Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Symantec Fixes Critical Security Flaw

By Ed Oswald, BetaNews

May 31, 2006, 2:56 PM

UPDATED Symantec over the Memorial Day weekend began distributing a patch for a flaw that affected its Symantec AntiVirus and Client Security products. Highlighting the potentially serious consequences of the vulnerability, the patch came just days after eEye Digital Security warned of the issue.

The patch is now available for automatic download through Symantec's updating mechanisms, and may have come before any attackers had a chance to exploit the flaw. So far, Symantec claims it has not received any reports of malicious use of the vulnerability.

If left unpatched, the right attack could have affected millions. However, Symantec said it had engineers working 24 hours a day to provide a fix.

Complete details of the vulnerability are still being withheld until a patch is available for every language version of the Symantec AntiVirus program. Symantec says that it may be ready to discuss the issue as early as this week.

Representatives for eEye praised Symantec for the quick turnaround. Typically, fixes for flaws may take as long as several months to appear, the firm said, leaving users vulnerable to attacks.

Add a Comment (4 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By bigmikelee

edited May 31, 2006 - 6:58 PM

rijp-

Is this site related to Symantec in any way?
If no, then why would any "propoganda" to make Symantec look popular (I dont see how this makes Symantec look anything but inept) be blamed on anyone but the non-biased author of this article?

Furthermore, the patch that was released was to fix the vulnerability in their programming, not a open door for some new virus. The same could be said for any other non-virus-releated software that has some piece of code in it that can be exploited.

You should have clicked the link "eEye Digital Security warned of the issue" before taking all that time to describe averages (which you said you wouldn't do, then described them anyway, and wrongly, I might add - see: mode) because in that page it actually says that SAV is installed on more than 200 million computers. Whether this is 'propoganda' or 'inflated averages' it doesnt really matter.

Why doesn't it matter? Because the whole preface of your post is that Symantec is trying to gather attention by saying they have a HUGE problem (what?!?!?!) when in all actuality, eEye praised Symantec for their quick response and initiation of automatic installed patches.

/rant

Score: 0

By xyzcb1

posted May 31, 2006 - 3:20 PM

"If left unpatched, the right attack could have affected as many as 200 million computers"

Is this mean Symantec claims their AV is install on 200 million computers? Isn't it a over estimate? Or just false advertisement?

Score: 0

By rijp

edited May 31, 2006 - 4:28 PM

No, its more like unpatched machines could become a conveyance for bad viruses, and if its not patched, it could continue to propagate.

If a wave hit the west coast it could affect 45 million people. WE don't take into account vacations, work hours, people aren't home, or simply that the wave it may creep 10 miles, or just 1000 feet.

So POTENTIALLY it COULD affect the entire state, but that's over stating the possiblity.

Symantec, is trying to say that their footprint is large enough that it COULD affect 200 million users, taking into account, unpatched known symantec machines and the percentage of users that don't have protection at all, and taking into account on unprotected machines or unpatched symantec, the virus launches from those machines to other machines..

Its all a numbers game. Just like an average, if someone says its an "average", is it a conventional average or a midpoint? Because there are 4 types of averages (I am not doing them all) but suffice to say, its all jargon in their favor.

There is mean and midpoint, both are considered averages. And AVG is numbers divided by the number of items in the list. The midpoint is the half way point between the highest and lowest number in a series of numbers, which could be flawed, but advantageous depending on who you are.

if you have 100, and 1, and 2. The AVG is 34. the midpoint, then is (highest / lowest) 50. which is a difference of 16.. so which is more accurate?

Symantec believes they can skew the public into thinking this is a HUGE problem, when in reality it isn't. That's all I am trying to say.

But its all numbers and formulas.. 200 million is some number Symantec "derived" how did they come to that number? Well, that is the $100,000 question.

Score: 0

By rijp

posted May 31, 2006 - 2:58 PM

.... to be continued . . .

Score: 0

Dec 5 - 1:45 AM ET Shazam: eight million songs of the eternal Now

Dec 4 - 7:30 PM ET Comcast to offer bandwidth consumption monitor

Dec 4 - 5:37 PM ET Counterfeiters sing the 'Blue' as Microsoft lawyers up

Dec 4 - 4:40 PM ET Opera 10 alpha shows off new Presto rendering engine

Dec 4 - 2:29 PM ET Apple: Psystar clone-maker is working with unnamed collaborators

Dec 4 - 2:21 PM ET Windows Live rollout sketchy, team apologizes

Dec 4 - 2:20 PM ET Stinging from a revenue shortfall, Adobe to shed workers

Dec 4 - 11:47 AM ET The storm hits AT&T, with a five-digit headcount reduction

Dec 4 - 11:42 AM ET TV sports adopts Web coverage, plays with iPhones

Dec 4 - 11:24 AM ET Microsoft seeks 'community' help to make IE8 Standards Mode work out