Symantec tells customers to disable pcAnywhere software

Discussion in 'other security issues & news' started by ronjor, Jan 25, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Serious/Bad if it has come to this.
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    So strange how we never see patches for antiviruses etc until something drastic like source code leaks or it actually gets exploited. These programs are installed on so many computers I wonder how long before attackers just start going for them instead.
     
  5. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Last edited: Jan 26, 2012
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  8. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://isc.sans.edu/diary.html?storyid=12463:
     
  10. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Symantec: We Didn’t Know in 2006 Source Code Was Stolen - Wired

    All those times, over the past 5 years or so, that the hacker community said to people to quit using Symantic products, and were being labeled as haters by fanboys (or company paid mouth pieces), is amazing how they are so vindicated in their warnings.
    Symantec saying they are a security company is equivilant to those who purchased their degrees but didn't go through the schooling.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Having source code stolen doesn't put the vulnerabilities there - they were always there. Security programs are big and complex and deal directly with malware, often as a first line of defense. They're prime for exploitation and even often directly hook the kernel/ run with very high privileges. I'm honestly surprised we don't see more security programs being exploited.

    Delicious attack surface.
     
  13. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    And with the "layered" approach the surface may be larger?
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yes, definitely. When you stack on any software you stack on more vulnerabilities. When you stack on security software you get a lot of vulnerabilities in programs that are doing incredibly dangerous things ie:

    1) Directly dealing with malicious code - before any PDF player gets their hands on it or even a pack to the firewall your AV is going to be reading it.

    2) Hooking the kernel directly.

    And maybe AVs are patching behind the scenes but I don't know of any that has the kind of disclosure we see even in Flash/ Java.

    They're all written in C/C++ pretty much and they all do some dangerous actions. I wouldn't be surprised if we saw MSE start to get exploited since it's gaining such market share.
     
  15. batsec

    batsec Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    26
    Location:
    Germany
    It’s a better idea to disable this product until the firm releases a final set of software updates that resolve currently known vulnerability risks.
     
  16. guest

    guest Guest

    Could you elaborate on this? What exactly are you talking about?
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I mean how often do you get a security advisory from an AV saying "Hey, we had an exploit so we patched it" ? It doesn't look good for them when they tell everyone they had a vulnerability, people don't realize that AVs are vulnerable so the AV companies aren't going to remind them.

    You see Java/ Flash send out patches all of the time (or not quite in Java's case, but at least sometimes) and there's a lot of disclosure it: 'Yes, we had an exploit, we patched it' and they'll even tell you before the patching sometimes if the exploit's in the wild.

    I've never seen that for an AV and AVs are really prime to be attacked IMO. They need rights to the entire system, hook the kernel directly most of the time, and deal with malware directly. It's just not as prime as something like Flash/Java because there aren't any standard AVs on 98% of computers - with MSE being released on Win8 and already holding huge market share I won't be surprised when it's exploited.
     
  18. guest

    guest Guest

    Maybe you never looked correctly?

    http://filehippo.com/download_avast_antivirus/changelog/

    And here, for example:
    * IS: fixed a vulnerability in aswFw.sys (Secunia Advisory SA40868 )
    * solved a vulnerability related to license files (Secunia Advisory SA41109)

    Also, AVs pretty much always update themselves automatically and/or reminds users of available updates. Windows itself detects outdated AVs and takes a number of actions to fix them.
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Can you find that for an AV that's closed source? I'm legitimately curious.
     
  20. guest

    guest Guest

    Those links are all about Avast! Free Antivirus (my choice, lol), which is a closed source AV.
     
  21. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Ah, I see you're right - for some reason I'd thought it was open source. I wonder how common this is though as I don't really see it very often. Often crashes experienced by the user are actually vulnerabilities so "bugs" actually are vulns - easy to label either way.

    Interesting, thanks.

    Either way my point stands - code written in C++ that directly hooks the kernel and directly deals with malicious software.

    EDIT: It still seems that there isn't disclosure in the same way. IE: With Microsoft you have CVEs all of the time before exploits are even in the wild or after etc and consistent patches monthly. I just don't see this with AVs so it's either not advertised as much or just not happening.
     
  22. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Woah, Symantec in trouble? :rolleyes:
     
  23. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  24. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,824
    So for those in the know. If you apply the latest hotfix shown here from Symantec and those two dll's are patched as well as the one exe, are you now fully patched?

    Need to get this taken care of on one of my critical servers here at work tonight.

    Thanks!
     
  25. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    I'm not in the know, but I believe I would upgrade.
     
Loading...
Thread Status:
Not open for further replies.