Symantec slams the door on Live Update flaw

Symantec slams the door on Live Update flaw

Summary: Security company Symantec has had to update its Live Update feature to fix a flaw that could open a security hole in the software

SHARE:
TOPICS: Security
122

Security company Symantec, developer of the popular Norton AntiVirus software, fixed a problem in its Live Update feature last week - a vulnerability that could allow malicious users to gain unauthorised administrator access rights to an affected PC.

Live Update is a feature Symantec's customers use in order to keep their virus signatures and security applications up to date. It can be set to automatically connect to the Internet and check Symantec's servers for a newer version. If one is found, the software can either prompt the user or automatically download and install the update, which is the recommended setting.

According to Symantec, the problem only affects Windows versions of its software and is rather obscure, requiring "a number of conditions" to be in place before it can be exploited. If an application has been set up in multi-user mode, with privileged and non-privileged access rights, it is possible for a non-privileged user to access and manipulate the Automatic Live Update interface in order to gain privileged access to the host computer.

The vulnerability, which was discovered by US-based consultants Secure Network Operations, was published on Tuesday, by which time Symantec had already fixed the problem by making a new version (2.0) of its Live Update feature available to download.

Symantec said the latest version of the update engine will be "automatically installed on a user's machine as soon as the computer connects to the Internet." If automatic live update has been disabled, users can use still Live Update to download and install the 4MB patch as soon as possible.

This is the second embarrassing episode for Symantec in a matter of days. Last Friday, Symantec's support forums were flooded with Norton AntiVirus users complaining of slow and unstable computers after the latest signature updates.

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

122 comments
Log in or register to join the discussion
  • Why does my iMac with 10.2.8 keep coming up with major errors after I run the most recent Norton Disc Doctor. This is very disconcerting. Disc Doctor tells me to boot with the Nortor disc to fix these "major problems". I do this, go through the process of repairing these so called "major errors", and the next time I run Disc Doctor from my normal start up disc, I have more "major errors". How can this be?

    Signed,
    Losing faith in Norton System Works for Mac.
    anonymous
  • Why does my ME windows have trouble connecting with the Internet, and I cannot access Norton to get a "LIVE UPDATE" unless I first disable the Norton Firewall ?? According to the latest "Symantec slams the door on Live Update flaw" this should be corrected...
    What is wrong ???
    anonymous
  • Symantec has more than one Live Update flaw, in my opinion. It is not unusual to find that my NAV 2003 is somehow shut off and I cannot turn it back on (WinXp) unless I completely uninstall NAV and re-install it. Then it will not download Client Update info that is reported to be available. After several on line discussions with their tech support, I was told to ignore that download....it does not effect the virus protection features. And to try to get through their chain of links to get help is monstrous!!! No more Norton for me when my current year is up.
    anonymous
  • I deleted Norton antivirus software from my PC and am currently using McAfee. However, a year later, the Symantec LiveUpdate software is now causing my McAfee to be disabled. I cannot figure how to turn it off, I'm not sure what all this tool operates on my PC and need to contact Symantec for a solution.
    anonymous
  • I have Norton however, I don't know how run on-line
    anonymous
  • Talk about a program getting worse with time instead of improving this once pretty dam good antivirus is a freaking nightmare and dont even try to contact symantec every freaking support link takes you to a search engine that has nothiing to do with your prob or getting in touch with a tec.not to mention that they only support this shittier product with a shittier definitions subscription 1 year only it use to be unlimited . this being said norton is becomming the little program that coulden't but decided to charge you more anyway . I am in search of a viable alternate
    anonymous
  • why can't I get this thing to print the memo about being up to date on my firewall security. It is suppose to be in effect until 5-19-04 and I would like to renew it if possible. Please tell me how I can do this automatically.
    anonymous
  • I cannot get a liveupdate from symantec after downloading norton's 2004 anti virus. I can't even complete registration. I get a notice that there is not a catalog file available to complete the live update. What do I do?
    anonymous
  • I cannot get a liveupdate from symantec after downloading norton's 2004 anti virus. I can't even complete registration. I get a notice that there is not a catalog file available to complete the live update. What do I do?

