Symantec’s AV Products Found with Vulnerabilities
According to Symantec, security flaws exist in a number of company's antivirus products developed for private and business users. These flaws, if exploited, could dupe the software into missing on malware while scanning through a malicious files archive.
The security company says that when such archives are created with manipulative processes, they are incorrectly formatted and some unpackers and applications manage to pull the corrupt files from the collections.
However, the absence of detection poses as a tough problem at the network boundaries' security gateways. Consequently, businesses are able to detect a probable infection attack only at the last defense line i.e. the antivirus application installed on the desktop of the user. This problem especially lessens the effectiveness of multiple detection approaches employed by a variety of antivirus software, Symantec's security researchers explained.
Furthermore, Symantec discloses that there are four security flaws in the AMS2 (Alert Management System 2) version that is in use by certain editions of Symantec anti-virus Central Quarantine Server, Symantec Antivirus Server, and Symantec System Center. These flaws affect only the antivirus software in case the AMS2 version is loaded.
However, Symantec describes the flaws as "low" risks. It adds that no customer has been impacted by the problems as no attempt has been made to abuse them till now.
The company merely outlines the suggestions for getting around the problems in its advisory instead of issuing a security update. The suggestions include administrators should reset the settings of their gateways so that spoiled archives are eliminated.
It further suggested all affected customers to immediately make their product up-to-date to safeguard from possible exploitation of the bugs. Additionally, end-users should allow only trusted parties to access their computers.
Users should upgrade their operating systems as well as other software with the most recent patches, while deploy antivirus software and firewall as multi-layer protection against both internal and external threats.
Meanwhile, the security researchers said that the review of the flaws in question was an important area of distinction among various antivirus vendors. In 2008, when F-Secure examined the flaws, it rated them as "high" risks.
» SPAMfighter News - 24-06-2009