Adobe Exploit Scare A Crock
Panic! Unseasoned IT staff saw Adobe’s recent security vulnerability as promise of devastation and widespread compromise. In fact, if you practiced ‘defense in depth,’ your network is safe and sound.
Like every other exploit, this one too was accompanied by the frightening canned phrase:
“These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.”
Granted, Adobe’s 2/19/2009 announcement that Adobe Reader suffered from a buffer overflow problem certainly required prompt attention — as do the 100′s of other monthly vendor patches. And of course [like any vulnerability] IT must shoot for quick resolution through vendor patch or host remediation – or both.
Does this mean panic? No. Should you take it seriously? Yes.
Networks that are protected in depth have layers upon layers of protection that allow IT staff a good night sleep and breathe free of worry. Application firewalls, spam firewalls, email anti-virus/malware engines, and workstation endpoint protection software all add up to security tools [if maintained] that offer you significant levels of assurance.
In a February 20th forum post by Patrick Fitzgerald, an employee with Symantec, states:
Customers should keep their antivirus definitions up to date. Malicious PDFs using this exploit will be detected as Trojan.Pidief.E. The heuristic detection for Bloodhound.PDF.6 will also help mitigate this threat. The malicious payload is detected as Backdoor.Trojan. This back door is a popular open-source toolkit, originally from China, known as GH0ST. The GH0ST back door is modular, and some of the things attackers can use this for include viewing the desktop, recording keystrokes, and remotely accessing the compromised machine.
In other words, at the very least, if you were running Symantec (or Norton) AV on your workstation at the time this exploit entered the wild – and you by chance were a lucky recipient of a malformed PDF – your risk of falling victim was minimal to none.
Adobe’s latest exploit is a very serious threat. No doubt take it seriously. Is Adobe’s threat any different than the reasons Microsoft plugs up holes on patch Tuesday – no. Practicing a defense in depth approach to your network security helps bide you time while you meet your patch requirements.
There’s no better information assurance medicine than good old network security prevention.
Do you practice prevention on your home computer or corporate network?
scary stuff. i'm mostly ignorant so at home use norton and a big bat.
Norton has you covered! Keeping the virus definitions updated, right?
Norton lol, even with the 2009 version it's still crap (and I don't just say that because I say so, I actually tested it using a real life situation)
Depends which specific Symantec product you are referring to exactly. For example, Symantec Endpoint Protection is an excellent all-encompassing security product. Norton Anti-Virus is not bad, but not great either.
Norton Anti virus, it's still a big joke.
lol @ http://img135.imageshack.us/i/relevantvs1.jpg/