Symantec Confirmed The Flaw in Norton Security Applications

symantec

Symantec confirmed the flaws in most popular consumer security software that could give attackers the means to hijack the Windows PCs that the programs are supposed to protect.

The vulnerabilities are in an ActiveX control that ships with several products, including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360.

Ironically, Symantec analysts have both cited the popularity of ActiveX bugs and urged caution when using the controls in comments about other companies’ product flaws.

According to alerts released Wednesday by VeriSign Inc.’s iDefense, the ActiveX control “SymAData.dll” sports two vulnerabilities that could be used “to execute arbitrary code with the privileges of the currently logged in user” by attackers able to entice victims to malicious Web sites.

Symantec confirmed the vulnerabilities Wednesday in its own advisory, and said the buggy control has shipped with Windows versions of Norton AntiVirus 2006-2008, Norton Internet Security 2006-2008, Norton SystemWorks 2006-2008 and Norton 360 version 1.0.

While it acknowledged the bugs, Symantec also downplayed the threat, saying that attacks would only succeed from specially crafted sites. “To successfully exploit either vulnerability, an attacker would need to be able to masquerade as the trusted Symantec Web site, such as through a cross-site scripting attack or DNS poisoning,” read the company’s advisory .

Symantec has updated the affected consumer security software with new detection definitions designed to block any exploit of the ActiveX flaws, but will not automatically patch everyone’s copy of the flawed control.

“An updated (non-vulnerable) version of the AutoFix tool will be automatically installed if customers participate in an online Chat session with Symantec Technical Support,” Symantec said. Alternately, users can manually download and install a patched AutoFix from its Web site.

source:read

Symantec’s Online Living Report: Scary Stats For Parents

symantec

Symantec’s first ever ‘Norton Online Living Report’ (NOLR), taking into account Internet users across the globe, is a comprehensive report on the digital lifestyle habits of adults and children.

The survey was conducted online by third-party research firm Harris Interactive and returned a total of 4,687 adult and 2,717 child responses. All respondents spend at least one hour per month online and were surveyed in their native language across eight countries (U.S., U.K., Australia, Germany, France, Brazil, China and Japan).

Symantec says their NOLR report is the “first multi-region survey-based document to catalogue the migration of offline activities to the online world”.

The report finds that, more than ever, users around the world are turning online for their primary source of personal interaction and emotional connection – including dating, friendship and playing – as well as for information and communication.

For example, an unprecedented number of adult Internet users worldwide have made friends online (54% of Australians) and that many of them (52%) enjoy those relationships more than their offline friendships. This indicates a major shift in how people relate to one other and provides potential clues for the future of human interaction.

Of course Symantec didn’t just create the report for fun, they say that the report was created to “better comprehend how consumers interact with technology on a daily basis in order to understand the mindset of consumers worldwide”, with the detailed data within to be used by Symantec to “hone its products, deliver targeted and streamlined services and to anticipate online threats and trends”.

Another common theme represented through most of the data worldwide reveals that parents perception of what their children are doing online does not reflect the reality of what their children say they are doing. Read more in Itwire.

 

source:ITwire