There have been a slew of recent vulnerabilities discovered in the very security products that administrators and end users depend on to protect their systems.
Security firms eEye Digital Security and NGSSoftware have reported discovering vulnerabilities in Norton Internet Security 2004, which can be exploited by attackers to compromise a system. Also affected are Norton Internet Security 2004 Professional and Norton Personal Firewall 2004. Vulnerabilities have also recently been discovered by eEye in all versions of the RealSecure and BlackICE firewalls from Internet Security Systems (ISS).
One problem reported to Symantec on March 9, 2004, is a remotely-exploitable flaw that can allow an attacker to execute a denial of service attack against any system where the Norton software is installed using the default settings.
The ISS vulnerability, reported to the vendor on March 8, 2004, is also remotely exploitable and allows an attacker to gain system access to the vulnerable machines.
Fortunately, eEye is highly ethical in the way it discloses the vulnerabilities it discovers, and does not publish any more than the bare minimum information about these threats until the vendor has ample time to address them.
NGSSoftware has also reported a problem in Norton's Anti-Spam utility (included with Internet Security 2004 and Internet Security 2004 Professional) that can result in a stack overflow and allow the attacker to run arbitrary code on vulnerable machines.
Applicability
Norton firewall products:
ISS firewall products:
These eEye reports appear to be pretty serious vulnerabilities, although I can't be certain because extensive details weren't immediately available.
NGSSoftware has released a few details, and these appear to be different threats from those alluded to by eEye but, because the eEye reports are preliminary, it is difficult to be certain.
Mitigating factors: Unknown
As I mentioned above, eEye is careful not to release any details until the vendors have had time to address the threats, and eEye itself doesn't say anything about possible mitigating factors. With no details I couldn't determine on my own if there are any useful mitigating factors at the time this report was released.
There are no mitigating factors for the vulnerabilities reported by NGSSoftware other than that they require the user to visit a malicious Web site or open an infected HTML e-mail.
Fix
None are reported available for the problems noted by eEye, but the two published by NGSSoftware are already patched by Symantec, and vulnerable systems will be repaired as soon as LiveUpdate is run.
Final word
I find this recent slew of serious holes in antivirus and firewall software extremely troublesome. I never really put much reliance on these things myself, but my clients depend on them very heavily and they, along with other businesses, tend to pay less attention to security simply because they feel that they have done all they need to do by installing and maintaining some of these big-name security utilities.
That's reasonable enough; after all, the antivirus and firewall software available today is pretty effective if you configure it properly; however, I doubt many people realise that those security programs may themselves add new vulnerabilities to their systems.
TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.
©2004 TechRepublic, Inc.
6%
1%
Why won't anyone answer this email I sent to Norton Support Services?
Dear Sirs.
I am writing to ask you how you can amend something that has happened to my friend who bought a New Laptop and had your Norton Anti Virus and Firewall installed on the system when he bought it. He found that after using the system he did not need firewall and did not re-new it, he only re-newed the Anti Virus. The Icon for Firewall disappeared and also his ability to go into the Internet. Also, the speed is very sluggish. He can't use his computer because of this and I am trying to help him by writing to get your assistance.
Please reply urgently, he needs to get back online.
Q. What can he do to fix this problem.
Q. What should he have done in the first place if he didn't want to re-new Firewall but wanted to keep the Anti Virus?
Regards
Carol Ward