Forum Discussion

1492's avatar
1492
Moderator
Jul 05, 2016

Symantec Flaws Worse Than Having No AV?

What some sites have termed "as bad as it gets", while others are blasting Symantec for not fixing basic flaws in their AV engine, Google's Project Zero Security Team revealed multiple vulnerabilities in Symantec's AV products since mid-May? Not all of which are apparently fixed to date.

Some vulnerabilities were deemed so serious that receiving an "unopened" email was enough to exploit a serious flaw. Others described as allowing hackers the ability to take control of an infected machine.

Quite possibly, AV software may become the attack vector of choice for hackers as they typically operate with elevated permissions. Potentially allowing direct access to exploit system code, where AV software vulnerabilities are not patched in a timely manner.

One thing is certain, if you're running Symantec or any security software, you need to keep in patched with routine updates. And if running outdated AV with an expired license? Good luck?

Though Symantec's flaws appear more numerous, Project Zero has exposed other highly rated security software serious vulnerabilities, including FireEye, Kaspersky Lab, McAfee, Sophos, and Trend Micro. Though one top rated security AV package has apparently managed to remain off the list? Bitdefender, an available free version mentioned several times in other posts. You can find the Project Zero Issues list here.
  • Don't you think it's odd that some viruses have only been found in AV companies.

    I'm not saying that they have created viruses, just odd.

    I had a free copy of McAfee running once, and I got a ransom ware virus, that I got rid of with out their help (they wanted one $100 to help), using ihe Internet and my knowledge of computers. You see I'm an old DOSer.
  • IIRC, a decade or so ago Pando actually shipped DVDs infected with a common virus that if they'd only scanned the Gold Disk (Master) with their own software they would have caught it.