…although those of y’all depending on Symantec security products (e.g. Norton Anti-Virus) might view this as my Christmas present to you. So, Merry Christmas, all tied up with a bow and all:
Using NAV? JUST STOP IT. Quick, download a different AV product! Grisoft’s free AVG Anti-Virus will do. Why?
Anti-virus vendor Symantec Corp. has publicly acknowledged that a high-risk buffer overflow vulnerability in its AntiVirus Library could lead to code execution attacks when RAR archive files are scanned.
A proof-of-concept example of Symantec’s products’ inability to catch bad code that can execute from within an RAR file is all that’s been shown, so far. But that’s enough. Just ONE example like that would be enough for me to switch (and it was, several years ago), and anyone using NAV ought to at least temporarily disable it, download another AV product and install it until Symantec can restore some semblance of confidence in its product.
You have been warned, If the Grinch steals your Christmas cos you didn’t heed the warning, at least I know I tried.
(Yes, I know that SO FAR no examples exploiting the Symantec virus scan flaw/vulnerability have been found in the wild. So? You wanna be the one to find one? 🙂