What is Digg?Sponsored by Best Buy
Best Buy finds gold in Iowa. view!
youtube.com - Best Buy employee, Danielle Kelly, sings her way into holiday campaign.
35 Comments
- BloodJunkie, on 10/12/2007, -2/+28Denying it is much easier than fixing it. Well played, Symantec. Well played.
- Damonz, on 10/12/2007, -1/+12“No one is going to uninstall antivirus – nor can they,”
- gamekid, on 10/12/2007, -2/+11*lays back and enjoys avast! antivirus while Symantec execs sweat under increasing pressure*
- hangtown, on 10/12/2007, -4/+13It seems like there is a knee-jerk reaction on digg whenever bad news about any corporation comes out, instead of reading the article, to just jump on and make disparaging remarks. The company who discovered the vulnerability confirmed the Norton branded products don't have the problem. So it's not just Symantec making that claim.
Symantec also didn't deny anything, if you bother checking their web site:
http://www.symantec.com/avcenter/security/Content/2006.05.25.html
They state that they do have a problem: "Symantec engineers have verified that this vulnerability exists in the product versions listed above."
Digg's not the only site where people tend to make their minds up before reading, but it certainly has become one of the worst, IMO. - Yankees368, on 10/12/2007, -1/+9“No one is going to uninstall antivirus – nor should they,”
I can name a few reasons why you should uninstall it.... - johndi, on 10/12/2007, -1/+9This is a case where both companies can be right. It may only be on the Symantec branded software, Symantec AntiVirus Corporate Edition 10.0 and Symantec Client Security 3, but not the Norton brand owned by them. I have to admit their response doesn't inspire confidence.
- jsg7, on 10/12/2007, -1/+8I can think of a 1 good reason to uninstall Symantec antivirus software: to replace it with something better.
I had a home client who had Symantec Antivirus corporate edition on his home computer (he works for a financial institution) and they had significant virus problems that weren't being cleaned up by any scans. I dumped it and put on AVG free and it cleaned it right up... - Chompy, on 10/12/2007, -1/+8"I can think of a 1 good reason to uninstall Symantec antivirus software: to replace it with something better."
In the case of Norton, replacing it with *nothing* is still an improvement. - adml_shake, on 10/12/2007, -1/+7no no...it's not a vulnerability....it's a "unknown feature!"
- pabster, on 10/12/2007, -3/+9Yeah, it's a far less serious concern that their Enterprise products, used by mission critical servers and the like, are affected. I mean, who cares about Granny's desktop...
- TheKillDoctor, on 10/12/2007, -1/+7It's corporate reactions like this that can cause the source for said hack to be released to the public. Along with script kiddie inscructions included!
- blankoboy, on 10/12/2007, -1/+6The interesting this is that they do not list it on SARC (Symantec's secureity response site - http://www.sarc.com). They are more than happy to report the vulns of other products but don't make any statement about there own.
- Fredx, on 10/12/2007, -0/+3eEye Digital were responsible for finding the major rpc exploit in xp, id say there word is reptable at least.
- jsg7, on 10/12/2007, -3/+6How is Symantec right? Because only corporations and their users are vulnerable? That's kind of like saying that MS is right when Windows 98 isn't vulnerable to a critical XP security hole...
- cgruber, on 10/12/2007, -1/+4It's not a vunerability its a backdoor :)
- BradIsaac, on 10/12/2007, -1/+4I can't stand the symantec antivirus. After dealing with the slowdowns and the occasional miss of an actual virus, I picked up NOD32. It's been a lot more friendly.
- craterburnsu, on 10/12/2007, -1/+3^^ norton may work for you, but it's really just a system hog, that doesn't help in the least bit. Stay away from all those p2p and porn sites and you'll have a hell of a lot less to worry about, I haven't had a virus in years.
- skyhighrockets, on 10/12/2007, -1/+3I gave up on norton a long time ago.
- raccettura, on 10/12/2007, -0/+2My bet is that the bug exists...
but it's going to take longer than they initially thought to fix.
By denying, hopefully it won't be exploited (at least not as quickly), buying them more time.
Nothing would hurt more than a virus exploiting the hole, before they get around to patching it.
This is PR doing damage control. - inactive, on 10/12/2007, -0/+1Ever hear of Linux (free) and iptables (free) or OpenBSD? (also free) There's clamav for antivirus which is also free.
- inactive, on 10/12/2007, -1/+2If the source code isn't available to the public, who knows what [may] lurk within.
Switch to a free and open operating system like Linux and a free and open antivirus: clamav.
IMO trusting closed source to protect closed source is lunacy.
Now let's hear from the vocal minority who defend closed source only because they stand to make a profit from it, or from those who only watch movies because they failed to master the fine art of reading books and have their brains virtually sewn to their mice. Keyboard? What's that? For most it's QWEASDX for FPS. - Damhna, on 10/12/2007, -1/+2I got this 23 Hours ago in an emailed bulletin:
Update - SYM06-010
As soon as Symantec was alerted by eEye Digital of the vulnerability in its
corporate antivirus products, Symantec verified that the issue does not
affect its Norton consumer brand of products. Symantec Client Security 3.1
and Symantec AntiVirus Corporate Edition 10.1 have been confirmed to be
affected by a stack overflow which could potentially allow a remote or local
attacker to execute code on the affected machine. Symantec continues to
evaluate other versions of our software. Fixes have been identified for all
affected products and work on these fixes is ongoing. To date, Symantec has
not had any reports of any related exploits of this vulnerability. However,
Symantec has released IPS signatures for Symantec Client Security, Symantec
Network Security and Symantec Gateway Security that provide protection from
any exploit that may come out from this vulnerability. These IPS signatures
are currently available via Liveupdate.
