I would actually expect LiveUpdate for the home versions to get the update automatically. The corporate edition however does not update the software via LiveUpdate - they figure IT departments would rather control when the software gets updated themselves, but unfortunately in most companies that probably means almost never :\ Also, it doesn't appear that this issue effects the Mac software (at least, I didn't see the Mac products in the Symantec vulnerability list), only Windows products. -- Jeff Wheeler Postmaster, Network Admin US Institute of Peace On Feb 10, 2005, at 1:07 PM, Colin Johnston wrote:
Any ideas why Symantec have not released the updated code to LiveUpdate for Mac and LiveUpdate for PC ??
Colin Johnston TTL c.johnston@ngat.com
----- Original Message ----- From: "Jeff Wheeler" <jwheeler@usip.org> To: "Colin Johnston" <colinj@mx5.org.uk> Cc: <nanog@merit.edu> Sent: Thursday, February 10, 2005 1:18 PM Subject: Re: Symantec AV may execute viruses
Also, it doesn't appear that this issue effects the Mac software (at least, I didn't see the Mac products in the Symantec vulnerability list), only Windows products.
if this is a heap overflow and if osx uses a bsd-derived libc (with phy malloc implementation), the vulnerability would not be exploitable. this seems like a probable explanation. -p --- paul galynin
On February 10, 2005 10:29 am, Paul G wrote:
----- Original Message ----- From: "Jeff Wheeler" <jwheeler@usip.org> To: "Colin Johnston" <colinj@mx5.org.uk> Cc: <nanog@merit.edu> Sent: Thursday, February 10, 2005 1:18 PM Subject: Re: Symantec AV may execute viruses
Also, it doesn't appear that this issue effects the Mac software (at least, I didn't see the Mac products in the Symantec vulnerability list), only Windows products.
if this is a heap overflow and if osx uses a bsd-derived libc (with phy malloc implementation), the vulnerability would not be exploitable. this seems like a probable explanation.
Neil Mehta & Alex Wheeler from ISS who identified this and a number of other AV issues will be doing a presentation on it entitled, "Owning Antii-Virus" at CanSecWest. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada May 4-6 2005 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp
On February 10, 2005 12:01 pm, Dragos Ruiu wrote:
On February 10, 2005 10:29 am, Paul G wrote:
----- Original Message ----- From: "Jeff Wheeler" <jwheeler@usip.org> To: "Colin Johnston" <colinj@mx5.org.uk> Cc: <nanog@merit.edu> Sent: Thursday, February 10, 2005 1:18 PM Subject: Re: Symantec AV may execute viruses
Also, it doesn't appear that this issue effects the Mac software (at least, I didn't see the Mac products in the Symantec vulnerability list), only Windows products.
if this is a heap overflow and if osx uses a bsd-derived libc (with phy malloc implementation), the vulnerability would not be exploitable. this seems like a probable explanation.
Neil Mehta & Alex Wheeler from ISS who identified this and a number of other AV issues will be doing a presentation on it entitled, "Owning Antii-Virus" at CanSecWest.
P.s. To not pick on any one vendor exclusively, it's not just Symantec that has issues... I know that an F-Secure advisory has now been released too... and who knows, as an educated guess, I'd bet there probably will be others coming... ;-) Allocating some IT schedule to AV updates/verification seems prudent. -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada May 4-6 2005 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp
Too true, as soon as the updates are available.. Still haven't seen one from Symantec (anyone else out there seen one yet??), maybe F-Secure will be faster.. Brance :)_S -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Dragos Ruiu Sent: Thursday, February 10, 2005 3:46 PM To: Paul G; nanog@merit.edu Subject: Re: Symantec AV may execute viruses On February 10, 2005 12:01 pm, Dragos Ruiu wrote:
On February 10, 2005 10:29 am, Paul G wrote:
----- Original Message ----- From: "Jeff Wheeler" <jwheeler@usip.org> To: "Colin Johnston" <colinj@mx5.org.uk> Cc: <nanog@merit.edu> Sent: Thursday, February 10, 2005 1:18 PM Subject: Re: Symantec AV may execute viruses
Also, it doesn't appear that this issue effects the Mac software (at least, I didn't see the Mac products in the Symantec vulnerability list), only Windows products.
if this is a heap overflow and if osx uses a bsd-derived libc (with phy malloc implementation), the vulnerability would not be exploitable. this seems like a probable explanation.
Neil Mehta & Alex Wheeler from ISS who identified this and a number of other AV issues will be doing a presentation on it entitled, "Owning Antii-Virus" at CanSecWest.
