On mySimon: Skip Fabric Softener with Dryer Balls
BNET Business Network:
BNET
TechRepublic
ZDNet

May 26th, 2006

Critical back door-like vulnerability exposes Symantec anti-virus users

Posted by David Berlind @ 4:53 am

Categories: General, IT Management, Personal Technology, Security

Tags:

In light of a potentially critical vulnerability and with over 200 million people using his anti-virus solutions, are the comments by Symantec CEO John Thompson about a "Microsoft security monoculture" coming back to haunt him?

Associated Press:

Symantec Corp.’s leading antivirus software, which protects some of the world’s largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday…..Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used, and because no action is required by victims using the latest versions of Norton Antivirus to suffer a crippling attack over the Internet…..Symantec has boasted its antivirus products are installed on more than 200 million computers. A spokesman, Mike Bradshaw, said the company was examining the reported flaw but described it as "so new that we don’t have any details.

The researcher outfit that AP is referring to is eEye Digital which issued this report late yesterday. Meanwhile, the report raises interesting questions about comments made by Symantec’s CEO John Thompson within the last week.  In an interview with with News.com’s Joris Evers, Thompson talked about how Microsoft’s monoculture is something to beware of from a security perspective now that Microsoft is beginning to provide security products for its flagship operating system Windows — products that not only compete with Symantec’s but that may be able to play a role in protecting sensitive data from the sort of compromise just experienced by the Veterans Administration when one of its PCs were stolen. Said Thompson in his interview with Evers:

If all of a sudden the whole world uses the monoculture of Microsoft and the monoculture of Microsoft security capability, I am not sure we would create a more secure world, diversity in the security platforms supplied on top (of Windows), we think is of great value in protecting that infrastructure.

But, at 200 million PCs, one could argue that Symantec runs a security monoculture itself.  One that should be diversified through the usage of third party anti-malware solutions other than Symantec’s.  In some ways, his own argument works against any growth for Symantec’s anti-malware offerings, drawing even more attention to the company’s diversification into other categories such as storage management/clustering (Veritas) and identity management.

Meanwhile, in light of this and his own analysis of the overall security landscape, fellow blogger George Ou recommends against running anti-virus software on PCs.  Said Ou:

Running antivirus on a personal computer is like having the bomb squad inspect a suspicious package inside the house right next to you.

  • Talkback
  • Most Recent of 34 Talkback(s)
Symantec is Norton
Symantec is Norton, they are one in the same antivirus software. They use to say they took up less space on the hard drive and I have used them for many years yet I have seen many problems with Macaff... (Read the rest)
Posted by: Dana@... Posted on: 06/14/06 You are currently: a Guest | | Terms of Use
For once it's not MSFT!  Chad_z | 05/26/06
For once it's MSFT!  IceTheNet@... | 05/26/06
You mean like all the hacked LAMP servers?  No_Ax_to_Grind | 05/26/06
"Hacked" is not the same as "Defaced"  Zogg | 05/26/06
open mouth/insert foot  tgueth@... | 05/26/06
Foolishness  IceTheNet@... | 05/26/06
Competitors  darkmoonman | 05/26/06
RE: Competitors  Protagonistic | 05/26/06
Run naked in the street  SirLanse | 05/26/06
Run naked in the street  lmenningen | 05/29/06
Security efforts just keep honest people honest...  Hey U | 05/26/06
Critical back door-like vulnerability  Protagonistic | 05/26/06
So True  IceTheNet@... | 05/26/06
Does George commit to a Fig Leaf  not of this world | 05/26/06
Corporate Version Only  shawnpatt | 05/26/06
Consumer version NIS 2006 is not affected...  DragonBRockin | 05/26/06
Okay, but....  rmerts@... | 05/29/06
Syamantec  Shelendrea | 05/26/06
Symantec Security?  itpro_z | 05/26/06
[Comment] itpro_z  curtis.mike@... | 05/30/06
Only 200 million PC?  jolumoar | 05/26/06
Corporate or Personal??  1seer7@... | 05/26/06
Get rid of Symantec  Kimbok@... | 05/26/06
Norton is for both windows and mac os  xiaodre | 05/26/06
It is no strange ...  rfbati | 05/26/06
Better programming...  interested_amateur@... | 05/31/06
Better Programming  Uncle Art | 05/31/06
Used to work at SYMC  jacoblanemcp | 05/26/06
I believe it  rmerts@... | 05/29/06
symatecs vulnerability  myracon20051 | 05/27/06
Symantec is Norton  Dana@... | 06/14/06
DON'T use Symantec  mrsclrawls@... | 05/29/06
Yes, Symantec sux  rmerts@... | 05/29/06
Only 1 AntiVirus software ?  rogrushton@... | 05/30/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More