Feeds

Norton's firewall not fiery enough

Pegasus takes fright

The Power of One eBook: Top reasons to choose HP BladeSystem

Users of Norton Personal Firewall have been urged to update their software following the discovery of a serious vulnerability in the security package.

A stack-based buffer overflow vulnerability involving ActiveX controls creates a means for hackers to inject hostile code onto vulnerable systems, Symantec warns. The security bug affects Norton Internet Security 2004, Norton Internet Security 2004 Professional and Norton Personal Firewall 2004. Later versions of the security packages are not affected by the flaw, which means the majority of Symantec personal firewall users are already in the clear.

For users of the vulnerable 2004 vintage of Norton products, Symantec has published security updates designed to guard against exploits via its LiveUpdate service.

It's sometimes said that trouble comes in threes. As well as the Norton firewall vulnerability reports suggest the Norton anti-virus is subject to a couple of troublesome false positives.

According to the SANS Institute's Internet Storm Centre, Symantec has been wrongly identifying two system files (netapp32.dll and lsasrv.dll) in the simplified Chinese version of Windows XP SP2 as the Haxdoor Trojan. In standard configurations on Norton AV these files are deleted, resulting in problems subsequently booting systems. Fixing systems involves copying these files from backup CDs.

Separately a 15 May update in Symantec Anti-Virus falsely categorised Pegasus, the popular email package, as a Trojan. Updated virus definition files released over the weekend resolved the issue but not before ruffling feathers down at the Pegasus users' community. A thread providing advice on how to reinstall the package and attempt to restore email databases (if these were also affected) can be found here. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.