- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
It's shaping up to be a bad week for antivirus software company Symantec after researchers raised alarms about security holes and buggy code in two of the company's products.
On Monday, Symantec acknowledged a report about a serious security flaw in Symantec Security Check, a free online service that enables users to scan their computer's vulnerability to a number of security threats.
According to a message posted in the online discussion group Full-Disclosure on Sunday, an ActiveX control installed by the Security Check service contains a buffer overflow vulnerability that could enable a remote attacker to crash or run malicious code on systems that had the control installed.
The control, named "Symantec RuFSI Utility Class" or "Symantec RuFSI Registry Information Class," is used to run the security check, but remains on systems after the scan is complete, according to a statement from Symantec.
After learning of the security hole on Monday, Symantec updated the ActiveX control in the Security Check service. Individuals that re-scanned their systems would receive the updated control.
Symantec also provided instructions on updating the control or removing it from affected systems.
However, security researchers monitoring the issue noted that simply updating the control still left users vulnerable to attack, especially if that control contains Symantec's digital signature.
Attackers who have a copy of the flawed ActiveX code with a valid digital signature could trick Microsoft Windows systems into accepting the control, opening that system to attack even if it did not already have the faulty component installed, according to a notice posted to Full-Disclosure by Jason Coombs, a software security expert in Kea'au, Hawaii.
Symantec acknowledged that the new control uses the same digital signature as the flawed one and is "looking into" that issue, according to Anson Lee, product manager for Norton Internet Security at Symantec.
In the meantime, the company is encouraging Internet users to apply so-called "best practices" when prompted to download an ActiveX control.
Best practices include scrutinizing the signature of ActiveX components before agreeing to download them, Lee said.
Users should be suspicious when third party Web sites ask you to download an ActiveX component signed by Symantec, according to Vincent Weafer, senior director of Symantec Security Response.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment