Symantec on Friday released intrusion prevention system (IPS) signatures that provide protection from a recently discovered vulnerability in its antivirus software that allows remote users to launch worm attacks.
The vulnerability affects Symantec Client Security 3.1 and Symantec AntiVirus Corporate Edition 10.1, and the vendor has released IPS signatures via LiveUpdate for Symantec Client Security that provides protection from future exploits, Symantec confirmed Friday.
The vulnerability was originally discovered on May 24 by researchers from eEye Digital Security. They rated the flaw as highly severe because it doesn't require any user interaction in order to be exploited, making it especially conducive to worm attacks, according to a spokesperson for eEye, Aliso Viejo, Calif.
"As a trend, we are seeing the complexity of software increase and [as a result] the existence of vulnerabilities is pretty prevalent at the application layer," the eEye spokesperson said. "Anytime you have complex software there are going to be vulnerabilities."
"Any software that's Internet-facing and is reachable from the outside is potentially wormable," said Roger Thompson, CTO of Atlanta-based security start-up Exploit Prevention Labs and a longtime security researcher.
One security vendor executive who requested anonymity was baffled by Symantec's decision to release IPS signatures because hackers could reverse-engineer the signatures and have a blueprint of the vulnerability, the source said.
"As an advocate for responsible disclosure, we are scratching our heads [in disbelief]," the source said.
The Symantec vulnerability is another example of why enterprises need to look at security as a layered approach says Dave Gilden, COO of Acuity Solutions, Tampa, Fla.
"[Enterprises] cannot assume if they have one [security] product its going to protect them from everything. Symantec a great product, but you have to look at your environment holistically and make sure you have non-conflicting layers to ensure your protection," Gilden said. This type of vulnerability is not limited to security software and could happen to any software vendor, he added.
There is no single security solution that protects against every type of threat, which means companies have to implement multiple layers of security, said Gary Cannon, president of Advanced Internet Security, a Colorado Springs, Colo.-based solution provider. "A lot of people rely on gateway protection, but there are other avenues into your [network]," he said. "To me, anyone who doesn’t layer sec is basically asking for something to happen."