Critical bug found in anti-virus software

New Scientist news service ^ | 22 December 2005 | Will Knight

[george76]

A critical software bug has been discovered in several of the most widely used anti-virus programs. It could be exploited to take control of a computer or to steal information, according to an analysis produced by the independent security analyst who made the discovery.

The glitch affects 39 different Symantec products - including both home and enterprise versions of its anti-virus software. It resides within the Symantec anti-virus library, which is used by all of the packages.

The analyst, Alex Wheeler, discovered that a critical error occurs when the Symantec anti-virus library decompresses files from "RAR" format for analysis

Symantec has confirmed the problem and produced an advisory of its own. It is currently working on a permanent fix but has released an update so that computers running its anti-virus software should automatically detect and block attempts to exploit the bug.

[LostInBayport]

I am going to ditch Norton when my subscription runs out next month.

I suggest looking in stores at the software...some ambitious manufacturers are capitalizing on Norton's incompetence. I know that I liked the poetic justice of getting a $20 rebate from McAfee by sending them the first page of my Norton manual!

[1FASTGLOCK45]

KC Burke wrote:
"I don't think I will reload their Shareware firewall on it again."

--- I didn't bother trying the shareware, i bought it at the store so it's the full copy. Also running a faster computer, 3.02ghz, processor, 1 gig ram, 7200rpm drive, updates don't interfere with my normal computing needs ( internet+watching dvds at teh same time.
Fortunately for me, i work near a major software saler, so i can just buy what i need after researching and when i can afford it. I don't mind spending the money to take a "load" off my mind when i'm computing.

[jdm]

Got this from Geeks To Go:

Step One: Scan for Spyware/Adware
Ad-aware SE - Download - Home Page
1) Download and install.
2) Run the Webupdate feature. (Click on the Globe icon, Click connect, Click OK, Click Finish.)
3) Set up the Configurations (Gear wheel at the top) as follows:

• General Button > Safety & Settings: Check (Green) all three.
• Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

4) To start the scan, Click > "Scan Now"

• Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
• Select "Search for low-risk threats"
• Select "Perform full system scan"
• Click Next

5) When the scan has completed, select Next.

• In the Scanning Results window, select the "Scan Summary" tab.
• Check all objects found in the Critical Objects tab that you wish to remove
• Click Next, Click OK.

CWShredder - Download - Homepage
Run the program. Click the Fix button to remove any malicious programs found.

Spybot S&D - Download - Homepage
Install Spybot and the DSO Exploit Fix. Start Spybot and select Update, Search For Updates, check the box next to each update and then select Download Updates. Next, select Search and Destroy, Check for problems and after scanning is complete, Fix selected problems. Finally, select Immunize and then the Immunize button to block common Spyware programs from installing.

No single program removes every threat. A multi-prong approach is best.

Rogue/Suspect Anti-Spyware Products & Web Sites. Unfortunately, many companies have chosen to exploit the spyware problem by releasing questionable software. These programs may be ripoffs of existing free programs, produce false positives to entice you to buy the full version, leave actual Spyware installed, or at the very worst even install Spyware. Use the link above to see if you have installed any of these programs on your system. Uninstall any found.

Step Two: Viruses/Trojans
Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and trojans is getting blurred. You can never be too careful with these, we recommend at least one online scan.

Ewido Security Suite for Windows 2000 and XP only - Download Free Version (14 day trial) - Homepage
Ewido has been very effective at helping remove some of the more difficult infections. After installed, there should be a icon for ewido on your desktop. Double-click to run it.
Update ewido: From the main Ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, but if Ewido finds anything it will pop up a notification, so it needs to be monitored. If notified, select clean and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on Save Report.

Trend Housecall - Homepage
Even if you do have antivirus software it can be compromised and corrupted by many forms of malware, so an online scan is a good idea.

Run the free online virus scan (tick the "Auto Clean" checkbox).

Here's another free online scan: Panda Activescan

AVG - Download - Homepage
If you don't have any antivirus software on your system, or if your subscription to definition updates has lapsed, install AVG's very good free version of antivirus. This comprehensive package includes real-time protection, scheduled scans, automatic definition updates, and email scanning.

