MUST READ: Congress demands answers from Google over Glass privacy concerns

Topic: Symantec

Symantec corrects 'misleading' Norton AV statements

Summary: Symantec corrects 'misleading' Norton AV statement

Munir Kotadia

By Munir Kotadia |

Symantec has 'corrected' a misleading statement issued by its press office concerning the seriousness of a vulnerability in its Norton AntiVirus 2005 application.

On 19 October, ZDNet Australia reported that a vulnerability in Norton AntiVirus 2005 could allow a specially crafted script to evade detection by NAV's script blocker and shut down the application's auto-protect feature, which means an apparently protected computer could become infected with a virus.

Symantec initially denied that a problem existed and then said it was not a threat because the flaw would only affect users logged in with administrator rights.

The Norton AntiVirus application is designed for the consumer market where the majority of users are logged in as administrators, and so would be vulnerable.

Mark Kennedy, architect, product delivery and response at Symantec, told ZDNet Australia on Friday that the previous statement was incorrect.

-Probably the totality of home users are administrators on their own machines. Wherever that [statement] came from, the person obviously did not understand the way consumer machines work," said Kennedy.

Dan Milisic, the security researcher credited with first discovering the vulnerability, said Symantec's initial response was misleading and unacceptable.

-Shouldn't a high-level corporate contact understand the way consumer machines work, or at least talk to someone who does before spewing misinformation to the press?" asked Milisic.

Kennedy acknowledged that Milisic's script could slip through Norton AntiVirus's script blocker and said Symantec was investigating how to improve the product's internal defence mechanisms.

However, he said that if a virus writer was to create a worm using a technique similar to Milisic's, Symantec would issue a detection signature "within hours" to protect existing customers.

"If such a worm were to go out we would write a signature for it and anybody that had not been hit by it -- anyone that had updated their signatures before the worm infected their machine -- would be fully protected from it," said Kennedy.

Milisic said, "Someone has got to write the next loveletter.vbs and it has to propagate before a signature is written. Script Blocking was designed to prevent malicious VBS code from running without the need for signatures, so this point is totally irrelevant to the scope of the Script Blocking failure."

We will fix it, Damn it!
Symantec's Kennedy told ZDNet Australia that the company is responding to feedback from its customers and hoping to make the next version of its flagship consumer product smaller and faster.

-The footprint of the product and the performance of the product is something that the consumer team is actively working on. It is a high priority for the next release, which will be in the mid-calendar year 2005 -- and will be called Norton AntiVirus 2006," said Kennedy.

Vincent Weafer, senior director of Symantec's Security Response team, said that the company takes customer feedback very seriously and its product development goals are designed to ensure that new applications combine a high degree of security and usability.

-We want to make sure that we are protecting our customers. Anywhere we find we are not we will do our damndest to fix and address it," said Weafer, who said the company's aim is to -make sure that any technology we roll out is not too intrusive and not too big and yet at the same time keeping up with the latest and greatest threats."

Topics: Symantec, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Contact

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • If it was not so serious, it would be funny. This story indicates that Symantec takes customers complains & acts upon them. Have you ever tried to find an email address to ask/report about a problem with their Internet Security 2005 Firewall & their own security test which reports a port reponsing to a test ping. The said test suggests that there is a problem with the port setting in the firewall. No reponse from several emails. Not good.
    anonymous
    Reply Vote
  • Milisic said, "Someone has got to write the next loveletter.vbs and it has to propagate before a signature is written. Script Blocking was designed to prevent malicious VBS code from running without the need for signatures, so this point is totally irrelevant to the scope of the Script Blocking failure."

    Many Thanks to ZDNET and Dan for highlighting
    the real problem with Anti-Virus. As Symantec do not appear to have the "spyware" issue under control, while their marketing department are brought up to speed, will the ACCC step in some time in the near future to address retail product laws?
    rogerclose
    Reply Vote
  • Symantec listening to customer feedback/questions ? Hah ! What a joke. You buy the product then get to pay for support which in the end comes down to "well I don't know, you'll have to reinstall the product (NIS 2004)". Where was the answer to my polite written (ie letter) complaint re that as a "solution" ? Where's the answer to my comments about Live Update inferring that my defs/etc. are all up to date - (typically three/four calendar days old) yet there is a more recent downloadable exe updater which actually DOES update the virus list ? These people would know customer service if it hit them in the face. Believe the PR hype ? I don't think so ! Sell it to my clients ? Not anymore !
    anonymous
    Reply Vote
  • Are you inviting someone to write a virus? Milisic said, "Someone has got to write the next loveletter.vbs and it has to propagate before a signature is written. Script Blocking was designed to prevent malicious VBS code from running without the need for signatures, so this point is totally irrelevant to the scope of the Script Blocking failure."

    Wow, you are issuing a formal invitation. Way to go ZD!
    anonymous
    Reply Vote
  • Hmmm..it's not ZDNet who are inviting virus writers, but symantec. All they have to do is fix the flaw, yet they insisted on leaving it for a virus writer to exploit before they would do anything.

    I hardly see how ZDNet are contributing to this madness, in fact they are helping to dispel the myths (and marketing hype) about symantec...
    anonymous
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close