High Alert: Security Flaws Found in Symantec Software

It pays to listen to computer security alerts — especially when one involves Symantec, a leading maker of software designed to keep your computer safe from viruses and hackers. And this one’s so serious that Symantec’s scrambling to make repairs.

An alert from Cupertino, Calif.-based Symantec described the flaws as “high risk” and warned that a successful exploit could wipe out a user’s computer. Attackers could also execute remote code on the targeted system that could potentially render your computer useless.

The vulnerabilities, first discovered by researchers at eEye Digital
Security, affect both enterprise and consumer Norton users. Affected products include the Symantec Client Firewall 5.01 and 5.1.1; the Symantec Client
Security 1.0, 1.1, 2.0 (SCF 7.1); the Norton Internet Security and Professional
2002, 2003, 2004; Norton Personal Firewall 2002, 2003, 2004; and the Norton
AntiSpam 2004.

Independent research firm Secunia rates the flaws as “extremely critical” because they could lead to a destructive worm attack. Secunia CTO Thomas Kristensen says the vulnerabilities could lead to an attack similar to the Slammer worm that exploited Microsoft SQL servers last year.

“It is important that people patch and upgrade their Symantec Firewall
Products today as there is no other effective solution against this,” Kristensen says.

For Symantec, the discovery of such a serious bug in products designed to provide PC security could be disastrous. The company has used the popularity — and success — of the Norton anti-virus brand to gain traction in the enterprise market with VPN and firewall management applications.

To its credit, Symantec wasted no time in confirming the existence of the holes and rushing out fixes. Patches have been released through Symantec LiveUpdate and technical support channels.

According to the company, clients running consumer versions of the affected products who regularly run a manual Symantec LiveUpdate should be automatically protected against this issue. “However, customers should manually run Symantec LiveUpdate to make certain that all available updates have been installed.

Adapted from internetnews.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.