Critical back door-like vulnerability exposes Symantec anti-virus users

Critical back door-like vulnerability exposes Symantec anti-virus users

Summary: In light of a potentially critical vulnerability and with over 200 million people using his anti-virus solutions, are the comments by Symantec CEO John Thompson about a "Microsoft security monoculture" coming back to haunt him?Associated Press:Symantec Corp.

SHARE:
TOPICS: Security
34

In light of a potentially critical vulnerability and with over 200 million people using his anti-virus solutions, are the comments by Symantec CEO John Thompson about a "Microsoft security monoculture" coming back to haunt him?

Associated Press:

Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.....Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used, and because no action is required by victims using the latest versions of Norton Antivirus to suffer a crippling attack over the Internet.....Symantec has boasted its antivirus products are installed on more than 200 million computers. A spokesman, Mike Bradshaw, said the company was examining the reported flaw but described it as "so new that we don't have any details.

The researcher outfit that AP is referring to is eEye Digital which issued this report late yesterday. Meanwhile, the report raises interesting questions about comments made by Symantec's CEO John Thompson within the last week.  In an interview with with News.com's Joris Evers, Thompson talked about how Microsoft's monoculture is something to beware of from a security perspective now that Microsoft is beginning to provide security products for its flagship operating system Windows -- products that not only compete with Symantec's but that may be able to play a role in protecting sensitive data from the sort of compromise just experienced by the Veterans Administration when one of its PCs were stolen. Said Thompson in his interview with Evers:

If all of a sudden the whole world uses the monoculture of Microsoft and the monoculture of Microsoft security capability, I am not sure we would create a more secure world, diversity in the security platforms supplied on top (of Windows), we think is of great value in protecting that infrastructure.

But, at 200 million PCs, one could argue that Symantec runs a security monoculture itself.  One that should be diversified through the usage of third party anti-malware solutions other than Symantec's.  In some ways, his own argument works against any growth for Symantec's anti-malware offerings, drawing even more attention to the company's diversification into other categories such as storage management/clustering (Veritas) and identity management.

Meanwhile, in light of this and his own analysis of the overall security landscape, fellow blogger George Ou recommends against running anti-virus software on PCs.  Said Ou:

Running antivirus on a personal computer is like having the bomb squad inspect a suspicious package inside the house right next to you.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

34 comments
Log in or register to join the discussion
  • For once it's not MSFT!

    This won't be good for Symantec going forward after the Vista release. Not that Vista is going to set any adoption records, but MSFT is rolling their security service into Vista and we all know how MSFT encourages competition.

    Really bad timing and it raises the question that if they overlooked something this major, what else have they missed?
    Chad_z
    • For once it's MSFT!

      I would like to buy into that comment but unfortunatly it is MSFT as Norton only works on MSFT. It is an attack on a third party product but the core is still MSFT and as long you use their junk you be severly penetrated and left bleading with painful viruses even if you have protection.
      IceTheNet@...
      • You mean like all the hacked LAMP servers?

        I mean according to you then any flaw in Apache can be blamed on Linux right???
        No_Ax_to_Grind
        • "Hacked" is not the same as "Defaced"

          Are you sure you don't have the two confused? You can deface a web-site without exploiting a bug in the web-server.

          But I suspect that you know that [b]really[/b]...
          Zogg
  • open mouth/insert foot

    Well, everyone has an opinion. But top brass should learn to keep their mouths shut and focus on their business. Once again, a major firm took their eye off the ball. And I am a big supporter of their Antivirus package.
    tgueth@...
    • Foolishness

      Anyone with any knowledge of all the attacts formed against norton and would still use it let alone be a suporter of their producs is foolish.
      IceTheNet@...
  • Competitors

    Long, long ago, it used to be considered rude, as well as imprudent, to publicly trash one's competitors; instead, one bested them by developing & providing a better product.
    Liam SWz
    • RE: Competitors

      It's time for you to turn off the computer and unplug it from the
      wall. You have been in the computing world too long. A better
      product? Sheer heresy. After all, it is much easier to sue. :-)
      Protagonistic
  • Run naked in the street

    Ok George, you would advocate going without
    A/V, that is like running naked in the street.
    Skip the firewall and you are adding KY to your
    butt.
    I admit the best approach incorporates A/V from
    a couple vendors, Linux routers and M$ machines.
    Maybe addin a Netware dinosaur just to mess
    with the hackers.
    Turn off auto-updates.
    Get patches a couple days (not months) late.
    Keep up with news, if patch is crap.

    Nothing can stop someone dedicted to stealing
    your car. You just have to make it more
    expensive to steal than the value they get
    from stealing it.
    SirLanse
    • Run naked in the street

      "Run naked in the street" would be harmless fun(why is it against the law, anyway?)

