You are here: silicon.com > Software > Security Strategy

Security Strategy

Symantec issues patches for four new security holes

Third time unlucky...

By Munir Kotadia

Published: 14 May 2004 10:25 GMT

Symantec has issued patches for most of its firewall and antivirus products in order to fix four serious security holes.

For the third time this year, internet security firm Symantec has had to release patches to plug critical security flaws in many of its popular antivirus and firewall packages.

Security firm eEye on Wednesday published details of four security holes that affect a range of Symantec's client-based applications including Norton Internet Security, Norton AntiVirus and Norton AntiSpam. Symantec has published a security response on its website.

Guido Sanchidrián, Symantec's EMEA product manager for antivirus, content filtering and security response, said the company has spent the past month developing fixes for the vulnerabilities and has now made the patches available to its customers.

"Anyone who regularly runs Symantec LiveUpdate should already be protected. However, to be sure, customers should manually run Symantec LiveUpdate," Sanchidrián said.

Philippe Alcoy, senior security consultant at eEye, said the people most at risk are those not protected by a perimeter firewall. This might include people in smaller businesses, home users and corporate laptop users not using their VPN.

"Most corporate environments have perimeter firewalls so users behind that are only vulnerable to an internal attack, but users taking laptops home are at risk," Alcoy said.

Of the four flaws, three could allow a hacker to take control of an affected system, while one could be used to force a computer into an infinite loop by simply sending it a specially crafted packet of data.

"That's a big problem if the machine is a mission-critical server," said Alcoy.

The flaws were first reported to Symantec on 19 April, which means the company has taken just under a month to develop a patch. According to eEye, this is a "reasonable" amount of time to address the vulnerabilities.

In January, Symantec plugged a gap in its LiveUpdate feature that could have allowed hackers to gain administrator rights on an affected PC. Just two months later, the company admitted its Internet Security package contained a back door that could be used by hackers to take control of the machine.

The flaws affect the following packages: Norton Internet Security and Norton Internet Security Professional 2002, 2003 and 2004; Norton Personal Firewall 2002, 2003 and 2004; Symantec Client Firewall 5.01, 5.1.1; Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1) and Norton AntiSpam 2004.

Symantec's Sanchidrián said the company does not believe any of its customers have been affected by the flaws at this time.

Munir Kotadia writes for ZDNet uk

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead

Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy


  • Jobs
Symantec Security Consultant, Symantec Endpoint, SEE, Cisco, London

Security Engineer / Network Security Consultant will be focused (but not exclusively) on Symantec Endpoint Technologies like encryption, antivirus, ...

Security Engineer - London

Responsibilities will include identifying, defining, designing, testing, analysing, documenting and improving security for client systems by ...

Senior IT Support Engineer - 3rd Line

CCNA, CCNP Experience must include Design and implementation of windows networks with strong skills in MS Server 2003, 2008 In-depth Windows server ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: