Whether you’re looking to protect your PC or an entire fleet of computers, chances are you’ve either considered or have ended up purchasing products from Symantec. The company sells consumer software under the Norton brand, in addition to Symantec Endpoint Protection that targets enterprises. The bad news is that both products were just shamed by Google’s Project Zero security team, which found critical errors that leave users at risk.
In fact, Google’s security hacker Tavis Ormandy discovered numerous vulnerabilities in 25 different Norton and Symantec products, and he said they are “as bad as it gets.”
MUST READ: The iPhone 7 nightmare
“These vulnerabilities are as bad as it gets,” Ormandy wrote. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”
Rather than protecting users from malicious programs, the anti-virus programs could end up helping hackers by making it even easier to target these machines – essentially, a hacker could simply have to attack the software intended to protect a computer, rather than the computer itself.
“Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it – the victim does not need to open the file or interact with it in any way,” Google’s researcher said.
Google’s team looks for zero-day security holes in various products and found issues in antivirus products from Trend Micro in the past. The researchers give companies 90 days plus a two-week grace period to fix issues, after which point they’re revealed to the public.
The good news is that Symantec has taken swift action and all the issues were fixed in an update that was already sent to customers by the time Ormandy published his findings. Even so, while antivirus software on some systems is updated automatically, not all computers are set up that way. Admins might have to perform the updates themselves.
It’s still disconcerting to find out that one of the top antivirus makers out there had so many bugs in software meant to protect users from malicious hackers. More details about the software issues found in Symantec and Norton products are available at the source links – and make sure you update all your Symantec products immediately.