In-Reply-To: <416F7ABB.8070502 (at) myrealshoebox (dot) com [email concealed]>
Symantec is aware of this posting. Symantec engineers are reviewing this issue. If it is validated we will respond accordingly.
Symantec takes the security of our products seriously. We are a responsible disclosure organization. We would like to work directly with anyone who believes they have found a security issue in a Symantec product to validate the problem and coordinate a response.
Please contact secure (at) symantec (dot) com [email concealed] concerning security issues with Symantec products.
Symantec Product Security
secure (at) symantec (dot) com [email concealed]
-----------------snip-------
>Date: Fri, 15 Oct 2004 03:22:35 -0400
>From: Daniel Milisic <dmilisic (at) myrealshoebox (dot) com [email concealed]>
>User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913)
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>To: full-disclosure (at) lists.netsys (dot) com [email concealed]
>Cc: bugtraq (at) securityfocus (dot) com [email concealed]
Symantec is aware of this posting. Symantec engineers are reviewing this issue. If it is validated we will respond accordingly.
Symantec takes the security of our products seriously. We are a responsible disclosure organization. We would like to work directly with anyone who believes they have found a security issue in a Symantec product to validate the problem and coordinate a response.
Please contact secure (at) symantec (dot) com [email concealed] concerning security issues with Symantec products.
Symantec Product Security
secure (at) symantec (dot) com [email concealed]
-----------------snip-------
>Date: Fri, 15 Oct 2004 03:22:35 -0400
>From: Daniel Milisic <dmilisic (at) myrealshoebox (dot) com [email concealed]>
>User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913)
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>To: full-disclosure (at) lists.netsys (dot) com [email concealed]
>Cc: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant)
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>Content-Transfer-Encoding: 7bit
>
>Hi All,
>
>For the last couple of week's I've been hands-and-face into a project
>that is based heavily on .HTA apps. Basically, the VBScript embedded in
>the HTA handles the front-end for some basic console-driven tools. It
>was also designed to be very simple as to work equally well under
>95+IE5.5 to Win2003. Worked really nice... HOWEVER during the testing
>phase on various platforms, I discovered my .HTA grinds to a halt on
>machines running Norton AntiVirus 2004, thanks to the "Script Blocking"
>feature. A prompt or alert from the damn AV software was NOT something
>I wanted my users to deal with. So, I downloaded the TrialWare version
>from Symantec to take a poke at whether or not I could work around it.
>
>Here's how that went...
>
>One 25MB Download and I was all set to start testing! But wait, I
>should LiveUpdate...
>LiveUpdate, 4MB -- REBOOT #1 (*mandatory* restart)
>LiveUpdate, 3MB -- REBOOT #2 (Prompt to restart with an option to continue)
>LiveUpdate, 1MB -- REBOOT #3 (Right now I am thinking oh you have got to
>be <bleep>ing kidding me, THREE REBOOTS to get up-to-date AV installed!)
>
>Grisoft's AVG6, for comparison sake, is about 7MB in total I believe,
>and requires a single reboot. It doesn't have Script Blocking, but if
>you're thoughtless enough to click on a .vbs e-mail attachment you
>pretty much deserve what's coming to you ;)
>
>Once out of reboot hell, I fired up the NAV2004 console, an annoyingly
>tacky HTA-ish type front-end with more bling-bling than functionality.
>Over the last few years I've grown to really dislike NAV for this, and
>not just because of the aesthetics. On more than one occasion I'd see a
>virus or spyware infected PC with NAV on it (user error not NAV's
>fault); with the NAV console just a smoldering pile of script errors
>after the malicious program hosed IE's rendering engine. The NAV
---------------snip------------------------
[ reply ]