Maximum PC symantec RSS Feed

Symantec Says IE Vulnerable to New Exploit

Paul Lilly — Mon, 23 Nov 2009 07:03:27 -0600

Internet Explorer users who have yet to upgrade to IE8 should take note. According to security firm Symantec, there's a pretty nasty Zero Day exploit that affects both IE6 and IE7.

"The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future," Symantec explained in a blog post. "When this happens, attackers will have the abilty to insert the exploit in websites infecting potential visitors."

Symantec said the attack requires JavaScript and recommends that users disable it. The security firm also suggested potentially affected users limit web surfing to only trusted sites until Microsoft releases a fix.

Image Credit: cybernetnews.com

Symantec: Enterprise Spending Starting to Stabilize

Paul Lilly — Thu, 29 Oct 2009 08:04:33 -0500

Security firm Symantec reported revenue of $1.48 billion for its second fiscal quarter, beating out most analysts' expectations, but down 3 percent from the same quarter one year ago. Earnings were also better than expected, which checked in at $294 million, or $0.36 per share.

Symantec attributed the growth to its consumer business and increased IT spending, which bodes well for the company, considering a recent survey by Intuit Payroll suggested that the majority of SMBs have been spending less on security, even as cybercrime continues to rise.

"We're definitely seeing the U.S. market stabilize," Symantec CEO Enrique Salem noted in an interview on Wednesday. "We've seen China and parts of Asia continue to do well, and we're seeing some weakness in western Europe."

While consumer revenue was up 6 percent year-over-year, Symantec may have a tough time pushing its storage products. According to data from research firms IDC and Gartner, server sales were down roughly 30 percent last quarter.

Image Credit: propertyfinder.com

Beware! Scareware on the Prowl

Pulkit Chandna — Wed, 21 Oct 2009 09:53:11 -0500

Millions of credulous internet users fall prey to scareware every year and voluntarily end up compromising their systems. According to a new Symantec report, more than 40 million users found themselves prey to “increasingly persuasive online scare tactics” being adopted by cyber criminals during the 12-month period between July 2008 and June 2009.

The price of a fake security software program usually hovers between $30 and $100. But the hidden costs seem to be greater. Installing rogue security software can not only wreck the system but it also makes the owner vulnerable to identity theft. Deceptive ads linking to rogue software appear on both malicious and legit sites. Cybercriminals are also using search engine optimization (SEO) and social media tricks to ensnare even more people.

Have you installed SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, or XP AntiVirus yet? Don’t! They top the list of the most reported rogue security software.

Image Credit: F-secure

Symantec Names 100 Most Malicious Websites

Pulkit Chandna — Thu, 20 Aug 2009 19:35:14 -0500

Symantec has published a list of the dirtiest 100 websites. The websites are said to contain around 18,000 threats apiece on an average. However, the average number of threats shoots up to 20,000 for the top 40 websites on the list, which has been compiled by Symantec’s Norton Safe Web service. Aladel.net, a US-based websites, alone houses 56,371 threats.

Although almost half of the websites are expectedly based around mature content, the remaining sites deal with a wide variety of subjects. Viruses dominate the list of threats found on these sites. Security risks and browser exploits are the other common threats found on them. The owners of the websites that figure on the list must be feeling a sense of elation and achievement. As for the rest of us, we now know which sites not to visit.

Image Credit: Symantec

Symantec: Using Microsoft's Free AV is Dangerous

Pulkit Chandna — Tue, 07 Jul 2009 16:47:52 -0500

Microsoft recently made the Microsoft Security Essentials beta available for download. When Microsoft first announced that it had a free antivirus software in the works, Symantec and MacAfee shares immediately plunged. Both the antivirus developers are not ready to acknowledge MSE as a threat to their paid offerings.

David Hall, a regional product manager at Symantec, unleashed a diatribe against MSE while speaking to BLORGE. He believes MSE is not a consummate product and cannot fully protect users. “If you are only relying on free antivirus to offer you protection in this modern age, you are not getting the protection you need to be able to stay clean and have a reasonable chance of avoiding identity theft,” Hall said. He even ridiculed MSE as “a stripped down version of the OneCare product.”

Symantec Releases Public Beta of Norton Internet Security 2010 and AntiVirus 2010

Paul Lilly — Fri, 03 Jul 2009 17:19:54 -0500

Many of our readers were taken off-guard when we rated Norton Internet Security 2009 a 9/Kickass in last year's antivirus roundup, and we even admit to being surprised at Norton's transformation from a resource-heavy sloth to a lean and competent antimalware package. We hope the trend continues, and we'll have a chance to see if it does now that Symatec has released beta versions of its upcoming 2010 releases to the public.

The new version features a new protection model codenamed Quorum and will put a heavier focus on reputation-based malware detection. While it won't replace existing signature-based detection for known threats, Norton says the reputation model can detect zero-day malware that's never been seen before.

"Our new approach changes the rules by both enhancing traditional security techniques to make them more aggressvie and by making it dramatically more difficult for attackers to evade detection by simply changing their malware," said Rowan Trollope, Symantec senior vice president, Consumer Business Unit.

Other features include an overhaul to parental control and spam filtering, more detailed information provided by Norton Insight, which identifies known good programs for faster scanning, and a new feature called Autopsy, which is designed to help the user understand what just happened when Norton automatically removes an infection.

Norton Internet Security 2010 Beta
Norton Antivirus 2010 Beta

Image Credit: Symantec

Spam Level Rises To 90%

Andy Salisbury — Tue, 26 May 2009 17:00:19 -0500

It’s official, spam now accounts for 90.4 percent of all e-mail sent, so if you think your spam folder is beginning to look bigger, it’s not just you.

In a report released by Symantec, they state that 1 out of every 1.1 emails is junk, and spam shot up 5.1 percent from April to May. Though, it would appear that spam has taken a more diabolical angle as of late using older more, trusted sites in order to host malware.

“Spammers using better-known and thus more widely trusted Web sites to host malware is reminiscent of the spammers who rely on well-known Web mail and social networking environments to host spam content,” stated Paul Wood, Symantec's MessageLabs Intelligence Senior Analyst. “The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious--a temporary site set up with the sole purpose of distributing spam and malware--and thus faster to get shut down.”

So, remember ladies and gents, surf safe! The odds are very stacked against you.

Image Credit: MessageLabs

Adobe Patches Zero-Day Vulnerability

Justin Kerr — Sun, 15 Mar 2009 12:59:32 -0500

If you haven’t done so already, make sure your Adobe reader has checked for, and downloaded the latest updates. Adobe has finally released a patch for the zero day scripting vulnerability in its PDF software. The patch for version 9 hit the net a bit earlier than expected, but not a moment too soon to combat this now critically exploited weakness which has been in the wild now since December 2008. The patches for Version 7 & 8 are still planned for March 18th and users of this version would be advised to either upgrade to 9.1 or consider Foxit Reader.

The news was posted by Adobe blogger David Lenoe. "Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the 'no-click' variant of the vulnerability." "We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1."

For those that haven’t been following the details of the exploit, the vulnerability is a result of an array indexing error in the processing of JBIG2 streams. Hackers have found a way to corrupt arbitrary memory using the PDF format and take control of compromised systems. The lesson learned here if we didn’t know it already, don’t take candy, or PDF’s from strangers.