Click to Skip Ad
Closing in...

Google just shamed the antivirus software you probably use, so update immediately

Published Jun 29th, 2016 11:23AM EDT

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Whether you’re looking to protect your PC or an entire fleet of computers, chances are you’ve either considered or have ended up purchasing products from Symantec. The company sells consumer software under the Norton brand, in addition to Symantec Endpoint Protection that targets enterprises. The bad news is that both products were just shamed by Google’s Project Zero security team, which found critical errors that leave users at risk.

In fact, Google’s security hacker Tavis Ormandy discovered numerous vulnerabilities in 25 different Norton and Symantec products, and he said they are “as bad as it gets.”

MUST READ: The iPhone 7 nightmare

“These vulnerabilities are as bad as it gets,” Ormandy wrote. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

Rather than protecting users from malicious programs, the anti-virus programs could end up helping hackers by making it even easier to target these machines – essentially, a hacker could simply have to attack the software intended to protect a computer, rather than the computer itself.

“Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it – the victim does not need to open the file or interact with it in any way,” Google’s researcher said.

Google’s team looks for zero-day security holes in various products and found issues in antivirus products from Trend Micro in the past. The researchers give companies 90 days plus a two-week grace period to fix issues, after which point they’re revealed to the public.

The good news is that Symantec has taken swift action and all the issues were fixed in an update that was already sent to customers by the time Ormandy published his findings. Even so, while antivirus software on some systems is updated automatically, not all computers are set up that way. Admins might have to perform the updates themselves.

It’s still disconcerting to find out that one of the top antivirus makers out there had so many bugs in software meant to protect users from malicious hackers. More details about the software issues found in Symantec and Norton products are available at the source links – and make sure you update all your Symantec products immediately.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2007. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming new movies and TV shows, or training to run his next marathon.