Symantec pulls Norton patch after error reports

August 27, 2009

This is the error message on the Norton support Web site after users reported that the patch failed to install properly.

(Credit: Symantec)

Symantec is providing a fix for customers who got error messages after a patch deployment went awry for some Norton users, the company said on Tuesday.

The problem started last Wednesday when Symantec deployed patches for Norton AntiVirus 2009, Norton Internet Security 2009, and Norton 360 v3 via LiveUpdate. Some customers received error messages saying that there was a problem with the Symantec Service Framework.

The patch, which is supposed to communicate with the hardware to ensure that it is correctly installed, did not handle the response from the hardware properly after it was installed, a company spokeswoman said.

The problem affected a small number of users, or fewer than 1 percent, and most of the customers reporting a problem are using PCs that have been specially configured or customized and are not "out-of-the-box" PCs and "only after reboot," the spokeswoman said.

There were more than 630 messages on the Norton user forum about the topic, a number of which expressed frustration with Symantec and accused the company of not doing enough to keep customers informed about the problem.

"This is insane. I'm looking for other antivirus options now and will soon remove Norton from all three of my machines. Next I'm going to post a review on Epinions advising others to stay far away," wrote one user. "This is garbage and I've had more than enough."

Another user wrote: "Well I just used the Norton Removal Tool for likely the last time. When the browser window with the Norton reinstallation instructions popped up, I chuckled as I closed it out and navigated to a competitor site were I promptly downloaded another AV product."

The company first learned of the problem from posts to the forum last Wednesday and posted messages the next day saying it was investigating the problem. It then provided an official response on Friday saying the problem had been identified, according to the spokeswoman. The fix was posted on Symantec's knowledge base and the forum on Saturday, she said.

Symantec customers can visit this Symantec page to download the fix.

Symantec also set up a link on Tuesday through Microsoft WinQual to help users locate a fix and will make the fix available to customers automatically via LiveUpdate this week, according to the spokeswoman.

The problem comes less than six months after Symantec released a diagnostic patch for some of its older Norton products that did not identify its origin and thus triggered alerts on firewalls. The company blamed human error for the release of the unsigned patch, a program dubbed "PFST.exe."

Posted by Oyya-Info. Posted In : Security 

 

Cisco wireless LANs at risk of attack, 'skyjacking'

August 25, 2009

Cisco Systems wireless local area network equipment used by many corporations around the world is at risk of being used in denial-of-service attacks and data theft, according to a company that offers protection for WLANs.

Researchers at AirMagnet, which makes intrusion-detection systems for WLANs, discovered the vulnerability, which affects all lightweight Cisco wireless access points, as well as the exploit that could be used against networks that have the Over-the-Air-Provisioning (OTAP) feature turned on.

"We found it in our labs," Wade Williamson, director of product management at AirMagnet, said on Monday. "We don't know about it being exploited in the wild."

Basically, the Cisco access points generate an unencrypted multicast data frame that is sent over the air and includes unencrypted data like the MAC address and the IP address of the wireless controller, as well as some configuration options, he said. The controller is used to manage the access points.

With that information, someone listening to the network could easily find the internal addresses of the WLAN controllers in the network and potentially target them with a denial-of-service attack, Williamson said.

"Someone out in the parking lot or a neighbor can look at the packets and see information about the controller on the wired side," he said. "This is giving anybody that's listening to the environment some pretty detailed information about the wired network that we want to keep protected."

If an access point has the OTAP enabled, the wireless LAN is also at risk of a "skyjack" exploit, Williamson said. With the OTAP feature enabled, a newly deployed Cisco access point will listen to the multicast data being broadcast to find the address of its nearest controller.

However, the access point could end up connecting to an outside controller if it hears multicast data from that network instead, and thus it would be under someone else's control, he said.

Someone could skyjack a corporation's access point and "use the wireless LAN to create a wired path into your network," Williamson said.

