Jump to content

Symantec-Norton and Google Project Zero


CeeBee

Recommended Posts

Certain Symantec-Norton AV products are reportedly unsafe due to vulnerabilities found here:

http://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html

And summarized by Symantec here:

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Question: does MBAE 1.08.1.2563 (which I use) or 1.09 (experimental) kick in with its protection to take up the slack from these vulnerabilities?  The technical side is beyond my grasp, but, the report states "These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption."

Thanks.

Link to post
Share on other sites

  • Staff

The best approach for these and other kernel level vulnerabilities are to apply the patch. In the case of Duqu kernel exploit for example MBAE will block payloads from executing in the vast majority of the cases, but the kernel exploit itself does execute.

 

Link to post
Share on other sites

5 minutes ago, pbust said:

The best approach for these and other kernel level vulnerabilities are to apply the patch. In the case of Duqu kernel exploit for example MBAE will block payloads from executing in the vast majority of the cases, but the kernel exploit itself does execute.

 

Thanks Pedro.  Too bad but all I needed to know.

As two of my legacy computers can't be upgraded to the patched version for hardware reasons I'm sort of stuck with unpatched AV software for same.  So, I may have to shop for a different AV package.  Oh well..  :unsure:

Link to post
Share on other sites

  • Root Admin

All reported issues have been patched and updates are available to customers
https://support.symantec.com/en_US/article.INFO3807.html

How can I verify if I am protected?

Ensure that you have the latest LiveUpdate content or the most recent product upgrade as listed in the ‘Update Information’ section of the Security Advisory for SYM16-010.
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Download the latest version of Symantec software
https://support.symantec.com/en_US/article.TECH125408.html

Link to post
Share on other sites

11 minutes ago, AdvancedSetup said:

All reported issues have been patched and updates are available to customers
https://support.symantec.com/en_US/article.INFO3807.html

How can I verify if I am protected?

Ensure that you have the latest LiveUpdate content or the most recent product upgrade as listed in the ‘Update Information’ section of the Security Advisory for SYM16-010.
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Download the latest version of Symantec software
https://support.symantec.com/en_US/article.TECH125408.html

Thanks, but the situation is a bit more complicated than what you describe:

https://community.norton.com/en/forums/norton-causes-blue-screens

https://community.norton.com/en/forums/norton-causing-bsod

So, even if I wanted to patch (i.e., upgrade to the current version), the situation remains muddled to say the least!  And, as my legacy computers can not be upgraded (not compatible with the latest version of Symantec-Norton software), my plan to stay with a lower version (until recently fully patched and used as a Symantec fallback) is muddled as well.

https://community.norton.com/en/forums/support-nis-217011-discontinued

Having said that, there is no such thing as a 100% safe AV software.  And it's dangerous to cross the street as well...

Link to post
Share on other sites

  • Root Admin

Well there will always be bugs and issues with all software. That's a given. However if your hardware is a limitation than yes, you may be stuck and have to look elsewhere as for others though Symantec as of yesterday says they've addressed the BSOD as well.

https://community.norton.com/en/comment/7078671#comment-7078671

Of course if you have a solid backup plan then you can help mitigate issues that might arise.

Backup Software

Cheers and good luck

 

Link to post
Share on other sites

8 minutes ago, AdvancedSetup said:

...Symantec as of yesterday says they've addressed the BSOD as well.

https://community.norton.com/en/comment/7078671#comment-7078671

Of course if you have a solid backup plan then you can help mitigate issues that might arise.

Backup Software

Cheers and good luck.

The link referred to ends with: " If you continue to see Blue Screen errors even after updating the above files and folders, please following the instructions below".  So, very much provisional and issued under great duress imho...

Once I get a firm-final notice of a good fix for 22.7 I may try to patch-upgrade my W7 computers.  Probably install Avast! on the older legacy boxes.

As for backup software, unless I missed it, you don't have Macrium Reflect on your list.  I used to be an Acronis fan .. but I migrated to Macrium Reflect some time ago.  So far, excellent experience.

Link to post
Share on other sites

  • Root Admin

It's there under Snapshot and Imaging

I'm not here to push Norton - what you run or don't run, or patch or not patch is up to you, but I have several systems running Norton and I'm not experiencing any BSOD on any of them. They're on systems typically built within the last 3 years

 

Link to post
Share on other sites

Found it.  Strange sorting though as Acronis Image is listed under Backup Software.  That said, several of the packages can do both file backup and image backup .. so one list may be better.

No worries, I have used Norton AV since the time of PC-DOS 2.x and would like to stay all Norton if at all possible.  We'll see!

Link to post
Share on other sites

  • 4 weeks later...
On 09/07/2016 at 8:24 AM, AdvancedSetup said:

Well there will always be bugs and issues with all software. That's a given. However if your hardware is a limitation than yes, you may be stuck and have to look elsewhere as for others though Symantec as of yesterday says they've addressed the BSOD as well.

https://community.norton.com/en/comment/7078671#comment-7078671

Of course if you have a solid backup plan then you can help mitigate issues that might arise.

Backup Software

Cheers and good luck

 

Hi,

Of course my friend, sometimes there are issue with software. Bugs happens frequently. Updates of them are necessary to avoid such problems.

Symantec operate all the time on it.

 

Cheers

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.