Sign in / up

back to article Symantec antivirus bug allows utter exploitation of memory

British white hat hacker and Google Project Zero chap Tavis Ormandy is making life miserable for Symantec again: the bug-hunter has turned up an exploitable overflow in “the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products”. Described here, the problem is in how the antivirus products …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Stevie

    Bah!

    Blast! My Gibson is haxxored again!

    2 0 Reply
    1. Tom Chiverton 1
      Reply Icon

      Re: Bah!

      Hack the planet !

      2 0 Reply
  2. Andrew Jones 2

    Well that seems like a bit of an unfortunate cock up doesn't it.... so this is akin to decontaminating someone who may or may not be carrying anything that requires decontamination - but doing so on the wrong side of the decontamination room door?

    0 0 Reply
  3. JeffyPoooh
    Pint

    Friends assist friends to remove all Symantec crapware

    Life gets noticeably better post-Symantec.

    16 0 Reply
  4. el_oscuro
    WTF?

    Antivirus

    Please see: http://www.theregister.co.uk/2016/01/11/trend_micro_antivirus/

    0 0 Reply
  5. Infernoz Bronze badge
    FAIL

    Symantec is Toxic Waste

    I'd never ever run Symantec or McAfee anything on my own hardware, because they are bloated and stagnant junkware, from personal experience with their enterprise products. Security needs to be in depth, not bloated and brittle layers. McAfee is also crap because it only supports obsolete fat32 for virtual disk encryption on Windows and can't even do file encryption properly to ensure that virtual disk and backup software is usable.

    Security software must implement the highest defensive programming standards, including against value range or buffer overflow exploits.

    Running anything risky with the highest security permissions is a complete security fail and insanely negligent 'design', /all/ security testing must be in a lower permissions sandbox, and only when really necessary so as not to cripple performance.

    4 0 Reply
  6. Destroy All Monsters Silver badge
    Headmaster

    A-HAH!

    So, a product that is clearly not fit for purpose and ... what's that? a Buffy Overflow in 2016? ... not being developed according to current best practices and state of the industry?

    What's the number of the Tort Lawyers....

    2 0 Reply
  7. Tchou
    Black Helicopters

    Filter driver to intercept I/O?

    Kernel space process?

    Sounds like the main purpose of this software is spying upon users for intelligence (economic, defense, depend where it is run)

    3 4 Reply
    1. theblackhand
      Reply Icon

      Re: main purpose of Symantec

      The main purpose is extracting money from end users.

      There might be an accidental side effect of providing some security primarily by making your computer so slow that you stop using it.

      The chances of Symantec being used by intelligence agencies to gather information when the software turns your machine into an unusable piece of crap which severely limits intelligence gathering.

      5 0 Reply
    2. patrickstar
      Reply Icon

      Back in the XP days (before Patchguard), Symantec/Norton antivirus hooked some of the same shadow SSDT entries (syscalls) as you'd expect a keylogger to do. I actually showed the hooks to a guy at MS security and he was totally convinced the computer had a keylogger...

      Really makes you wonder.

      1 0 Reply
      1. King Jack
        Reply Icon

        " I actually showed the hooks to a guy at MS security and he was totally convinced the computer had a keylogger..." So you are the one who gave Window 10 that idea!

        3 0 Reply
  8. Anonymous Coward
    Unhappy

    ....is making life miserable for Symantec again

    ...well they now know how we feel.

    4 0 Reply
    1. Tom 64
      Reply Icon
      IT Angle

      Re: ....is making life miserable for Symantec again

      Well, lets just hope this does enough rep damage to make them irrelevant.

      You get what you deserve when you're a fear-mongering shit-peddaling charlatan.

      1 0 Reply
  9. hotdamn

    I always thought Norton was a virus itself.

    3 0 Reply
  10. Anonymous Coward
    Anonymous Coward

    Norton antivirus hasn't been any good since Peter Norton sold it to Symantec.

    5 0 Reply
  11. Cuddles

    "about as bad as it can possibly get"

    Isn't that Symantec's company motto?

    5 0 Reply
  12. Anonymous Coward
    Anonymous Coward

    Fools let Fools run Symantec products

    I wonder if some of their other products, which use similar AV engine technology are also affected?

    1 0 Reply
  13. Robert Helpmann??
    Coffee/keyboard

    Hey! No editorializing!

    I got to the description of how the exploit plays out in the Windows world and... thanks for that! Now I have to share the article with everyone in the office by way of explanation.

    0 0 Reply
  14. Anonymous Coward
    Anonymous Coward

    Don't miss the advisory

    RUH ROH ADVISORY

    And also:

    Comment 7 by kobrasre...@gmail.com, Today (2 hours ago)

    > a remote ring0 memory corruption vulnerability

    ...with no user interaction!

    After reading this, I'm conflicted:

    When the Pwnie Awards come around, should I nominate this bug for "Pwnie for Epic Ownage" or nominate Tavis for "Pwnie for Lifetime Achievement"?

    Because, just... damn.

    Anti-virus software should be considered harmful.

    1 0 Reply
  15. Anonymous Coward
    Anonymous Coward

    Who in his right mind

    would run Symantec on Unix/Linux ? I wouldn't trust that guy with anything IT related. He should still be allowed to water plastic plants decorating the office.

    1 0 Reply
  16. Mpeler
    Holmes

    Good pic

    Lead pic would do well on the LinkedIn article...

    0 0 Reply

  17. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like