North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Symantec AV may execute viruses

  • From: Brance Amussen :)_S
  • Date: Thu Feb 10 16:05:00 2005

Too true, as soon as the updates are available.. Still haven't seen one from
Symantec (anyone else out there seen one yet??), maybe F-Secure will be

Brance :)_S

-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Dragos Ruiu
Sent: Thursday, February 10, 2005 3:46 PM
To: Paul G; [email protected]
Subject: Re: Symantec AV may execute viruses

On February 10, 2005 12:01 pm, Dragos Ruiu wrote:
> On February 10, 2005 10:29 am, Paul G wrote:
> > ----- Original Message -----
> > From: "Jeff Wheeler" <[email protected]>
> > To: "Colin Johnston" <[email protected]>
> > Cc: <[email protected]>
> > Sent: Thursday, February 10, 2005 1:18 PM
> > Subject: Re: Symantec AV may execute viruses
> >
> > > Also, it doesn't appear that this issue effects the Mac software 
> > > (at least, I didn't see the Mac products in the Symantec 
> > > vulnerability list), only Windows products.
> >
> > if this is a heap overflow and if osx uses a bsd-derived libc (with 
> > phy malloc implementation), the vulnerability would not be 
> > exploitable. this seems like a probable explanation.
> Neil Mehta & Alex Wheeler from ISS who identified this and a number of 
> other AV issues will be doing a presentation on it entitled, "Owning 
> Antii-Virus"  at CanSecWest.

P.s. To not pick on any one vendor exclusively, it's not just Symantec that
has issues... I know that an F-Secure advisory has now been released too...
and who knows, as an educated guess, I'd bet 
there probably will be others coming... ;-)   Allocating some IT
schedule to AV updates/verification seems prudent.

World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada	May 4-6 2005
pgpkey kyxpgp