posted on 12/23/2005 9:32:16 AM PST by reagan_fanatic (Darwinism is a belief in the meaninglessness of existence - R. Kirk)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Same here - great program


37 posted on 12/23/2005 9:33:27 AM PST by ItsOurTimeNow ("Hail Him who saved you by His grace, and crown Him Lord of All")
[ Post Reply | Private Reply | To 8 | View Replies]

To: george76

Cisco Security Agent is better.


38 posted on 12/23/2005 9:34:22 AM PST by Centurion2000 ((Aubrey, Tx) --- America, we get the best government corporations can buy.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Maceman
I don't even use a computer. Just pen and paper for me.

I still use my computers. But I discovered that if I write on the front surface of the screen with a grease pencil, rather than on the back side with the keyboard, I can avoid viruses altogether and save $30/year.

Take that, Norton!

39 posted on 12/23/2005 9:39:03 AM PST by Hank Rearden (Never allow anyone who could only get a government job attempt to tell you how to run your life.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: george76

This is ridiculous "the sky is falling" journalism at its worst; don't get caught up in it Freepers. It's a nice "bash-a-successful-company" tone that belongs on socialist/commie Slashdot but not here.

(1) There is no known public exploit of this vulnerability. And Symantec has released a heuristic (signature) that detects it, so if you are using Symantec software in the first place, you are probably getting the most up-to-date update so now you are OK.

(2) if you are a consumer, you would get infected only if you interact and download a malicous RAR file, which is a not-very-popular file compression algorithm. And for it to "take over your computer", the malicious file would have to be written to successfully execute code on you PC/laptop, which is no easy feat.

(3) if your company's or ISP's Gateways are using Symantec's email security products, the admins could/would have put a block on RAR files until Symantec came out with the heuristic, which was a span of less than 36 hours.

(4) Symantec Antivirus Corporate Editions 8 & 9 are not affected; that makes up about 90% of the corporate pie.

Move along folks; nothing to see here.

And shame on you Freepers who got duped :-)

Any other questions, please email me at iggy_e@yahoo.com. As you can guess, I know something about this.


40 posted on 12/23/2005 9:40:03 AM PST by American in Singapore (Liberals: They even lie in their diaries)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ndt

I agree, but I have class 1 end users using these computers (usually).

Unless you've done this sort of work, and it sounds like you might have, you have *no* idea how stupid people are when it comes to using the computer.


41 posted on 12/23/2005 9:40:38 AM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: LostInBayport

I agree...I dropped $75 last year for Norton, and for what? My computer eventually crashed due to lack of protection; plus, after a year, they wanted another $40 for renewal.

McAfee comes free w/ my high speed, and it has worked well to date.


42 posted on 12/23/2005 9:42:07 AM PST by dave k
[ Post Reply | Private Reply | To 7 | View Replies]

To: george76

What a royal screwup.


43 posted on 12/23/2005 9:44:36 AM PST by manwiththehands ("Merry Christmas .... and Happy New Year ... you can take your seat now ...")
[ Post Reply | Private Reply | To 1 | View Replies]

To: xrp

I don't either. I'm never had a virus attack on this VIC-20.


44 posted on 12/23/2005 9:45:01 AM PST by ASA Vet (Those who know don't talk, those who talk don't know.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: 1FASTGLOCK45

http://www.truecrypt.org/


45 posted on 12/23/2005 9:45:28 AM PST by angkor
[ Post Reply | Private Reply | To 14 | View Replies]

To: Spktyr
Norton's always seemed to want to take over the entire computer. So stopped using Norton a long time ago. AVG and MicroTrend are good for me but presently using V-Shield
46 posted on 12/23/2005 9:45:47 AM PST by Tannerone
[ Post Reply | Private Reply | To 11 | View Replies]

To: george76

Thanks for this article.


47 posted on 12/23/2005 9:48:27 AM PST by sitetest (If Roe is not overturned, no unborn child will ever be protected in law.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jdm
Good list except that Sygate has sold its firewall portion of the company to Symantec recently.
48 posted on 12/23/2005 9:53:52 AM PST by Necrovore
[ Post Reply | Private Reply | To 26 | View Replies]

To: iPod Shuffle
"I use Trend Micro. A much "leaner" program that catches things Norton does not, and it doesn't try to take over your computer."

Roger that- I did the same thing. Norton also eats up a ton of system resources, drops .dll files all over your system and their utility package causes more issues than it resolves. Now that it looks like Trend Micro is going to start charging to upgrade on a yearly basis in order to continuing updating your definitions; I'm considering going over to that AVG free anti-virus. Anyone got any feedback on whether the freebie solution is solid? Can you have it automatically download and install updates invisibly in the bacground on a daily basis?

49 posted on 12/23/2005 9:59:09 AM PST by joebuck
[ Post Reply | Private Reply | To 2 | View Replies]

To: Necrovore

Thanks. Yeah, the list needs updating. I'll have to update it in the near future. I got the original list from FReeper "backhoe," I think, probably 12 - 14 months ago.


50 posted on 12/23/2005 9:59:44 AM PST by jdm (I'm not blunting.)
[ Post Reply | Private Reply | To 48 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-76 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson