| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: chows at ozemail.com.au (Gregh) Subject: Nortons Liveupdate - problem? Where else would Nortons be looking BUT their servers for updates? Sigh.... ----- Original Message ----- From: "Joshua Levitsky" <jlevitsk@...hie.com> To: <full-disclosure@...ts.netsys.com> Sent: Tuesday, January 20, 2004 8:15 AM Subject: Re: [Full-Disclosure] Nortons Liveupdate - problem? > And of course if you run Corporate Edition against an internal LiveUpdate > server then none of the below applies. Most likely doesn't apply even if you > use Symantec's servers. The scheduler is different in the CE version from > the retail version. > > -- > Joshua Levitsky, MCSE, CISSP > System Engineer > Time Inc. Information Technology > [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] > > > ----- Original Message ----- > From: "Gregh" <chows@...mail.com.au> > To: "Disclosure Full" <full-disclosure@...ts.netsys.com> > Sent: Monday, January 19, 2004 3:33 PM > Subject: [Full-Disclosure] Nortons Liveupdate - problem? > > > >A lot of your customers may have your Nortons AV prog (I don't mean other > > Nortons products, just the anti virus scanner though this may apply to > > their > > other products, too) set to auto update when on Internet without > > interrupting the user which IS a good idea normally. However, a few weeks > > ago due to a stupid error on the part of a company Nortons uses, your AV > > prog couldn't find their update site for the day. It didn't last long and > > should have ended there. > > > > Unfortunately, I have become aware, while fixing problems for people who > > use > > Nortons, that their Nortons (2000, 2002 and 2004 versions) hadn't updated > > for the last two weeks. So, I manually MADE it update and it did so just > > fine. This isn't normal. Nortons usually auto updates fine and on each > > machine where I have noted this (5 so far, all Nortons, all the same drop > > off time), they have been without updates since that date and thus open to > > newer stuff. Bagle should start hitting hard today and if what I fear is > > correct, none of your Nortons users will be protected UNLESS you get them > > to > > open their Nortons and run your LiveUpdate manually. 5 out of 5 machines > > all > > stopped updating at the same period seems strange to me. There were 2 in > > one > > user group, 2 in another company and one friend who I do work for on his > > personal machine. These were 3 different sites in other words. > > > > So, do yourselves a favour. I may be wrong but if I am not wrong, your > > users > > are not protected. They MAY be protected automatically after manually > > updating but I am not even 100% sure of that right now. Run Liveupdate > > manually NOW and be sure! > > > > Greg. > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists