Windows 10: Symantec won't patch 'catastrophic' security flaws until mid-July

Symantec admits it won't patch 'catastrophic' security flaws until mid-July | TheINQUIRER

:)

 

Has anyone had trouble installing a Norton product due to a setupexe.com problem

I wouldn't recommend using it at all, if you can help it. A major security issue was found with Norton just a month ago. Not to mention that it's a giant resource hog and slows down your computer, and in my humble little opinion causes many more issues
than it's worth. I sincerely recommend to you not to try using Norton. Your computer's built-in Windows Defender, together with some safe computing practices on your part, are plenty.

See: Norton antivirus has a gaping security flaw "this is about as bad as it can possibly get"


And: Symantec/Norton Antivirus Flaw Threatens Millions of PCs

 

Microsoft edge

All internet security tools will still scan your network traffic as you go to and fro on websites, regardless of your browser and without any care of whether or not they make a "toolbar plugin" for said browser. So if you use Norton, even if Norton doesn't
explicitly make a toolbar plugin for Edge, you will still be protected.

However, I recommend you don't use Norton. Some researchers are Google recently discovered severe critical problems with Norton's array of products, that are quote "as bad as it gets" and can allow anyone to easily access your computer, everything you store
on it, and all communications you use from it. Just see the recent news:

• Forbes: Google Found Symantec and Norton Vulnerabilities
'As Bad as it can get'

• Engadget: Google: Symantec antivirus flaws

• PC Magazine: Experts: Symantec Security Flaw

•
Hundreds of others here.

I would recommend to all my family, friends, and my paying clients: do not use Norton and stick with Defender. Of course you don't have to if you don't want to. It's your machine.

 

This kind of thing is one of the reasons why I won't ever install Symantec software on any of my PCs.

 

https://www.symantec.com/security_re...id=20160628_00

 

Way to go Symantec. I now regret having used your software for nearly a decade with another 2 years to go before my NS subscription expires. Talk about a rude awakening! Time to look for something new.

PS - Just remembered I have current subscriptions to BD Total Security & Kaspersky Internet Security. Thing is, are these safe or do they have security holes?

 

Probably all security products have security holes. It's just a matter of when they are discovered and how long it takes to get patched.

 

Symantec - the popular computer protector - may actually help hackers, feds warn - Jul. 7, 2016

 

I totally agree. All security programs have to constantly update to keep up with all the security risk. It's a never ending cycle.

 

"Symantec Response

Symantec has verified these issues and addressed them in product updates as identified in the solution portion of the affected products matrix above. We have also added additional checks to our Secure Development LifeCycle to mitigate similar issues in future.


Symantec is not aware of these vulnerabilities being exploited in the wild.


To fully mitigate the identified vulnerabilities, Symantec recommends applying the required patches to the affected products as soon as possible. This is the only means to ensure that installed products cannot be exploited. Symantec has released the following list of AV signatures in an effort to block/detect attempts at exploitation.


Vulnerabilities

Signatures

LiveUpdate rev.


RAR decompression memory access violation

EXP.CVE-2016-2207

20160628.037


Dec2SS buffer overflow

EXP.CVE-2016-2209

20160628.037


Dec2LHA buffer overflow

EXP.CVE-2016-2210

20160628.037


CAB decompression memory corruption

EXP.CVE-2016-2211

20160628.037


MIME message modification memory corruption

EXP.CVE-2016-3644

20160628.037


TNEF integer overflow

EXP.CVE-2016-3645

20160628.037


ZIP decompression memory access violation

EXP.CVE-2016-3646

20160628.037



Update Information
All Norton products have been updated through LiveUpdateTM. Customers of Symantec Enterprise products should check the chart below to determine which products have been updated automatically and which require product updates."

The way I read this is that Symantec has already addressed and fixed the problem.

 

Not that I worry but since using windows 10, I have not been able to install and run for more than a week any 3rd party antivirus without defender kicking up not letting updates through, so I have just accepted that and keep defender and paid for malwarebyghtes, cant do with the hassle of fighting Microsoft.*Smile.

 

From my reading of this Symantec has addressed most of the problems but the major one on the workstations has yet to be addressed:

"The cloud-based versions of Symantec's Endpoint Protection Small Business Edition will finally be updated this week, but users of the workstation versions will have to wait weeks."

 

Okay, if you want to believe The Inquirer and Google rather than Symantec who says:

"All Norton products have been updated through LiveUpdateTM. Customers of Symantec Enterprise products should check the chart below to determine which products have been updated automatically and which require product updates."

Dated June 28, 2016.

 

Here is another article on this:

iTWire - Google finds Symantec-Norton security holes

As you can see this was dated Friday July 8 and some patches will be available shortly.

 

The original report by Google Project Zero was issued on Jun 28 and the last line states:

https://googleprojectzero.blogspot.c...-endpoint.html

Norton released a fix on the June 28 with an update on June 29.

https://www.symantec.com/security_re...id=20160628_00

Just because all these other sites are behind the times and reporting old news.

Jim *Cool