Vulnerabilities on Symantec May be helpful to Hackers
Symantec ranks high among the reputable security tools used by government agencies, corporates and individuals to protect computers.
Unfortunately, the program is now a subject of criticism as critical loopholes that could actually make a hackers job easier were reported by the U.S department of Homeland Security which issued a warning to the public on Tuesday this week.
According to the alert warning, all Symantec and Norton antivirus product could help a hacker to manipulate a computer.
The stern warning will affect most users given than Symantec stands at the 5th position among the most popular anti-malware software based on finding by OPSWAT, and industry tracker. In fact, the software is currently on millions of computers across the globe. In addition, Symantec is the first line of defense in many government offices and companies across the globe.
These exploitable loopholes in the PC security software are a major problem. Attackers are aware that PC owners are likely to trust the popular security product just in the same way they are likely to be running on Windows and install Adobe Flash. This coupled with the fact that users are likely to be operating on a low level anti-virus application on a computer with powerful privileges sounds like a noxious cocktail for hackers.
The alert is likely to result in anti-virus software vendors ironing out possible loopholes on their software before they are caught in an awkward situation. For the giant tech firm Symantec, the security alert is a major blow. Users give Symantec a great deal of trust by allowing it to access their computers. However, as it turns out, the applications exploit this trust.
The code makes it significantly easy for virus to spread through networked computers. For instance, if one computer received an email with virus embedded on a file, or even a URL of a potentially harmful website, then it is at a high risk of infection.
This flaw was discovered by a security researcher on Google’s elite “Project Zero” security team, Tavis Ormandy who noted on the risk of such vulnerabilities on a blogpost. Ormandy had in April alerted Symantec about the loopholes.