Security researcher Dan Milisic discovered a problem in the way Norton AntiVirus handles certain types of scripts and posted an alert that was published by European security Web site Secunia in October.
According to Milisic, Symantec had already known about the vulnerability for a number of months before the alert was posted but the company denied that its script blocking utility was flawed.
In a statement to ZDNet Australia on October 26, a Symantec spokesperson said: "ScriptBlocking is intended to provide proactive detection against script-based worms and this component of Norton AntiVirus has been effective at doing this since its introduction in 2001. Symantec provides computer users with complete protection against script-based worms and other security threats and will continue to deliver appropriate technologies to do so, including antivirus, firewalls, intrusion detection and content filtering."
Unsatisfied with Symantec's response, Milisic decided to prove his point by developing some code capable of exploiting the flaws.
On Thursday, Milisic contacted ZDNet Australia with an explanation of his findings and a copy of his codes.
According to Milisic, the code proves that the most recent version of Norton AntiVirus will not intervene when a certain type of virus-based script is executed.
"This is a 'typical' script-based virus that Norton AntiVirus will allow a user to run without any intervention. It is likely that code similar to this is already appended to script-based threats and worms.
Milisic said he tested the exploit codes using Norton AntiVirus 2005, which had been updated with the latest signatures, running on Windows XP.
Symantec was not available for comment.
Neil Campbell, the national security manager of IT services company Dimension Data, told ZDNet Australia that although he would not comment on this specific issue, the 'bigger picture' is that companies should rely on numerous layers of protection - just in case an undiscovered vulnerability exists.
"Any defence that relies totally on a single layer of protection or control is doomed to failure. Even looking within the layer of antivirus software many organisations choose different vendors for gateway and desktop protection in anticipation of exactly this kind of situation," said Campbell.
Dear Norton people,
I do not know another way to contact you but badly need your advice. After years of getting anti virus updates easily in the past four weeks I just cannot get them to download even though am connected to the internet. Can you help please? my e-mail is inall@iinet.net.au
Thank you. Neil Inall