Security threats Toolkit

Further Norton embarrassment for Symantec

Munir Kotadia ZDNet Australia

Published: 30 Mar 2005 10:00 BST

Symantec has patched two flaws in its Norton AntiVirus security product after researchers discovered the application's 'SmartScan' and 'AutoProtect' features could cause a computer to crash when scanning certain file types.

This is the latest in a long line of embarrassing problems faced by Symantec over Norton AntiVirus. The product has come under heavy criticism recently for being resource-hungry, unreliable and difficult to install and uninstall.

Researchers in Japan discovered the two new flaws. The first problem was reported by the Japan Computer Emergency Response Team (JCERT) and affects Norton Antivirus' auto-protect tool.

Auto-protect was designed to scan all files as they are accessed by the 'protected' computer. Unfortunately, JCERT discovered that certain file types, when automatically scanned, caused the computer to crash.

According to a Symantec advisory, "when auto-protect was invoked to scan a particular file type… the resultant scan caused the system to hang and generate a general protection fault error, or Blue Screen Of Death (BSOD), requiring a system reboot to clear".

The second flaw, discovered by the Information-Technology Promotion Agency-Japan (IPA), affects systems that have Smart-Scan enabled. Smart-Scan inspects certain file types, such as executables and documents and has the ability to recognise a particular file type even when its extension has been changed.

The IPA found that if a file is stored on a shared network directory and it is renamed, the modification will activate Smart-Scan and cause a system crash.

The Symantec advisory states: "Based on the file write for the name change, Smart-Scan will be invoked to scan the file, which can result in excess CPU consumption and ultimately a system crash."

Symantec said patches for both problems are already available thorough its LiveUpdate feature and the company is "unaware of any adverse customer impact from either of these issues".

Over the past six months, Symantec has had to admit that its products contain a series of embarrassing security holes. In February, the company warned customers that virtually all of its security products contained a flaw that could actually help virus writers execute malicious code on apparently 'protected' systems.

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.