Skip to comments.Critical bug found in anti-virus software
Posted on 12/23/2005 9:05:03 AM PST by george76
A critical software bug has been discovered in several of the most widely used anti-virus programs. It could be exploited to take control of a computer or to steal information, according to an analysis produced by the independent security analyst who made the discovery.
The glitch affects 39 different Symantec products - including both home and enterprise versions of its anti-virus software. It resides within the Symantec anti-virus library, which is used by all of the packages.
The analyst, Alex Wheeler, discovered that a critical error occurs when the Symantec anti-virus library decompresses files from "RAR" format for analysis
Symantec has confirmed the problem and produced an advisory of its own. It is currently working on a permanent fix but has released an update so that computers running its anti-virus software should automatically detect and block attempts to exploit the bug.
(Excerpt) Read more at newscientist.com ...
I use Trend Micro. A much "leaner" program that catches things Norton does not, and it doesn't try to take over your computer.
I don't use anti-virus software at all. It's for n00bs.
I switched from Norton to Nod32 and I love it.
"A critical software bug has been discovered in several of the most widely used anti-virus programs. It could be exploited to take control of a computer or to steal information..."
Irony works in mysterious ways.
What do you think of AVG?
I use it and near as I can tell, it works well.
I dumped Norton for McAfee earlier this year and have found it superior in virus/spyware detection and does not slow my computer down...Norton failed on both counts.
norton software turned to crap when peter sold out to symantec
I punt Norton/Symantec off every system I'm responsible for. AVG and Sophos do a much better job.
This just reinforces my experience with and low opinion of their products.
I have been using Zone Alarm Security Suite.
I've had great results, the program errs on the side of peranoid which i'm greatful for. I got away from Noron/Symantec because for some reason i always felt it didn't do enough to protect my system.
I would like some feedback from the rest of you if you know how Zone Alarm rates, also if you know of a better product i would be interested in upgrading. Zone Alarm was a top rated program when i was looking around at the time, i haven't kept up on the A/V news lately because i've been happy with what i got. No i don't work for Zone Alarm.
I'm now also looking for a "vault" program that i can use to easily "lock" and "encrypt" my files so if my laptop gets stolen, or hacked, they won't be able to access certain personal data files. Your recommendations would be greatly appreciated :) ** When i say "your opinion" i mean any Freepers :) Thanks!
Symantec, McAfee Battle Flaws
Symantec is junk. While it has a nice library and catches a lot of viruses, dware and spyware when it runs, the simplest adware can disable the thing and make reinstallation an nours long project.
As a result it doesn't work when you need it too.
I've been using Grisoft AVG on three WinXP Pro computers for a good long while now without any problems. I'd recommend the purchased version of it, though. The free version gives you updates from an overused server, so they are slow to download, and sometimes the download isn't available.
If you buy it, you get your updates from servers that respond quickly without a problem.
Discussed here too
You mean that this isn't the united state of symantec?
Went from McAfee to AVG and have never looked back.
McAfee allowed a trojan in on my home PC and I gave up on it after that.
AVG has missed two invasions of my system over the last two months. I found them in standard scans. I use AVG, AdAware SE and Spybot Search and Destroy in combination.
I too quite all anti-virus swft. Too much of a resourse hog, and slows things down. I NEVER email in html, txt only, delete cookies daily, and dump cache several times daily.
I am going to ditch Norton when my subscription runs out next month.
Thanks to all for the suggestions on this thread about Trend Micro and some of the other good ones.
I couldn't figure out why my 'puter slowed down more and more after each Symantec update. I'm a little behind the curve, not being a computer professional--just an ordinary user.
I finally figured out that if I deleted the calendar in Microsoft Works, it would solve a Norton glitch. Just look for wks.cal.exe on your hard drive and get rid of it.
Better yet, get rid of Norton altogether.
I don't even use a computer. Just pen and paper for me.
That, and I remember it having install problems, granted, the site had the workaround info, but still a pain, and a few
other annoying problems. I guess they considered them FAD or "features" that couldn't be disabled, either permanently, or
Sorry about the errors. I just realized a few links are dead.
Thank you for that.
Now will you come to my house and fix everything for me?
"I don't even use a computer. Just pen and paper for me."
LOL. Me, I prefer Lotus Notes.
One of my old machines that still runs on w98 crashed badly during the latest ZoneAlarm update. Took me about six hours over a month to debug it and now I don't think I will reload their Shareware firewall on it again.
