What’s for lunch?

Serving up…

Symantec:

Symantec Corp. has fessed up to using a rootkit-type feature in Norton SystemWorks that could provide the perfect hiding place for attackers to place malicious files on computers.

The anti-virus vendor acknowledged that it was deliberately hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk.

Although I used to use Symantec security software quite extensively, I’ve disliked Symantec security programs for several years now. Part of that is due to the fact that almost ALL of the systems I get calls on to resurrect from malware attacks are “protected” by Norton/Symantec security products. YMMV.

Update your AV products. Oh, and if you use the Microsoft Anti-spyware “beta” do note that you need to jump through the validation hoops again for another six months’ license.

*sigh* I didn’t want to give you this for Christmas…

…although those of y’all depending on Symantec security products (e.g. Norton Anti-Virus) might view this as my Christmas present to you. So, Merry Christmas, all tied up with a bow and all:

Using NAV? JUST STOP IT. Quick, download a different AV product! Grisoft’s free AVG Anti-Virus will do. Why?

“Symantec Confirms AV Library Flaw, Promises Patches”

Anti-virus vendor Symantec Corp. has publicly acknowledged that a high-risk buffer overflow vulnerability in its AntiVirus Library could lead to code execution attacks when RAR archive files are scanned.

A proof-of-concept example of Symantec’s products’ inability to catch bad code that can execute from within an RAR file is all that’s been shown, so far. But that’s enough. Just ONE example like that would be enough for me to switch (and it was, several years ago), and anyone using NAV ought to at least temporarily disable it, download another AV product and install it until Symantec can restore some semblance of confidence in its product.

You have been warned, If the Grinch steals your Christmas cos you didn’t heed the warning, at least I know I tried.

(Yes, I know that SO FAR no examples exploiting the Symantec virus scan flaw/vulnerability have been found in the wild. So? You wanna be the one to find one? 🙂

Red Lights Flashing at Is it Just Me?, NIF, TMH’s Bacon Bits, and Jo’s Cafe.

PSA—WARNING! Danger Will Robinson!

In case you have not already recieved this warning:

“News: Santa IM Worm Installs Rootkit Payload

A Christmas-themed worm attack is on the loose, affecting
instant messaging networks from AOL, MSN, Windows Messenger,
ICQ and Yahoo.”

See the eWeek article here.

You have been warned. Don’t come crying to me if you get “hit” (unless you wanna pay me for the fix. heh :-).

I’ll tell the world at Basil’s Blog and Diane’s Stuff’s Wednesday Weekly Open Trackback Alliance Fest.