You Should Update Your Antivirus Software Right Now

Image: Shutterstock

A security researcher at Google has found several fatal flaws in Symantec antivirus software (also known as Norton) that he describes as “as bad as it gets.” Symantec has issued an advisory to customers and released updates that fix the security flaws.

The blog post, written on Tuesday by Google security researcher Tavis Ormandy, is brutal. It chastises Symantec for the multiple critical vulnerabilities he discovered. “[The security flaws] don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible,” Ormandy wrote.


Because Symantec uses the same “core engine” for every product, Ormandy explained, the flaws effect all Symantec software. If your antivirus software doesn’t automatically update, it’s probably a good idea to do so now.

“Because Symantec uses a filter driver to intercept all system [input and output], just emailing a file to a victim or sending them a link to an exploit is enough to trigger it—the victim does not need to open the file or interact with it in anyway,” Ormandy wrote. “Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers.”

Keeping software updated is good computer security hygiene, as it ensures you have the latest patches to any known security flaws. For example, Google Chrome is considered one of the most secure browsers because, among other things, it automatically updates with important security patches.

[Google Project Zero, via Engadget]


Share This Story

Get our newsletter

About the author

William Turton

Staff Writer, Gizmodo | Send me tips:

PGP Fingerprint: 88DF AB75 FAFC 1D10 4C45 A875 CA45 ABE6 B08D 8E52PGP Key
OTR Fingerprint: 47F02E79 399AB8FA CC2A4DEF 4573B25F 18AB41D2