Serious Holes in Antivirus Software
McAfee, Symantec, Trend Micro, and F-Secure antivirus apps are affected.
Illustration by Stuart Bradford
If you have the latest antivirus definitions, aren't you protected? Not necessarily. Most programs have an automatic update feature that's turned on by default, but the tool may update only the definitions, not other software modules such as the scanning engine. The good news: Several antivirus software companies have patched their programs to fix this vulnerability.
McAfee, for example, updated the scanning engine of its VirusScan software to block a hole that could let a cracker control your PC while the engine appears to be scanning for viruses. The vulnerability affects all versions of VirusScan and Internet Security Suite that run on all versions of Windows from 98 through XP.
McAfee says that most users should have received its fix via automatic updates. But to be sure, confirm that you have VirusScan engine 4.4.00 or later. For more on the patch, visit McAfee's virusscan 4320 buffer overrun vulnerability page.
At about the same time, Symantec fixed a similar hole in its Norton AntiVirus scanning engine. (For further information on the vulnerability, go to Symantec's security response page.) The scanner is included in such Symantec products as Norton AntiVirus 2004 for Windows, Norton Internet Security 2004 Professional for Windows, and Norton System Works 2004 for Windows (the 2003 and 2005 versions of these products aren't at risk because they lack the code that has the vulnerability). You can obtain the updated antivirus engine from a Symantec support page.
Finally, Trend Micro and F-Secure have fixed a similar hole in their antivirus scanning engine. If you use Trend Micro programs, such as PC-cillin Internet Security, you need scanning engine 7.510 (for details, visit the relevant Trend Micro page). If you use an F-Secure product, such as Anti-Virus 2004 or 2005, read F-Secure's security bulletin and pick up the most recent version.
Windows Media Player 9 Still Vulnerable
As I reported in April, Microsoft said it was working on a Windows Media Player update to fix a security glitch that PC World's staff had found in versions 9 and 10 (for details, see my April 2005 Bugs and Fixes column). So far, the company has patched WMP 10, which runs on Windows XP only, but not version 9. Microsoft says that upgrading to version 10 is one fix for the flaw in version 9--but if you don't use XP, you're out of luck. The company is working on a patch but says it can't yet give an availability date.Bugged?
Found A hardware or software bug? Tell us about it via e-mail at bugs@pcworld.com.Firefox Fix
Mozilla patched a hole in its Firefox browser that, if left open, could let a rogue take over your PC. To find trouble, you'd need to click a link in a booby-trapped site or HTML e-mail. You're vulnerable if you have Firefox 1.0.1 or earlier. Head to the Mozilla.org Web site, and get version 1.0.2.
Problem With a Microsoft Patch
Some Windows 98 and Me users who installed Microsoft patch MS05-002 (details, again, are in my April Bugs and Fixes column) experienced crashes or slower performance in the aftermath. There's no patch for the patch yet, but Microsoft is studying the problems. For now, the workaround is to uninstall the patch--thereby reopening the original hole.
RealPlayer Update
RealNetworks fixed RealPlayer to block a hole that let attackers send poisoned.smil or.wav files. For details, visit RealNetworks' releases update page.