P.s. To not pick on any one vendor exclusively, it's not just Symantec that has issues... I know that an F-Secure advisory has now been released too... and who knows, as an educated guess, I'd bet there probably will be others coming... ;-) Allocating some IT schedule to AV updates/verification seems prudent. -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada May 4-6 2005 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp
Here are the listed Mac products, according to the website http://www.symantec.com/avcenter/security/Content/2005.02.08.html Consumer products section.. Symantec Norton Antivirus 2004 for Macintosh Symantec Norton Internet Security 2004 for Macintosh Symantec Norton System Works 2004 for Macintosh Symantec Norton Antivirus 9.0 for Macintosh Symantec Norton Internet Security for Macintosh 3.0 Symantec Norton System Works for Macintosh 3.0 Also, You can configure in the Systems Center Console for the corporate edition (server) to download product updates as well.. Now if I can only figure out these version numbers.. Brance :)_S ____________________________________________ Brance Amussen Network/Systems Admin Zanvyl Krieger Mind/Brain Institute Johns Hopkins University 410.516.6167 brance{AT}jhu.edu ____________________________________________ -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Jeff Wheeler Sent: Thursday, February 10, 2005 1:18 PM To: Colin Johnston Cc: nanog@merit.edu Subject: Re: Symantec AV may execute viruses I would actually expect LiveUpdate for the home versions to get the update automatically. The corporate edition however does not update the software via LiveUpdate - they figure IT departments would rather control when the software gets updated themselves, but unfortunately in most companies that probably means almost never :\ Also, it doesn't appear that this issue effects the Mac software (at least, I didn't see the Mac products in the Symantec vulnerability list), only Windows products. -- Jeff Wheeler Postmaster, Network Admin US Institute of Peace On Feb 10, 2005, at 1:07 PM, Colin Johnston wrote:
Any ideas why Symantec have not released the updated code to LiveUpdate for Mac and LiveUpdate for PC ??
Colin Johnston TTL c.johnston@ngat.com
Oh, wow, I see how I missed that - I had already scrolled half way down the page and was looking at the Consumer Products section under "Non-Vulnerable Products"... woops :) Looking at it more closely, they are saying the same thing twice: Affected Product - only affected prior to build x.y.z and then Non-Vulnerable Product - only non-vulnerable starting with build x.y.z -- Jeff Wheeler Postmaster, Network Admin US Institute of Peace On Feb 10, 2005, at 1:32 PM, Brance Amussen :)_S wrote:
Here are the listed Mac products, according to the website http://www.symantec.com/avcenter/security/Content/2005.02.08.html
Consumer products section..
Symantec Norton Antivirus 2004 for Macintosh Symantec Norton Internet Security 2004 for Macintosh Symantec Norton System Works 2004 for Macintosh Symantec Norton Antivirus 9.0 for Macintosh Symantec Norton Internet Security for Macintosh 3.0 Symantec Norton System Works for Macintosh 3.0
Also, You can configure in the Systems Center Console for the corporate edition (server) to download product updates as well.. Now if I can only figure out these version numbers..
Brance :)_S
____________________________________________
Brance Amussen Network/Systems Admin Zanvyl Krieger Mind/Brain Institute Johns Hopkins University 410.516.6167 brance{AT}jhu.edu ____________________________________________
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Jeff Wheeler Sent: Thursday, February 10, 2005 1:18 PM To: Colin Johnston Cc: nanog@merit.edu Subject: Re: Symantec AV may execute viruses
I would actually expect LiveUpdate for the home versions to get the update automatically. The corporate edition however does not update the software via LiveUpdate - they figure IT departments would rather control when the software gets updated themselves, but unfortunately in most companies that probably means almost never :\
Also, it doesn't appear that this issue effects the Mac software (at least, I didn't see the Mac products in the Symantec vulnerability list), only Windows products.
-- Jeff Wheeler Postmaster, Network Admin US Institute of Peace
On Feb 10, 2005, at 1:07 PM, Colin Johnston wrote:
Any ideas why Symantec have not released the updated code to LiveUpdate for Mac and LiveUpdate for PC ??
Colin Johnston TTL c.johnston@ngat.com
Once upon a time, Jeff Wheeler <jwheeler@usip.org> said:
Also, it doesn't appear that this issue effects the Mac software (at least, I didn't see the Mac products in the Symantec vulnerability list), only Windows products.
It isn't Windows only; the Solaris versions of Brightmail are affected. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
On Feb 10, 2005, at 1:18 PM, Jeff Wheeler wrote:
Also, it doesn't appear that this issue effects the Mac software (at least, I didn't see the Mac products in the Symantec vulnerability list), only Windows products.
I got a new antivirus base for OS/X via liveupdate at approximately 11:45 EST today
participants (6)
-
Brance Amussen :)_S
-
Chris Adams
-
Dragos Ruiu
-
Jeff Wheeler
-
John Payne
-
Paul G