lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 18 Oct 2004 17:24:44 -0000
From: <secure@...antec.com>
To: bugtraq@...urityfocus.com
Subject: Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC
    and rant)


In-Reply-To: <416F7ABB.8070502@...ealshoebox.com>

Symantec is aware of this posting. Symantec engineers are reviewing this issue.  If it is validated we will respond accordingly.  

Symantec takes the security of our products seriously.  We are a responsible disclosure organization.  We would like to work directly with anyone who believes they have found a security issue in a Symantec product to validate the problem and coordinate a response.  

Please contact secure@...antec.com concerning security issues with Symantec products.

Symantec Product Security
secure@...antec.com

-----------------snip-------
>Date: Fri, 15 Oct 2004 03:22:35 -0400
>From: Daniel Milisic <dmilisic@...ealshoebox.com>
>User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913)
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>To: full-disclosure@...ts.netsys.com
>Cc: bugtraq@...urityfocus.com
>Subject: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant)
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>Content-Transfer-Encoding: 7bit
>
>Hi All,
>
>For the last couple of week's I've been hands-and-face into a project 
>that is based heavily on .HTA apps.  Basically, the VBScript embedded in 
>the HTA handles the front-end for some basic console-driven tools.  It 
>was also designed to be very simple as to work equally well under 
>95+IE5.5 to Win2003.  Worked really nice... HOWEVER during the testing 
>phase on various platforms, I discovered my .HTA grinds to a halt on 
>machines running Norton AntiVirus 2004, thanks to the "Script Blocking" 
>feature.  A prompt or alert from the damn AV software was NOT something 
>I wanted my users to deal with.  So, I downloaded the TrialWare version 
>from Symantec to take a poke at whether or not I could work around it.
>
>Here's how that went...
>
>One 25MB Download and I was all set to start testing!  But wait, I 
>should LiveUpdate...
>LiveUpdate, 4MB -- REBOOT #1 (*mandatory* restart)
>LiveUpdate, 3MB -- REBOOT #2 (Prompt to restart with an option to continue)
>LiveUpdate, 1MB -- REBOOT #3 (Right now I am thinking oh you have got to 
>be <bleep>ing kidding me, THREE REBOOTS to get up-to-date AV installed!)
>
>Grisoft's AVG6, for comparison sake, is about 7MB in total I believe, 
>and requires a single reboot.  It doesn't have Script Blocking, but if 
>you're thoughtless enough to click on a .vbs e-mail attachment you 
>pretty much deserve what's coming to you ;)
>
>Once out of reboot hell, I fired up the NAV2004 console, an annoyingly 
>tacky HTA-ish type front-end with more bling-bling than functionality.  
>Over the last few years I've grown to really dislike NAV for this, and 
>not just because of the aesthetics.  On more than one occasion I'd see a 
>virus or spyware infected PC with NAV on it (user error not NAV's 
>fault); with the NAV console just a smoldering pile of script errors 
>after the malicious program hosed IE's rendering engine.  The NAV 
---------------snip------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