back to article Symantec downplays source-code trophy theft

Symantec has confirmed earlier versions of its anti-virus source code have leaked, following a security breach of what the company said was the network of a "third party entity" rather than their own. The admission follow claims by an Indian hacking group that it had accessed source code used in the company's flagship Norton …

COMMENTS

This topic is closed for new posts.
  1. Joe Montana
    FAIL

    Security through obscurity...

    If disclosure of source code would harm "security" of the product, then the product was clearly poorly written in the first place and is simply relying on the design flaws and bugs being hidden...

    Linux and Apache are all over the place, and their source code has always been disclosed, and yet all the millions of linux boxes out there are not left wide open.

  2. Zippy the Pinhead
    FAIL

    How do we know that there is no common code in the older version still being used in newer versions? And how do we also know that no code is being shared between Norton and Corp versions?

    It's Norton/Symantec anyhow.. which means you're going to get infected anyhow.. Just it takes a week to get a fix from Symantec instead of a sameday updated virus signature from one of the smaller/more reliable AV apps out there.

    1. Jonathan Parkinson
      Mushroom

      Norton and Corp versions WORKED

      Endpoint sucks and is utter crap.

      Whatever Symantec touch just goes from bad to worse.

  3. Anonymous Coward
    Anonymous Coward

    They can release the entire

    lot as far as im concerned. It'll never get installed on any piece of kit i own...

    Irrespective whether i've paid for it or not...

    1. N2

      Paid for it?

      Your post implies that Symntecs code is worth something?

      surely not, I wouldn't part with hard earned cash for their slop.

  4. Anonymous Coward
    Linux

    This is the biggest failing of closed source....

    This story is an example of the biggest failing of one of the claimed advantages of "closed source" vs. open source - the close source fans will say "but because our code is double-ought secret spy stuff, nobody can see any problems in it, like they can for your open source stuff." However, any closed source code of any value WILL end up being shared with some external entity (some government, some business partner, whatever), and enough people WILL have access to it that the bad guys will get ahold of it - but the good guys won't, so the bad guys will have all the advantage.

    1. Ilgaz

      There is an example in hand

      Clamav source is in the open and it didn't prevent it from detecting a threat. Worldwide mail does still work thanks to bayes/rbl and clam you know. I mean clam is a major target for every black hat.

      1. redxine

        You might however notice that ClamAV

        protects proprietary boxes from harm. It's looking for windows executables and takes it out of potentially malicious emails to protect _WINDOWS_ boxes. Given the way that Linux/*NIX has evolved, the security relies on the system itself having fewer and in-exploitable vectors of attack. ClamAV is used on mail servers because it's good at sifting through emails quickly, and protecting those poor NT bastards from their own medicine.

  5. Anonymous Coward
    Anonymous Coward

    Symantec code must be so filthy and horrible...

    ...that anyone disclosing it in the uk could've been prosecuted under the obscene publications act. I shudder to think what's in it. Ugh!

  6. Version 1.0 Silver badge
    Happy

    Recycled code?

    Maybe someone found an old backup tape in the recycle bin or decided to see if there was any life left in a hard-drive that they had been given to dismantle?

    While I wouldn't discount the Chinese source disclosure threat I think finding the code on an old disk drive is at least as credible.

  7. Anonymous Coward
    Anonymous Coward

    re: "prior to been allowing to trade"

    Huh?

  8. Lord Lien

    Norton AV software...

    ... is about as useful as using water as sun cream.

  9. Anonymous Coward
    Anonymous Coward

    Hmm

    So much for *Symantec* and their security!

    1. Lamont Cranston

      Quite.

      Only time my credit card has ever been abused, was after I renewed my Norton subscription on-line. Ditched it straight after, and have never looked back.

      1. Anonymous Coward
        Anonymous Coward

        Don;t see how you can blame Symantec, it was you that abused it paying for Norton.

  10. R 16
    Thumb Down

    they dont have it - lol

    If they did have it. They would have already posted it all. Maybe they thought they had it and the file is corrupted. But why hang on to it????

    I see STEAM - lots of STEAM - just blowing out their @#$#$^^

  11. Big-nosed Pengie

    I bet Peter Norton rues what Symantec has done to his previously good name.

    At least I hope he does.

  12. Ilgaz

    Of course!

    Don't you know symantec deletes entire source tree & starts over to keep bloat away every year? ;)

  13. eulampios

    Vive le code fermé, en effet!

    >>Sources have told us in the past that anti-virus firms were obliged to share both source-code and virus samples prior to been allowing to trade in China. We've never been able to prove this and only mention it as an anecdote that's worth considering when thinking about the recent run of malware-powered cyber-espionage attacks, routinely blamed on China.

    Not a smart hypothesis. How can the AV source code possession be helpful for attacks? An AV has a database, which has to be fed constantly with never-ending flow of newly discovered malware . AV gets outdated and useless if not updated regularly. AV is useless in the first place due to the failings of the OS it owes its very existence to.

    Say, should some one get a hold of the infamous flashplayer's source code, please let us know why the heck it needs so much CPU to even download a video on pause. My guess is that a machine becomes a cell of some nice super cluster to run a NASA emulations or some protein structure heavy computations :).

  14. JeffyPooh
    Pint

    Google: Symantec Sucks

    ...And you'll stumble across the blog of the same name where Symantec's sins are documented Chapter and Verse. The blog captures enough crystal-clear evidence that the only rational conclusion is that Symantec software, their QA processes and management skills are all perfectly horrible. There is no possible rebuttal. None.

  15. Steve Evans

    I wonder...

    Maybe the hackers can fix the code and stop it being a resource hogging pile of bloat!

  16. beli bouton
    Facepalm

    secret sauce code

    @The Register > The Lords of Dharmaraja threatened to publicly disclose the secret sauce source code of the industry's largest infosec firm.

    Colonel Sanders has already contacted the Lords of Dharmaraja with a cash offer for the secret sauce code to add to his secret herbs and spices collection.

  17. John Smith 19 Gold badge
    FAIL

    But don't worry as old source code is *never* used in newer products.

    I believe them.

    Honest I do.

This topic is closed for new posts.

Other stories you might like