BossHelp Technical Consultants recommend customers stay away from Symantec ( Norton Antivirus for example ) products after the this incredible list of major flaws are found in their products

Bosshelp Technical Consultants recommend you immediately patch your software   I would recommend that you remove Symantec and replace it with better choice but the Symantec software is written so poorly that the uninstall routines typically don't work and the product must be forcibly removed.  But that process can break windows Details at the bottom of this page

Feb 2007
 

Brand New HP laptop has Norton Internet Security 2006 preinstalled, Bosshelp customer is trying to setup Outlook express to receive email.  Outlook express errors out unable to contact SBCGlobal servers.  In trying to open Norton it hangs.  Never opens and there is no Norton icon on the task bar.  After removing Norton and replacing it with AVG antivirus the Outlook express errors went away.  My assumption is that Norton was not completely installed so it wasn't protecting the PC completely, YET it was preventing the use of Outlook Express for email and was not generating any errors or prompts.  The PC appears to function much faster after removal as well.  Unfortunately this is typical of the recent Norton Products.    

 

May 27 2006

http://news.com.com/Flaw+found+in+Symantec+business+antivirus+software/2100-1002_3-6077616.html?tag=nefd.top

"Versions of Symantec's antivirus business security software contain a flaw that could put millions of computers at risk of a crippling worm attack, Internet experts warned on Friday.

Researchers at eEye Digital Security discovered the vulnerability, which they said could allow an attacker to create a worm able to take over a user's computer and destroy critical programs and files.

They rated the threat as "high" because a hacker could exploit the flaw to get on a machine and edit, remove and delete programs and files without a user doing anything such as clicking on a link, eEye spokesman Mike Puterbaugh said.

"This could potentially result in an Internet worm," he said. "It is a flaw that can be triggered from another location and provides the attacker with system-level access." "

Update:http://news.com.com/Symantec+patches+antivirus+worm+hole/2100-1002_3-6078160.html?tag=nl


December 21 2005

From http://news.com.com/High+risk+in+Symantec+antivirus+software+flaw/2100-1002_3-6004097.html?tag=nefd.top

Symantec's antivirus software contains a vulnerability that could be exploited by a malicious hacker to take control of a system, the company said late Tuesday.

According to Symantec, the bug, which affects a range of the company's security products, is a "high" risk. Denmark security company Secunia has labeled it "highly critical."

According to an advisory issued by Secunia, the bug affects most of Symantec's products, including enterprise and home user versions of Symantec AntiVirus, Symantec Norton AntiVirus and Symantec Norton Internet Security, across the Windows and Macintosh platforms.

September 1 2005

From http://news.com.com/Symantec+probes+report+of+antivirus+product+flaw/2100-1002_3-5845873.html

Symantec is investigating a report of a weakness in the way its corporate antivirus software stores login credentials, the security vendor said on Wednesday.

Symantec's AntiVirus Corporate Edition 9.0 saves usernames and passwords in plain text in a log file when connecting to an internal LiveUpdate server for updates, according to a post on the Bugtraq mailing list. The credentials are stored in a fixed location on the computer that's accessible by any user, according to the bug report.

Symantec's Incident Response team has been notified of the suspected issue, a Symantec representative said on Thursday. "Symantec's product teams are evaluating the issue now and, if necessary, will provide a prompt response and solution," the representative said.

August 15 2005

From http://news.com.com/Another+flaw+hits+Veritas+backup+tools/2100-7349_3-5833857.html

( Symantec owns Veritas )

A security vulnerability in Veritas backup products could put corporate networks at risk of cyberattack.

By exploiting the flaw, an attacker could get remote access and download arbitrary files, the software maker said in an advisory released on Friday. Symantec last month closed its acquisition of Veritas.

The flaw is due to a design error, the French Security Incident Response Team said in an alert. A component of the software can be accessed via a static password, according to FrSIRT, which rates the issue as "critical." An exploit for the flaw is available on the Internet, and that could aid attackers.

June 30th 2005

From http://news.com.com/Attackers+target+Veritas+security+hole/2100-7349_3-5770428.html

( Symantec owns Veritas )

A security flaw in a Veritas Software backup tool is being exploited to attack corporate systems, the U.S. watchdog for Internet threats has warned.

Malicious code to exploit a vulnerability in Veritas Software's Backup Exec Remote Agent for Windows is publicly available, the U.S. Computer Emergency Readiness Team said in an alert Thursday. The organization has received reports of attacks and has seen an increase in scanning activity on TCP Port 10000, an indication that hackers are looking for vulnerable systems.

The buffer overflow flaw in the Veritas software could allow an intruder to gain control of a vulnerable system. The tool is used to trigger backup of data on Microsoft Windows servers, to protect the data from computer crashes, storage system catastrophes and other risks. It listens for commands addressed to TCP Port 10000 and accepts links to the backup server before the backup. However, it fails to properly validate incoming packets, Veritas said in an advisory last week.

March 30 2005

From http://news.com.com/Symantec+details+flaws+in+its+antivirus+software/2100-1002_3-5646871.html

Symantec has reported glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications.

In a notice posted on its Web site this week, Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works. The flaws, which could lead to computers crashing or slowing severely if attacked, are limited to versions of the software released for 2004 and 2005.

The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the problem in the AutoProtect feature of the Norton AntiVirus consumer product, Symantec said. AutoProtect is used to scan files for viruses, Trojan attacks and worms.

The flaw essentially causes Symantec's software to crash when it is asked to inspect a file specifically designed to exploit the flaw. The file could be submitted either remotely from outside a system or internally by someone with physical access to a computer, Symantec said.

 

Feb 10 2005

From http://www.zdnet.com.au/news/security/0,2000061744,39180674,00.htm

Symantec has issued a patch for a flaw in its scanning software that could cause a virus to run, rather than catch it.

The vulnerability affects an antivirus library used by the majority of Symantec's antivirus and antispam products, including Norton SystemWorks 2004 and Symantec Mail Security for Exchange, the security provider said on Tuesday.

The software is aimed at a range of systems, from consumer desktops to large corporate mail servers, meaning the flaw could be used to take control of key corporate systems or to install programs to grab people's identity data.

 

Jan 13 2004

http://news.com.com/Symantec+slams+the+door+on+LiveUpdate+flaw/2100-1029_3-5140165.html

Security company Symantec, developer of the popular Norton AntiVirus software, fixed a problem in its LiveUpdate feature last week--a vulnerability that could allow malicious users to gain unauthorized administrator access rights to an affected PC.

LiveUpdate is a feature used by Symantec's customers to keep their virus signatures and security applications up to date. It can be set to automatically connect to the Internet and check Symantec's servers for a newer version. If one is found, the software can either prompt the user to download and install the update or automatically do these--the recommended setting.

According to Symantec, the problem only affects Microsoft Windows versions of its software and is rather obscure, requiring "a number of conditions" to be in place before it can be exploited. If an application has been set up in multiuser mode, with privileged and nonprivileged access rights, it is possible for a nonprivileged user to access and manipulate the Automatic LiveUpdate interface in order to gain privileged access to the host computer.

After Reading all these you might want to remove Symantec products well, be CAREFUL

From http://basconotw.mvps.org/SymRem.htm

It has been reported by many that when uninstalling Symantec applications the WinXP bits service can become corrupt which then has to be repaired/reinstalled. Please take the time to check out these links on the issue before contining with any Symantec application removal/uninstall:
http://www.botmanfamily.net/~aurelien/articles/BITS_reinstall.html

http://castlecops.com/t106642-How_To_Fix_Windows_Update_BITS_Newly_Edited.html


http://www.faqshop.com/forums/viewtopic.php?t=706&sid=f7f4e0d2c8ad2b1d5c99c907710a9ef4

Here is a list of tech articles direct from Symantec describing how to forcibly remove the product after the uninstall fails

http://service1.symantec.com/SUPPORT/ent-security.nsf/ppfdocs/2004040815371048

This article lists manual uninstall for 30 or more of their products - Which makes me wonder do ANY of the uninstalls work correctly ? Or is it intentional On the part of Symantec to keep you from removing the product ?

http://service1.symantec.com/SUPPORT/ent-security.nsf/529c2f9adcf33a1088256e22005026f1/a4d3327506ae7c5f88256b81007b7487?OpenDocument&src=bar_sch_nam

They have developed special removal tools that are designed to help you remove the products .. How about spending some time writing software that doesn't have all these flaws and actually has a working uninstall routine ?

 

Bosshelp.com Home