Posted on 12/23/2005 9:05:03 AM PST by george76
A critical software bug has been discovered in several of the most widely used anti-virus programs. It could be exploited to take control of a computer or to steal information, according to an analysis produced by the independent security analyst who made the discovery.
The glitch affects 39 different Symantec products - including both home and enterprise versions of its anti-virus software. It resides within the Symantec anti-virus library, which is used by all of the packages.
The analyst, Alex Wheeler, discovered that a critical error occurs when the Symantec anti-virus library decompresses files from "RAR" format for analysis
Symantec has confirmed the problem and produced an advisory of its own. It is currently working on a permanent fix but has released an update so that computers running its anti-virus software should automatically detect and block attempts to exploit the bug.
(Excerpt) Read more at newscientist.com ...
AVG has missed two invasions of my system over the last two months. I found them in standard scans. I use AVG, AdAware SE and Spybot Search and Destroy in combination.
I too quite all anti-virus swft. Too much of a resourse hog, and slows things down. I NEVER email in html, txt only, delete cookies daily, and dump cache several times daily.
I am going to ditch Norton when my subscription runs out next month.
Thanks to all for the suggestions on this thread about Trend Micro and some of the other good ones.
I couldn't figure out why my 'puter slowed down more and more after each Symantec update. I'm a little behind the curve, not being a computer professional--just an ordinary user.
I finally figured out that if I deleted the calendar in Microsoft Works, it would solve a Norton glitch. Just look for wks.cal.exe on your hard drive and get rid of it.
Better yet, get rid of Norton altogether.
ping
Anti-Virus
AVG
I don't even use a computer. Just pen and paper for me.
That, and I remember it having install problems, granted, the site had the workaround info, but still a pain, and a few
other annoying problems. I guess they considered them FAD or "features" that couldn't be disabled, either permanently, or
temporarily.
Sorry about the errors. I just realized a few links are dead.
Thank you for that.
Now will you come to my house and fix everything for me?
bump
"I don't even use a computer. Just pen and paper for me."
LOL. Me, I prefer Lotus Notes.
One of my old machines that still runs on w98 crashed badly during the latest ZoneAlarm update. Took me about six hours over a month to debug it and now I don't think I will reload their Shareware firewall on it again.
You decide:
AV vendors split over FBI Trojan snoops:
Keystroke loggerheads
By John Leyden
Published Tuesday 27th November 2001 18:44 GMT
Antivirus vendors are at loggerheads over whether they should include in their software packages detection for a Trojan horse program reportedly under development by the FBI.
A keystroke logging Trojan, called Magic Lantern, will enable investigators to discover break PGP encoded messages sent by suspects under investigation, MSNBC reports. By logging what a suspect types, and transmitting this back to investigators, the FBI could use Magic Lantern to work out a suspect's passphrase. Getting a target's private PGP keyring is easy in comparison, and with the two any message can be broken.
MSNBC quotes unnamed sources who says that Magic Lantern could be sent to a target by email or planted on a suspect's PC by exploiting common operating system vulnerabilities.
Although unconfirmed, the reports are been taken seriously in the security community, and are consistent with the admitted use of key-logging software in the investigation of suspected mobster Nicodemo Scarfo. In that case, FBI agents obtained a warrant to enter Scarfo's office and install keystroke logging software on his machine.
Magic Lantern, which would be an extension of the Carnivore Internet surveillance program, takes the idea one step further by enabling agents to place a Trojan on a target's computer without having to gain physical access.
The suggested technique creates a clutch of legal, ethical and technical issues. Greater powers in the Patriot Act, which Congress is considering, may allow the tool to be used. But what if it was modified for use by hackers?
And antivirus vendors are mulling over the rights and wrongs of putting Magic Lantern on their virus definition list.
Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan.
Symantec is yet to hear back from the FBI on its enquiries about Magic Lantern.
"If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."
Graham Cluley, senior technology consultant at Sophos, disagrees. He says it it wrong to deliberately refrain from detecting the virus, because its customers outside the US would expect protection against the Trojan. Such a move also creates an awkward precedent.
Cluley adds: "What if the French intelligence service, or even the Greeks, created a Trojan horse program for this purpose? Should we ignore those too?"
AVG is the best I've found so far. Much easier on system resources too. Norton is garbage.
Same here - great program
Cisco Security Agent is better.
I still use my computers. But I discovered that if I write on the front surface of the screen with a grease pencil, rather than on the back side with the keyboard, I can avoid viruses altogether and save $30/year.
Take that, Norton!
This is ridiculous "the sky is falling" journalism at its worst; don't get caught up in it Freepers. It's a nice "bash-a-successful-company" tone that belongs on socialist/commie Slashdot but not here.
(1) There is no known public exploit of this vulnerability. And Symantec has released a heuristic (signature) that detects it, so if you are using Symantec software in the first place, you are probably getting the most up-to-date update so now you are OK.
(2) if you are a consumer, you would get infected only if you interact and download a malicous RAR file, which is a not-very-popular file compression algorithm. And for it to "take over your computer", the malicious file would have to be written to successfully execute code on you PC/laptop, which is no easy feat.
(3) if your company's or ISP's Gateways are using Symantec's email security products, the admins could/would have put a block on RAR files until Symantec came out with the heuristic, which was a span of less than 36 hours.
(4) Symantec Antivirus Corporate Editions 8 & 9 are not affected; that makes up about 90% of the corporate pie.
Move along folks; nothing to see here.
And shame on you Freepers who got duped :-)
Any other questions, please email me at iggy_e@yahoo.com. As you can guess, I know something about this.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.