The Register® — Biting the hand that feeds IT

Feeds

Symantec security products less than secure

Two words: Live Update

Customer Success Testimonial: Recovery is Everything

In a world where digital gremlins seem to lurk in almost every shadow, many of us feel safer using an internet security package. But for those using many Norton security products who haven't updated recently, that feeling is a false sense of security.

That's because a nasty bug residing in two ActiveX controls used in Norton's PC software could allow an attacker to remotely execute code on the user's machine. Symantec is advising users to immediately update affected versions, which include the 2006 versions of Norton AntiVirus, Norton Internet Security, and Norton System Works and the 2005 version of Norton Internet Security, Anti Spyware Edition.

"This error could allow an attacker to crash Internet Explorer, or possibly run arbitrary code with the rights of the logged in user," Symantec warned. The attacker would first have to lure a vulnerable machine to a booby-trapped website, the advisory added.

Secunia rates the flaw "highly critical," the second-highest category in its five-tier rating system.

The bug is the result of an "input validation" error, which fails to analyze incoming data for malicious commands before executing them. Norton is encouraging all users to run the program's Live Update feature immediately. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

Latest Comments

"Security" software using known insecure technology? Oh my!

"two ActiveX controls used in Norton's PC software"

So this so-called security software uses a technology that was tagged as "dangerous" the day it was announced by Microsoft. And, evidently, insists on IE being the vehicle.

Earth to Symantec, Earth to Symantec... anyone with any interest in running a secure system long ago disabled IE as far as possible, including ActiveX.

Somebody at Symantec (or somebodies) does not see the Big Picture.

0
0

I was wondering why I had dropped Symantec

Few months ago switched to Nod32, great product, unobtrusive and better detection rate than Symantec. As it originates in Slovakia you could imagine it has to be pretty good, in that environment.

Even keeps your surfing safe from bad sites, sorry to say only prevents malware, does not prevent you seeing badly designed web sites.

0
0

The only secure thing about Norton...

...is its ability to stop working because it thinks that you don't have a legit copy.

I had a couple of 3-user licenses for Norton Internet Security that I used to use on a few PCs at our small office. It was set up correctly, correct product keys, running Live Updates, etc. In the end, I removed it from all machines and replaced it with alternative products because each installed copy would regularly keep forcing me to run the product activation procedure again (in spite of being activated correctly in the first place).

As if that wasn't bad enough, it eventually reached the point where it would try to re-activate itself, only to come up with the message that all of my licenses were being used. Considering that I had 6 licenses to hand and the stuff was only installed on 5 PCs (and this was ultimately happening on most of the PCs as well), I got so sick and fed up of this bloated piece of badly written crap that I dropped it altogether and now wouldn't touch any of their shiteware with a barge pole.

And if anyone asks me for recommendations for an AV or Internet Security product, my usual first response is now "Steer clear of anything from Symantec/Norton - their software is badly-written, bloated crapola."

0
0

More from The Register

 breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
 breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
 breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
Critical Java SE update due Tuesday fixes 40 flaws
And yes, most are remotely exploitable
NSA accused of new crimes ... against slideware
They may take our information but they cannot take our REFINED AESTHETICS