Hackers can turn off Norton AntiVirus protection

Norton AntiVirus, one of Symantec's most popular Internet security products, contains a security flaw that could allow malicious users to easily disable the software's auto-protect feature, according to an advisory by security Web site Secunia.

According to Secunia, the software's auto-protect function, which is designed to recognise and halt suspicious behaviour in real-time, contains an error that could allow a malicious user to disable it altogether.

"This can be exploited by an unprivileged user to force the auto-protection to be disabled... It can further be exploited to download and execute malicious files that normally would be caught by the antivirus program," the advisory warned.

Norton Internet Security 2004 is affected but Norton Internet Security 2004 Professional and Symantec Norton AntiVirus 2004 are also likely to be vulnerable.

Security researcher Daniel Milisic, who has been credited with discovering the problem, last week criticised Symantec's Norton AntiVirus on a security mailing list.

"Symantec should be publicly flogged for trying to sell this inferior AV software to home users, especially knowing they have a decently workable AV product in their Enterprise line... It's unbelievable that Symantec sells a product that operates this poorly," said Milisic.

ZDNet Australia  contacted Symantec about the problem but the company refused to comment. A spokesperson told ZDNet Australia  that the company would "know more in 24 hours".

Advertisement

Print feature brought to you by Adobe

Talkback 14 comments

    I swear this has been happenin ...Anonymous -- 19/10/04

    I swear this has been happening for quite some time and not just with NAV! It happened to 2 clients of mine around 6 months ago.
    There are plenty of viruses and adware junk that seem to be able to do this with ease.
    That the incompetents at Symantec have only just figured this out is astounding. NAV is usless bloatware, but just like Telstra, they retain their market share by preying on the ignorance of the general public, who go with whatever company spends the most on advertising.

    The free anti-virus scanner AVG (www.grisoft.com) consistently provides better protection than NAV and it won't cost the user a single red cent.

    This is also a problem with th ...Anonymous -- 19/10/04

    This is also a problem with their Enterprise or Corporate version 9.0.0.1400 product. Auto-enable is disabled if fast-user switching is enabled on an XP machine.

    The major reason I switched fr ...Anonymous -- 20/10/04

    The major reason I switched from Norton to Kaspersky is because Norton does not find nearly as many viruses on my system as Kaspersky found. Funny how these industry leaders get greedy fast and stop making a quality product at the expense of their consumers' pocketbook. As an IT consultant I have a fairly good idea about how this company's dynamic works. They often package their products with computer systems, such as Dell with time-limited trials. Once the trial period ends, it seems the consumer is lulled into a false sense of security and purchase a license extension on a product that claims to protect their system. In actuallity it is letting viruses through and leading the consumer to believe that because they perform regular virus scans that report back that the system is clean, when it isn't.

    Resources Dan -- 31/07/07 (in reply to #120109248)

    At one time, Norton was far better than anyone else (at antivirus and only antivirus), but since they merged with Symantec, I've seen more and more resources being used as well as major problems that took months to fix which would take numerous calls to finally get them to admit that they had a known problem and no fix.

    I too went with Kaspersky, but found NOD32 was much more stable and much less resources.

    My auto-protect has been disab ...Anonymous -- 22/10/04

    My auto-protect has been disabled in my Norton Antivirus. It took nearly an hour to find out what to do about it and now I can't do the fix. I cannot uninstall and then reinstall the program because I downloaded it on the internet.
    And, I find no way to directly or indirectly contact Norton to take care of the problem. What an A-- hole company. They have plenty of avenues to buy their crap but not to fix it.

    My auto-protect has been disab ...Anonymous -- 22/10/04

    My auto-protect has been disabled in my Norton Antivirus. It took nearly an hour to find out what to do about it and now I can't do the fix. I cannot uninstall and then reinstall the program because I downloaded it on the internet.
    And, I find no way to directly or indirectly contact Norton to take care of the problem. What a company. They have plenty of avenues to buy their crap but not to fix it.

    As an user of NAV 2004, I woul ...Anonymous -- 23/10/04

    As an user of NAV 2004, I would like to know what action has been taken to rectify the flaws by Symantec. If not corrected so far, I would change to
    Mcaffee software .

    A few days ago I downloaded th ...Anonymous -- 28/10/04

    A few days ago I downloaded the newest version of Norton anti-virus protection, since my subscription had expired. As a result of that download, I am now infected with a multitude of spyware and viruses. I wrote Symantec and expressed my complete frustration and disappointment in their product. I will never order another thing from this company!

    This happened to my computer. ...Anonymous -- 03/11/04

    This happened to my computer. For the last 3 weeks the autoprotect has been disabled in my norton antivirus 2003 and e-mail scanning was disabled and I tried everthing to get it fixed, I even removed and reinstalled it but still the same. Then I removed Norton Antivirus and downloaded Service Pack 2 for Windows XP. I reinstalled Norton antivirus and after install a message popped up to say that a program was trying to change the settings in Norton Antivirus and, as this could be caused by a hacker, did I want to restore the original settings. Of course I said yes, and low and behold, my norton antivirus is now working again.

    Symantec have lost it. A long ...Anonymous -- 17/11/04

    Symantec have lost it. A long time ago in my view, but this is the icing on the cake. They claim to be the best protection in the world? Let me get this straight, they are aware of a flaw in their script blocking engine, but won't fix it until someone get's attacked by it?

