Google: Symantec antivirus flaws are 'as bad as it gets'

engadget ^ | 06/29/2016 | Steve Dent

[BenLurkin]

Norton and Symantec users should take "immediate action" to update.

Products from Symantec that are supposed to protect users have made them much more open to attack, according to Google. Researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are "as bad as it gets," he says. "Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it -- the victim does not need to open the file or interact with it in any way." Symantec has already published fixes for the exploits, so users would do well to install them immediately.

Google's Project Zero team searches for "zero-day" code flaws and gives companies 90 days (plus a two week grace period) to fix them. In this case, Ormandy published the blog post shortly after Symantec pushed the fixes, saying the antivirus company did resolve the bugs "quickly."

[GraceG]

Symantec and McAfee have been crap for the last 8 years....

ESET makes a decent product that doesn’t bog down a system.

[Talisker]

I always suspected anti virus companies made viruses to promote their market. Now I discover their products are made to enable viruses to get in.

I never think big enough.

[upchuck]

Ping.

[upchuck]

ESET believer here. Big time. Great product. Can usually find it on sale for $10.

[Zack Attack]

Now I discover their products are made to enable viruses to get in.

LOL. Open borders virus software policy.

[Calvin Locke]

I gave up on Symantec when they failed to update the original Norton engine (read CPU hog) to modern reality. That must have been back in the early 2000s.

[rarestia]

If you’re using Windows 8 or higher, you’ve got Defender, which is Microsoft’s (very effective) anti-virus/malware platform. Windows 7 can use MS Security Essentials which is one of the best platforms MS developed before integrating it into the Windows 8 kernel.

[Mears]

bfl

[Fresh Wind]

Symantec still owes me $20 for a rebate they refused to honor.

[Georgia Girl 2]

I use free Avast coupled with free Malwarebytes and have no issues.

[libertarian27]

Check your state’s ‘unclaimed property’ site.
I had a refund sitting in my state coffers from HP a few years ago.
Why it ended up there? Who knows...
But I got the money.

[minnesota_bound]

I am currently using Webroot for the past month or so.
I have tried mcafee, Norton, both many years ago. Free AVG until it became spyware with their toolbar. Then Avast and now Webroot.

[wally_bert]

Where I am, we’ve transitioned from Symantec which hardly caught anything ever to McAfee which is about as pathetic.

I like Avast myself. Viper was good at one time. AVG I’ll pass on. Ditto Kapersky.

ESET I never really experienced but hear good things.

[jacknhoo]

Does anyone have kowledge on Trend Micro?

[SgtHooper]

Dumped both over a decade ago.

[dayglored]

Symantec antivirus FAIL ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to upchuck for the ping!!

[Dalberg-Acton]

I used Trend Micro several years ago and it was very good. As a test, I opened port 80 on my router and within 5 minutes Trend detected a hack attempt (that it blocked) and gave me the IP address of the hacker. I was then able to report him to his ISP.

[miliantnutcase]

I recommend Sophos.

[hsmomx3]

I use Defender and Malwarebytes as well as Malwarebytes anti-exploit program.