He calls it a "100 percent reliable exploit, effective against the default configuration in Norton Antivirus and Symantec Endpoint exploitable just from email or the web." The researcher built and released his own exploit to help Symantec develop an effective fix. "An attacker could easily compromise an entire enterprise fleet." He added that the unpackers have kernel access, which is "maybe not the best idea." LightRocket via Getty Images "Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences," he says. In one case, he found a buffer overflow flaw in the company's "unpacker," which searches for hidden trojans and worms. However, he excoriated Symantec for the danger of the errors and its incompetence in allowing them. In this case, Ormandy published the blog post shortly after Symantec pushed the fixes, saying the antivirus company did resolve the bugs "quickly." Google's Project Zero team searches for "zero-day" code flaws and gives companies 90 days (plus a two week grace period) to fix them. "Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it - the victim does not need to open the file or interact with it in any way." Symantec has already published fixes for the exploits, so users would do well to install them immediately. Researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are "as bad as it gets," he says. For users, that means changing passwords, but for businesses that often means stopping access to accounts and services that have been subject to data loss or infiltration, as well as tracking the source of the intrusion and shoring up cyberdefences – something governments have been doing with new cyber response teams.Īntivirus still accounts for 40% of the company’s revenue, however, and while other security companies such as Kasperky and Intel’s McAfee have already moved in that direction, Symantec lags the movement.Products from Symantec that are supposed to protect users have made them much more open to attack, according to Google. The switch to the detect and respond paradigm means tracking data leaks, hacks and other intrusions and preventing further repercussions from stolen data. That failure to detect issues is forcing Symantec, which has a turnover of about $1.6bn (£590m) and an 8% global antivirus marketshare – according to data from the enterprise software company Opswat – to diversify its products, moving into the “detect and respond” sector rather than the simple "protect" segment. Computer viruses range from relatively simple criminal attacks, where credit card information is targeted, to espionage programs that spy on users and data but can easily be upgraded into cyberweapons at the touch of a button, according to security expert Eugene Kaspersky, founder of Kaspersky Lab, which also sells antivirus software. Malware has become increasingly complex in a post-Stuxnet world. Dye told the Wall Street Journal that hackers increasingly use novel methods and bugs in the software of computers to perform attacks, resulting in about 55% cyberattacks going unnoticed by commercial antivirus software.
0 Comments
Leave a Reply. |