    I have waisted a lot of time going through the suggested remedies and now realize its not me.
    anonymous
  • I have been trying to update my norton antivirus system but I can not connect to them and I can not talk to anyone at their support system either. I am recieving an error message "LU1814:Live update could not retrieve the update list". Their computer generated supprt system is not working on my system. I do not know what to do or who to call. I purchased their system in March this year and I have a valid subscription.
    Could you help me?
    anonymous
  • I cannot get Live Update to run either. After trying all of the remedies listed, including the uninstall/reinstall option, I am now without virus protection. My requests for help from Symantec remain unanswered.
    anonymous
  • I too can not get the symantec live update to work. I have had Norton virus protection for the last four years and have never had a problem like this. can someone come up with a remidy for this problem?
    anonymous
  • You have a virus on your computer. Do your windows updates and this won't happen again.
    anonymous
  • I have the same problem which started when I switched from dial-up to broadband access; I had previously had no problems with Live Update. Now I cannot access the www.symantec.com site at all to get any help. I assume there must be some set up which will allow access via broadband, can anyone help, please?
    anonymous
  • This is becoming a serious issue lately. After 2 days of exausting troubleshooting I can only assume that at some point a trojan virus has changed a setting somewhere on my computer. I have Norton 2005 anti-virus and scanned the computer and removed all viruses and trojans. I have SpySweeper remove adware and look for other trojan problems. I reinstalled and updated Live Updae and Norton. Problem continues. Live update giving a LU1814: error message.

    Norton Has No Phone Support. I have tried everything. My internet explorer works fine and I am not running a firewall.

    I heard somone who say to edit the C:\windows\system32\Drivers\Ect\HOST file and make sure there is no IP address AFTER the 127.0.0.1 IP address. When I checked I just had the 127.0.0.1 IP address at the bottom of the page but no other IP addresses after that which means that the file was fine.

    Wish I had more to offer.
    anonymous
  • I had exactly the same problem! I am not impressed at all with Symantec and now am considering buying another product which is a real pain (not to mention expense).
    anonymous
  • I never had problems with liveupdate UNTIL I DOWNLOADED A CRITICAL UPDATE SERVICE PK 2 (FOR VM)...THATS WHAT SCREWED UP MY LIVEUPDATE AND EVEN tho I deleted and or uninstalled the windows update service pack 2 I still gt error msgs when trying to update virus or firewall definitions.. I ran a free virus scan from www.trendmicro.com and it detected 3 trojans which NORTON never picked up even tho on symantecs site those trojans would be caught if the virus def were updated in oct 2003...DUH..I am so updated until last week, SO WHY DID I GET THOSE TROJANS?..and to make matters worse norton CANNOT delete or quarantine them at all!!!..TRENDMICRO instead did thatg for me on their free online pc virus scan@.. thanks.. I know now which antivirus im going to renew subscription to!
    anonymous
  • I cant update since I renewed my subscription a month ago. No help from technical section of website. I have sent them several emails but no response. Can anyone help?
    anonymous
  • Sometimes you have to use special Symantec tools to completely remove Norton Antivirus and Norton Internet Security from the Windows Registry, even after you did add/remove of all Norton products. For NAV/NIS 2004 and 2005, you can download a .REG file that when run removes most of the Registry entries left by add/remove. For versions 2003 and before, they have other files. They also recommend reinstalling Microsoft scripting and provide a link to Microsoft to get the download. I have resolved Norton problems many times following their procedures. Go to Norton Support, Home User, Knowledgebase, and search for "Remove completely". Article is "Removing LiveUpdate after Add/Remove Programs does not work". I usually note problems with Norton after a failed live update, or sometimes with a Windows update. Never failed to get Norton back running okay after complete install procedures, reinstall, and refresh of live updates.
    anonymous
  • I am so happy to find out that I am not the only one who cannot run live update after installing symantec. I cannot even get through to any one on the phone when I ring and I keep getting this life update popup. I know my computer may be at risk but is there any solution to this or do I just change software.
    anonymous