Symantec Looks Into Claims of Stolen Source Code

wiredmikey writes "A group of hackers claim to have stolen source code for Symantec's Norton Antivirus software. The group is operating under the name Dharmaraja, and claims it found the data after compromising Indian military intelligence servers. So far it's unclear if the claims are a significant threat, as the information posted thus far by the hackers includes a document dated April 28, 1999, that Symantec describes as defining the application programming interface (API) for the virus Definition Generation Service. However, a second post entitled 'Norton AV source code file list' includes a list of file names reputedly contained within Norton AntiVirus source code package. Symantec said it is still in the process of analyzing the data in the second post." Update: 01/06 07:05 GMT by S : In a post to their Facebook page, Symantec has now said some of their source code was indeed accessed, but it was four or five years old.

Why does the Indian military have the source????

[Anonymous Coward]

Wow, so the Indian military works with major US vendors like Norton to spy on their own people (and I assume other countries people since it will be the same source????)

I assume they have the source code so they can insert extra bits and dispatch spyware the next time Norton auto-updates?

You get an auto-update, they get a spyware app into your PC. Is that it?
I don't think the scandal here is that the source code was stolen, it is a scandal that Norton cooperates will military spyware!!

Re:Huh, and this does...?

[bmo]

They don't.

1. Write virus code
2. Load up a machine with the top 10 virus scanners.
3. Load your virus code
4. Let them scan.
5. If they detect it, modify code and go to 3 else 6
6. Release the hounds.

--
BMO

It's not stealing!

[Anonymous Coward]

Since the original source code wasn't destroyed and is still in the hands of Symantec, and the hackers merely made an identical copy without permission...

then it's not theft, it's copyright infringement.

Re:Bleh!

[MightyMartian]

Ghost was a decent product. I stopped using it years ago in favor of Clonezilla.

Re:Offshoring

[jaa101]

It doesn't sound like this falls into the offshoring category to me. Since the military is involved I guess they demanded the source to assure themselves that there were no backdoors. It doesn't seem an unreasonable step for any government (even/especially in the US) to take before using your software in a security context.

The fun is in considering what recourse Symantec has. If they didn't have some really expensive penalty clause in the non-dislosure agreement that will have been involved here they'll be kicking themselves right now. They'll also be wishing they gave themselves some way to identify the source of the leak. Their smart move would have been to insert some minor changes, e.g., to indentation or comments, to make each version released to third parties unique and therefore traceable.

Re:Bleh!

[Spy Handler]

I also use clonezilla alot, and I agree it's a good product in terms of function. But it has the shit-worst user interface ever (for something that's at least moderately popular). Its UI looks like a badly copied version of the text menu from the mid-90's Slackware installer, I swear.

Re:Why does the Indian military have the source???

[Anonymous Coward]

I've always wondered about the efficacy of such programs. Yes they do have a license, but for obvious reasons the # of people that have access to it are much less than the number of developers, and not only that, the different organizations that have access to it are probably very limited in their ability to communicate, which means that you have a large number of people who each have to analyze large amounts of source, so their ability to really get a deep understanding of any individual part of the code is probably somewhat limited.

Now compare this with open source, even though the # of eyes may be about the same(and yes I'm realistic, only a very, very tiny % of people actually comb through the source of an open source project, even a project like Linux), the ability to coordinate and specialize is much greater. I doubt there are very many people who pore through every change in the Linux kernel(aside from Linus of course), instead what you get is people who are very familiar with certain parts of the source and thus are more aware(and may have even been consulted on) changes in the code. Not to mention they can actually submit code themselves.

Re:A little perspective

[Lumpy]

And both STILL are garbage. we saw a 200% speed increase on ALL our corperate Windows machines when we switched from SEP to the enterprise offering from ESET. The change was so dramatic that most of us did not believe that the ESET software was running.

Honestly, SEP and Norton both needs to have even more rewrites because it's the joke of the Enterprise world in regards to performance and reliability.