AirMagnet has informed Cisco about the problems and Cisco is working on a solution, Williamson said.

"As a matter of policy, Cisco takes security vulnerabilities very seriously and we continue to take active measures to safeguard the security and reliability of our equipment," a Cisco spokesperson said.

"Our standard practice is to issue public Security Advisories or other appropriate communications that include corrective measures so customers can address any issues," he said. "For that reason we do not provide comment on specific vulnerabilities until they have been publicly reported, consistent with our well-established disclosure process."

Cisco has 65 percent to 70 percent of the install base for wireless LANs, according to Stan Schatt, security practice director at ABI Research.

"What this really shows is that more and more companies have to have 7/24 monitoring of their LANs," he said. "They can't just periodically walk around the facility with a laptop and check to see if there's a problem."

An attack on a wireless LAN would be particularly dangerous for hospitals, which are increasingly moving critical apps onto the network for use by doctors and nurses with Wi-Fi-enabled handhelds, Schatt said. "A denial-of-service attack could impact mission critical phone systems," he said.

To mitigate against any attacks, Cisco customers should disable the OTAP feature and use a separate intrusion detection system that can detect whether someone is snooping on the network, as well as monitor that all access points on a network are authorized, AirMagnet said. pbyeuftxkg

Posted by Oyya-Info. Posted In : Security 

 

Intel, Microsoft event to highlight Windows 7 improvements

August 24, 2009
Intel and Microsoft will hold an event next week to discuss collaboration on improvements to Windows 7.

The event, on September 1 in San Francisco, will "share how the two companies collaborated on key enhancements during the development of Windows 7," according to Intel. Steve Smith, vice president and director, Intel's Digital Enterprise Group Operations, and Michael Angiulo, general manager of Windows Planning and PC Ecosystem at Microsoft, will talk at the event. Microsoft plans to launch Windows 7 on October 22.

Windows 7 collaboration will be demonstrated by engineers from both companies, according to Intel. Not surprisingly, Microsoft is working closely with Intel, whose chips will power the vast majority of PCs running Windows 7.

In a blog posted in July, Intel described how Microsoft and Intel "saw unique opportunities to optimize Windows 7 for Intel processor technology" in the areas of performance, power management, and graphics.

The blog discusses improvements to multitasking based on "SMT Parking," which provides additional support to the Windows 7 scheduler for Intel Hyper-threading Technology. With Hyper-threading, the operating system sees a single processor core as two cores (i.e., a dual-core chip becomes a virtual quad-core processor), thus potentially improving multitasking--or doing tasks (threads) simultaneously.

In addition, improvements over Vista for boot and shutdown times have been implemented during the Windows 7 development cycle, according to the blog.

And on Intel's Web site, the chipmaker lists desktop motherboards and associated drivers that have passed logo certification for Windows 7.

Another beneficiary of improved Windows 7 technology: Intel solid-state drives, which are typically faster than hard-disk drives and gaining ground in niche markets such as high-end laptops, gaming PCs, and servers. SSDs will be able to take advantage of Windows 7 technology called the Trim Command. Trim will allow blocks of data to be freed up for reuse to better maintain the performance of the SSD.

Windows 7 will also do more than previous operating systems with graphics via DirectX 11. Advanced Micro Devices has described DirectX 11-related technology that enables games developers to create smoother, less blocky and more organic looking objects in games. And, beyond games, Windows 7 has the potential to turn a graphics processing unit (GPU) from AMD or Nvidia into a general-purpose compute engine, used to accelerate everyday computing tasks like a central processing unit, or CPU. Specifically, "the compute shader" can be used to speed up more common computing tasks. The buzz word used to describe this technology is a mouthful: GPGPU or general-purpose graphics processing unit.


Posted by Oyya-Info. Posted In : Microsoft 

 
« Newer posts
Older posts »
 



Best Communitation Website
Which communication website is best?

Myspace
Facebook
Twitter
Furry-paws
Youtube


Make a free website with Yola