Symantec patches four critical firewall flaws

Symantec patches four critical firewall flaws

Summary: Symantec has issued patches for most of its firewall and antivirus products in order to fix four serious security holes

TOPICS: Security

For the third time this year, Internet security firm Symantec has had to release patches to plug critical security flaws in many of its popular antivirus and firewall packages.

Security firm eEye on Wednesday published details of four security holes that affect a range of Symantec's client-based applications including Norton Internet Security, Norton AntiVirus and Norton AntiSpam. Symantec has published a security response on its Web site.

Guido Sanchidrián, Symantec's EMEA product manager for antivirus, content filtering and security response, said the company has spent the past month developing fixes for the vulnerabilities and has now made the patches available to its customers.

"Anyone who regularly runs Symantec LiveUpdate should already be protected. However, to be sure, customers should manually run Symantec LiveUpdate," Sanchidrián said.

Philippe Alcoy, senior security consultant at eEye, said the people most at risk are those not protected by a perimeter firewall. This might include people in smaller businesses, home users and corporate laptop users not using their VPN.

"Most corporate environments have perimeter firewalls so users behind that are only vulnerable to an internal attack, but users taking laptops home are at risk," Alcoy said.

Of the four flaws, three could allow a hacker to take control of an affected system, while one could be used to force a computer into an infinite loop by simply sending it a specially crafted packet of data.

"That's a big problem if the machine is a mission-critical server," said Alcoy.

The flaws were first reported to Symantec on 19 April, which means the company has taken just under a month to develop a patch. According to eEye, this is a "reasonable" amount of time to address the vulnerabilities.

In January, Symantec plugged a gap in its LiveUpdate feature that could have allowed hackers to gain administrator rights on an affected PC. Just two months later, the company admitted its Internet Security package contained a back door that could be used by hackers to take control of the machine.

The flaws affect the following packages: Norton Internet Security and Norton Internet Security Professional 2002, 2003 and 2004; Norton Personal Firewall 2002, 2003 and 2004; Symantec Client Firewall 5.01, 5.1.1; Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1) and Norton AntiSpam 2004.

Symantec's Sanchidrián said the company does not believe any of its customers have been affected by the flaws at this time.

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I update norton last night. Since then any web sites i visited just went super slow. I am on Broadband. Then this morning i cound't access any web sites at all. So i thought it has something 2 do with this update. I went in 2 msconfig and there was a file that wasn't there before sndmon i disable that and since then everything has been going perfect.

    I think other Norton user will have the same problem, since this update they have realised.
  • the sndmon is a component of Norton Firewall and it crashes when you have an older version of LiveUpdate.
    The fix is to go to the Symantec's Web site, go into the support section, then use their automated support. Click on the Personal Firewall and it will tell you to download a newer version of LiveUpdate. That solves the sndmon problem.
    For some reason, the LiveUpdate program doesn't install the newer version of itself automatically. It must be done manually.
  • New laptop just crashed. Microsoft asked to look and replied that crash was due to Norton Antivirus and Symantec patches. Caused Windows to shut down all together and looks like I have other major problems.. What did you do to my computer?. I was in the middle of something important. Call me at 276-694-3415.. and try to walk me through it. Or fix it . I do not want to buy a page of updates. I purchased the NOrton CD. I have never had a "subscription" Do this as soon as possible.. HOw many people have you messed up like this.?? carolyn harnsberger
  • Did an update on 15.5.04 and no problem getting Email on AOL9 but web browing really slow. Diabled Norton Firewall 2002 and discovered this was causing the problem. Firewall programme came up it was not responding.

    Next night decided to check the settings and discovered there was a "Trusted" computer address in there which there shouldn't have been. Firewall programme came up it was not reponding again. Uninstalled and reinstalled the Firewall and did update and everything is working OK again - hope it lasts.

    When Norton subscription runs out later this year will not be renewing. Have Norton Antivirus running as well - doesn't catch all the viruses.

    Thumbs down.
  • I also had problems with the glacial speed after updating Norton Personal Firewall on Friday. Symantec Tech support in the UK (after 40 minutes awaiting an agent to answer) admitted that it was a bad update and the solution was to uninstall, reinstall from CD. Did the first part - whoops of course I had originally downloaded the software so another 40 minutes on hold before being told to call customer support and request a CD. Only 20 minutes on hold this time to be told no you have to redownload from their website - and sorry thats down at the moment. How good are the alternatives to Symantec?
  • I have recently installed Norton Internet Security on my PC. I keep having to uninstall it and reinstall in order to pick up my ISP network. It all seems ok again then, until i switch my PC off. When trying to reconect later, all i get is a 169... windows IP. I have been on to my ISP, they have checked the connection and say there are no faults, and that it must be a fault on my machine. If i take Norton off, all is fine, i can then pick up the connection again. Anyone got any ideas? PS: It is a Cable Broadband connection, and i run Windows ME.