Cyber SecurityBy Evan Fagan and Craig Taylor

In the world of software applications and services, nothing should be more securely programmed than a security product. It is therefore unacceptable that multiple critical exploits were recently discovered in Symantec’s Norton Anti-Virus (“AV”). AV products have been around for decades. Hackers are getting more devious every day.  In an article from tech news website Engadget, an appropriately alarmist tone is taken when discussing the implications of recent “zero-day exploits” found by Google’s Project Zero team. These researchers found multiple buffer overflows (where a hacker can read and write to a computer’s memory directly) with kernel level access (the layer below the operating system) which had been around for many years in the tested products. The implications of these vulnerabilities are significant – an AV product attacked through these vulnerabilities can be disabled so a hacker can move around inside your computer unchecked. Once inside your computer, hackers can use the same vulnerabilities across all your company’s workstations to take down systems, steal your data, encrypt everything you have for ransom, or worse, delete it all!

Quick Fixes and Longer Term Solutions

Symantec is not the first AV company to have these issues and will not be the last. In a related article from security publication Help Net Security, they list multiple additional Anti-Virus companies guilty of the similar security lapses including Comodo, Trend Micro, Kaspersky, and FireEye. Symantec was quick to push updates to fix the vulnerabilities found by Google researchers. Longer term, the culture of software development, especially for trusted security products needs to be adjusted to favor much more secure programming practices. Development styles of pushing products to market as quickly as possible for financial gain, must take a back seat to appropriate security testing. Consumers must demand companies take their time when creating software security products, especially anti-virus products as these products are often the last line of defense from hackers, and they run with privileged access (admin rights) to each computer.

A Lesson to Take Away

In the world of AVs, end users and businesses feel the brunt of a hack when their computer is compromised. AVs products remain a critically important product needed to protect every computer; they must be kept 100% up to date. They are, however, not equipped to deal with many modern security risks and must be a part of a larger security solution incorporating other security services such as governance policies, cyber-security awareness training, and additional technical protections which engage when end users click malicious links, open malware infested attachments, or succumb to social engineering phishing attacks which steal your company’s data. When evaluating what is appropriate for your business, be sure to google search for security risks found the AV product you’re considering purchasing and choose a company with a track record of transparency for issues they’ve found and how quickly they fix them.

Symantec’s Update article includes information on the vulnerabilities and affected versions of the products discussed in this article.