Hackers can turn off Norton AntiVirus protection

Hackers can turn off Norton AntiVirus protection

Summary: Norton AntiVirus, one of Symantec's most popular Internet security products, contains a security flaw that could allow malicious users to easily disable the software's auto-protect feature, according to an advisory by security Web site Secunia.According to Secunia, the software's auto-protect function, which is designed to recognise and halt suspicious behaviour in real-time, contains an error that could allow a malicious user to disable it altogether.

SHARE:
14
Norton AntiVirus, one of Symantec's most popular Internet security products, contains a security flaw that could allow malicious users to easily disable the software's auto-protect feature, according to an advisory by security Web site Secunia.

According to Secunia, the software's auto-protect function, which is designed to recognise and halt suspicious behaviour in real-time, contains an error that could allow a malicious user to disable it altogether.

"This can be exploited by an unprivileged user to force the auto-protection to be disabled... It can further be exploited to download and execute malicious files that normally would be caught by the antivirus program," the advisory warned.

Norton Internet Security 2004 is affected but Norton Internet Security 2004 Professional and Symantec Norton AntiVirus 2004 are also likely to be vulnerable.

Security researcher Daniel Milisic, who has been credited with discovering the problem, last week criticised Symantec's Norton AntiVirus on a security mailing list.

"Symantec should be publicly flogged for trying to sell this inferior AV software to home users, especially knowing they have a decently workable AV product in their Enterprise line... It's unbelievable that Symantec sells a product that operates this poorly," said Milisic.

ZDNet Australia  contacted Symantec about the problem but the company refused to comment. A spokesperson told ZDNet Australia  that the company would "know more in 24 hours".

Topics: Symantec, Malware, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • I swear this has been happening for quite some time and not just with NAV! It happened to 2 clients of mine around 6 months ago.
    There are plenty of viruses and adware junk that seem to be able to do this with ease.
    That the incompetents at Symantec have only just figured this out is astounding. NAV is usless bloatware, but just like Telstra, they retain their market share by preying on the ignorance of the general public, who go with whatever company spends the most on advertising.

    The free anti-virus scanner AVG (www.grisoft.com) consistently provides better protection than NAV and it won't cost the user a single red cent.
    anonymous
  • This is also a problem with their Enterprise or Corporate version 9.0.0.1400 product. Auto-enable is disabled if fast-user switching is enabled on an XP machine.
    anonymous
  • The major reason I switched from Norton to Kaspersky is because Norton does not find nearly as many viruses on my system as Kaspersky found. Funny how these industry leaders get greedy fast and stop making a quality product at the expense of their consumers' pocketbook. As an IT consultant I have a fairly good idea about how this company's dynamic works. They often package their products with computer systems, such as Dell with time-limited trials. Once the trial period ends, it seems the consumer is lulled into a false sense of security and purchase a license extension on a product that claims to protect their system. In actuallity it is letting viruses through and leading the consumer to believe that because they perform regular virus scans that report back that the system is clean, when it isn't.
    anonymous
  • My auto-protect has been disabled in my Norton Antivirus. It took nearly an hour to find out what to do about it and now I can't do the fix. I cannot uninstall and then reinstall the program because I downloaded it on the internet.
    And, I find no way to directly or indirectly contact Norton to take care of the problem. What an A-- hole company. They have plenty of avenues to buy their crap but not to fix it.
    anonymous
  • My auto-protect has been disabled in my Norton Antivirus. It took nearly an hour to find out what to do about it and now I can't do the fix. I cannot uninstall and then reinstall the program because I downloaded it on the internet.
    And, I find no way to directly or indirectly contact Norton to take care of the problem. What a company. They have plenty of avenues to buy their crap but not to fix it.
    anonymous
  • As an user of NAV 2004, I would like to know what action has been taken to rectify the flaws by Symantec. If not corrected so far, I would change to
    Mcaffee software .
    anonymous
  • A few days ago I downloaded the newest version of Norton anti-virus protection, since my subscription had expired. As a result of that download, I am now infected with a multitude of spyware and viruses. I wrote Symantec and expressed my complete frustration and disappointment in their product. I will never order another thing from this company!
    anonymous
  • This happened to my computer. For the last 3 weeks the autoprotect has been disabled in my norton antivirus 2003 and e-mail scanning was disabled and I tried everthing to get it fixed, I even removed and reinstalled it but still the same. Then I removed Norton Antivirus and downloaded Service Pack 2 for Windows XP. I reinstalled Norton antivirus and after install a message popped up to say that a program was trying to change the settings in Norton Antivirus and, as this could be caused by a hacker, did I want to restore the original settings. Of course I said yes, and low and behold, my norton antivirus is now working again.
    anonymous
  • Symantec have lost it. A long time ago in my view, but this is the icing on the cake. They claim to be the best protection in the world? Let me get this straight, they are aware of a flaw in their script blocking engine, but won't fix it until someone get's attacked by it?

