EEye Digital Security have announced that a worm is attacking Symantec hosts and called it the yellow worm due to the obvious colouring of the software. Symantec have had a patch available since May 25th this year but the patch has not been widely installed. This is probably due to the fact that there is no easy auto update for the software from Symantec – Liveupdate does not download patches (only virus definitions), there is no obvious mailing list to sign up for patch release information and they have not made a patch available for (slightly) older versions of the software meaning that a company has to upgrade to the latest version (10.1 from 10.0 – not a free upgrade unless on support) to obtain a patch and even then the patch has to be applied afterwards.

Symantec, you really need to make your upgrade process less painful, have a well publicised mailing list (and web page) of patch releases and have an update mechanism built into the product.

This entry was posted on Saturday, December 16th, 2006 at 5:24 am and is filed under Andy Helsby, IT, Podcasts, Security, TechNews. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.