For some time now, I have recommended users to steer clear of Symantec products, namely Norton.
I remind clients that though no antivirus or internet security program is completely infallible, I have encountered literately dozens of computers which were riddled with infections whilst a fully updated, paid version of Norton sat there with a great big green check mark reassuring the user that everything is just peachy!
Well, recently my claims have been further justified when security researcher Tavis Ormandy of Google's Project Zero Security discovered major security flaws within several internet security programs including Symantec Norton and Symantec Endpoint Security - the security solution most major industries use such as United Bank of Switzerland, Walmart and the Home Depot.
Project Zero security researcher Tavis Ormandy said:
"These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible.
In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption."
No user interaction is required to exploit this issue as just "emailing a file to a victim or sending them a link to an exploit is enough to trigger it," according to Ormandy. Ormandy also reports that "A quick look at the decomposer library shipped by Symantec showed that they were using code derived from open source libraries like libmspack and unrarsrc, but hadn't updated them in at least seven years."
The problems mentioned in the article (as well as others referencing the discoveries) are not isolated to Symantec products. While I was working at Staples back when I was still learning the trade, I remember management pushing us Electronics Associates to sell versions of Panda Antivirus - one of the many reasons I quit as I knew Panda was absolute trash. In March of this year, both the free and enterprise versions of Panda Antivirus would report files from the System32 folder as malware, leaving computers inoperable after reboot.This would often result in systems loosing the networking functions (among other things) so Panda, in its infinite wisdom, released an update to fix the problem to be deployed....over the network. Yeah.
Several issues with the popular Comodo Antivirus program were discovered this year, which included the bundling of the program "GeekBuddy". This program installs and starts a poorly protected VNC server. This disclosure is actually the "fixed" version of this program, as disclosures made in 2015 noted that the VNC server had no password at all.
Trend Micro, another popular antivirus program, bundled a password manager which would launch a local web server that listens for API commands from the internet, without a whitelist or same origin policy—effectively allowing remote code execution. In a message to Trend Micro, Ormandy stated that "Anyone on the internet can steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction. I really hope the gravity of this is clear to you, because I'm astonished about this."
Several other programs have been found to have similarly major vulnerabilities. If you are interested, you can check out the full article HERE. My point with all of this information is that, as with most technical decisions, it is critical to have someone by your side with the knowledge and skill to both help to prevent these things from happening to you and to take action when things go awry.
Check out my reviews HERE and please do not hesitate to contact MooreITHelp.com at Help@MooreITHelp.com.
