Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hacker group threatens to release Symantec AV source code

Jaikumar Vijayan | Jan. 9, 2012
Symantec is investigating an Indian hacking group's claims that it accessed source code used in the company's flagship Norton Antivirus program.

"We don't know how much of this is chest thumping" on the part of the hackers, Rachwald said. The source code tree file posted on Pastebin suggests the group has some potentially useful information related to Symantec's AV product, he said. "It is a good indicator, but not a perfect one."

Even if the group has managed to access Symantec's source code, it's unlikely to be very useful if the code is old, Rachwald said. "It might be useful in understanding what Symantec was trying to do" with its AV products, but little else, he said.

However, Symantec could face serious issues if the source code the hackers allege to have accessed is fresh, Rachwald added.

In that case, "Symantec will have to make some major changes" to its antivirus technology, Rachwald said. A mere patch would not be enough to address the issues created by a source code compromise.

"They would have to issue a whole body cast, not a patch," he said. "They will have to reissue the product in some format and that could be very problematic for them."

Competitors could also benefit from a Symantec source code leak because it would give them an unprecedented glimpse into how the software works, he said.

Rachwald said it's likely the Indian hackers obtained the source code from an Indian government server. Often, software companies such as Symantec are required to submit their source code to government bodies to prove they are not spying on the government, he said.



Previous Page  1  2 

Sign up for MIS Asia eNewsletters.