Symantec downplays antivirus security breach

Symantec is downplaying reports that hackers accessed the source code to its Endpoint Protection 11.0 and Antivirus 10.2 applications.



According to the security company, the breach did not involve its consumer products which are actually “Norton” branded. 


As Mike Lennon of Security Week points out, Symantec updates its products on a “.1 basis”, and its Endpoint Protection product is now at version 12.0 and 12.1.

Meaning, the affected Endpoint software was coded and distributed quite some time ago. Plus, Symantec Antivirus 10.2 has long been discontinued, although the company continues to service the phased out iteration.

“[Nevertheless], we are taking this extremely seriously and are erring on the side of caution to develop and long-range plan to take care of customers still using those products,” Cris Paden, Senior Manager of Corporate Communications at Symantec told SecurityWeek.

“It’s important to bear in mind that this is not a virus or false positive. The products are not broken. They perform just fine and work just fine.”



Paden also emphasized that Symantec’s systems had not been breached, as the source code appeared to have been accessed via a “third party” entity. 

Although Symantec declined to elaborate, a hacker group by the name of Dharmaraja has claimed responsibility for the incident, saying that it found the data after compromising Indian military intelligence servers. 



Meanwhile, Rob Rachwald, Director of Security Strategy at Imperva, told SecurityWeek the over-hyped anti-virus code leak was unlikely to keep Symantec engineers awake at night – as there isn’t much new information hackers can learn from the old code.

“The workings of most of the anti-virus algorithms have also been studied already by hackers in order to write the malware that defeats them,” he added.