There was no rest for Symantec engineers over the Memorial Day holiday weekend as the company burned the midnight oil to patch a flaw affecting its corporate antivirus software. The company released the fix over the weekend, just days after security researchers had discovered the problem.
Security firm eEye Digital initially reported the vulnerability last week. The flaw, if exploited, would have enabled hackers to run malicious software remotely on vulnerable PCs.
The patch for Symantec's AntiVirus Corporate Edition and Symantec Client Security are available through the company's Live Update service  and should be applied as soon as possible, Vincent Weafer, a senior director at Symantec Security Response, said on Tuesday.
However, because there have been no known exploits "in the wild" that can take advantage of the flaw, there is no urgent need to apply the patch, he said.
Warp Speed
Symantec's security software is among the most widely used, running on more than 200 million computers around the globe. If a hacker had exploited the flaw with a worm prior to the release of the patch, it could have caused a significant amount of chaos.
A patch released within days of a vulnerability being disclosed is almost unprecedented in a field where it takes most software manufacturers weeks, or even months, to correct a flaw. According to Weafer, Symantec technicians worked around the clock on the problem since the company became aware of the existence of the flaw.
"Symantec is a company used to responding rapidly," Weafer said. "In less than 24 hours of the issue being reported to us, the Symantec teams delivered [intrusion protection] signatures to protect our customers from any possible exploit attempt -- and in less than three days, Symantec delivered fixes for the vulnerable product."
New Target
Symantec put its resources behind the problem, said Natalie Lambert, an analyst at Forrester Research. Lambert called Symantec "number one" in terms of mindshare in security.
"Symantec did not want these companies to be vulnerable," she said, noting that, to maintain its reputation, Symantec had to get the patch out quickly. "It was what [their corporate clients] expected."
Given that antivirus software has become so widely used, Lambert went on to say, hackers are increasingly focusing on it as a way to penetrate systems.
"Symantec is one of the largest antivirus providers out there," Lambert explained, "and because of that, they are going to be a target."
|
