Norton AV flaw may put PCs at risk of virus attack

Norton AV flaw may put PCs at risk of virus attack

Summary: A vulnerability in Norton AntiVirus can allow some malicious scripts to infect a machine if the user has admin rights - which would apply to most home-based PCs

SHARE:
TOPICS: Security
6

Symantec has admitted its flagship consumer security application, Norton AntiVirus 2005, has a security vulnerability that allows certain types of malicious script to infect a user's personal computer with a virus.

However, a Symantec spokesperson told ZDNet Australia that the flaw was not a threat to users because it only affected systems that are running Windows with administrator rights.

"Symantec would like to reiterate that the situation described is one of access rather than threat. The VBS scripts described can only be successfully run on the target system with administrator rights," the spokesperson said.

Security researcher Dan Milisic, who discovered the vulnerability in October, told ZDNet Australia that Symantec is "missing the point" and trying to "mislead" its customers because Norton AntiVirus 2005 is an application designed for consumers, the majority of whom run their computers with administrator rights.

"They're not saying my code doesn't work because they can't -- it does. They can however choose to completely miss the point. Norton AntiVirus is aimed at the Home and SOHO market. There is a separate product for corporate protection. By default, in the Windows XP OOBE (Out Of Box Experience) users are administrators," Milisic said.

Foad Fadaghi, senior industry analyst at Frost & Sullivan Australia, who would not comment on this specific issue with Symantec, agreed that in general consumers tend to log in as administrators, which is why there have been so many problems with things like rogue diallers, which hijack a system's dial-up Internet connection and call premium rate numbers to run up huge bills.

"The malicious dialler programs need admin rights as well but there are widespread incidents of it happening. In businesses [admin rights] are not so much of an issue but in the consumer market it might be," Fadaghi said.

To further demonstrate the flaw, Milisic created a small 'movie' of his script in action.

In the movie, which has been seen by ZDNet Australia , Milisic demonstrates how running his scripts can infect an apparently protected computer with a virus.

Milisic said: "You can see that Script Blocking gets completely uninstalled. Also notice that Auto-Protect doesn't kick in until you click on the tray icon and launch the NAV console. By then, the 'virus' has already launched -- you can see in the cmd.exe window."

"Putting this together was pretty simple and worth the effort to properly address Symantec's response. I will let the presentation speak for itself," he added.

ZDNet Australia's Munir Kotadia reported from Sydney. For more coverage from ZDNet Australia, click here.

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • "it only affected systems that are running Windows with administrator rights."
    But a user is administratr by default with WinXP Home and it could be difficult to use some appications without administrator rights.
    anonymous
  • I am a computer consultant and have been for 15 years. I have also had to "clean" many systems that were running Norton Antivirus. The majority of those systems had Norton antivirus disabled by the virus and for that reason I do not recommend the product to any of my customers.
    anonymous
  • Norton AntiVirus is no longer as good. I have been using AVG 6.0 (free edition) for last two years and have not been infected with a single virus.

    Norton AntiVirus is a resource hog, but AVG is not. There are many excellent free anti virus programs out there for users. Such as:

    AVG 6.0 (it has been updated to AVG 7.0)
    AntiVir
    Avast

    Try them. You will not regret it.
    anonymous
  • I think it's wrong that Norton just discard the Home User regarding the breach of security. Why should we have to suffer any attack. Norton seems to think that just because we are Home User's we are not as important as a business user. We pay Norton to PROTECT OUR COMPUTERS. Being Signed in as an Administrator or not, we still should get the protection that we pay for. I'm preety fed up with Companies we pay protection too, just constantly dismissing the type of Viruses. What should happen now is Business like Microsoft, Norton etc, she be made to give us the Client FREE PHONE ACCESS to be able to get problems that they seem to ignore, put right. I think I only have to mention Service Pact 2 (SP2), to get some peoples backs up. Yet when we get these problems we are supposed to pay through the nose to get our computers back on track again. This usually entails a Large Fee, beit Microsoft,Computer Shop or thwe HelpLine. I think that the people who FORCE Products onto us like SP2, and those people we pay Virus Protection too should be the ones to pay to get our computers back online again. I have Norton AntiVirus and Firewall. I kept getting Pop Ups that I was being attacke. I started to check variuos info pages on the net, and found an Article that said, these Virus and Firwall Protection Firms deliberately activate these Pop-Ups to make it look like they are doing their jobs, and that we should all Pat Them On The Back. Then we start reading articles from Sites like ZDnet THAT TELL THE TRUTH ONE EXACTLY WHAT's REALLY HAPPENING OUT THERE.
    My advice to anyone who reads this write up is to GO TO THE ZDNET INFO PAGES FIRST BEFORE DOWNLOADING ANY PRODUCT, AND SEE WHAT ZDNET SAYS.
    You won't go wrong then.
    Great Stuff ZDnet. Some people thank God for things. I thank ZDnet as well.
    Midds, UK.
    anonymous
  • F-Secure is the best that I've come across as a support technician, Its very reliable, cheap, the support is free for business users and cheap for home users, the only problem I've had is that the home user software is only available from their estore or Amazon.
    anonymous
  • The symtoms you describe have had me chasing
    for the past week. No way to tell if it's what you're talking about but it sure fits the description. The anti scripting shut down was there and more. Password
    validation could not be started and Savscan off. Couldn't remove the program with Cont. Panel etc
    Privacy vault was gutted and left empty - probably
    just showing off !
    anonymous