Symantec Security Response on NAV Auto-Protect, Alert Notification Limited DoS

Discussion in 'Software' started by NICK ADSL UK, Nov 12, 2004.

  1. NICK ADSL UK

    NICK ADSL UK MajorGeeks Forum Administrator Staff Member

    Symantec is responding to a posting to the Bugtraq mailing list http://www.securityfocus.com/archive/1/378...09/2004-10-15/0 . The poster was able to create a VBS script that caused a minor denial of service by terminating the system tray icon for Symantec Norton AntiVirus as well as preventing the Auto-Protect pop-up alerts from displaying on the user's system.

    To get a malicious script that can do this on a targeted system, the attacker requires "user assistance" by either enticing the targeted user to visit a location where the malicious file could be downloaded or have access to and permissions on the target system to upload or transfer the malicious file.

    Affected Components
    Symantec Norton AntiVirus (2003,2004, 2005)
    Symantec Norton Internet Security and Professional (2003, 2004, 2005)
    Symantec Norton System Works, Professional and Premier (2003, 2004, 2005)

    Non-Affected Components
    This issue does NOT impact Symantec Enterprise/Corporate products

    Symantec Response
    Symantec engineers have thoroughly tested this issue on all supported Symantec Norton AntiVirus consumer products.

    There is some basic misunderstanding in the posting about what impact killing the running Auto-Protect process has on Symantec's Auto-Protect functionality. Terminating CCApp.exe, as the poster states, will cause the Norton AntiVirus icon in the system tray to disappear and, will disable the user notifications regarding Auto-Protect actions, a very low risk denial of service. But, the user's system continues to be protected by the underlying Auto-Protect capability. The protection profile of the Symantec Norton AntiVirus application is not affected.

    Were a user to download malicious code to a system while the CCApp.exe process is terminated in this manner, the user would not receive an Auto-Protect alert pop-up notification. However, the malicious code would be detected by Symantec's Norton AntiVirus Auto-Protect function and would be prevented from being written to file or executed on the targeted system. The Auto-Protect notifications and the system tray icon can be easily restored by:

    - going to start =>Programs=>and opening Symantec Norton AntiVirus which kicks off the Auto-Protect running process
    - or, when the system is rebooted

    Although this is a very low risk issue, Symantec takes the security and functionality of their products very seriously. Symantec product engineers are currently investigating alternatives to address this issue. A resolution to this minimal disruption for Symantec's 2005 product versions has been completed. The update can be obtained through technical support from
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2004111013091839

    Complete information in >>>>>>>
    http://securityresponse.symantec.com/avcenter/security/Content/2004.11.10.html
     
    NICK ADSL UK, Nov 12, 2004
    #1

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds