• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

DoubleAgent: Taking Full Control Over Your Antivirus

Hi,Is Norton Security safe from this attack?

https://cybellum.com/doubleagent-taking-full-control-antivirus/

Replies

Kudos4 Stats

Re: DoubleAgent: Taking Full Control Over Your Antivirus

After investigating this issue we confirmed that this PoC does not exploit a product vulnerability within Norton Security. It is an attempt to bypass an installed security product and would require physical access to the machine and admin privileges to be successful. We remain committed to protecting our customers and have developed and deployed additional detection and blocking protections to users in the unlikely event they are targeted.

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
Kudos0

Re: DoubleAgent: Taking Full Control Over Your Antivirus

They have already posted a PoC video for bypassing Norton in youtube (link below)

https://www.youtube.com/watch?v=-ZL9WSuDAqk&feature=youtu.be

@Tony_Weiss just to confirm are you saying Norton is not vulnerable to this bug?

Kudos0

Re: DoubleAgent: Taking Full Control Over Your Antivirus

That is the same as not answering the question. There's video from Cybellum demonstrating the attack on a Norton Security protected pc...

Other vendors have acknowledged and patched the vulnerability, you haven't. NOT VERY TRUSTWORTHY.

Kudos0

Re: DoubleAgent: Taking Full Control Over Your Antivirus

As stated, it has been shown that Norton was supportable to this attack from the video that was made.  I am not an expert on this stuff, but I guess the question is, since it has been shown to be vulnerable has a patch been made available?  If one has not been made available, is there one coming, and do you have any guess as to a time frame, and how we can better try to protect ourselves from this.  I don't understand how this exploit works, so to have some info, would be good in avoiding it if possible. 

Kudos1 Stats

Re: DoubleAgent: Taking Full Control Over Your Antivirus

UPDATE: Norton issued this statement: "After investigating this issue we confirmed that this PoC does not exploit a product vulnerability within Norton Security. It is an attempt to bypass an installed security product and would require physical access to the machine and admin privileges to be successful. We remain committed to protecting our customers and have developed and deployed additional detection and blocking protections to users in the unlikely event they are targeted."

http://www.networkworld.com/article/3183587/security/double-agent-attack-can-turn-antivirus-into-malware.html 

Kudos2 Stats

Re: DoubleAgent: Taking Full Control Over Your Antivirus

It seems that in order for this to work on Norton (or any security software), the attacker needs to have administrative privileges and physical access to the computer.  Those are two big obstacles, so I don't think that most of us need to worry about that.  I think corporations and government entities would be more at risk from that kind of attack if you ask me..

Kudos0

Re: DoubleAgent: Taking Full Control Over Your Antivirus

According to the initial report that came out,symantec products were not affected (aka SEP)-This hasn't yet been confirmed thought https://www.symantec.com/connect/ideas/doubleagent-zero-day-hijacks-micr... https://www.symantec.com/connect/forums/what-versions-sep-12x-14x-are-pr... I guess someone needs to verify the PoC against SEP :)

Kudos0

Re: DoubleAgent: Taking Full Control Over Your Antivirus

Has Norton rewritten to utilize Protected Processes as provided by Microsoft? Y/N  

Demonstrations are showing Norton to be vulnerable so reports referred do not satisfy concerns in my circle. Being a fan of Norton since early 1990's, had to explain non-answers to clients who are much more aware and concerned in general. 

Kudos0

Re: DoubleAgent: Taking Full Control Over Your Antivirus

Was Norton Tamper Protection disabled for that video?

This thread is closed from further comment. Please visit the forum to start a new thread.