Should we be surprised at this?: Company: Hackers can crack top antivirus program
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Should we be surprised at this?: Company: Hackers can crack top antivirus program

  1. #1
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252

    Question Should we be surprised at this?: Company: Hackers can crack top antivirus program

    Credit - CNN who credits the AP who credits eEye - I can't get no credit or satisfaction :

    WASHINGTON (AP) -- Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.
    Link: http://www.cnn.com/2006/TECH/interne....ap/index.html

    From eEye:

    Date Reported:
    May 24, 2006

    Vendor:
    Symantec

    Description:
    A remotely exploitable vulnerability exists within the Symantec Antivirus program. This flaw does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with SYSTEM level access.

    Severity:
    High (Remote Code Execution)

    Remote Code Execution:
    Yes

    Software Affected:
    Symantec Antivirus 10.x
    (Other Symantec AntiVirus products are also potentially affected, waiting for vendor list)

    Status:
    Initial report stage
    Source: http://www.eeye.com/html/research/up.../20060524.html

    For those with Symantec, and this is a "just-in-case" thing, what would work to replace Symantec on an enterprise level - say 30-50,000 workstations and > 5,000 MS servers? "Buelller?, Bueller?, Bueller?"
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmm,

    Is it surprising? well I guess the answer is "yes and no"

    Yes, because you would expect security product vendors to be more diligent.

    No, because of the nature of the product. It updates continuously, it is intended for networks and easy updating across networks and it runs with elevated privileges. In that respect I would not have thought that Symantec was any different from other enterprise level security suites?

    For those with Symantec, and this is a "just-in-case" thing, what would work to replace Symantec on an enterprise level - say 30-50,000 workstations and > 5,000 MS servers?
    The obvious is NAI's McAfee, but there are other enterprise level products out there.

    I would take the view that the number of instances is not that relevant because they are discrete One destop does not know what is on another. The issue would only be one of efficiency when you are having to update from a central source? And, of course, the actual product performance, which is a question of quality rather than quantity.


  3. #3
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    It's certainly not a "first".

    Anybody's who's had to remove viruses the last few years is aware how often AV apps are disabled by viruses and even spyware.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #4
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252

    UPDATE: Symantec Updates it Advisories, cats and dogs contemplate marriage...

    just in the small chance you have not seen this yet... it's wake-up time!

    Updates

    Symantec : http://www.symantec.com/avcenter/sec...006.05.25.html

    SYM06-010
    May 25, 2006
    Symantec Client Security and Symantec AntiVirus Elevation of Privilege
    Revision History
    May 26, 2006 - Updated Products Affected section and other details
    May 27, 2006 - Updated Products Affected section with update info
    - Updated Unaffected Products section
    May 30, 2006 - Added CVE identifier
    - Updated Products Affected section with update information


    Impact
    High

    Remote Yes
    Local Yes
    Authentication Required No
    Exploit publicly available No


    Overview
    A stack overflow in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a remote or local attacker to execute code on the affected machine.
    Symantec also has a page to assist with the patching: http://service1.symantec.com/SUPPORT...06052609181248

    ISC : http://isc.sans.org/diary.php?storyid=13 68

    and another from ISC: http://isc.sans.org/diary.php?storyid=1372

    enjoy!
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  5. #5
    Junior Member
    Join Date
    Apr 2006
    Posts
    19
    just in the small chance you have not seen this yet... it's wake-up time!
    do you not think that everyone at this site does not already know this? i think you need to wake up! this is worthless.
    He who asks is a fool for five minutes, but he who does not ask remains a fool forever.

    --Chinese proverb

  6. #6
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    As quoted by member Guan-Di:

    do you not think that everyone at this site does not already know this? i think you need to wake up! this is worthless.
    WTF, you arrogant ****!

    This topic has world-wide implications, and may not have been seen by everyone. I for one was on a sabbatical with my wife for several days and did not initially see this.

    Bumping up the thread by including an update to the original thread is anything but worthless; in fact, it is the act of a responsible individual, dedicated and committed to making cyberspace a better, safer place to be.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    IKnowNot is quite correct. You don't see all these things, there are just too many these days and if you don't happen to be using a particular application or service, you may not be monitoring it too closely.

    Similarly, it is useful to know when the patch is available.

    I am sure that many of us are subscribed to a variety of security alerting sites and newletters. However, I would rather be warned five times than not warned at all

  8. #8
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    Couldn't agree more. Depending on the week, the amount of work i have planned and the number of alerts it is all too easy to miss things that maybe important. Had it happen with a microsoft security update and compaq smart array firmware. Fun weekend trying to get things back up and running.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  9. #9
    Member
    Join Date
    Apr 2005
    Posts
    97
    ... in addition, some users tend to be too complacent when they get too comfortable with their AVs or even their firewalls that they think their computer systems are invulnerable (not!).

    There have been discussions about Symantec's NAV being a resource hog... now this... and further, parallel comparisons with Microsoft about being a practical monolith (dominant maybe but not the behemoth that others would want to project).

    A jolt such as this identified vulnerability is a constant reminder that user security is a 24/7 concern.

    Si vis pacem, para bellum!

  10. #10
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    Question

    Has anyone had any issues or surprises with installing the point patch for this? I just don't want to bring my enterpirse anit-virus systems to a grinding halt.

    Thanks

    Cheers:
    DjM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •