Norton AV flaw may put PCs at risk of virus attack

A vulnerability in Norton AntiVirus can allow some malicious scripts to infect a machine if the user has admin rights - which would apply to most home-based PCs
Written by Munir Kotadia, Contributor

Symantec has admitted its flagship consumer security application, Norton AntiVirus 2005, has a security vulnerability that allows certain types of malicious script to infect a user's personal computer with a virus.

However, a Symantec spokesperson told ZDNet Australia that the flaw was not a threat to users because it only affected systems that are running Windows with administrator rights.

"Symantec would like to reiterate that the situation described is one of access rather than threat. The VBS scripts described can only be successfully run on the target system with administrator rights," the spokesperson said.

Security researcher Dan Milisic, who discovered the vulnerability in October, told ZDNet Australia that Symantec is "missing the point" and trying to "mislead" its customers because Norton AntiVirus 2005 is an application designed for consumers, the majority of whom run their computers with administrator rights.

"They're not saying my code doesn't work because they can't -- it does. They can however choose to completely miss the point. Norton AntiVirus is aimed at the Home and SOHO market. There is a separate product for corporate protection. By default, in the Windows XP OOBE (Out Of Box Experience) users are administrators," Milisic said.

Foad Fadaghi, senior industry analyst at Frost & Sullivan Australia, who would not comment on this specific issue with Symantec, agreed that in general consumers tend to log in as administrators, which is why there have been so many problems with things like rogue diallers, which hijack a system's dial-up Internet connection and call premium rate numbers to run up huge bills.

"The malicious dialler programs need admin rights as well but there are widespread incidents of it happening. In businesses [admin rights] are not so much of an issue but in the consumer market it might be," Fadaghi said.

To further demonstrate the flaw, Milisic created a small 'movie' of his script in action.

In the movie, which has been seen by ZDNet Australia , Milisic demonstrates how running his scripts can infect an apparently protected computer with a virus.

Milisic said: "You can see that Script Blocking gets completely uninstalled. Also notice that Auto-Protect doesn't kick in until you click on the tray icon and launch the NAV console. By then, the 'virus' has already launched -- you can see in the cmd.exe window."

"Putting this together was pretty simple and worth the effort to properly address Symantec's response. I will let the presentation speak for itself," he added.

ZDNet Australia's Munir Kotadia reported from Sydney. For more coverage from ZDNet Australia, click here.
Editorial standards