TrojanHunter - Download Free Version (30 day trial) - Homepage
TrojanHunter is the most powerful trojan scanner on the market. Featuring an intuitive user interface and a scanner capable of thoroughly examining your files, system registry, open ports and running processes it gives you all-round protection against trojans.

Step Three: Windows Updates
Windows Update - Homepage - Download SP1a
An unprotected, unpatched Windows XP installation will get infected within minutes of connecting to the Internet.

SP2 NOTE: Windows XP Service Pack 2 (SP2) has terrific security features, and we highly recommend everyone install it, however it should not be installed until your system is free from malware. Installing SP2 with malware present can cause many compatibility problems, or even prevent your computer from restarting. If your system has a malware infection, or if you're unsure, use the SP1a download link above.

[1FASTGLOCK45]

Spktyr wrote:

" you have *no* idea how stupid people are when it comes to using the computer."

----Have you seen how stupid people are when they are on their cell phones and driving? (Sorry couldn't resist a cheap but true joke! ) hahahaha.

[zeugma]

Excellent! Thanks!

[Palladin]

Thanks again.

Bumping up this very educational thread!

Merry Christmas!!

[Paul_Denton]

I use Avast. It is not a resource hog (I can even run games with it on with no loss of performance) and it is free and reliable.

[nh1]

Bump for later

[American in Singapore]

"What is your opinion on dropping Norton in favor of AVG, Nod32, McAfee, BitDefender, or Sophos , etc."

I can't comment too much on the consumer side - I just wanted to point out that the vulnerability was not as catastrophic as portrayed.

Symantec's latest corporate edition, version 10, has anti-spyware, anti-adware, and some Intrusion Detection capabilities. I don't know when and what version that these features are in the Norton consumer product line, but it seems that having the A-V, anti-spyware, and anti-adware in one package is better than maintaining 2 or 3 different products that provide the same functionality. So you might want to compare those features with the other products that you mentioned.

But, people can get almost religious about their choice of A-V software and I don't really want to get into that fray :-)

[thoughtomator]

I'm with you on that. I've never had a computer virus infection in 20 years of computing. You have to do something you shouldn't in order to get one of these things on your computer.

[xrp]

Wow, how does FreeRepublic look on pen and paper?

[Reaganwuzthebest]

I don't use anti-virus software at all.

Same here, I don't bother with anti-virus software. The only precaution I take besides a firewall is to keep Javascript and ActiveX Controls disabled and not open spam e-mail attachments. It's been years since I've gotten a nasty.

[Reaganwuzthebest]

One of my old machines that still runs on w98 crashed badly during the latest ZoneAlarm update.

I've had all kinds of blue screen problems with Zone Alarm and Windows 98SE. Since going to Kerio's free version 4.1.2 I've never looked back. It's best feature is the low resources it consumes.

[dsc]

Thanks for the link to Rogue/Suspect Anti-Spyware Products & Web Sites. The other day I downloaded Sypware Cleaner, and it claimed (in red letters) to have found several extremely dangerous registry keys, then it hit me up for money to remove them.

Neither Spybot, nor Adaware, nor Panda hit on those keys.

I manually deleted one, and the only thing that happened was I had a hardware error on rebooting.

I've been wondering if Spyware Cleaner generates spurious hits; it appears it does.

[supercat]

SP2 NOTE: Windows XP Service Pack 2 (SP2) has terrific security features, and we highly recommend everyone install it, however it should not be installed until your system is free from malware. Installing SP2 with malware present can cause many compatibility problems, or even prevent your computer from restarting. If your system has a malware infection, or if you're unsure, use the SP1a download link above.

I would like to install a larger hard drive on my computer and reinstall XP. What's the best way of getting everything upgraded and secure, given that all I have for an Internet connection is a slowdem? If I just try to do an install and a direct update, how likely am I to avoid getting zapped before stuff is secured?

[Reaganwuzthebest]

Do you have a CD writer? If so you can download the SP2 update and burn it to disk before you reinstall XP.

If you don't another option is to order SP2 on disk and Microsoft will send it to you free of charge except for shipping and handling:

Service Pack 2 on CD