Posted on 12/22/2005 2:14:35 PM PST by nickcarraway
The two most popular security product vendors have bugs in their widely used antivirus programs.
Antivirus products made by Symantec and McAfee and used by millions have flaws that could potentially be exploited by hackers to control vulnerable computers, security experts warned Wednesday.
The researchers have rated the flaws as high or critical, sending the software makers scrambling for patches to fix the problem. However, no users have been affected by the bugs so far.
iDefense, a division of VeriSign, issued a security advisory late Tuesday detailing a bug in the McAfee Security Center that allows attackers to create or overwrite files. The same day, Alex Wheeler, an independent researcher, outlined a bug in Symantec’s product.
In its note, iDefense said that successfully exploiting the vulnerability in McAfee could let attackers force a vulnerable computer to execute a malicious program during a reboot or logon. But just because people are using the security product doesn’t mean their computers are infected.
“A typical exploitation scenario would require an attacker to convince a targeted user to visit a malicious website,” the company said in its advisory.
McAfee said the bug has been fixed and updates issued to resolve the problem. The bug had “minimal impact,” Francie Coulter, McAfee’s senior manager of marketing communications said in an email statement.
“This vulnerability has been patched for all active McAfee users, and all registered customers should update automatically,” said Ms. Coulter. “There are no known public cases of exploit code.”
The flaw in the Symantec products affects nearly all of its widely used antivirus products including the AntiVirus Corporate Editon, Brightmail Anti-Spam; Client Security; Gateway Security; and the different Norton packages (see Symantec Shifts Focus to Lab).
The company did issue a statement saying it has posted the details regarding protection for users to its LiveUpdate center. Symantec has also suggested that users disable the scanning of files with the .rar extension and refrain from opening email attachments from unknown sources.
Shares of Symantec fell $0.09 to $16.70 in recent trading while shares of McAfee rose $0.45 to $27.53.
Public Relations Headache
For Symantec and McAfee, the flaw may be more than just a public relations headache. Microsoft is set to enter the security segment, introducing its anti-virus and anti-spyware related tools for consumers. After months of internal testing, Microsoft released a test version of its consumer security product, Windows OneCare, to all users on November 30 (see Windows Security Goes Live).
This has raised the stakes for incumbents, who must ensure their products are perceived as being at the forefront of the war on computer threats.
In the long term, bug disclosures like these could give Microsoft’s products an edge, said
Pete Lindstrom, director of research at SpireSecurity, a security-focused market research and analysis firm.
“Microsoft is not exactly known for having the most secure products,” he said. “So what this might do is level off the playing field for them.”
It’s also an indication of a bigger problem plaguing security vendors. Mr. Lindstrom suggested that security vendors and researchers have to move beyond finding individual vulnerabilities and fixing them to creating an overall shift in the way the software development process can be done to improve security (see Debugging OK to Outsource?).
“We don’t do a great job of defining of what secure is,” he said. “Right now we are playing the comfort food game: whatever feels good and works fine must be secure.”
Buy Defender 5-1 system. Much cheaper than Norton, which is a virus in itself.
A few months back, I was looking into getting Norton or McAfee.
I did some research but was still undecided. I asked Freepers for advice.
After reading their replies, I decided to get neither and instead downloaded AVG for free.
When it comes to PC-related issues, Freepers are #1.
If you want an all around internet security suite and firewall, I've been highly pleased with Trend Micro's PC-cillin. It doesn't seem to slow my computer down like Norton did, and it has received good reviews from the computer magazines I checked.
I need to clean this damned thing, there's so much JUNK on it.
Run a HiJack log, go to www.techsupportguy.com and start a thread where you post your log, and they will clean you up. Give yourself a good three hours, but you can't beat the price (FREE).
> Antivirus products made by Symantec and McAfee and
> used by millions have flaws that could potentially
> be exploited by hackers ...
If I were a cracker, a top priority would be looking
for exploits in AV/AS/firewall products.
I run NAV, and had an incident this year in which it
appeared that NAV itself got infected, refused to run
and refused to download new virus sigs. After recovery,
NAV ID'd it as
Bloodhound.W32.4
If you check the Symantec database, note that the
Bloodhound.W32 defs still only go to up to ".3", which is:
"The virus name Bloodhound.W32.3 is used exclusively by
Symantec antivirus products when a potentially unknown
virus is found using Symantec Bloodhound technology.
Bloodhound technology consists of heuristic algorithms
that are used to detect unknown viruses. The actual file
that is detected under Bloodhound.W32.3 is likely to be
infected with a new Win32 file-infecting virus."
Interesting.
A re-install of NAV cleared up the problem, anyway.
Thank you for the suggestion will check that out.
Me too. Norton? Feh.
I cleaned my system and installed AVG. I am well pleased with its efficiency, performance and slender profile on my PCs.
Remove Norton with symNRT.exe. Google it.
AVG works great for me. I started with MaAfee that came on my Del. AVG actually alerted me to some stuff McAfee skipped over.
I used to be a big Norton fan. But there software has become so bloated and unstable that I gave up on them. What a difference in computer speed when you unload there crap. AVG works good.
PC-cillin + Spybot S&D together make me happy. Aong with Thunderbird, Firefox and Sunbird.
Have used Trend Micro for years but their latest update download sucks. Purchased it and downloaded. It never would install. Haven't gotten my money back from they yet either. Use to recommend Trend Micro but not anymore.
As a retired senior software developer with over 40 years under my belt I can guarantee that no halfway complex piece of software is without flaws. Any software which allows automatic updates and downloads or which allows modification of the system on which it runs could be used to hack into a system which uses it.
Good Point.
40 years, brings back memories IBM 1130
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.