Symantec Mum on "Highly Severe" Hole

Security firm eEye says Symantec's corporate antivirus software has a critical, "wormable" hole. Symantec's response? Providing too much information helps crackers.

By Ed Sutherland | Posted May 26, 2006
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Could Symantec’s antivirus software guarding company, as well as government computers include a backdoor allowing hackers access to corporate data?

A new security vulnerability rated as highly severe by a security research firm, "has everything required for a worm," according to Mike Puterbaugh, vice president of marketing for eEye Digital Security.

Symantec security protects more than 200 million computers, according to the company. Symantec has also recently argued its software -- not Microsoft's – should be trusted to keep computers safe.

The flaw could impact users of Symantec AntiVirus Corporate Edition 10.0 and Symantec Client Security 3, according to eEye. The firm said the vulnerability can "compromise affected systems, allowing for the execution of malicious code with system level access."

Unlike some security glitches, which need a user to open an attachment, visit a Web site or click on something, the Symantec Antivirus flaw requires no user interaction, according to a security advisory posted on the eEye site.

In a posting to its Web site, Symantec described the reports as unverified.

"Symantec's Product Security team has confirmed that the reported vulnerability by eEye Digital does not affect its Norton brand," the company said, referring to its Norton line of security products such as firewalls and anti-virus updates.

Puterbaugh said eEye’s latest research confirms Norton products are not affected by the bug.

Promising "prompt mitigation solutions for any confirmed issues," Symantec added: "there is no known exploit code currently in the wild that takes advantage of this reported vulnerability."

Should enterprises be concerned? “No one is going to uninstall antivirus – nor should they,” Puterbaugh said. The flaw should encourage network administrators to re-evaluate their policies about mobile devices, he commented. While steps should be taken to be extra vigilant, "attack prevention cannot equal business disruption," according to the eEye exec.

While eEye has privately informed Symantec about the flaw, the company remained circumspect when talking publicly. “We’re not releasing details of the flaw,” Putersbaugh said. Providing too much information about the security hole could assist hackers, he said.

Putersbaugh said he was a "little surprised at the media spin on this." Initial public security reports include little detail with more explicit information shared only between the researcher and the affected company.

Although eEye has already provided a patch to customers of their "Blink" intrusion prevention service, the company couldn’t name when a publicly-available patch will be released.

Article courtesy of internetnews.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter