Norton AntiVirus, one of Symantec's most popular Internet security products, contains a security flaw that could allow malicious users to easily disable the software's auto-protect feature, according to an advisory by security Web site Secunia.
According to Secunia, the software's auto-protect function, which is designed to recognise and halt suspicious behaviour in real-time, contains an error that could allow a malicious user to disable it altogether.
"This can be exploited by an unprivileged user to force the auto-protection to be disabled… It can further be exploited to download and execute malicious files that normally would be caught by the antivirus program," the advisory warned.
Norton Internet Security 2004 is affected but Norton Internet Security 2004 Professional and Symantec Norton AntiVirus 2004 are also likely to be vulnerable.
Security researcher Daniel Milisic, who has been credited with discovering the problem, last week criticised Symantec's Norton AntiVirus on a security mailing list.
"Symantec should be publicly flogged for trying to sell this inferior AV software to home users, especially knowing they have a decently workable AV product in their Enterprise line… It's unbelievable that Symantec sells a product that operates this poorly," said Milisic.
ZDNet Australia contacted Symantec about the problem but the company refused to comment. A spokesperson told ZDNet Australia that the company would "know more in 24 hours".
ZDNet Australia's Munir Kotadia reported from Sydney. For more coverage from ZDNet Australia, click here.
Talkback
I'm sure no one has posted because every "real" professional and or script kiddy has known about this flaw for over a year now...
I am just amazed sometimes
Whisper
Hackers can obviously infiltrate the best systems but when they do why cant Norton AV be a little more sympathetic to their home customers and provide better information/patches to see them through these difficult times? We dont all have the backing of specialist system managers.
I run a small computer consulting firm. I used to recommend Norton A/V to my clients, however the last six months I have lost all confidence in Norton A/V consumer products. I have personally seen this problem on at least 10 different PC's I have serviced. In each case the client's Norton Auto Protect back ground protection has been disabled by a virus. Most of my client's would not even know how to turn off this feature themselves.
You can't re-enable it until you remove the virus infection with another product. I have had real good luck using the Free AVG 6.0 A/V from www.grisoft.com to remove the existing infections. Grisoft's AVG seems to be unaffected by this exploit. I figured the reason was that AVG is too low on most hackers to-do lists to warrant the time and effort to program a means to disable its background protection.
In many cases the automatic update feature still worked and the client's A/V signatures were right up to date. yet Norton A/V was totally neutralized.
To be fair to Symantec, I have also seen the same issue with McAfee's A/V. The latest version of the Klez virus seems to be especially adept at doing this. Norton A/V 2003 and 2004 seemed to be the worst affected by this exploit. I have stopped recommending Norton A/V products to my client's due to this weakness in the consumer version.
I run a computer business and have had trouble with the auto protect being disabled on customer's computers for some time.
I'm a professional hacker... I can surpass norton antivirus 2004 in 2 minutes, no problem.