Norton uses read this! (your firewall may not be safe)

[JoJo Gunn]

http://www.internetnews.com/dev-news/print.php/3353841


Computer security specialist Symantec Thursday moved swiftly to patch for four very serious vulnerabilities in its popular Norton firewall product suite.

An alert from Cupertino, Calif.-based Symantec described the flaws as "high risk" and warned that a successful exploit could wipe out a user's computer. Attackers could also execute remote code with kernel-level privileges on the targeted system.

The vulnerabilities, first discovered by researchers at eEye Digital Security, affect both enterprise and consumer Norton users. Affected products include the Symantec Client Firewall 5.01 and 5.1.1; the Symantec Client Security 1.0, 1.1, 2.0 (SCF 7.1); the Norton Internet Security and Professional 2002, 2003, 2004; Norton Personal Firewall 2002, 2003, 2004; and the Norton AntiSpam 2004.

Independent research firm Secunia rates the flaws as "extremely critical" because they could lead to a destructive worm attack. "The vulnerability is very similar to the 'ICQ Response Buffer Overflow' vulnerability in various ISS products, which was already exploited by the "Witty" worm the day after it was disclosed to the public," Secunia warned....

[JoJo Gunn]

I've just looked over the site after posting this story, and there's not a mention of it anywhere on Symantec's site. Neither is it in the list when you manually bring up "Live Update".

Go figure.


http://www.symantec.com/index.htm

[Vernon Frazee]

Source, Symantec.com: Symantec Client Firewall Remote Access and Denial of Service Issues

SYM04-008
May 12, 2004
Symantec Client Firewall Remote Access and Denial of Service Issues

Revision History
None

Risk Impact
High

Overview
eEye Digital Security notified Symantec Corporation of four vulnerability issues they discovered in the Symantec Client Firewall products for Windows. By properly exploiting these issues, an attacker could render the targeted system inoperable or execute remote code with kernel-level privileges on the targeted system.

Affected Components
Consumer:
Symantec Norton Internet Security and Professional 2002, 2003, 2004
Symantec Norton Personal Firewall 2002, 2003, 2004
Symantec Norton AntiSpam 2004
Corporate:
Symantec Client Firewall 5.01, 5.1.1
Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1)

[...continues...]

More like this: Symantec Security Response - Symantec Product Advisories

[crunchie]

Hehe. I removed NIS 2 days ago & now have sygate pro. Must have felt it in my water.

[JoJo Gunn]

Vernon, you'd think something like this would be smack dab on the front page. It still isn't, as of this moment.

How'd you find that? I looked all around and never saw it. Which is part of my point - why do we have to scour the bottom for critical info? Their web site has never been logically laid out.

[oldhermit]

Whatever the update was supposed to do, it appears to be causing more problems than it fixes. Probably pulled it, and hopefully they will now see the benefits in hiring a programmer.

For those still using NIS, my advice is to be sure you have a backup of the registry before doing any of Symantec's LiveUpdates. You will probably need it to at least stay operational, if not fully protected.

For those willing to give up the remaining licensing that you paid for, there are alternatives. As the problems within their recent updates have shown, Norton could use a real overhaul, not only in their software...

My 2 cents...

[shiva_42]

Problem: Symantec is less than forthcoming about their own security failures, and create pandemonium for their own users by making it virtually impossible to "uninstall" their own applications.

Solution: Don't give them any more of your money. Find a vendor you can trust.

Observation: AVG + OutPost

[DELTREE]

I use Norton System Works for years without any problems.

From what I hear and know I would not use their Firewall.

I think it is the program not the Company.

Just my 2 cents worth.

Take Care

[kv]

Personally, I think Symantec has lost sight of the original mission of the Norton series of utilities. The first version of the Norton Utilities I used fit on a 5.25" floppy and consisted of small, well-written utilities that ran in DOS and did things that made you wonder why Microsoft didn't include them in the first place.

Over time, their applications seemed more and more focused on bloat in the name of fast time-to-market rather than well thought-out and tested applications that work well with little disruption.

I've used various versions of NAV (DOS and Windows based) for some time now, and recently gave up on it and uninstalled it. It was using more resources than I was happy with, and the annual subscription fee was becoming insulting (yes, this is a gripe I've mentioned in many previous posts, but it still bugs me). I've still got SystemWorks for some of the utility it provides, but even the most recent version I installed had trouble initially and I had to plead with Symantec to send me a patch I knew existed only because of the newgroups on google. Plus, there's no excuse for an application to embed itself so deeply that it can't be uninstalled safely or properly. And how many problems have they had with LiveUpdate...?

Sorry for the rant, I know it's a little OT, but I'm disappointed with what I've seen of Symantec lately. From their past, I hold them to a higher standard than I would accept from other vendors, such as MS...

Anyways, just my $0.02...!

KV

[Vernon Frazee]

Originally posted by JoJo Gunn
Vernon, you'd think something like this would be smack dab on the front page. It still isn't, as of this moment.

How'd you find that? I looked all around and never saw it. Which is part of my point - why do we have to scour the bottom for critical info? Their web site has never been logically laid out.

1. Clicked "Security Response", (top of page, 4th button)
   
2. Clicked "View all security advisories [>go!] link, (on the right, under "security advisories" heading)
   
3. Clicked the "here" link, (in the "Advisories relating to Symantec products may be viewed here.") sentence.
   
4. Clicked the topmost "Symantec Client Firewall Remote Access and Denial of Service Issues" (May 12, 2004) link.

[JoJo Gunn]

And just how many licks to the center of a Tootsie Roll pop?

The world may never know....

[Ex-eastcoaster]

Hello, since the recent updates in Norton's Live Update, I now have an error 35 general protection fault in C:\Progr`1\Norton`1\
nauv.dx.ov1 or something similiar to that. Rather than try to troubleshoot it, I might just remove NAV from my computer.

I only have Norton Anti-Virus 2002. Perhaps those updates weren't for me, but I thought if Live Update offered it to my system that it was specific to my particular system. Would anyone know if those updates were intended for systems that only have Norton Anti-virus 2002? I run Win Dr. from Norton Utilities 2001 from the CD and it's not installed but I've seen references to it on my computer. So, maybe Live Update thought I had Norton Utilities installed, thus thought I needed the update.
Does anyone have any information regarding this? Regards, Ex-eastcoaster.

[DELTREE]

Ex-east......, it should work; I run NSW 2002 without any problems and get the Updates. As long as your subscription has not run out.
I hope this may help in some way?
Take care

[Ex-eastcoaster]

Hi Deltree. Is a general protection fault something that needs to be fixed or could one just leave it as is? I know it all depends on certain circumstances, but I was wondering, generally speaking, that is... Regards, Ex-eastcoaster.

[DELTREE]

Ex-east......., What OS are you running? and and how is your NAV working?What you might try is to uninstall it then reinstall it.
I hope this may help in some way?
Take Care