By John Leyden
Published Tuesday 27th November 2001 18:44 GMT
Antivirus vendors are at loggerheads over whether they should include in their software packages detection for a Trojan horse program reportedly under development by the FBI.
A keystroke logging Trojan, called Magic Lantern, will enable investigators to discover break PGP encoded messages sent by suspects under investigation, MSNBC reports. By logging what a suspect types, and transmitting this back to investigators, the FBI could use Magic Lantern to work out a suspect's passphrase. Getting a target's private PGP keyring is easy in comparison, and with the two any message can be broken.
MSNBC quotes unnamed sources who says that Magic Lantern could be sent to a target by email or planted on a suspect's PC by exploiting common operating system vulnerabilities.
Although unconfirmed, the reports are been taken seriously in the security community, and are consistent with the admitted use of key-logging software in the investigation of suspected mobster Nicodemo Scarfo. In that case, FBI agents obtained a warrant to enter Scarfo's office and install keystroke logging software on his machine.
Magic Lantern, which would be an extension of the Carnivore Internet surveillance program, takes the idea one step further by enabling agents to place a Trojan on a target's computer without having to gain physical access.
The suggested technique creates a clutch of legal, ethical and technical issues. Greater powers in the Patriot Act, which Congress is considering, may allow the tool to be used. But what if it was modified for use by hackers?
And antivirus vendors are mulling over the rights and wrongs of putting Magic Lantern on their virus definition list.
Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan.
Symantec is yet to hear back from the FBI on its enquiries about Magic Lantern.
"If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."
Graham Cluley, senior technology consultant at Sophos, disagrees. He says it it wrong to deliberately refrain from detecting the virus, because its customers outside the US would expect protection against the Trojan. Such a move also creates an awkward precedent.
Cluley adds: "What if the French intelligence service, or even the Greeks, created a Trojan horse program for this purpose? Should we ignore those too?"
AVG is the best I've found so far. Much easier on system resources too. Norton is garbage.
Same here - great program
Cisco Security Agent is better.
I still use my computers. But I discovered that if I write on the front surface of the screen with a grease pencil, rather than on the back side with the keyboard, I can avoid viruses altogether and save $30/year.
Take that, Norton!
This is ridiculous "the sky is falling" journalism at its worst; don't get caught up in it Freepers. It's a nice "bash-a-successful-company" tone that belongs on socialist/commie Slashdot but not here.
(1) There is no known public exploit of this vulnerability. And Symantec has released a heuristic (signature) that detects it, so if you are using Symantec software in the first place, you are probably getting the most up-to-date update so now you are OK.
(2) if you are a consumer, you would get infected only if you interact and download a malicous RAR file, which is a not-very-popular file compression algorithm. And for it to "take over your computer", the malicious file would have to be written to successfully execute code on you PC/laptop, which is no easy feat.
(3) if your company's or ISP's Gateways are using Symantec's email security products, the admins could/would have put a block on RAR files until Symantec came out with the heuristic, which was a span of less than 36 hours.
(4) Symantec Antivirus Corporate Editions 8 & 9 are not affected; that makes up about 90% of the corporate pie.
Move along folks; nothing to see here.
And shame on you Freepers who got duped :-)
Any other questions, please email me at firstname.lastname@example.org. As you can guess, I know something about this.
I agree, but I have class 1 end users using these computers (usually).
Unless you've done this sort of work, and it sounds like you might have, you have *no* idea how stupid people are when it comes to using the computer.
I agree...I dropped $75 last year for Norton, and for what? My computer eventually crashed due to lack of protection; plus, after a year, they wanted another $40 for renewal.
McAfee comes free w/ my high speed, and it has worked well to date.
What a royal screwup.
I don't either. I'm never had a virus attack on this VIC-20.
Thanks for this article.
Roger that- I did the same thing. Norton also eats up a ton of system resources, drops .dll files all over your system and their utility package causes more issues than it resolves. Now that it looks like Trend Micro is going to start charging to upgrade on a yearly basis in order to continuing updating your definitions; I'm considering going over to that AVG free anti-virus. Anyone got any feedback on whether the freebie solution is solid? Can you have it automatically download and install updates invisibly in the bacground on a daily basis?
Thanks. Yeah, the list needs updating. I'll have to update it in the near future. I got the original list from FReeper "backhoe," I think, probably 12 - 14 months ago.