Norton AV flaw opens door to hackers

A vulnerability in Symantec's popular antivirus product could allow its auto-protect feature to be disabled, a security group has warned
Written by Munir Kotadia, Contributor on

Norton AntiVirus, one of Symantec's most popular Internet security products, contains a security flaw that could allow malicious users to easily disable the software's auto-protect feature, according to an advisory by security Web site Secunia.

According to Secunia, the software's auto-protect function, which is designed to recognise and halt suspicious behaviour in real-time, contains an error that could allow a malicious user to disable it altogether.

"This can be exploited by an unprivileged user to force the auto-protection to be disabled… It can further be exploited to download and execute malicious files that normally would be caught by the antivirus program," the advisory warned.

Norton Internet Security 2004 is affected but Norton Internet Security 2004 Professional and Symantec Norton AntiVirus 2004 are also likely to be vulnerable.

Security researcher Daniel Milisic, who has been credited with discovering the problem, last week criticised Symantec's Norton AntiVirus on a security mailing list.

"Symantec should be publicly flogged for trying to sell this inferior AV software to home users, especially knowing they have a decently workable AV product in their Enterprise line… It's unbelievable that Symantec sells a product that operates this poorly," said Milisic.

ZDNet Australia contacted Symantec about the problem but the company refused to comment. A spokesperson told ZDNet Australia that the company would "know more in 24 hours".

ZDNet Australia's Munir Kotadia reported from Sydney. For more coverage from ZDNet Australia, click here.

Editorial standards