When you download antivirus software, you expect it to protect your computer, not threaten it. And yet for all the good that Symantec/Norton’s security programs do, it turns out they may be able to do even more harm.
An amazingly disastrous flaw could let cybercriminals attack a Windows machine at the deepest level, regardless of whether you have the home (Norton) or enterprise (Symantec) version of the company’s programs — as do tens of millions of computers worldwide. Worse still: Not every system will get the fix automatically.
The affected programs include, at the very least, Norton Security and its predecessors Norton 360, Norton AntiVirus and Norton Internet Security, as well as Symantec Endpoint Protection, Symantec Email Security, Symantec Protection Engine, Symantec Protection for SharePoint Servers, and pretty much any other antivirus product bearing the Symantec or its Norton imprints.
“These vulnerabilities are as bad as it gets,” Ormandy wrote. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible.”
The problem is that the unpacker program Symantec uses is itself vulnerable to attack, because it doesn’t properly handle malformed software designed to confuse it. Mismatched parameters can trigger a memory-buffer overflow in the unpacker, letting an attacker slip in malicious code that can seize control of the Symantec or Norton antivirus software.
This functionality is a risky proposition at the best of times, but Symantec’s programs make it worse by unpacking and examining the suspicious compressed programs right in the Windows kernel, the deepest level of the operating system.
First, the good news: There’s no evidence that hackers were able to exploit these any of these flaws in the wild. Better news: Every affected Symantec program has been patched.
If there’s a lesson to be learned from this, it’s that no program is unhackable. The best an average user can do is to keep all of his or her software updated constantly — especially the software that keeps unwanted programs out.