# Flaw Found In Symantec Antivirus, Hackers Say



## Shipwreck (Jan 26, 2006)

*Flaw Found In Symantec Antivirus, Hackers Say*

WASHINGTON -- Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.

Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used and because no action is required by victims using the latest versions of Norton Antivirus to suffer a crippling attack over the Internet.

Symantec has boasted its antivirus products are installed on more than 200 million computers. A spokesman, Mike Bradshaw, said the company was examining the reported flaw but described it as "so new that we don't have any details."

Researchers from eEye Digital Security Inc. of Aliso Viejo, Calif., discovered the vulnerability and provided evidence to Symantec engineers this week, said eEye's chief hacking officer, Marc Maiffret. He demonstrated the attack for The Associated Press.

Maiffret's company -- which has discovered hundreds of similar flaws in other software products -- also produces intrusion-protection software, called "Blink," that he said already blocks such attacks and can operate alongside Symantec's antivirus products.

Maiffret published a note about the company's discovery on its Web site but pledged not to reveal details publicly that would help hackers attack Internet users until after Symantec repairs its antivirus software. eEye said it intends to describe the problem in detail privately for some of its largest customers.

"People shouldn't panic," Maiffret said. "There shouldn't be any exploits until a patch is produced."

The reported flaw comes at an awkward time for Symantec. Its chief executive, John Thompson, has campaigned in recent months to convince consumers they should trust Symantec -- not Microsoft Corp. - to protect their personal information.

Maiffret said eEye's testing showed the problem affects Norton Antivirus Version 10, including its corporate editions. He said Symantec's current security suite -- which includes both antivirus and firewall features -- did not appear to be vulnerable.


----------



## Guest (May 25, 2006)

Buy an Apple... Problem solved


----------



## A_J (May 22, 2006)

My rant - I've worked with Norton/Symantec AV home and corporate too much, and the thing drives me nuts... In the home version at least they've got fundamental issues with it's architecture, too many interdependent pieces - one bombs and you may be exposed and not know it or it's permanently broken. And good luck getting a clean uninstall, every time I've had to I ended up resorting to registry hacks. Not to mention it takes forever to start up on boot and sucks up bandwidth always downloading..


----------



## Thor (May 11, 2006)

js said:


> Buy an Apple... Problem solved


There are viruses out there that affect Apples, they're just few and far between. For the PC end users, maybe switching to linux might help since most viruses are made to screw up Microsoft products. But, even then, Linux is not a cure-all.


----------



## Shipwreck (Jan 26, 2006)

I got rid of Norton earlier this year when it expired. I have used it for years, and it used to be the best. It makes the start up time take forever.

I was using the fee Zone Alarm anyway, so I bought Zone Alarm antivirus for $30. Now, I have the full version of the firewall along w/ the anti virus software. I like it a lot.


----------



## Hal8000 (May 8, 2006)

McAfee came on my laptop and I'm not impressed. I can't use Zone Alarm with McAfee. I like what you said there Shipwreck, I'm thinking when my paid up stuff is over, I'll look into the ZA antivirus... :smt069


----------



## Shipwreck (Jan 26, 2006)

Well, shop around. There are several versions of zone alarm, some more expensive than others. I thought I was gonna have to order the ZA anti-virus online, because all the local stores have the whole suite. But I found just the anti-virus at Office Max.

I had McAfee on my older laptop because it comes free from Verizon DSL, and my laptop is too old to run the newer Nortons. McAfee always messed up the startup, and I couldn't keep it in memory. I could only do manual scans.

I now use Avast on my laptop - a good free anti virus. It's even too old to use ZA Anti-virus, so I had no real choice on that computer.


----------



## tomkk (May 6, 2006)

Grisoft AVG Antivirus is a pretty decent free antivirus ... Combine it with free Zonealarm and it's pretty good protection. Not sure I'd run a web server behind it, but good for normal use.


----------



## Thor (May 11, 2006)

On my laptop, a Celeron 1 Ghz, with 512 Meg of ram and a 40 GB HDD, I run Avast and AVG simultaneously. No real problems with processor or memory usage. I DID upgrade the laptop from WinME (YUCK!!!) to XP, sp2.


----------



## DennyCrane (May 11, 2006)

Read online this week that they fixed the flaw - if you do your regular update, it will fix the flaw.


----------



## Thor (May 11, 2006)

Back in the DOS5.1 days, I really liked Peter Norton's products. Since Symantec has taken him over, they seem to be keeping up, but not as well as back then. Of course, Windows is so full of flaws, it's scary.


----------



## Shipwreck (Jan 26, 2006)

Thor said:


> Back in the DOS5.1 days, I really liked Peter Norton's products. Since Symantec has taken him over, they seem to be keeping up, but not as well as back then. Of course, Windows is so full of flaws, it's scary.


Yes, I agree. They were once the best - I suppose that is why I put up w/ the product for so long.


----------

