Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

'High' risk in Symantec antivirus software flaw

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU
 
acmejack Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 01:42 PM
Original message
'High' risk in Symantec antivirus software flaw
Symantec's antivirus software contains a vulnerability that could be exploited by a malicious hacker to take control of a system, the company said late Tuesday.

According to Symantec, the bug, which affects a range of the company's security products, is a "high" risk. Denmark security company Secunia has labeled it "highly critical."

According to an advisory issued by Secunia, the bug affects most of Symantec's products, including enterprise and home user versions of Symantec AntiVirus, Symantec Norton AntiVirus and Symantec Norton Internet Security, across the Windows and Macintosh platforms.

The vulnerability is within Symantec AntiVirus Library, which provides file format support for virus analysis. "During decompression of RAR files, Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected," said security consultant Alex Wheeler, who first discovered the flaw. "These vulnerabilities can be exploited remotely, without user interaction, in default configurations through common protocols such as SMTP."

http://news.zdnet.com/2100-1009_22-6004097.html?tag=nl.e589
Printer Friendly | Permalink |  | Top
SoCalDem Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 01:50 PM
Response to Original message
1. So what do we DO about it?
I am a novice and do not understand the complicated "fixes" that are sometimes listed..If it's not a "click" fix, I cannot do it.:(
Printer Friendly | Permalink |  | Top
 
benburch Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 01:52 PM
Response to Original message
2. Virex is what you should be using on a Mac...
Not that there are really any viruses out there to fight, but it pays to be careful.
Printer Friendly | Permalink |  | Top
 
Ellipsis Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 02:08 PM
Response to Reply #2
6. Mostly true
There are still old viruses and macro viruses which can reek havoc on legacy files etc.

Spyware IS an issue. Shareware and commercial solutions are available. Here is one commercial solution. (not a recommendation)

Internet Cleanup
by Allume Systems, Inc.
Printer Friendly | Permalink |  | Top
 
KoKo Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 01:55 PM
Response to Original message
3. What are RAR Files...and what do I need to do to disable scanning them?
I can't understand this article. What is it the virus is supposed to be doing and how do I know if I'm getting an RAR File?

I haven't had any problems (that I know of) and I've used their productes for years.

Need some "Techie Help" for those of us who are Computer challenged with this one. :eyes:
Printer Friendly | Permalink |  | Top
 
bananas Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 02:03 PM
Response to Reply #3
4. It's like a ZIP file
Edited on Wed Dec-21-05 02:04 PM by bananas
The filename ends in ".RAR" instead of ".ZIP"
It uses different compression methods than ZIP files.
The problem would occur if you download a .RAR file from a website or usenet or if one is emailed to you (which will probably happen soon - someone will make an email spam virus using this).

on edit: you don't want to disable scanning them,
because they might contain other viruses.
Printer Friendly | Permalink |  | Top
 
Sapphire Blue Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 02:07 PM
Response to Reply #4
5. From January 2005...
Edited on Wed Dec-21-05 02:07 PM by Sapphire Blue
New Virus Attack Technique Bypasses Filters
By Dennis Fisher
January 31, 2005

Virus writers have once again gotten the drop on anti-virus vendors and IT administrators with a new technique that's finding early and considerable success.

Late last month, administrators and service providers began seeing virus-infected messages with a new type of attachment hitting their mail servers: an .rar archive. .Rar files are similar to .zip files in that they are containers used to hold one or more compressed files. The .rar format is not as widely known as .zip, but it is used for a number of tasks, including compressing very large files, such as music and video.

The emergence of .rar-packed viruses highlights the lengths to which virus writers are willing to go to evade anti-virus systems, as well as the limitations of those traditional signature-based defenses.

Experts say .rar files carrying viruses have been sailing past commercial anti-virus products and finding their way into the mailboxes of users, who are often unfamiliar with the file format. Administrators who have seen .rar-packed malware say that none of the messages have been stopped by their anti-virus defenses.

http://www.eweek.com/article2/0,1759,1756636,00.asp
Printer Friendly | Permalink |  | Top
 
bananas Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 02:14 PM
Response to Reply #5
8. LOL - That was quick! A year ago! nt
Printer Friendly | Permalink |  | Top
 
KoKo Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 02:16 PM
Response to Reply #5
9. Thanks....article says mostly "lustful young men" who might be effected..
Edited on Wed Dec-21-05 02:19 PM by KoKo01
(I feel better now...not being a "lustful young man" who downloads from those sites) :D......


