lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <002001c3decb$89b4ca00$6500a8c0@p41700>
From: chows at ozemail.com.au (Gregh)
Subject: Nortons Liveupdate - problem?

A lot of your customers may have your Nortons AV prog (I don't mean other
Nortons products, just the anti virus scanner though this may apply to their
other products, too) set to auto update when on Internet without
interrupting the user which IS a good idea normally. However, a few weeks
ago due to a stupid error on the part of a company Nortons uses, your AV
prog couldn't find their update site for the day. It didn't last long and
should have ended there.

Unfortunately, I have become aware, while fixing problems for people who use
Nortons, that their Nortons (2000, 2002 and 2004 versions) hadn't updated
for the last two weeks. So, I manually MADE it update and it did so just
fine. This isn't normal. Nortons usually auto updates fine and on each
machine where I have noted this (5 so far, all Nortons, all the same drop
off time), they have been without updates since that date and thus open to
newer stuff. Bagle should start hitting hard today and if what I fear is
correct, none of your Nortons users will be protected UNLESS you get them to
open their Nortons and run your LiveUpdate manually. 5 out of 5 machines all
stopped updating at the same period seems strange to me. There were 2 in one
user group, 2 in another company and one friend who I do work for on his
personal machine. These were 3 different sites in other words.

So, do yourselves a favour. I may be wrong but if I am not wrong, your users
are not protected. They MAY be protected automatically after manually
updating but I am not even 100% sure of that right now. Run Liveupdate
manually NOW and be sure!

Greg.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