Glitch found in Symantec antivirus updates

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Security ; Jo Ticehurst [03 Jul 2000]

Glitch found in Symantec antivirus updates

Symantec antivirus users have been urged to check their software after two of the vendor's recent updates caused problems for a number of users. According to Symantec, several users who downloaded the company's virus definitions updates on 16 and 19 June have suffered what appears to be a system slow down or freeze.

Eric Chien, chief researcher at Symantec, said the problems occurred when the company implemented a new script scanning engine for detecting viruses.

"Traditionally, the way we scanned for viruses was to look at only certain parts of files. However, with the new VBS infections, like the Love Bug, it is now necessary to look at the whole file," he said.

Device files appeared "infinite" to the virus scanning software, which meant that the software was unable to finish scanning for viruses and the PC would appear to freeze up, said Chien.

"These files are old DOS files and everyone has them on their PC. For example, one of them is called LPT1, a printer device file. Unfortunately, when a user rebooted following the system 'freeze up', Scandisk is automatically run and users also found they were unable to delete these files in Windows, causing more problems."

Chien said Symantec has written a tool to correct the problem, which is available now at the company's website.

Corporate users in particular should test virus definition downloads on a few PCs before rolling them out to the entire company, he added.

Richard Stagg, senior security architect at Information Risk Management, said the problems the update caused are reminiscent of the difficulties users sometimes experience with Microsoft service packs and 'hotfixes'. He pointed out that producing software quickly and having it thoroughly tested, which can take weeks, are conflicting goals.

"You can't have it both ways," he said. "This doesn't reflect well on Symantec and they will probably want to review their quality control procedure."

http://c.moreover.com/click/here.pl?k8019195

-- Martin Thompson (mthom1927@aol.com), July 04, 2000


Moderation questions? read the FAQ