Nobody wants to pay for security, including security companies
Please stop reading and uninstall all Symantec/Norton anti-virus products immediately and find a different one to use. I’ll wait …
A Google initiative identified a major security vulnerability also know as a zero-day attack affecting all Symantec and Norton branded antivirus products including:
- Norton Security, Norton 360, and other legacy Norton products (All Platforms);
- Symantec Endpoint Protection (All Versions, All Platforms);
- Symantec Email Security (All Platforms);
- Symantec Protection Engine (All Platforms);
- Symantec Protection for SharePoint Servers.
The vulnerability affect millions of people who run the company’s endpoint security and antivirus software, rather ironically to protect their devices. Indeed, the flaws rendered all 17 enterprise products (Symantec brand) and eight consumer and small business products (Norton brand) open to attack.
Some of these products cannot be automatically updated, IT must take action NOW.
Symantec appears to have issued fixes for all of the issues reported. But the fact that these flaws persisted as long as they did is evidence that proper due diligence simply wasn’t being conducted.
In theory, consumers and businesses could punish Symantec for these oversights by contracting with other security vendors. In practice, there’s no guarantee that products from other vendors are well-secured, either — and there is no clear way to determine how secure a given security product actually is.
Security is a process not a product
Focus on the protection of the critical assets, there is no business case to justify locking down all the information created and managed by your organisation.
Please remember, friend don’t let friend store corporate sensitive information on their personal devices and email accounts. You’ll be unconformable with the notification process. You don’t believe me? Just ask Symantec ;)
