Users of Norton Personal Firewall have been urged to update their software following the discovery of a serious vulnerability in the security package.

A stack-based buffer overflow vulnerability involving ActiveX controls creates a means for hackers to inject hostile code onto vulnerable systems, Symantec warns (http://securityresponse.symantec.com/avcenter/security/Content/2007.05.16.html). The security bug affects Norton Internet Security 2004, Norton Internet Security 2004 Professional and Norton Personal Firewall 2004. Later versions of the security packages are not affected by the flaw, which means the majority of Symantec personal firewall users are already in the clear.

For users of the vulnerable 2004 vintage of Norton products, Symantec has published security updates designed to guard against exploits via its LiveUpdate service.

It's sometimes said that trouble comes in threes. As well as the Norton firewall vulnerability reports suggest the Norton anti-virus is subject to a couple of troublesome false positives.

According to the SANS Institute's Internet Storm Centre, Symantec has been wrongly identifying (http://isc.sans.org/diary.html?storyid=2814&dshield=5c685f426d08e5011c8366576d2b0cf5) two system files (netapp32.dll and lsasrv.dll) in the simplified Chinese version of Windows XP SP2 as the Haxdoor Trojan. In standard configurations on Norton AV these files are deleted, resulting in problems subsequently booting systems. Fixing systems involves copying these files from backup CDs.

Separately a 15 May update in Symantec Anti-Virus falsely categorised Pegasus, the popular email package, as a Trojan. Updated virus definition files released over the weekend resolved the issue but not before ruffling feathers (http://community.pmail.com/search/SearchResults.aspx?q=symantec) down at the Pegasus users' community. A thread providing advice on how to reinstall the package and attempt to restore email databases (if these were also affected) can be found here (http://community.pmail.com/forums/thread/905.aspx). ®

Related stories

Symantec security products less than secure (9 August 2007)
http://www.theregister.co.uk/2007/08/09/norton_security_bugs/
Symantec showers free software on bug-afflicted Chinese (25 June 2007)
http://www.channelregister.co.uk/2007/06/25/symantec_compensation/
Symantec's 'Hamlet' becomes 'Endpoint Protection' (13 June 2007)
http://www.channelregister.co.uk/2007/06/13/symantec_vision_07_enpoint_protection/
The slow death of AV technology (8 June 2007)
http://www.channelregister.co.uk/2007/06/08/death_of_av/
Chinese user sues Symantec over dodgy updates (5 June 2007)
http://www.channelregister.co.uk/2007/06/05/chinese_av_lawsuit_symantec/
MS update ate my CPU cycles (11 May 2007)
http://www.channelregister.co.uk/2007/05/11/ms_update_glitch/
Microsoft's OneCare flunks anti-virus test (5 March 2007)
http://www.channelregister.co.uk/2007/03/05/onecare_fails_av_test/
Yahoo! false! alert! drama! (1 March 2007)
http://www.channelregister.co.uk/2007/03/01/symantec_yahoo_false_alarm/
OneCare slaps viral warning on Gmail (14 November 2006)
http://www.channelregister.co.uk/2006/11/14/onecare_gmail_false_alert/
Norton smites ecclesiastical app (4 August 2006)
http://www.channelregister.co.uk/2006/08/04/norton_unholy_false_alarm/
McAfee ate my system (14 March 2006)
http://www.channelregister.co.uk/2006/03/14/mcafee_av_false_positive/
Sophos in Mac OS X worm false alarm (23 February 2006)
http://www.channelregister.co.uk/2006/02/23/sophos_false_positive/
MS anti-spyware labels Symantec as Trojan (14 February 2006)
http://www.channelregister.co.uk/2006/02/14/ms_anti-spyware_false_positive/
Symantec false alert floors Macs (10 May 2005)
http://www.channelregister.co.uk/2005/05/10/symantec_mac_false_alarm/
McAfee to eradicate app assassin bug (8 September 2004)
http://www.theregister.co.uk/2004/09/08/mcafee_ispwizard_snafu/