Symantec has confirmed earlier versions of its anti-virus source code have leaked, following a security breach of what the company said was the network of a "third party entity" rather than their own. The admission follow claims by an Indian hacking group that it had accessed source code used in the company's flagship Norton …
Security through obscurity...
If disclosure of source code would harm "security" of the product, then the product was clearly poorly written in the first place and is simply relying on the design flaws and bugs being hidden...
Linux and Apache are all over the place, and their source code has always been disclosed, and yet all the millions of linux boxes out there are not left wide open.
How do we know that there is no common code in the older version still being used in newer versions? And how do we also know that no code is being shared between Norton and Corp versions?
It's Norton/Symantec anyhow.. which means you're going to get infected anyhow.. Just it takes a week to get a fix from Symantec instead of a sameday updated virus signature from one of the smaller/more reliable AV apps out there.
Norton and Corp versions WORKED
Endpoint sucks and is utter crap.
Whatever Symantec touch just goes from bad to worse.
They can release the entire
lot as far as im concerned. It'll never get installed on any piece of kit i own...
Irrespective whether i've paid for it or not...
Paid for it?
Your post implies that Symntecs code is worth something?
surely not, I wouldn't part with hard earned cash for their slop.
This is the biggest failing of closed source....
This story is an example of the biggest failing of one of the claimed advantages of "closed source" vs. open source - the close source fans will say "but because our code is double-ought secret spy stuff, nobody can see any problems in it, like they can for your open source stuff." However, any closed source code of any value WILL end up being shared with some external entity (some government, some business partner, whatever), and enough people WILL have access to it that the bad guys will get ahold of it - but the good guys won't, so the bad guys will have all the advantage.
There is an example in hand
Clamav source is in the open and it didn't prevent it from detecting a threat. Worldwide mail does still work thanks to bayes/rbl and clam you know. I mean clam is a major target for every black hat.
You might however notice that ClamAV
protects proprietary boxes from harm. It's looking for windows executables and takes it out of potentially malicious emails to protect _WINDOWS_ boxes. Given the way that Linux/*NIX has evolved, the security relies on the system itself having fewer and in-exploitable vectors of attack. ClamAV is used on mail servers because it's good at sifting through emails quickly, and protecting those poor NT bastards from their own medicine.
Symantec code must be so filthy and horrible...
...that anyone disclosing it in the uk could've been prosecuted under the obscene publications act. I shudder to think what's in it. Ugh!
Maybe someone found an old backup tape in the recycle bin or decided to see if there was any life left in a hard-drive that they had been given to dismantle?
While I wouldn't discount the Chinese source disclosure threat I think finding the code on an old disk drive is at least as credible.
re: "prior to been allowing to trade"
Norton AV software...
... is about as useful as using water as sun cream.
So much for *Symantec* and their security!
Only time my credit card has ever been abused, was after I renewed my Norton subscription on-line. Ditched it straight after, and have never looked back.
Don;t see how you can blame Symantec, it was you that abused it paying for Norton.
they dont have it - lol
If they did have it. They would have already posted it all. Maybe they thought they had it and the file is corrupted. But why hang on to it????
I see STEAM - lots of STEAM - just blowing out their @#$#$^^
I bet Peter Norton rues what Symantec has done to his previously good name.
At least I hope he does.
Don't you know symantec deletes entire source tree & starts over to keep bloat away every year? ;)
Vive le code fermé, en effet!
>>Sources have told us in the past that anti-virus firms were obliged to share both source-code and virus samples prior to been allowing to trade in China. We've never been able to prove this and only mention it as an anecdote that's worth considering when thinking about the recent run of malware-powered cyber-espionage attacks, routinely blamed on China.
Not a smart hypothesis. How can the AV source code possession be helpful for attacks? An AV has a database, which has to be fed constantly with never-ending flow of newly discovered malware . AV gets outdated and useless if not updated regularly. AV is useless in the first place due to the failings of the OS it owes its very existence to.
Say, should some one get a hold of the infamous flashplayer's source code, please let us know why the heck it needs so much CPU to even download a video on pause. My guess is that a machine becomes a cell of some nice super cluster to run a NASA emulations or some protein structure heavy computations :).
Google: Symantec Sucks
...And you'll stumble across the blog of the same name where Symantec's sins are documented Chapter and Verse. The blog captures enough crystal-clear evidence that the only rational conclusion is that Symantec software, their QA processes and management skills are all perfectly horrible. There is no possible rebuttal. None.
Maybe the hackers can fix the code and stop it being a resource hogging pile of bloat!
secret sauce code
@The Register > The Lords of Dharmaraja threatened to publicly disclose the secret sauce source code of the industry's largest infosec firm.
Colonel Sanders has already contacted the Lords of Dharmaraja with a cash offer for the secret sauce code to add to his secret herbs and spices collection.
But don't worry as old source code is *never* used in newer products.
I believe them.
Honest I do.