It’s an axiom that [tag]computer security[/tag] impossible these days without several security components. At the very minimum you should have anti-virus and anti-spyware programs installed on your computer. Those programs can minimize the risk of unwanted intrusions. There are many computer security packages, and they are not equal in their ability to identify and prevent potential attacks.

One of the most well-known internet security programs is a security line of Symantec products known as “Norton family”: Norton AntiVirus, Norton Internet Security, Norton Anti-Spyware Edition, etc.

Of course, Symantec claims that your computer will be totally secure and protected if you use their security products. The sad truth however, that Norton security products are known in the hackers world as theone of the most easiest to hack into.

The most sought after type of vulnerabilities are the ones that can grant remote access to user’s computer, and if this access can be obtained without authentication, it’s even better.

And Norton security products are so popular among average computer users that it make them almost as wide-spread as computers with some kind of Windows OS installed, and thus even more desirable targets for hackers.

A few days ago Symantec had to release a security warning about security vulnerability found in 2 ActiveX controls. The vulnerability belonged to the class of input validation errors.

This means that data received by user computer was not properly validated which could allow a malicious attacker to remotely execute arbitrary code with the rights of logged in user (which means no additional authentication is required). The only other thing that attacker would need to successfully complete the attack is to trick the user to go to the website where this code would run.

This vulnerability affected Norton AntiVirus, Norton Internet Security, and Norton System Works, version 2006 and Norton Internet Security, Anti Spyware Edition, version 2005. Symantec Corporate Edition and Symantec for Linux were not affected.

Symantec Security Response team realesed Bloodhound.Exploit.148 that patches this vulnerability.

If you’re using Norton security products and you regularly update virus definitions and signatures through LiveUpdate then you should be OK.

Otherwise click on your LiveUpdate Right Now!

You can learn more about this vulnerability from the Symantec website: “Symantec ActiveX Control Input Validation Error”

Symantec credits Secunia Research for reporting this issue. Funny thing that this exploit is announced as a new one.

But it was known to hackers community for over 3 months! Yes, the remote access computer vulnerability through the execution of arbitrary code within those Norton ActiveX was annonunced by one of the hackers group on their blog more than 3 months ago, and they even released proof of concept code proving their point.

That just gives to show you that Symantec is not very quick in pinpointing and liquidating newest threats. Plus their support department is notoriously slow in support responses.

So in the next post I’ll talk about other computer and internet security programs that offer better support, and have quicker response.