Google's Project Zero team finds multiple critical flaws affecting Symantec's entire product line

Shawn Knight

Posts: 12,199   +120
Staff member

Google’s Project Zero team set out in 2014 to help make the Internet a safer place by searching for vulnerabilities in third-party software that could be used to conduct a cyber attack. The division recently struck gold, if you will, as it discovered multiple critical vulnerabilities affecting Symantec’s entire product line.

Security researcher Tavis Ormandy outlined the issues in a recent post on the Project Zero blog, describing the vulnerabilities as being as bad as it gets. That’s because they don’t require any user interaction, affect the default configuration and the software runs at the highest privilege levels possible.

In certain scenarios on Windows, vulnerable code is even loaded into the kernel which Ormandy said results in remote kernel memory corruption.

Ormandy notes that since Symantec uses the same core engine across its entire line, all Symantec and Norton branded antivirus products are affected including:

  • Norton Security, Norton 360, and other legacy Norton products (All Platforms)
  • Symantec Endpoint Protection (All Versions, All Platforms)
  • Symantec Email Security (All Platforms)
  • Symantec Protection Engine (All Platforms)
  • Symantec Protection for SharePoint Servers
  • And so on.

The researcher described a few of the many vulnerabilities they found. He took Symantec to task for its poor vulnerability management, noting that a quick look at the decomposer library showed they were using code derived from open source libraries that hadn’t been updated in at least seven years.

Ormandy did praise Symantec for its help in resolving the bugs so quickly. Google gives companies 90 days from the time of private disclosure before going public with vulnerabilities it finds.

That said, if you’re running any Symantec or Norton product, you’ll want to update it ASAP.

Image courtesy Tony Avelar, Getty Images

Permalink to story.

 

DJMIKE25

Posts: 183   +72
If you are running Symantec garbage, you are a born sucker to begin with.
While I agree that the Norton product line is full of terrible performance hogging software, we use Symantec Cloud and Endpoint protection at many of our clients offices. It has been a great product thus far, though we have been switching everyone over recently to Kaspersky Endpoint, because it is a far superior product.
 

Skidmarksdeluxe

Posts: 8,645   +3,281
"That said, if you're running any Symantec or Norton product, you’ll want to update it ASAP.
**FIXED**
That said, if you're running any Symantec or Norton product... Why the hell are you! Do you like torturing yourself and wasting money?
 

mbrowne5061

Posts: 1,461   +805
If you are running Symantec garbage, you are a born sucker to begin with.
While I agree that the Norton product line is full of terrible performance hogging software, we use Symantec Cloud and Endpoint protection at many of our clients offices. It has been a great product thus far, though we have been switching everyone over recently to Kaspersky Endpoint, because it is a far superior product.
Symantec is pretty solid for corporate customers, but switching to something like Kaspersky wouldn't be an option for Defense contractors (Russian software). I'm sure more than a few U.S. defense companies are panicking right now.
 
  • Like
Reactions: DJMIKE25

DJMIKE25

Posts: 183   +72
Symantec is pretty solid for corporate customers, but switching to something like Kaspersky wouldn't be an option for Defense contractors (Russian software). I'm sure more than a few U.S. defense companies are panicking right now.
True, I'm sure it is a bit worrisome. Despite that it is a solid product. The management tools are superior to Symantec Endpoint Manager and cloud by a longshot.
 

mbrowne5061

Posts: 1,461   +805
True, I'm sure it is a bit worrisome. Despite that it is a solid product. The management tools are superior to Symantec Endpoint Manager and cloud by a longshot.
Oh, yeah. Agreed 100%. But there is now a fairly valuable segment of the market that desperately needs a new solution quickly. It will be interesting to see if Symantec can get their act together in time, or if a new player will sweep in and steal the customers.
 
  • Like
Reactions: DJMIKE25

DJMIKE25

Posts: 183   +72
Oh, yeah. Agreed 100%. But there is now a fairly valuable segment of the market that desperately needs a new solution quickly. It will be interesting to see if Symantec can get their act together in time, or if a new player will sweep in and steal the customers.
We can only hope.