Symantec Platinum Support will provide another Platinum Bulletin on Friday
May 26 at 5PM PST. Symantec Product engineering is working on a fix to this
stack overflow problem and will be providing availability details in the
next Platinum Bulletin.
My Question is this , what else should they be doing ?
These guys have admitted where the vulnerability is , publicised it , kep their customer fully up to date and worked to resolve the issue and are pre[aring updates. - d3m3, on 10/12/2007, -2/+3"Anti-Computer Virus Software" bad headline?
I've tried every antivirus and firewall available. None are as easy, simple, and effective as Norton. I have 2005 and won't get rid of it until Google Antivirus/Firewall comes out. - kday, on 10/12/2007, -0/+1Firewall: Sygate Personal Firewall Pro (v5.5 build 2525)
I tried newer builds, but this one is still the best. It has 0 bugs that I have found. It doesn't have backdoor's and exploits like Zonealarm. Don't use another build, as they introduce a couple minor bugs.
This is a commercial firewall. While there are free firewalls, nothing compares to the security and stability Sygate Personal Firewall Pro v5.5 build 2525.
Antivirus: NOD32 ( http://www.eset.com )
Again, this is also a commercial antivirus. There are free antiviruses that are good, but NOD32 is proven to be the most effective, and leaves a tiny footprint. It is non-obtrusive, and you shouldn't even notice it running. It will only notify you when it detects a threat. - Fictitious, on 10/12/2007, -0/+1My only experience is with Grisoft Antivirus (AVG). My shop recently switched from Norton to Grisoft for multiple reasons, many of which appear in comments above, but mainly due to the cost- $45 for a year of Norton or $40 for two years of AVG. The corporate version of AVG is even more ridiculously lower priced than it's Symantec counterpart. I use AVG free at home.
- Atomic1fire, on 10/12/2007, -1/+2i had norton for a while but my computer got a few viruses and then then crashed i think twice so then i had to get avg free and the service reps said (to my mom who had got the computer) that we should keep norton but truth is its crap
- johndi, on 10/12/2007, -1/+1I'm not saying that they haven't made mistakes, and I'm definitely not suggesting that the Norton software doesn't make a computer more sluggish than most spyware. I'm just saying that they may not be lying, and that appears to have been confirmed.
- Gregd, on 10/12/2007, -1/+1This isn't and never has been about their Norton products. It's only ever been about Symantec for the enterprise.
- sweez, on 10/12/2007, -1/+1Commercial? I have nothing but praises for F-Prot...
- maiku00, on 10/12/2007, -1/+1If I were to replace Norton, what new Firewall/antivirus would I use?
Please no abbreviations.... - floejoe, on 10/12/2007, -3/+2Nod32
http://www.eset.com/ - liverpoolfc, on 10/12/2007, -1/+0The worst thing they can do is deny it entirely though surely? What if proof or concept ends up Full disclosure or bugtraq next week...
- Damhna, on 10/12/2007, -1/+013 Hours Ago (an hour after you posted that) I got this in email
Status Update - SYM06-010
Symantec engineers have released point patches to address the stack overflow
noted in SYM06-010 for the following product versions;
Symantec AntiVirus Corporate Edition 10.1
Symantec AntiVirus Corporate Edition 10.0 MR 2 MP2
Symantec Client Security 3.1
Symantec Client Security 3.0 MR2 MP2
Point Patch locations:
Symantec AntiVirus Corporate Edition 10.0
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_antivirus/symantec_antivirus_corp/10.0/updates/
Symantec AntiVirus Corporate Edition 10.1
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_antivirus/symantec_antivirus_corp/10.1/updates/
Symantec Client Security 3.0
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_client_security/3.0/updates/
Symantec Client Security 3.1
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_client_security/3.1/updates/
Symantec engineers are working on patches for the following Windows 32 bit
English product versions with a current release ETA of Saturday May 27 2006
10PM PST;
Symantec AntiVirus Corporate Edition 10.1 MP1
Symantec AntiVirus Corporate Edition 10.0 MR 2 MP1
Symantec Client Security 3.1 MP1
Symantec Client Security 3.0 MR2 MP1
Symantec Platinum Support will provide another bulletin with updated status
and patch availability when the remaining Windows 32 bit English versions
post. Symantec localization engineers will begin working on patches for
other language versions and platforms with an ETA of Thursday of next week.
At this time Symantec has not had any reports of any related exploits of
this vulnerability. However, Symantec has released IPS signatures for
Symantec Client Security, Symantec Network Security and Symantec Gateway
Security that provide protection from any exploit that may come out from
this vulnerability. These IPS signatures are currently available via
LiveUpdate.
(3 Hours Later they posted the remaining patches. ) - inactive, on 10/12/2007, -15/+7norton man on this cover of title must have server virus in face!
- inactive, on 10/12/2007, -15/+3well played, clerks, well played
© Digg Inc. 2009
— Content created and posted by Digg users is