Ars Technica is reporting that researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are “as bad as it gets”. Much of the product line from Symantec contains a raft of vulnerabilities that expose millions of consumers, small businesses and large organisations to self-replicating attacks that take complete control of their computers. Simon Crosby, CTO and co-founder at Bromium had the following expert opinion:
“The fact that AV isn’t enough to protect from modern threats has been accepted in the industry for a long time – even by the AV vendors themselves. However, the realisation that security software itself can actually introduce new vulnerabilities will be a shock to many. There is a simple rule: more code equals more vulnerabilities. When you install software, you add to the attack surface of the machine.
AV is no exception. Add to this that malware detection rates are terrible, and that detection in concept is largely useless for polymorphic, targeted, 0-day malware, and it starts to question the use of AV at all.
We have to reduce the attack surface of our systems and effectively isolate dangerous activity away from our important business processes. The concept that we have a trusted system that is also being used to browse the Internet and open emails forces us to take this seriously – or face the consequences. Common wisdom is to apply a layered approach of defence-in-depth. But if you do this without layers of separation/isolation and rely on detection at each layer, then you’re kidding yourself and wasting your money. Tools like microvirtualization must be considered in order to fill the gaps.”