Once opened, the archive typically contains an executable file with a double extension, such as "foto.jpg.exe." The viruses themselves are new and are usually droppers that install a Trojan or back door on the user's PC.

"Most of these are appealing to lustful young men," said Bill Franklin, president of Zero Spam Network Corp., in Coral Gables, Fla., a managed services provider. "It's a game of percentages. This is just another way to get control of machines. It may hit fewer machines, but they're probably more technical users, so their machines would be of higher value. It's a good example of the fact that virus writers are probing every nook and cranny."

One recent .rar virus that appeared at the end of last week is disguised as a patch from Microsoft Corp. Although the text of the e-mail is poorly written, users have often proved willing to fall for such pitches. Franklin said that he has seen about six or seven new .rar viruses each week this month and that all of them are getting past the anti-virus products installed on his network.
Printer Friendly | Permalink |  | Top
 
sabbat hunter Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 02:11 PM
Response to Original message
7. i went to the symantec site
no new high threats are alerted.
Printer Friendly | Permalink |  | Top
 
Sapphire Blue Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 03:31 PM
Response to Reply #7
10. Found this...
From eWEEK.com...

Symantec Plugs 'High Risk' AV Engine Flaw
By Ryan Naraine
October 5, 2005

(excerpt)

Anti-virus specialist Symantec Corp. has confirmed a high-risk vulnerability in multiple enterprise-facing products and warned that a successful exploit could lead to code execution attacks.

The company released a security alert <http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html> to acknowledge the flaw, which was flagged in the Symantec Antivirus Scan Engine: Web Service Administrative Interface.

<snip>

The vulnerability has been confirmed in the Symantec AntiVirus Scan Engine (version 4.0 and 4.3) and several enterprise-facing products that use the scan engine.

<snip>

Patches to correct the vulnerability have been posted online. <http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html#savse4-3-12>

http://www.eweek.com/article2/0,1895,1867475,00.asp


The security alert referred to in the above article...

SYM05-017
October 4, 2005
Symantec Antivirus Scan Engine: Web Service Administrative Interface Buffer Overflow

http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html
Printer Friendly | Permalink |  | Top
 
Sapphire Blue Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 03:33 PM
Response to Original message
11. Wonder why no link in this article to what Symantec "said late Tuesday"?
Printer Friendly | Permalink |  | Top
 
Name removed Donating Member (0 posts) Send PM | Profile | Ignore Wed Dec-21-05 03:36 PM
Response to Original message
12. Deleted message
Message removed by moderator. Click here to review the message board rules.
 
Prisoner_Number_Six Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 03:50 PM
Response to Original message
13. Hell, I've known Symantec's antivirus is broken for a couple years.
Every virus maker out there knows EXACTLY how to break the program. It's why I abandoned it in favor of McAfee.
Printer Friendly | Permalink |  | Top
 
KoKo Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-21-05 08:42 PM
Response to Reply #13
14. What do you like about McAfee? I had it back in '96 and switched to
Norton... I've not had problems with Norton all these years. :shrug:
Printer Friendly | Permalink |  | Top
 
Prisoner_Number_Six Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Dec-22-05 12:40 AM
Response to Reply #14
15. Several things
McAfee also looks for spyware and other malware that Norton ignores.

As a professional computer repair geek, I've seen machine after machine with hundreds of infected files on them- each computer with some version of Norton installed. In switching as many of them as possible to McAfee, I've seen a dramatic decrease in virus infections on client machines.

A caveat: I just did a laptop today that I had previously put McAfee on, that had gotten reinfected. It was a particular virus that slipped by- McAfee calls it "Bagle". (Norton calls it "Beagle".) It's the only time I have seen a virus that could break McAfee so badly I had to reinstall it- a process I've had to do on dozens of Norton machines.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Mon May 06th 2024, 09:19 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC