Some of Norton Antivirus’ source code has leaked
Heads up Norton users! A headline hit the news last night about the confirmed leak of source code for the popular Norton Antivirus software by Symantec. You can read the articles for yourself here and here.
For those who aren’t tech savvy, the word “source code” refers to the so-to-speak “recipe” for the development/creation of a program. It is literally the instructions that are more or less written by computer programmers. This kind of information is proprietary and is often a trade secret, much like the coveted ingredients list for Coca Cola or my moms apple pie. If one were able to obtain such information, say a competator or the creators of compuer viruses, one might use this information to one-up the software or, more importantly, exploit design flaws to circumvent the software. In short this means it is quite likely there will be a new breed of viruses on the horizon that will be capable of outsmarting Norton, rendering it useless and crippled.
Symantec has been trying to downplay the severity of this breach by stressing the age of the code, stating that the origin is a version of their software that dates back to 2006, or so we’ve been told thus far. This is an attempt to defuse the concern by implying that their latest software is far different at its core and that there won’t be very much that is useful to virus writers because they still don’t have their hands on the latest blueprints. But the reality of the situation is far less peachy than they would like to paint it. In the world of computer programming software and even entire operating systems will retain a fair chunk of old code from previous versions simply because, well, it’s already been written and if it “works” then there’s little need to rewrite it from scratch. I’m not saying source code is never rewritten, revised or updated from time to time, but when it comes to large programs such as Norton Antivirus that’s made up of tens of thousands of lines of code it could easily be argued that there is likely a good percentage of old code that has been retained for years without ever being modified. It would be like having a castle or fortress that is under continuous construction and maintenance. You can’t afford to tear the whole thing down every year and rebuild it from scratch, so instead what you do is build around and upon the existing structure and make repairs to the parts that need repairing the most. This means that likely most of the fundamental structure is retained and knowledge of the construction of such a structure could be used by an enemy to find a previously unnoticed vulnerability.
In the interest of full disclosure I will have to admit that Norton hasn’t been on my list of recommended software since the late 90s when it was practically the only anti-virus software available. It’s early bird status was followed by years of successful marketing and advertising, which lead to its continuous wide spread recognition of the software/brand name, giving the impression to novice computer users that Norton really is the best thing out there. ”How could it not be good when its so popular?” they might ask themselves.
I am here to tell you that the number one problem I fix for people in this line of work is virus removal and far too often I see systems that are running Norton that have become utterly trashed by multiple viruses while Norton gives inaccurate scan results, claiming the system is clean and virus free. This is particularly irksome to me because when you consider the wide spread saturation of their software along with the monetary cost to the users for the renewal every year you would have to expect the company to use their position and resources to everyones benefit. Despite its wide spread usage and price tag it fails to survey new viruses and develop new definitions for capturing and stopping them in an effective manner and so many users never seem to get their moneys worth. I am willing to give the benefit of the doubt and accept the fact that there is no such thing as a “perfect” antivirus software, but you should expect to be given better treatment and results if you’re paying upwards of $70 a year for protection, especially when there are free alternatives out there that have been statistically shown to do a comparatively better job. And to think these kinds of problems existed before some of their source code leaked. Now that some source code has leaked and the potential for new viruses to be developed to exploit Norton itself are likely right around the corner I feel obligated to suggest that people avoid using it all together. No amount of marketing or PR can change the consensus of most IT professionals who can see past all the BS and to me this incident is more than just one more nail in the coffin.
So what do I recommend instead of Norton? I mentioned that there is “no such thing as a perfect antivirus” but there are alternatives that hold a higher reputation than Norton that cost a fraction of what Norton costs or even nothing at all. In past blog entries I’ve mentioned Microsoft Security Essentials, Malwarebytes and Combofix and still recommend them, so here’s a little information about them.
Microsoft Security Essentials is a free antivirus solution that Microsoft itself actually produces and it’s quite popular in the IT community right now for a couple of reasons. I already mentioned that its free but it is also effective and not as resource intensive as other software. There’s also a new stand-alone bootable version of it that’s going through public beta testing right now which is handy to have for particularly difficult viruses. You can read more about it here. Be aware that there has, in the past, been a rogue malware impostor simply called “Security Essentials 2010/2011/2012″ which people have confused with the real deal, falling victim to a trap. You can download the real deal from here.
Along side MSE I also recommend users purchase the full copy of Malwarebytes for the one time payment of $25. Some of the handy features it has is an active connection monitor which will automatically block your computer from attempting to connect to known malicious web servers. It also features an active process monitor like a traditional antivirus and will help prevent a good number of rogue malware type software from infecting your system. There is a free version of this available but its active monitoring features are disabled. I’ve been using it in the field for over 2 years now and it has worked incredibly well for helping clean systems that had already become infected. You can read more about it here and download/purchase it from here.
Finally a tool I use quite often to help clean systems that have already become infected is a program called Combofix, which is free. This isn’t so much a traditional antivirus that runs in the background as it is a stand-alone utility for scanning a system after it has become infected. It is regularly updated so it’s best to not bother downloading and using it until you actually have to. You can read more about it here and download it from here.
In conclusion I strongly advise my clients to not use Norton Antivirus because it’s one of the most over-hyped, over-priced products out there right now and with the news of parts of its source code being leaked it only stands to become an even less effective product that will do less to protect you than other cheaper alternatives out there.
Speaking of alternatives, there is always the option of picking an alternative operating system such as Linux.
Linux is a free open-source OS that comes in many flavors. We are already seeing Android being adopted by smartphone and tablet users like crazy and it is just one example of a Linux based OS that is taking the world by storm. But for desktop and laptop users there remains a need for a full fledged desktop OS and there are many out there to choose from. My personal favorite is Ubuntu Linux which you can check out at ubuntu.com. It’s not for everyone but I can easily say that it is a very ideal choice for the average user. Keep an eye out for future posts; I intend to record a new introductory video for Ubuntu 12.04 when it is released this coming April.