All the latest UK technology news, reviews and analysis
|
|
|
26 May 2006
A flaw has been found in Symantec's latest antivirus software that allows hackers to exploit a PC without the user having to open anything.
The problem was first discovered by eEye Digital Security, which reported it as a 'high level' threat.
"This flaw does not require any end-user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with system-level access," said eEye in a statement.
Donal Casey, a security consultant at Morse, warned that this kind of security flaw is a serious cause for concern.
"The fact that it allows hackers to remotely take control of a PC without the user opening any attachments or clicking on anything makes this a huge vulnerability," he said.
According to eEye, the problem affects Symantec Antivirus 10.x and Symantec Client Security 3.x.
A statement on the Symantec website described the flaw as "unverified" and the impact as "undetermined".
"Norton products do not contain the code affected by this potential vulnerability, and none of the Norton products are affected by this issue," Symantec said.
But Casey maintained that, even though the early indications are that no one has yet exploited the flaw, it is "a time bomb waiting to go off".
"Businesses must be alert and remember that their antivirus software is like any other application and must be kept up to date with the latest patches at all times," he said.
Symantec insisted that its product teams are investigating the report, and that updates would be provided for all currently supported products if necessary.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Java / Oracle Coherence Technical / Solution Architect...
ASP.Net/C#/Web Development/Desktop Development/Winforms...
My Major client urgently requires an experienced contract...
Decision Systems Analyst West Midlands £19-24,000 Are...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
fundamental flaw?
The basic concept of having everyone go to a single server to automatically download updates introduces what i've always felt was a significant architectural flaw: it make that update server a natural target for hackers - if ever compromised, well everyone will get blasted together. Weeeeee!
Posted by: concerned netizen 27 May 2006
What is Symantec waiting for?
Yesterday, I renewed and upgraded the Symantec internet and virus protection on my laptot. During installation MS Defender complained that Symantec's software does not have proper signatures. Symantec's installer uninstalled the old version and left my computer for about one minute without any virus protection. Enough time for a hacker to hack into my messenger and replace the MS Messenger logo with a hacked logo. After installing the new version and scanning the computer with Symantec and MS Defender, the messenger was ok again, but obviously I don't know what else went wrong. Why does Symantec not improve their download procedures? Why do they not have clean signatures and certificates? It seems a case of the policeman not locking up his gun. Also the installation procedure is unnecessarily cumbersome and the payment process is annoying. It displays the American Express log to Swiss customers but then doesn't accept American Express for payments in Swiss francs.
Posted by: Martin Frank 26 May 2006