High Alert: Security Flaws Found in Symantec Software

Friday May 14th 2004 by Ryan Naraine
Share:

Vulnerabilities in Symantec's virus security software provide a classic example of why it's so important to run security updates on your computers regularly.

It pays to listen to computer security alerts -- especially when one involves Symantec, a leading maker of software designed to keep your computer safe from viruses and hackers. And this one's so serious that Symantec's scrambling to make repairs.

An alert from Cupertino, Calif.-based Symantec described the flaws as "high risk" and warned that a successful exploit could wipe out a user's computer. Attackers could also execute remote code on the targeted system that could potentially render your computer useless.

The vulnerabilities, first discovered by researchers at eEye Digital Security, affect both enterprise and consumer Norton users. Affected products include the Symantec Client Firewall 5.01 and 5.1.1; the Symantec Client Security 1.0, 1.1, 2.0 (SCF 7.1); the Norton Internet Security and Professional 2002, 2003, 2004; Norton Personal Firewall 2002, 2003, 2004; and the Norton AntiSpam 2004.

Independent research firm Secunia rates the flaws as "extremely critical" because they could lead to a destructive worm attack. Secunia CTO Thomas Kristensen says the vulnerabilities could lead to an attack similar to the Slammer worm that exploited Microsoft SQL servers last year.

"It is important that people patch and upgrade their Symantec Firewall Products today as there is no other effective solution against this," Kristensen says.

For Symantec, the discovery of such a serious bug in products designed to provide PC security could be disastrous. The company has used the popularity -- and success -- of the Norton anti-virus brand to gain traction in the enterprise market with VPN and firewall management applications.

To its credit, Symantec wasted no time in confirming the existence of the holes and rushing out fixes. Patches have been released through Symantec LiveUpdate and technical support channels.

According to the company, clients running consumer versions of the affected products who regularly run a manual Symantec LiveUpdate should be automatically protected against this issue. "However, customers should manually run Symantec LiveUpdate to make certain that all available updates have been installed.

Adapted from internetnews.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!
Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved