Just a quick note to share the updated intell from a previous post; it would appear that Symantec has come clean, the hacker that claimed to have and threatened to release Symantec’s Norton Anti-Virus source code did indeed have it. However, it is old code, it is not the source code from the current version. The source code that was exposed was for Symantec Endpoint Protection 11.0, used to prevent outgoing data from being leaked. It was four years old and had been updated regularly. The source code for Symantec Antivirus 10.2 is five years old, and has been discontinued and no longer on sale for some time, althoughit is still being serviced and used.
It does make the current product somewhat suspect in my opinion, until Symantec has had a chance to rewrite and release a completely new version. Having the source code for an application makes it simple to write exploit code to take advantage of the app, to silently turn it off, or to make it do some unexpected things. The limit is your imagination, really, since A/V software runs so close to the kernel, and has so many privileged hooks.
I can’t say that I’m too happy about this, I am very surprised that the source code was allowed to languish on a 3rd party server, belonging to Indian Military Intelligence. If you are using either of Symantec’s products, I would suggest you upgrade to the latest version, and pressure the vendor to release a new version that they guarantee is not based on this compromised code-base.