IDG Contributor Network: When your security products are insecure: Takeaways from the Symantec disclosure

5 months ago Comments Off on IDG Contributor Network: When your security products are insecure: Takeaways from the Symantec disclosure

Tavis Ormandy, a member of Google’s Project Zero initiative, recently discovered a series of vulnerabilities in Symantec’s security products that he describes as “as bad as it gets.” Affecting both the company’s consumer and enterprise products, these vulnerabilities are far-reaching and can’t all be patched with automatic updates.

Ormandy writes of these vulnerabilities, “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

To read this article in full or to leave a comment, please click here

InfoWorld