This technique of using packers is in itself not malicious, as many code developers are familiar with and use the technique, but what this means is an antivirus product has to automatically unpack the packed code so that it can be examined for maliciousness. The Main VulnerabilityĪs a member of the Project Zero team at Google, Tavis released an advisory that details memory corruption when using crafted malicious files to trigger a flaw in the Symantec Antivirus Decomposer engine, an engine used in pretty much the entire Symantec and Norton security product line including their flagship product Symantec Endpoint Protection.Ī common technique for malicious code authors is to use “packers” to compress the size of their malicious code. So it is no surprise that on Ja vulnerability in Symantec’s Antivirus Decomposer engine, used in Symantec Endpoint Protection and other Symantec and Norton security products, was acknowledged by Symantec Corporation in a security advisory issued by the company, and we all loved and hated Tavis all over again. This hate is compounded when the bug is easy to exploit and you have that feeling of “if I had only looked there first….” The life of a security researcher is like this. We typically love his work, but we hate it when he finds a particularly juicy bug. I think most security researchers have this love/hate relationship with Tavis Ormandy.
0 kommentar(er)
