AlbertPacino
Skilled
Newly discovered flaws in some of Symantec's Internet security software products leave systems running the AV applications vulnerable to denial-of-service attacks.
The company has posted a notice on its Web site alerting users to two vulnerabilities in the 2004 and 2005 editions of Norton Antivirus, Norton Internet Security and Norton System Works.
These flaws have been patched and updates have been distributed to users through the company’s automatic update service. Users who do not participate in this service and who have not patched their systems on their own, however, are vulnerable to remote attack, Symantec said.
Symantec rated the vulnerabilities, which were discovered by two Japanese security research firms, as low risks.
Outing the Vendors
Increasingly, AV vendors have become targets, not only of hackers interested in circumventing AV software, but also of other AV vendors interested in outing the flaws in their competitors' products.
Few in the industry, though, are willing to castigate other vendors too much; AV software is a complex product to develop and support. Also, given the sheer number of people looking at it (a story line very familiar at Microsoft), it is inevitable that glitches will be uncovered.
Antivirus programs are attractive to virus writers now because they involve a large number of users and can guarantee a fairly high infection rate, especially if the program is popular, said Thomas Kristensen, security researcher at Secunia Latest News about Secunia.
"Antivirus software is usually very complex, so although it would be nice if the programs were flawless, it's natural for errors to occur," he said.
Other Incidents
Still, the growing number of patches issued by AV vendors for their software is becoming disconcerting. The concern is that hackers may start to look for vulnerabilities in security systems with the same relentless drive they currently bring to the search for MicrosoftRelevant Products/Services from Microsoft flaws.
Last month, Symantec issued patches to fix a hole discovered by Internet Security Systems Latest News about Internet Security Systems, which affected several applications in its product line.
A flaw was uncovered in McAfee earlier this month by several AV vendors.
Also this year, ISS identified a flaw deemed "critical" by Trend Micro Latest News about Trend Micro in a security product used across its entire line of desktop-, server- and gateway-security products.
Source
The company has posted a notice on its Web site alerting users to two vulnerabilities in the 2004 and 2005 editions of Norton Antivirus, Norton Internet Security and Norton System Works.
These flaws have been patched and updates have been distributed to users through the company’s automatic update service. Users who do not participate in this service and who have not patched their systems on their own, however, are vulnerable to remote attack, Symantec said.
Symantec rated the vulnerabilities, which were discovered by two Japanese security research firms, as low risks.
Outing the Vendors
Increasingly, AV vendors have become targets, not only of hackers interested in circumventing AV software, but also of other AV vendors interested in outing the flaws in their competitors' products.
Few in the industry, though, are willing to castigate other vendors too much; AV software is a complex product to develop and support. Also, given the sheer number of people looking at it (a story line very familiar at Microsoft), it is inevitable that glitches will be uncovered.
Antivirus programs are attractive to virus writers now because they involve a large number of users and can guarantee a fairly high infection rate, especially if the program is popular, said Thomas Kristensen, security researcher at Secunia Latest News about Secunia.
"Antivirus software is usually very complex, so although it would be nice if the programs were flawless, it's natural for errors to occur," he said.
Other Incidents
Still, the growing number of patches issued by AV vendors for their software is becoming disconcerting. The concern is that hackers may start to look for vulnerabilities in security systems with the same relentless drive they currently bring to the search for MicrosoftRelevant Products/Services from Microsoft flaws.
Last month, Symantec issued patches to fix a hole discovered by Internet Security Systems Latest News about Internet Security Systems, which affected several applications in its product line.
A flaw was uncovered in McAfee earlier this month by several AV vendors.
Also this year, ISS identified a flaw deemed "critical" by Trend Micro Latest News about Trend Micro in a security product used across its entire line of desktop-, server- and gateway-security products.
Source