Symantec's AV vulnerability with RAR files

By Justin Mann on December 23, 2005, 7:58 PM
It seems that in the very popular AV suite Symantec Anti Virus, there exists a vulnerability in the way theis programs handle the scanning of RAR files. Since RARs are often used as containers for executables containing viruses, they are often automatically scanned on systems with these suites. The problem could result in a heap overflow that results in potential arbitrary code execution, resulting in a compromised system. A cleverly designed RAR is all it takes, and it could even happen automatically - the scan of the file itself is enough. Read more information here. It's considered more important than usual as often with the coupled e-mail protection, e-mails containing RARs are scanned automatically.

User Comments: 21

Got something to say? Post a comment
DragonMaster said:
What an anti-virus!ROFL!
philop88 said:
Major blow to a company, yes. but if you see it in a global perspective, i believe it has done nothing to prevent people from buying their software because about a majority of user are very materialistic, so quality won't matter, save those who bother researching before buying
realblackstuff said:
Hey, another reason to do some real Symantec-bashing!Don't know HOW they do it, but every generation of Symantec software (or rather bloatware) is worse than the previous one!They must have incredibly bad programmers, who are completely convinced of their own 'invincibility', that they can produce such crap!People, VOTE with your FEET, give Symantec the BOOT!
doomsweek said:
Even though I dont use their AV ( since I surf on the net with Linux and only use Windows when I want to use Adobe and Macromedia's Products, they should fix this ASAP. POOR Windows users.
Eleventeen said:
Just when I thought Symantec couldn't get any worse, it does. These people really need to get it together if they want to continue selling this stuff. Well really, I dont think it would hurt Symantec since the majority of people who buy the AV dont even know what a RAR file is. I guess they just think that when they buy the most expensive AV software they are protected from every single virus known to man, which is far from true. Still, this needs to be fixed or else, who knows what could happend to this company.
howard_hopkinso said:
[b]Originally posted by realblackstuff:[/b][quote]Hey, another reason to do some real Symantec-bashing!Don't know HOW they do it, but every generation of Symantec software (or rather bloatware) is worse than the previous one!They must have incredibly bad programmers, who are completely convinced of their own 'invincibility', that they can produce such crap!People, VOTE with your FEET, give Symantec the BOOT![/quote]I totally agree with you RBS. Symantec/Norton is the biggest load of crap, since crap was invented.I recently sent them an e-mail in disgust at what they had done to the excellent sygate firewall(see below). Of course I didn`t receive a reply lol.[quote]I would like to comment on Symantec`s decision to withdraw support for the excellent Sygate firewall.I feel this is a total disgrace, and will do nothing to enhance your already tarnished reputation.I am aware of why this is being done. I.E to try and force people to use your own terrible software, by killing off the competition.Surely it would be a better idea to adapt your software to the standards of Sygate, rather than the other way round.I am member of a public techsite, and have to continually help people who are having problems with your so called security products lol. (sorry I couldn`t stop myself from laughing just then)This consists of people getting malware infections etc, because your security products are so very poor.Slow computers due to the overwhelming influence your products(bloatware)have on system resources.Also there is a significant number of people who`s computers crash(bsod) as a result of using your software. Mainly due to conflicting drivers of which your security products have so many.Surely you must be aware of this. Just a quick search on any of the mainstream search engines, will highlite the problems concerning your products.Before you bother to tell me that you`re the number one security company. I am already aware of this, but it`s only your marketing strategy, and not your products that achieve this, unfortunately.I know nothing I say will be taken onboard by you, as I am only one individual, But I believe there are many more individuals who feel the same as I.Isn`t it time you started acting responsibly, and gave your customers a quality product, rather than the substandard crap they get now.H. Hopkinson.[/quote]Anyway enough of my ranting.Have a great christmas mate.Regards Howard[Edited by howard_hopkinso on 2005-12-24 09:44:44]
otmakus said:
I agree that Norton has produced very bad products these last few years, but their marketing is very cunning and their brand name too strong that even a major flaw like this one won't prevent ordinary people from buying their products.IMO, Norton is trying to become in computer security world what Microsoft has become in OS world. What they had done to Sygate only reminds me of what Microsoft had done to Netscape. Merry Christmas everyone, and don't give ur loved one Norton products as Christmas gifts.
PUTALE said:
i use symantec always exclusively, though I really think that they can do better job making the software. It was the best and it is till good but it's just so buggy.
mentaljedi said:
This is getting really really annoying. These companies... ever heard of Betas? Use them for crying out loud! WHat fools. btw... isn't there alredy a topic on this?
MonkeyMan said:
Well you guys should try to help symantec, by giving positive feedback on how they can improve their products. I think that they have a great chance in making a comback with their software. I just like to think of the positive side of things.
spike said:
Give them positive feedback? are you crazy? There is nothing positive to give. their home product probably have a good point/bad point ratio of about 1:25 (ok, maybe an exaggeration, but then, maybe not). SYmantec haven't got a comeback to make as far as they are concerned - they are not currently having any problems at all at taking the money off gullible or ill-informed consumers, and as long as that is the case, they couldn't care less about the quality of their product. This can be easily seen by the fact that their enterprise products (ie, the business market where crap just won't be accepted) are generally not half bad. None the less, their consumer (home products, where crap will be accepted by unknowing individuals) are atrocious, with less value for money than there are good points about the software (no really, that's hard to achieve - congrats to them.)Kudo's (or is that QDOS?) to RBS for telling it how it is, and kudo's to Howard for sending that mail to Symantec. (would you mind if I copy and paste that one and send it myself? lol)
howard_hopkinso said:
[b]Originally posted by spike:[/b][quote]Kudo's (or is that QDOS?) to RBS for telling it how it is, and kudo's to Howard for sending that mail to Symantec. (would you mind if I copy and paste that one and send it myself? lol)[/quote]No problem Spike. Don`t expect a reply though lol.Hope you have a great christmas mate.Regards Howard
otmakus said:
Symantec only cares about the money it can get, and they realize that fooling the average common computer users is by far the most efficient and profitable way than to invest on making good products.Only time will tell, sooner or later, people (starting with us) will get fed up with the crap products and start to use other cheaper, better products.
brownpaper said:
I used to run Norton AV & firewall, but it was too slow and uninstalling it was just as slow. I wonder if this vulnerability affects their enterprise version too.
spike said:
[quote] wonder if this vulnerability affects their enterprise version too[/quote]Yes it does, but only the latest (10.xx) version. Enterprise versions 9.xx and 8.xx are unaffected.
dbuske said:
Norton products have been buggy since Symantec took it over years ago. They don't seem to be able to gets the bugs out yet. And talk about taking over the system. Maybe they just try to do too much and have the programs tripping over themselves in the process.
PUTALE said:
yeah, I think norton has become like MS like few years ago. They just keep adding stuff and feature on top a already buggy software. They need to learn from MS, overhaul the old software and start from ground up and createa better software, otherwise, they might get defeated by other comapniees, who can offer a mubh better software yet less buggy.
Bartzy said:
ROFL!!! Antivirus that spreads viruses. That's just awesome. I stopped using Symantec a while ago and moved to AVG Free. needless to say it is much better and... free.
asphix said:
It doesnt spread virus, virus spread virus. It just doesnt prevent that spread under these circumstances ;)I've never had a huge problem with Nortons products. We use the corporate edition at work with a managed server. It does everything we need it to do except its a bit sensitive at times. Add to that and their online support, removal tools and database and they're tough to beat from a corporate standpoint. I havnt used their home product though so I cant comment on that.Luckily we have .zip and .rar files blocked through our firewall so that will minimize most of our risk till a patch is released. To be honest, while this issue definitely warrents some extra caution, anyone who would download and execute any random .rar file from the net is a ***** to begin with.Anti-virus or no anti-virus, if you're downloading compressed files from random unkown sources.. you know the saying "you reap what you sow".
spike said:
OK, first, you are correct in saying it doesn't spread viruses - although at the risk of giving someone an idea, this flaw could be used in that way, making the av complicit in infecting the computer it resides on, and then being powerless to stopp the virus being transmitted on.Secondly, Symantec corporate products are genereally ok. Home products are terrible.Finally, the nature of this vulnerability is that you don't have to download the file to become infected. You sdon't even have to open the email. If someone sends you the email, your email program picks it up from your maill server, and symantec scans it before placing it in your mailbox, THAT's enough to get you in trouble. That's why this one is so serious.
recongunny said:
I recently installed a Belkin router and was informed there was an upgrade that needed to be installed. When I called up the site, the download was of a type that XP didn't recognize. It turned out it was an RAR extension and, when I went to the site that can read those extensions, downloaded their software and ran the usgrade, it locked up my computer. I deleted all the associated software and am currently running my WiFi without the "urgent" upgrade with no apparent problems. By the way, I still don't know WTF the RAR extension is for.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.