Symantec fixes latest flaws
Cupertino, Calif.-based antivirus giant Symantec Corp. has remedied a stack overflow vulnerability in its Client Security and AntiVirus Corporate Edition products. The flaw, first reported last week by Aliso Viejo, Calif.-based eEye Digital Security Inc., could allow attackers to cause a system crash or launch malicious code with system-level rights. Symantec said in an advisory that it's not aware of any exploits against the flaw, which affects Symantec Client Security 3.0 and 3.1 and Symantec Antivirus Corporate Edition 10.0 and 10.1. Symantec said its Norton security suite is not affected.
Microsoft prepares to roll out OneCare
Thursday will mark a milestone for Microsoft's push into the antivirus market. That's when the software giant will start selling its long-awaited Windows Live OneCare product, which rolls antivirus, antispyware and firewall capabilities into one tool. OneCare also includes tune-up tools and other backup features for Windows PCs. In the U.S., Microsoft will begin selling it in stores and online Thursday, and it will expand to international markets during the next year. The product will cost $49.95 a year for use on up to three PCs per home. Many retailers will offer rebates and other discount promotions, Microsoft said in a statement. "We believe we're creating a new category," Dennis Bonsall, director of product management for OneCare, told CNET News.com. "It is not about security anymore, but it is about holistic PC care."
McAfee hopes Falcon will fly past Microsoft, Symantec
Meanwhile, Santa Clara, Calif.-based McAfee Inc. isn't about to let Microsoft have the security spotlight to itself. As the software giant prepares to debut its OneCare product Thursday, McAfee is announcing the release of Falcon, software that integrates features in its current product line with an overhauled management interface. The vendor said in a statement that Falcon will defend desktops against spyware, viruses, spam, phishing and rootkits, among other things. The product will also be equipped with tools to prevent data loss, optimize PC performance and secure wireless networks. McAfee plans to release Falcon this summer.
Email poses as Microsoft security notice
UK-based antivirus firm Sophos plc said a new spam campaign is using email disguised as a Microsoft security update to trap users into installing a keylogger. The emails have the subject line "Microsoft WinLogon Service - Vulnerability Issue" and claim to come from firstname.lastname@example.org. The email claims a vulnerability has been found "in the Microsoft WinLogon Service" and could "allow a hacker to gain access to an unpatched computer." Recipients are advised to click on a link in the email to download the patch. But the link really points to a non-Microsoft Web site and initiates the download of the Troj.BeastPWS-C Trojan horse, which is capable of spying on the infected user and stealing passwords, Sophos said.