      But A/V should be more like "You just have to make it more expensive to steal than the value they get from stealing it." which would mean not being only a defensive tactic, but there should be an ability to track the perpetrator.

      Why aren't more people screaming about an ability to trace hacking sources?
      lmenningen
  • Security efforts just keep honest people honest...

    Law officials and security developers have been attempting to stop deviants for years but for the most part, all they've been able to do is to keep the honest people honest. A deviant mind will always find a means to bypass security efforts in any application, be it home security, auto, computer etc.
    Hey U
  • Critical back door-like vulnerability

    I can't believe you are seriously espousing that people turn off
    their AV and run without one, George. You are getting more
    radical during your declining years. Not only is that suggestion
    stupid it is also irresponsible.
    Protagonistic
    • So True

      Especialy considering there are many free alternatives that are much better.
      IceTheNet@...
  • Does George commit to a Fig Leaf

    if using your hands dont work then what can you do ?

    "Meanwhile, in light of this and his own analysis of the overall security landscape, fellow blogger George Ou recommends against running anti-virus software on PCs."


    plz rply
    not of this world
  • Corporate Version Only

    According to Symantec:

    "Symantec was notified about a potential remotely exploitable vulnerability affecting Symantec AntiVirus Corporate Edition 10.x.

    Norton products do not contain the code affected by this potential vulnerability, and none of the Norton products are affected by this issue."

    Guess we will have to see how it pans out.
    shawnpatt
    • Consumer version NIS 2006 is not affected...

      http://isc.sans.org/diary.php

      Published: 2006-05-26,
      Last Updated: 2006-05-26 10:19:48 UTC by Patrick Nolan (Version: 1)

      Some ISC participants have pointed us to an "Upcoming Advisory" posted at eEye that describes a remotely exploitable vulnerability in Symantec Antivirus 10.x and Symantec Client Security 3.x. Other ISC participants have pointed us to the new security website darkreading article where an eEye team member discusses issues, and the article also states that eEye "also tested Symantec's consumer security suite, Norton Internet Security 2006, which eEye uses, and found that it was not vulnerable."

      Thanks folks!

      Update - Symantec issued SYM06-010, Symantec AntiVirus 10.x Reported Vulnerability.

      http://www.symantec.com/avcenter/security/Content/2006.05.25.html

      Now calm down... Your home PC's will not be blown up. :)
      DragonBRockin
      • Okay, but....

        So the NIS 2006 is safe, how about the Norton Antivirus 2006? and What about SystemWorks 2006? Until all of them are thoroughly scoured for this vulnerability and found to be free from this defect, none of them should be trusted. A little paranoia now can or will save you from a LOT of reloading and removal later. And that still does not excuse Symantec from the fact that their consumer antivirus has been pretty ineffective over the past 2-3 years at preventing and finding some of the newest threats going around. If you'd like a sample, look at some of the cheat-code sites and you can try to get Norton to remove what gets loaded on your computer from there.
        rmerts@...
  • Syamantec

    So Symantec got caught with their foot in their mouth. They have a hole that could be used against them. Can anyone say whoops? Or Uh oh? I find it ironic that Symantec would say anything deragoatory about Microsoft and how they are about security. Especially in light of what is going on right now. Hindsight may be 20/20 but to me, Symantec is blind when it comes to security.

    You don't have to agree with me at all about that but it has been my personal experience. Symantec blocks what you don't want it to block, and lets through what you never wanted on your system. For me it was no big deal to go in a configure it for someone but the people on the other end weren't to happy about it. If Symantec truly wants to get ahead they need to come up with something that is a little more user friendly. And that doesn't suck rotten eggs.

    As for George saying that we shouldn't use AV protection. I want to know what crack pipe he was smoking from? Just because you have AV on your system it doesn't mean that you are asking for trouble. You are asking for trouble if you don't do something to protect yourself. To me that is just common sense.
    Shelendrea
  • Symantec Security?

    My experience with NAV has been similar to Shelendrea's: it is a revolving door for viruses and has way too much impact on a system's functionallity. On the other hand, I have made a lot of money removing viruses from systems running NAV over the years, so from that point of view I kinda like it.

    My advice to anyone that I encounter running Norton's is to trash it and get something that actually works, but there are many people that won't run anything else, even after paying me multiple times to clean their systems. These must be the people that the Mac fanatics are pointing to when they talk about Windows systems being riddled with viruses.
    itpro_z
    • [Comment] itpro_z

      Please expand on your experience, especially those AV products you prefer over SAV/NAV.

      Thanks in Advance,

      c.m
      curtis.mike@...