'

Security: No place for double standards

commentary A series of follies by antivirus provider Symantec could well lead customers deeper into a quagmire of confusion and panic.Only last month, its consumer offering -- Norton Internet Security 2004 -- was reportedly affected by an auto-protection flaw which could be manipulated by malicious, local users.

commentary A series of follies by antivirus provider Symantec could well lead customers deeper into a quagmire of confusion and panic.

Only last month, its consumer offering -- Norton Internet Security 2004 -- was reportedly affected by an auto-protection flaw which could be manipulated by malicious, local users. Then, Symantec issued a terse "we would know more in 24 hours" comment when ZDNet Australia&nbsp alerted the company to the problem.

Yesterday, taking a page from the Microsoft of old, Symantec chose, once again, to go into denial mode.

The latest fiasco came in the form of a problem specific to Norton AntiVirus 2005, a product aimed at home and small business users.

Norton AntiVirus has a script-blocking mechanism -- described by Symantec as a proactive technology that detects script-based viruses and worms without the need for signatures -- meant to prevent unauthorised scripts from infecting a computer.

But according to security researcher Daniel Milisic, the feature is flawed since the antivirus application contains a vulnerability which allows some malicious scripts to attack a PC anyway.

When Symantec was contacted, a spokesperson told ZDNet Australia&nbsp that the flaw was not a threat since it only affected users running Windows with administrator rights.

"Symantec would like to reiterate that the situation described is one of access rather than threat.

"The VBScripts can only be successfully run on a target system with administrator rights," the spokesperson said.

This is extremely disingenuous of Symantec, which I'm sure is familiar with how computers and Windows works, because by default, most users have administrator rights with Windows XP.

Symantec's comment is akin to saying "your house will never be broken into because only you have the key". This is both silly and unrealistic.

Even Milisic was amazed with the company's response. In his eyes, Symantec had missed the point. He accused it of misleading customers by not responsibly addressing the issue.

In analysing Symantec's behaviour, one can't help but wonder if the company practises double standards -- enterprise users receive far better treatment compared with home and small business users.

Sure, most of the bacon comes from corporate clients but Norton AntiVirus isn't free of charge ... people pay AU$91 per copy.

For the sake of customers, both big and small, hopefully Symantec will mend its ways. Otherwise, it may well be barren days ahead for the company.