    And then they say that they won't fix the problem proactively because if you are logged on as a non-administrator you won't be vulnurable?

    Yet to fully configure the script blocking protection, YOU HAVE to be logged in as administrator?

    Did I get that right? Do Symantec offer AntiVirus protection, or virus Proliferation? Good on you symantec for single handedly (since as you say Symantec, Norton's is on many more PC's than any one other antivuirus product) stripping significant numbers of the worlds computers of Script protection.

    I have been using Nortons AV f ...Anonymous -- 17/11/04

    I have been using Nortons AV for the past eight years. I am not an expert on these type of exploits but I have learnt to never rely on one product alone to do a job. I also run ZoneAlarm and an email filter program. These, coupled to NAV 2004 pro, which includes weekly updates and a boost by the windows xp SP2 pack, has alleviated any if not all threats.
    I always recommend to install additional security software. I am always on the net and have not had a virus, worm or trojan in the past five years. Oops, almost forgot, I also use PestPatrol.
    No one is perfect and all software ever produced by any company has always had one flaw or another.

    I have had this malicious scri ...Anonymous -- 09/01/05

    I have had this malicious script affecting my computer and norton anti virus is prevailing to help, detect and succesfully remove it. I am still learning about the safeguards of anti virus software protection, but believe in this instance symnatec need a boot up to stay ahead of the game. Another visit to the internet doctors may be in order. I hate mechanics.

    Greedy Symantec and Microsoft Doctor Logic -- 11/05/08

    People should long ago have realised that Symantec's and Microsoft's products in recent years have 50% of the the code running on our computers purely for the benefit of Symantec and Microsoft to try and ensure that their programs cannot be copied and that we have to pay for every upgrade and important fix for programs they should never have been allowed to sell in the first place because of the number of bugs they contain.

    Wise up !! - Install open source products instead. Most are "free", they do not contain all the suppliers own self-protection junk running in the background, and most are written in much more up-to-date code, which, when bugs are discovered is rectified at no charge.

    Disabled Auto Protect Anonymous -- 18/04/09

    When your Auto Protect is disabled, it's time to reformat your hard drive. Before you do that, though, take the HDD and slave it on a known good system. Root kits and other viruses / maleware cannot hide when the drive is scanned as a slave. FYI: I recently bought a Canon Flash Camcorder FS100 bundled with Pixela video editing software titled Imagemixer 3; version 2.0. When I installed this software on my P4 laptop running Norton AV 2005, the Imagemixer 2.0 DISABLED Norton Antivirus. I got a message that "my trial subscription was expired" after I rebooted and the Norton AV did not work....no protection even after I uninstalled the Imagemaker 2.0. I've contacted Pixela Corporation about this and they say they know nothing about this. I suspect some type of conflict / maleware but scans by SpySweeper, NortonAV, Spybot, and silentrunner.vbs turn up nothing. Any ideas about this? I haven't found any information of value on Internet as to why this happened and Symantec has a patch titled SymKBfix.exe on their site which solved the problem and allowed me to reinitialize the subscription which isn't due until September.

Add your opinion

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

Tags

  1. 449 articles are tagged with accc
  2. 57 articles are tagged with accenture
  3. 237 articles are tagged with acquisition
  4. 39 articles are tagged with afact
  5. 140 articles are tagged with ato
  6. 47 articles are tagged with bittorrent
  7. 1303 articles are tagged with broadband
  8. 60 articles are tagged with cepu
  9. 663 articles are tagged with cio
  10. 251 articles are tagged with conroy
  11. 391 articles are tagged with copyright
  12. 45 articles are tagged with david thodey
  13. 514 articles are tagged with dell
  14. 9 articles are tagged with feed
  15. 152 articles are tagged with firewall
  16. 1040 articles are tagged with google
  17. 1029 articles are tagged with government
  18. 788 articles are tagged with hp
  19. 218 articles are tagged with iinet
  20. 5 articles are tagged with iitrial
  21. 349 articles are tagged with iphone
  22. 115 articles are tagged with legislation
  23. 13 articles are tagged with longhaus
  24. 33 articles are tagged with michael malone
  25. 1475 articles are tagged with microsoft
  26. 32 articles are tagged with mike quigley
  27. 50 articles are tagged with minchin
  28. 1124 articles are tagged with mobile
  29. 356 articles are tagged with mobile phone
  30. 209 articles are tagged with national broadband network
  31. 383 articles are tagged with nbn
  32. 197 articles are tagged with new zealand
  33. 27 articles are tagged with nick minchin
  34. 928 articles are tagged with open source
  35. 880 articles are tagged with optus
  36. 2650 articles are tagged with security
  37. 53 articles are tagged with senate
  38. 68 articles are tagged with separation
  39. 177 articles are tagged with stephen conroy
  40. 57 articles are tagged with strike
  41. 174 articles are tagged with sydney
  42. 60 articles are tagged with telecom nz
  43. 2430 articles are tagged with telstra
  44. 23 articles are tagged with thodey
  45. 49 articles are tagged with twitter
  46. 109 articles are tagged with union
  47. 171 articles are tagged with victoria
  48. 201 articles are tagged with video
  49. 2 articles are tagged with win7au
  50. 88 articles are tagged with windows 7

Back to top

Featured