Symantec security products less than secure
Two words: Live Update
Customer Success Testimonial: Recovery is Everything
In a world where digital gremlins seem to lurk in almost every shadow, many of us feel safer using an internet security package. But for those using many Norton security products who haven't updated recently, that feeling is a false sense of security.
That's because a nasty bug residing in two ActiveX controls used in Norton's PC software could allow an attacker to remotely execute code on the user's machine. Symantec is advising users to immediately update affected versions, which include the 2006 versions of Norton AntiVirus, Norton Internet Security, and Norton System Works and the 2005 version of Norton Internet Security, Anti Spyware Edition.
"This error could allow an attacker to crash Internet Explorer, or possibly run arbitrary code with the rights of the logged in user," Symantec warned. The attacker would first have to lure a vulnerable machine to a booby-trapped website, the advisory added.
Secunia rates the flaw "highly critical," the second-highest category in its five-tier rating system.
The bug is the result of an "input validation" error, which fails to analyze incoming data for malicious commands before executing them. Norton is encouraging all users to run the program's Live Update feature immediately. ®
COMMENTS
"Security" software using known insecure technology? Oh my!
"two ActiveX controls used in Norton's PC software"
So this so-called security software uses a technology that was tagged as "dangerous" the day it was announced by Microsoft. And, evidently, insists on IE being the vehicle.
Earth to Symantec, Earth to Symantec... anyone with any interest in running a secure system long ago disabled IE as far as possible, including ActiveX.
Somebody at Symantec (or somebodies) does not see the Big Picture.
I was wondering why I had dropped Symantec
Few months ago switched to Nod32, great product, unobtrusive and better detection rate than Symantec. As it originates in Slovakia you could imagine it has to be pretty good, in that environment.
Even keeps your surfing safe from bad sites, sorry to say only prevents malware, does not prevent you seeing badly designed web sites.
The only secure thing about Norton...
...is its ability to stop working because it thinks that you don't have a legit copy.
I had a couple of 3-user licenses for Norton Internet Security that I used to use on a few PCs at our small office. It was set up correctly, correct product keys, running Live Updates, etc. In the end, I removed it from all machines and replaced it with alternative products because each installed copy would regularly keep forcing me to run the product activation procedure again (in spite of being activated correctly in the first place).
As if that wasn't bad enough, it eventually reached the point where it would try to re-activate itself, only to come up with the message that all of my licenses were being used. Considering that I had 6 licenses to hand and the stuff was only installed on 5 PCs (and this was ultimately happening on most of the PCs as well), I got so sick and fed up of this bloated piece of badly written crap that I dropped it altogether and now wouldn't touch any of their shiteware with a barge pole.
And if anyone asks me for recommendations for an AV or Internet Security product, my usual first response is now "Steer clear of anything from Symantec/Norton - their software is badly-written, bloated crapola."
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything
