Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 3 MINUTES AGO.
You are here: Home / Viruses & Malware / Flaws in Symantec Antivirus Products
Google Blasts Symantec: Flaws Put Millions of Firms at Risk
Google Blasts Symantec: Flaws Put Millions of Firms at Risk
By Jef Cozza / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JUNE
29
2016
Enterprises that depend on Symantec’s antivirus products to protect their networks may want to rethink their strategies. According to Google’s Project Zero, Symantec’s flagship enterprise security product is riddled with vulnerabilities that could be putting millions of companies at risk.

The bugs affect all Symantec and Norton branded antivirus products, the Google team said. “These vulnerabilities are as bad as it gets,” Google researcher Tavis Ormandy wrote on Project Zero’s Web site yesterday. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

'Symantec Dropped the Ball'

Project Zero is a Google-run effort to search for vulnerabilities, particularly so-called “zero-day” flaws in software products, and then alert the developers of the problems. In this case, Ormandy said Symantec was able to fix the problems and update its software quickly. However, some of the products affected by the vulnerabilities cannot be automatically updated, so administrators have to manually update their systems to protect their networks.

While Ormandy praised Symantec for its quick response, he was highly critical of the company's failure to uncover the vulnerabilities. “As with all software developers, antivirus vendors have to do vulnerability management,” Ormandy said. “This means monitoring for new releases of third-party software used, watching published vulnerability announcements, and distributing updates. Nobody enjoys doing this, but it’s an integral part of secure software development.”

In particular, the company failed to update code used in its products that had been derived from open source libraries such as libmspack and unrarsrc for at least seven years, Ormandy said. “Symantec dropped the ball here,” Ormandy said.

Potentially Devastating Consequences

One of the most serious problems in Symantec’s code has to do with an unpacker. An unpacker is a type of tool used by antivirus software to analyze compressed executable files. The unpacker Symantec used for files that had been compressed by ASPack, a commercially available compression tool, provided hackers an opportunity to force a buffer overflow.

And because Symantec’s products use a filter driver to scan all incoming data, a hacker could infect a target network just by e-mailing a link to a user -- the user wouldn't even have to open it. “Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers,” Ormandy said. “An attacker could easily compromise an entire enterprise fleet using a vulnerability like this.”

Ormandy said he was also able to develop a hack that used Symantec’s approach toward parsing PowerPoint files to cause a stream stack buffer overflow. According to Ormandy, his exploit worked with 100 percent reliability against the default configurations of both Norton Antivirus and Symantec Endpoint, although the bug was found in all products branded as Norton or Symantec.

Tell Us What You Think
Comment:

Name:

TO:
Posted: 2016-06-30 @ 3:19pm PT
Tavis Ormandy is a self-promoting jerk.

SKP:
Posted: 2016-06-29 @ 4:58pm PT
I've never used Symantec or Norton in my own company as there have been so many problems with my clients using it. This just confirms my suspicions that it is rubbish software. Google should be looking harder at their own garbage software like Android and Chrome.

Like Us on FacebookFollow Us on Twitter
MORE IN VIRUSES & MALWARE

NETWORK SECURITY SPOTLIGHT
After testing a pilot version in Russia, China, and Nordic countries last year, the Russia-based cybersecurity firm Kaspersky Labs says it will begin a global rollout of its free antivirus product.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.