Symantec plays-down security hole in Norton AntiVirus

Symantec plays-down security hole in Norton AntiVirus

Summary: Symantec has admitted its flagship consumer security application, Norton AntiVirus 2005, has a security vulnerability that allows certain types of malicious script to infect a user's personal computer with a virus. However, a Symantec spokesperson told ZDNet Australia  that the flaw was not a threat to users because it only affected systems that are running Windows with administrator rights.

SHARE:
TOPICS: Security, Symantec
6
Symantec has admitted its flagship consumer security application, Norton AntiVirus 2005, has a security vulnerability that allows certain types of malicious script to infect a user's personal computer with a virus.

However, a Symantec spokesperson told ZDNet Australia  that the flaw was not a threat to users because it only affected systems that are running Windows with administrator rights.

"Symantec would like to reiterate that the situation described is one of access rather than threat. The VBS scripts described can only be successfully run on the target system with administrator rights," the spokesperson said.

Security researcher Dan Milisic, who discovered the vulnerability in October, told ZDNet Australia  that Symantec is "missing the point" and trying to "mislead" its customers because Norton AntiVirus 2005 is an application designed for consumers, the majority of whom run their computers with administrator rights.

"They're not saying my code doesn't work because they can't -- it does. They can however choose to completely miss the point. Norton AntiVirus is aimed at the Home and SOHO market. There is a separate product for corporate protection. By default, in the Windows XP OOBE (Out Of Box Experience) users are administrators," Milisic said.

Foad Fadaghi, senior industry analyst at Frost & Sullivan Australia, who would not comment on this specific issue with Symantec, agreed that in general consumers tend to log in as administrators, which is why there have been so many problems with things like rogue diallers, which hijack a system's dial-up Internet connection and call premium rate numbers to run up huge bills.

"The malicious dialler programs need admin rights as well but there are widespread incidents of it happening. In businesses [admin rights] are not so much of an issue but in the consumer market it might be," Fadaghi said.

To further demonstrate the flaw, Milisic created a small 'movie' of his script in action.

In the movie, which has been seen by ZDNet Australia , Milisic demonstrates how running his scripts can infect an apparently protected computer with a virus.

Milisic said: 'You can see that Script Blocking gets completely uninstalled. Also notice that Auto-Protect doesn't kick in until you click on the tray icon and launch the NAV console. By then, the 'virus' has already launched -- you can see in the cmd.exe window.

"Putting this together was pretty simple and worth the effort to properly address Symantec's response. I will let the presentation speak for itself," he added.

Topics: Security, Symantec

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Norton AV, as a whole, is a sub-grade product, which has, somehow monopolized the Windows home pc security market. This is unfortunate, since their support and service in general is anything BUT usable by the home pc user.

    Does anyone know of a comparable (but actually usable) alternative product for Windows? I've used Vexira on Linux for many years, with no problems, but, that may just be becuse there weren't problems to be had.
    anonymous
  • Dear ZNet
    Thank you so much for your news on NAV 2005.
    I have just downloaded on the 04/11/2004 and every thing worked fine until today, it came up with file missing and I have done live update and very thing shows okay on that end but still the email scanning is red and and my bottom bar it shows it is disabeled.
    I had also heaps of problems with NIS 2004 could not install even with Computer Technician help.
    So I have purchased for 3 computers a CD NIS 2005 could not install either.
    I am not happy.
    So I will Buy AVG because I am sick and tired to spend money and on the end it is not working.

    Yours Faithfully

    Elvira Reichmuth
    ocra81
  • So much software around is written without regard to how it might run when a non-administrator is logged on. And besides, why shouldn't the owner of the PC operate in Administrator mode.

    In a corporate environment fair 'nuff, but on the home user front it is entirely meaningless to whitewash the whole problem with the simple statement that only administrators are at risk.

    And what about the poor old sys admins anyway, trying to patch machines logged in as administrator, but being vulnurable to attack because of it!
    anonymous
  • I bought the Norton 2005 AntiVirus to update. Upon finishing the install of the new program, my computer crashed, and message error - you may have installed new drivers, etc. When I uninstalled the Norton, my computer was fine. I reinstalled, crashed, same message. Eventually, it killed my hard drive, and I have lost everything. I tried to contact Norton, and they wanted $30 just to speak to someone. IMO, they suck! I am returning it today for a refund.
    anonymous
  • norton antivirus

    I have had the same problem although I didn't buy it.
    Only five days after installing 15 day free trial norton decided to tell me expiry date was up.
    Not so, they disabled antivirus I uninstalled anti virus now I have all sorts of problems.
    I contacted them and same, very hard to get someone it took me all day and failed to instruct me how to fix the problem.
    I have tried to gain access to my personal banking, cannot get in, along with a lot of other internet sites.
    I have had the bank and my internet provider go through everything and have informed me it is purely a norton issue.
    It is terrible, I am now a very unhappy person left high and dry because of norton.
    Never again will I look at their product.
    I am so glad I didn't buy it.
    What a hassle I would have.
    anonymous
  • I would say get nod32

    Nod32 is an amazing anti-virus and its light and does not even come close to being as system heavy as norton.
    anonymous