Topic: Norton AV flaw may put PCs at risk of virus attack

[Clive]

Munir Kotadia
ZDNet Australia
November 09, 2004, 10:28 GMT
 
Symantec has admitted its flagship consumer security application, Norton AntiVirus 2005, has a security vulnerability that allows certain types of malicious script to infect a user's personal computer with a virus.

However, a Symantec spokesperson told ZDNet Australia that the flaw was not a threat to users because it only affected systems that are running Windows with administrator rights.

"Symantec would like to reiterate that the situation described is one of access rather than threat. The VBS scripts described can only be successfully run on the target system with administrator rights," the spokesperson said.

Security researcher Dan Milisic, who discovered the vulnerability in October, told ZDNet Australia that Symantec is "missing the point" and trying to "mislead" its customers because Norton AntiVirus 2005 is an application designed for consumers, the majority of whom run their computers with administrator rights.

"They're not saying my code doesn't work because they can't -- it does. They can however choose to completely miss the point. Norton AntiVirus is aimed at the Home and SOHO market. There is a separate product for corporate protection. By default, in the Windows XP OOBE (Out Of Box Experience) users are administrators," Milisic said.

Foad Fadaghi, senior industry analyst at Frost & Sullivan Australia, who would not comment on this specific issue with Symantec, agreed that in general consumers tend to log in as administrators, which is why there have been so many problems with things like rogue diallers, which hijack a system's dial-up Internet connection and call premium rate numbers to run up huge bills.

"The malicious dialler programs need admin rights as well but there are widespread incidents of it happening. In businesses [admin rights] are not so much of an issue but in the consumer market it might be," Fadaghi said.

To further demonstrate the flaw, Milisic created a small 'movie' of his script in action.

In the movie, which has been seen by ZDNet Australia , Milisic demonstrates how running his scripts can infect an apparently protected computer with a virus.

Milisic said: "You can see that Script Blocking gets completely uninstalled. Also notice that Auto-Protect doesn't kick in until you click on the tray icon and launch the NAV console. By then, the 'virus' has already launched -- you can see in the cmd.exe window."

"Putting this together was pretty simple and worth the effort to properly address Symantec's response. I will let the presentation speak for itself," he added.

 

[Simon]

I wonder how many people actually update the program yearly, rather than just re-subscribing?  I'm still on NAV 2003, and see no real reason to upgrade to 2004 or 2005.

[Tony]

I wonder how many people actually update the program yearly, rather than just re-subscribing?  I'm still on NAV 2003, and see no real reason to upgrade to 2004 or 2005.

Well not till 31st December 2029, at the very least  

[Clive]

I'm still on NAV 2003 too. I don't think that 2004 has anything new to offer really.  However, it costs me two £19 subscriptions each year and I wonder if it may be cheaper to just buy new anyway?

[Simon]

I'm still on NAV 2003 too. I don't think that 2004 has anything new to offer really.  However, it costs me two £19 subscriptions each year and I wonder if it may be cheaper to just buy new anyway?

Why does it cost you two subscriptions?  Oh, I see, one for the missus, yes?  Well, if I understand it correctly, NAV 2004 has this 'activation' procedure now (similar to XP), so it may not work on two machines anyway, unless you purchase two licences, or you know another way round it.  :whistle:

I believe NAV 2004 offers additional spyware protection, but is essentially no different to previous versions.

[Clive]

Thanks very much for that warning Simon.  I now remember reading about it myself.  Software activation is bad news isn't it?