Norton Anti Virus users...heads up

[LeeRyder]

http://www.cnn.com/2006/TECH/internet/05/25/antivirus.flaw.ap/index.html

WASHINGTON (AP) -- Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.

Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used and because no action is required by victims using the latest versions of Symantec Antivirus to suffer a crippling attack over the Internet.

Symantec has boasted that its antivirus products are installed on more than 200 million computers. A spokesman, Mike Bradshaw, said the company was examining the reported flaw but described it as "so new that we don't have any details."

Researchers from eEye Digital Security Inc. of Aliso Viejo, California, discovered the vulnerability and provided evidence to Symantec engineers this week, said eEye's chief hacking officer, Marc Maiffret. He demonstrated the attack for The Associated Press.

eEye said it appeared consumer versions of Symantec's Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw, though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected.

Maiffret's company -- which has discovered hundreds of similar flaws in other software products -- also produces intrusion-protection software, called "Blink," that he said already blocks such attacks and can operate alongside Symantec's antivirus products.

Maiffret published a note about the company's discovery on its Web site but pledged not to reveal details publicly that would help hackers attack Internet users until after Symantec repairs its antivirus software. eEye said it intends to describe the problem in detail privately for some of its largest customers.

"People shouldn't panic," Maiffret said. "There shouldn't be any exploits until a patch is produced."

The reported flaw comes at an awkward time for Symantec. Its chief executive, John Thompson, has campaigned in recent months to convince consumers they should trust Symantec -- not Microsoft Corp. -- to protect their personal information.

Maiffret said eEye's testing showed the problem affects Symantec Antivirus Version 10, including its corporate editions. He said Symantec's consumer antivirus product, known as Norton Antivirus 2006, and its current security suite -- which includes both antivirus and firewall features -- did not appear to be vulnerable.

 

[Spinlock]

People oughta stop using Symantec products. I've solved almost as many computer problems by uninstalling Norton Antivirus as I have by blowing the dust out with compressed air (and I've fixed a lot of computers.)

 

[LeeRyder]

thats not fair.

Remember just a handful of months ago that Macafee literally whiped very important computer files by accident.

Shit happens. No one is Perfect.

 

[Spinlock]

I don't think it's unfair. I think it's a well-formed opinion drawn from years of observation.

Symantec and Mcafee have both made great contributions to the world of virus detection and computer security. Unfortunately, they need to take some time out to focus on what they're really doing for computer end users. Just as unfortunately, it would seem that the way for us end users to get that message across is to hit them at their bottom line. Right at the moment, it seems like Symantec is too worried about feuding with Microsoft to keep a quality product on the shelves. When Ford makes another deathtrap, I'll probably say the same sorts of things about them.

 

[jdk]

That is why you use the corporate version of their virus scanner. It does not have all the GUI and extra features they think a home user likes, but a professional dreads.