The Project Zero team at Google looks for defects in various software products. A researcher named Tavis Ormandy takes part in this effort. He recently identified serious security weaknesses in an assortment of Symantec and Norton utilities. The company quickly corrected these vulnerabilities after he reported them.
Ormandy has found security flaws in antivirus programs from several developers, such as McAfee and Trend Micro. Nonetheless, he was particularly critical of Symantec. The researcher noted that its utilities allowed links and files to infect PCs even if users didn’t open them. This made computers especially vulnerable to “worm” viruses.
He went on to accuse Symantec of failing to adequately examine its software for weaknesses. Ormandy pointed out that the company used open-source code that wasn’t updated for seven years. Back in 2014, a vice president at Symantec termed antivirus utilities “dead” and called them “no longer… a money-maker in any way.”
The above-mentioned quote might explain why some security companies need help from other organizations to secure their software. Google’s researcher developed an exploit that fixed the problems in affected Symantec and Norton products. Ormandy described it as “100 percent reliable.” Users can activate it via the Web or email.
The fix patches vulnerabilities in Symantec Endpoint, Norton Antivirus and various other utilities. It works on Windows and Macintosh systems. In some cases, administrators may need to activate updates before the problem is corrected. The good news is that most of these programs install patches automatically.
This situation highlights an important fact: Antivirus software doesn’t always succeed in protecting your PC. When programming flaws exist, it could even create additional risks. Businesses may maximize security by taking steps to completely avoid viruses. They can accomplish this by regularly installing software updates and securing any Wi-Fi networks.
- Prohibit unnecessary activities
- Promote virus and phishing awareness
- Password-protect wireless Internet
When employees needlessly use torrents, instant messaging or social media, they put the entire office at risk. Businesses may minimize such problems by configuring firewalls to block unnecessary ports. They can also establish clear policies regarding appropriate use of the Internet.
“Phishing” attacks often compromise passwords and other credentials, making it possible for criminals to hack into company systems. Staff members need training to avoid this type of deception. TechTarget notes that numerous phishing attacks may be prevented if employees simply never click on email, blog or chat links.
Criminals can more easily gain access to passwords when they learn specific details about important staff members. Hackers might trick these individuals with personalized “spear phishing” campaigns. Companies should discourage key employees from sharing too much information about themselves on public webpages, such as blogs and personal websites.
Malware frequently infects business computers when staff members use software from little-known developers. Companies ought to create policies that only permit employees to download and install vital programs. Such applications should always come from reputable software firms via major websites or professionally manufactured CDs.
Employees must know the signs of a malware infection. When all websites load slowly or programs repeatedly malfunction, they should report the problem to IT personnel and avoid entering sensitive data. It’s crucial to inspect a potentially infected computer and take action as soon as possible. Otherwise, malware could steal passwords and inflict much greater harm.
It’s not realistic to believe that you can successfully prevent or remove every virus. Regular backups will make it feasible to eliminate any malware by reinstalling the operating system and safely restoring data. Businesses depend on Hammett Technologies to keep them up-to-date on today’s IT news and tips. Please dial (443) 216-9999 or contact firstname.lastname@example.org for further details.