Symantec Flaw Takes the Secure out of Security

| News

Symantec managed to do something no other security software vendor has managed: create a vulnerability that affects Mac, Windows, and Linux users. Simply running Symantec or Norton-branded security software potentially exposes users to attacks where hackers can get root-level control over their computer. Luckily, there aren't any reports of the exploit in the wild, and Symantec released a patch for the flaw a couple days ago.

Symantec's antivirus tools expose Mac, Windows, and Linux to hackersSymantec's antivirus tools expose Mac, Windows, and Linux to hackers

The flaw, discovered by Tavis Ormandy, is rooted in Symantec's antivirus engine and takes advantage of the way it intercepts system input and output. Simply scanning a file or incoming email message, for example, is enough to trigger the exploit—no need to open files or messages.

For Mac and Linux users, that means an incoming email they never notice could open their computer to attack. For Windows users it's even worse because the exploit also exposes the operating system kernel.

That's pretty scary news, especially since people are relying on Symantec's products to keep their computers safe, not expose them to hackers. Assuming users are updating their software regularly, they should be safe, but we do live in a world filled with procrastinators, which means eventually someone will get stung by this exploit.

There are a couple take aways here: First, security software isn't magic and isn't should be another part of your safe computing strategy, not the only line of defense. Second, Symantec did the right thing by responding to the exploit discovery quickly and openly.

If you're a Symantec or Norton security software user and haven't updated your apps this week, hop to it before some hacker releases an exploit into the wild.

Popular TMO Stories



I learned that at least a decade ago. The IT circles I worked with simply referred to Symantec/Norton products themselves as malware and black flagged anything to do with them.


This is NOT the first time that this C*F has occurred. I fully support geo’s recommendation.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account