Hi,Is Norton Security safe from this attack?
https://cybellum.com/doubleagent-taking-full-control-antivirus/
Was Norton Tamper Protection disabled for that video?
Has Norton rewritten to utilize Protected Processes as provided by Microsoft? Y/N
Demonstrations are showing Norton to be vulnerable so reports referred do not satisfy concerns in my circle. Being a fan of Norton since early 1990's, had to explain non-answers to clients who are much more aware and concerned in general.
According to the initial report that came out,symantec products were not affected (aka SEP)-This hasn't yet been confirmed thought https://www.symantec.com/connect/ideas/doubleagent-zero-day-hijacks-microsoft-tool-turn-antivirus-malware https://www.symantec.com/connect/forums/what-versions-sep-12x-14x-are-protected-zero-day-attack-called-doubleagent-which-exploits-mic I guess someone needs to verify the PoC against SEP :)
It seems that in order for this to work on Norton (or any security software), the attacker needs to have administrative privileges and physical access to the computer. Those are two big obstacles, so I don't think that most of us need to worry about that. I think corporations and government entities would be more at risk from that kind of attack if you ask me..
UPDATE: Norton issued this statement: "After investigating this issue we confirmed that this PoC does not exploit a product vulnerability within Norton Security. It is an attempt to bypass an installed security product and would require physical access to the machine and admin privileges to be successful. We remain committed to protecting our customers and have developed and deployed additional detection and blocking protections to users in the unlikely event they are targeted."
As stated, it has been shown that Norton was supportable to this attack from the video that was made. I am not an expert on this stuff, but I guess the question is, since it has been shown to be vulnerable has a patch been made available? If one has not been made available, is there one coming, and do you have any guess as to a time frame, and how we can better try to protect ourselves from this. I don't understand how this exploit works, so to have some info, would be good in avoiding it if possible.
That is the same as not answering the question. There's video from Cybellum demonstrating the attack on a Norton Security protected pc...
Other vendors have acknowledged and patched the vulnerability, you haven't. NOT VERY TRUSTWORTHY.
They have already posted a PoC video for bypassing Norton in youtube (link below)
https://www.youtube.com/watch?v=-ZL9WSuDAqk&feature=youtu.be
@Tony_Weiss just to confirm are you saying Norton is not vulnerable to this bug?
After investigating this issue we confirmed that this PoC does not exploit a product vulnerability within Norton Security. It is an attempt to bypass an installed security product and would require physical access to the machine and admin privileges to be successful. We remain committed to protecting our customers and have developed and deployed additional detection and blocking protections to users in the unlikely event they are targeted.