Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Symantec antivirus in danger zone

  1. #1
    zapjb's Avatar Computer Abuser BT Rep: +3
    Join Date
    Nov 2002
    Posts
    3,694
    [news=http://www.symantec.com/images/homepage/global.global.logo.gif]Symantec's range of antivirus software is under imminent threat from a loophole discovered by an independent security expert, who says the flaw could permit certain virus or worms to attack and destroy programs on users' PCs.

    Alex Wheeler, an erstwhile Internet Security Systems consultant is said to have identified and announced the weak code area. Subsequently, Symantec issued a note to all users, through its DeepSight Threat Management System, informing and recommending steps to tackle the issue. Wheeler has said that the weakness is resident in the process of unzipping RAR compressed files. RAR files are formed by the WinRAR compression tool, designed and sold by RarLab. The RAR file type is popularly used for compressing and archiving data, especially huge music or video files.


    If the RAR file is created in a certain malicious manner, it could tuck into its fold a virus or worm designed to run amok on the PC and gain destructive control of the machine.

    The loophole has been christened "Highly critical" by software flaw monitor Secunia and "High" by its own parent, Symantec. The weak code is capable of causing what is known as a “heap overflow”, which further allows a hacker to implement random coding when an infected RAR archive is under scanning. According to Wheeler, the loophole is a consequence of non-checked 16-bit fields in RAR sub-block header formats.

    Further, the advisory issuance warns that if the Symantec products have been aligned to check all incoming mail, the loophole could be taken advantage of from remote access without any other interaction from the user's end. The probability that most of the Symantec product range falls under this threat is also high, including its gateway service which is used for corporate setups. The problem definitely influences Symantec Antivirus Corporate Edition, Symantec Client Security, Symantec Brightmail Anti-Spam, Symantec Gateway Security, Norton Antivirus, both for Windows and Macintosh, Norton Internet Security and Norton Antivirus for MS Exchange. Worse, the code area afflicted with the weakness is licensed heavily to several vendors with numerous services and products at risk.

    The warning from Wheeler says that though the flaw has not been really attacked yet, the danger is very potentially heavy, so to say. Dasher worm, the recently identified virus, came in hordes via RAR files.

    Symantec users do not have any updated patch available to ward off the threat. In the meantime, Symantec has suggested that users disable auto-scanning of RAR type files and exercise care over opening such attachments too.

    Historically, antivirus software has often been affected by such weaknesses and problems. This is the second instance of weakness in scanning functions of Symantec discovered by Wheeler. Earlier, in February, a similar scanning weakness was found by him vis-à-vis UPX type files. Wheeler is a reputed security expert specializing in discovering and analyzing security software flaws. Recently in 2005 itself, he unearthed some major flaws in big brand products like those of McAfee, Kaspersky Labs, Trend Micro, F-Secure and ClamAV. Every loophole discovered was focused on anti-virus scanning of compressed file types.

    Source: http://www.whatistheword.com/story/SciTech_437.html [/news]
    Last edited by tesco; 12-21-2005 at 05:54 PM.

  2. News (Archive)   -   #2
    silent h3ro's Avatar Poster BT Rep: +9BT Rep +9
    Join Date
    Nov 2003
    Location
    Detroit
    Age
    27
    Posts
    4,461
    Well now it's a imminent threat now that the loophole is posted all over the internet...

  3. News (Archive)   -   #3
    i have removed from my pc every single association with this P.O.C., almost 2 years ago!
    Last edited by gugutza; 12-22-2005 at 09:53 AM.

  4. News (Archive)   -   #4
    zapjb's Avatar Computer Abuser BT Rep: +3
    Join Date
    Nov 2002
    Posts
    3,694
    I wonder if it's that hard to fix this. Or is Symantec just being Symantec by dragging their feet. I remember awhile back Kaspersky had a similar problem. But I think they fixed it in less than 8hrs.

  5. News (Archive)   -   #5
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,816
    Oh great winraw is the only zip program I use and of course Symantec is my poison aswell , thanx for the heads up Zapjb .


    Just auto updated got virus defention version 12/21/05 rev .6 but of couse no change log . If there was ever a time I'd like to read one its now .

    I'll be patient tho still a good program and I'm sure other antivirus are not far behind in this security problem but won't be rushing of to D/L some Rar files !

    Found this link for an update but no news yet , supposably their scrambling for a patch .


    http://securityresponse.symantec.com...dvisories.html


    Think I read wrong there is a patch ?




    Mitigations
    Symantec Security Response posted an AntiVirus based protection signature to LiveUpdate on December 20, 2005, providing a heuristic detection for potential exploits of the Symantec decomposer RAR archive vulnerability. This signature is available though LiveUpdate, to all desktop, server and gateway product versions of Symantec’s Security products and appliance solutions that contain the decomposer RAR archive. Symantec strongly recommends that customers immediately ensure their products are up-to-date to protect against possible threats.
    Last edited by peat moss; 12-22-2005 at 10:14 PM.

  6. News (Archive)   -   #6
    sArA's Avatar Ex-Moderatererer
    Join Date
    Feb 2003
    Posts
    4,765
    bugger......updated

  7. News (Archive)   -   #7
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,816
    Quote Originally Posted by sArA
    bugger......updated







    Ah typical woman comes on here and says in two words what it took me three paragraph's to explain............ Some thing sexy about that .

  8. News (Archive)   -   #8
    Quote Originally Posted by peat moss
    Quote Originally Posted by sArA
    bugger......updated
    Ah typical woman comes on here and says in two words what it took me three paragraph's to explain............ Some thing sexy about that .
    Sheesh...

    Was tempted to leave it at one word but considerned you might start looking at me funny.
    Anyway thanks for the info and updated aslo.

  9. News (Archive)   -   #9
    who cares, norton/symatec suck donkey balls so i dont care what happens to them

  10. News (Archive)   -   #10
    sArA's Avatar Ex-Moderatererer
    Join Date
    Feb 2003
    Posts
    4,765
    No two worder here I'm afraid....

    Updated etc, and got back on the comp today after kids been on it and my firewall keeps crashing trying to connect to rmail.walla.com through prog system32(forward slash)csrs.exe

    spyware detectors found a few bits but this is odd and seems to have come at around the same time as I updated.....any ideas guys?
    __________________

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •