Feds Issue Alert That Symantec, Norton Antivirus Products Could Let Hackers Hijack Computers
Symantec and Norton are among the most popular security tools, but the U.S. Department of Homeland Security warns of critical flaws that could pose great risks.
A slew of corporate, government and personal computers are protected by Symantec, but are they really protected? Homeland Security believes there's reason to worry, and has issued a warning this week.
"Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry," notes the alert. "Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system."
It's not a small issue, either, as the problem is quite widespread. Based on data from industry tracker OPSWAT, Symantec ranks as the fifth most popular antivirus and anti-malware software, running on millions of PCs worldwide. It's used to protect corporate and government computers worldwide, but its security flaws could have grim outcomes.
Symantec, due to its status as a top security product, enjoys wide access to people's computers. Flaws in code, however, could turn that trust into weakness and exploit it.
That trust, which implies giving Symantec access to the insides of your computer, could facilitate the success of a virus to spread all throughout an entire network of computers, warns the federal alert. Simply getting an email with an infected file on a computer, or accessing a link to an infected site, could put the whole network of computers at risk.
Other antivirus and anti-malware products would not let that happen, CNN points out.
"These vulnerabilities are as bad as it gets," says Tavis Ormandy, who discovered the flaws. "A hacker could easily compromise an entire enterprise fleet." Ormandy is a security researcher part of Google's Project Zero.
The security researcher warned Symantec about the issues in April, and the company finally issued some patches last week. It remains to be seen, however, just how quickly government offices, companies and individuals will be able to update every PC on their networks.
Serious flaws in cybersecurity software could have dire implications, leaving millions of machines vulnerable to attacks. The irony is not lost. Some of the software that's supposed to protect your computer is actually making it vulnerable.
No reports currently exist of hackers actually exploiting these flaws, but that could also mean that no hacker has yet been caught. Cybercrime is on the rise and security is paramount, so it's highly advisable to update to the latest version of the software as soon as possible, so you can benefit from the latest patches and security fixes.