 |
News: Security in Small Business
Symantec's Turn at Emergency Patching : News : Security in Small Business : Chicago's and Illinois' Small Business Computer Consultants : Responsive Network Services LLCSymantec's Turn at Emergency Patching
| Antivirus needs protective patch
| by Keith R. Wheeler
| 2/8/2006
|
Microsoft has taken its lumps over security flaws requiring emergency patches. Apple and Cisco have seen their share of issues as well. Now, security software vendor Symantec has admitted that they have a patch on the way.
An independent security researcher, Alex Wheeler (no relation), has demonstrated a problem with Symantec’s AntiVirus Library product scanning RAR files. The method of the attack could come from a strategy similar to those used in many Microsoft issues, buffer overflow. In this case, it’s a heap overflow. It works this way. The antivirus software scans the file, but it has problems handling the code and the malicious file inserts executable code into the system’s active memory. When an email comes through to be scanned, the user doesn’t even have to open the attachment – the antivirus software is set to automatically scan it. That’s why Symantec is scrambling to create the patch and get it distributed.
Just because Symantec had a flaw discovered doesn’t minimize the importance of their antivirus products. Symantec’s antivirus has saved countless users from virus and worm disasters. Once the patch is available, their LiveUpdate will patch current users from this potential problem. |
|
 |
