News
Symantec/Norton products affected by multiple "as bad as It gets" vulnerabilities - expert comment
June 2016 by Simon Crosby, CTO and co-founder at endpoint security firm, Bromium
Ars Technica is reporting that researcher Tavis Ormandy has spotted numerous
vulnerabilities in 25 Norton and Symantec products that are "as bad as it gets".
Much of the product line from Symantec contains a raft of vulnerabilities that
expose millions of consumers, small businesses and large organisations to
self-replicating attacks that take complete control of their computers.
Simon Crosby, CTO and co-founder at Bromium, comments:
“The fact that AV isn’t enough to protect from modern threats has been accepted
in the industry for a long time – even by the AV vendors themselves. However, the
realisation that security software itself can actually introduce new vulnerabilities
will be a shock to many. There is a simple rule: more code equals more
vulnerabilities. When you install software, you add to the attack surface of the
machine.
AV is no exception. Add to this that malware detection rates are terrible, and that
detection in concept is largely useless for polymorphic, targeted, 0-day malware,
and it starts to question the use of AV at all.
We have to reduce the attack surface of our systems and effectively isolate
dangerous activity away from our important business processes. The concept that we
have a trusted system that is also being used to browse the Internet and open emails
forces us to take this seriously – or face the consequences. Common wisdom is to
apply a layered approach of defence-in-depth. But if you do this without layers of
separation/isolation and rely on detection at each layer, then you’re kidding
yourself and wasting your money. Tools like microvirtualization must be considered
in order to fill the gaps.”
