the mini Blog

It seems like the “world’s most trusted” antivirus software for Mac has some flaws that actually makes OS X more vulnerable.

The vulnerability occurs when AntiVirus is decompressing files compressed in the RAR format for scanning. When AntiVirus is performing this operation, it is susceptible to to multiple heap overflows allowing attackers complete control of the system(s) being protected. “Successful exploitation of Symantec protected systems allows attackers unauthorized control of data and related privileges. It also provides leverage for further network compromise. Symantec implementations are likely vulnerable in their default configuration. In default configurations users are likely vulnerable regardless of whether they choose to open or read the email.”
The only solution at this point is to filter RAR archives at email or proxy gateways, or disable and uninstall Norton AntiVirus.

When I was using Symantec AntiVirus for PC I really hated it because it was an enourmous memory hog, and it didn’t do much. I had soon realised there was a piece of software out from Eset called NOD32 which is a much better antivirus software. I have found it to be a lot better and has some other features including sending an email when a virus is found. As for my Mac, I don’t use any antivirus. Well, sort of, I once downloaded ClamXav which is a free “virus checker for Mac OS X. It uses the tried, tested and very popular ClamAV open source antivirus engine as a back end.” I have only used it once, and it found nothing. I have yet to run it again as I believe that it is not needed. So far there are no viruses for OS X. I think Symantec is over priced and over rated. They should fix this soon otherwise they will loose a lot more customers.

read more