    And then they say that they won't fix the problem proactively because if you are logged on as a non-administrator you won't be vulnurable?

    Yet to fully configure the script blocking protection, YOU HAVE to be logged in as administrator?

    Did I get that right? Do Symantec offer AntiVirus protection, or virus Proliferation? Good on you symantec for single handedly (since as you say Symantec, Norton's is on many more PC's than any one other antivuirus product) stripping significant numbers of the worlds computers of Script protection.
    max11-606d6
  • I have been using Nortons AV for the past eight years. I am not an expert on these type of exploits but I have learnt to never rely on one product alone to do a job. I also run ZoneAlarm and an email filter program. These, coupled to NAV 2004 pro, which includes weekly updates and a boost by the windows xp SP2 pack, has alleviated any if not all threats.
    I always recommend to install additional security software. I am always on the net and have not had a virus, worm or trojan in the past five years. Oops, almost forgot, I also use PestPatrol.
    No one is perfect and all software ever produced by any company has always had one flaw or another.
    jfritze@...
  • I have had this malicious script affecting my computer and norton anti virus is prevailing to help, detect and succesfully remove it. I am still learning about the safeguards of anti virus software protection, but believe in this instance symnatec need a boot up to stay ahead of the game. Another visit to the internet doctors may be in order. I hate mechanics.
    anonymous
  • Resources

    At one time, Norton was far better than anyone else (at antivirus and only antivirus), but since they merged with Symantec, I've seen more and more resources being used as well as major problems that took months to fix which would take numerous calls to finally get them to admit that they had a known problem and no fix.

    I too went with Kaspersky, but found NOD32 was much more stable and much less resources.
    anonymous
  • Greedy Symantec and Microsoft

    People should long ago have realised that Symantec's and Microsoft's products in recent years have 50% of the the code running on our computers purely for the benefit of Symantec and Microsoft to try and ensure that their programs cannot be copied and that we have to pay for every upgrade and important fix for programs they should never have been allowed to sell in the first place because of the number of bugs they contain.

    Wise up !! - Install open source products instead. Most are "free", they do not contain all the suppliers own self-protection junk running in the background, and most are written in much more up-to-date code, which, when bugs are discovered is rectified at no charge.
    anonymous
  • Disabled Auto Protect

    When your Auto Protect is disabled, it's time to reformat your hard drive. Before you do that, though, take the HDD and slave it on a known good system. Root kits and other viruses / maleware cannot hide when the drive is scanned as a slave. FYI: I recently bought a Canon Flash Camcorder FS100 bundled with Pixela video editing software titled Imagemixer 3; version 2.0. When I installed this software on my P4 laptop running Norton AV 2005, the Imagemixer 2.0 DISABLED Norton Antivirus. I got a message that "my trial subscription was expired" after I rebooted and the Norton AV did not work....no protection even after I uninstalled the Imagemaker 2.0. I've contacted Pixela Corporation about this and they say they know nothing about this. I suspect some type of conflict / maleware but scans by SpySweeper, NortonAV, Spybot, and silentrunner.vbs turn up nothing. Any ideas about this? I haven't found any information of value on Internet as to why this happened and Symantec has a patch titled SymKBfix.exe on their site which solved the problem and allowed me to reinitialize the subscription which isn't due until September.
    anonymous