Another nail in the coffin for Norton Suckurity.
Scores (or thousands, or millions) of enterprise and home Symantec users are open to remote compromise through multiple now-patched (where possible) wormable remote code execution holes described by Google as 'as bad as it gets'. The flaws are "100 percent" reliable against Symantec's Norton Antivirus and Endpoint according to …
Wednesday 29th June 2016 08:06 GMT Pascal Monett
Symantec has officially hit the bottom
For years, Symantec's reputation has been going down. Norton has ballooned ever more with bloat, impossible features and what clearly seems to be inefficient/bad coding.
Now just having Norton installed means you are at risk of being pwned without being able to do anything about it, and practically through no fault of your own.
You had a waterproof submarine, but Symantec installed a screen door in the back.
Well, this news won't do anything to Symantec's reputation for me, it was already rock bottom. I'm just wondering if they'll start digging now.
Wednesday 29th June 2016 08:37 GMT s. pam
Serves them right
Karma's a bitch Symantec and fucking over thousands of employees comes back to bite! Wouldn't be at all surprised that the brainpower that could have averted this got ejected like human hubris at some point in the last several rounds of layoffs.
I wonder if their Data Center Security and ATP products are affected as well as they use the same engines?
Wednesday 29th June 2016 09:21 GMT leexgx
this bit was interesting
"Some of those platforms cannot be upgraded. The many users of pirate copies of Symantec's products would also likely be affected since many cracked applications block update mechanisms."
never looked at cracking it my self (i get it cheap enough any way)
i use norton on normal systems that is paid for + other protection
Wednesday 29th June 2016 10:19 GMT Anonymous Coward
Symantec cripples machine more than a virus
Mandatory at work (hence AC)
It degrades performance of my machine far more than a virus / trojan would (as nobody would write a trojan that was such an obvious glutton of cpu, disk I/O as Norton / Symantec as you want a nasty (bar ransomware) to slip under the radar not grab attention).
Wednesday 29th June 2016 12:36 GMT Anonymous Coward
Wednesday 29th June 2016 14:01 GMT Walter Bishop
Intel protected mode architecture
Anonymous Coward: "It looks you don't know the Intel protected mode architecture. The issue actually is any OS I know running on Intel - Linux included - doesn't use the protections offered fully." link
Protection that relies on zero bugs in application software is no protection at all. None of these exploits would be possible if Intel could design a reliable MMU.
"The Intel ® 64 architecture processors may contain design defects or errors known as errata. Current characterized errata are available on request."
Thursday 30th June 2016 00:16 GMT RudderLessIT
So, is this still a thing?
I followed the link to Google and the article includes some pretty damning comments, like "they were using code derived from open source libraries like libmspack and unrarsrc, but hadn’t updated them in at least 7 years"
But at the very end, there is a line "Thanks to Symantec Security Team for their help resolving these bugs quickly"!
So, besides a general dislike for Norton, should we still consider their products to be vulnerable?