Researchers from eEye Digital Security Inc. of Aliso Viejo, California claim that they found a flaw in Symantec’s Anti Virus enterprise editions, version 10 an dhigher that allowed hackers to seize control of computers. Once they had control, they could delete files, install whatever they wanted or have access to any of the data. They notified Symantec, but to this point Symantec says they have not confirmed the flaw. As an honorable gesture, while announcing the flaw on their web page, they did not point out exactly what the flaw was that would allow hackers to exploit it.
If confirmed, this is a particularly egregious problem for two reasons. First, anti virus software is installed on basically all business computers, and Symantec is one of the market leaders. This puts a large number of computers at risk. Second, this is a security flaw in a product that is supposed to be keeping you safe. So now, not only is it not protecting you as well as it should, the security software itself is the problem.
Symantec has been a reliable company in its years of life, so I have no real problem with them. An awful lot of software has been found to leave user’s computers vulnerable. The only mistake they could make at this point is to not develop and distribute a fix as quickly as possible. As usual, it’s not the mistake that will get you in trouble, it’s the reaction after the fact. Lets give them some time to respond before making any judgements.
Posted by Jeff