Symantec Falls Victim to Y2K10 Bug
A potential headache has emerged for managed security service providers: Symantec has revealed the existence of a seriously embarrassing bug in their Endpoint Security products: any definition file dated later than 11:59 PM on 12/31/2009 is regarded as out of date. Symantec has a workaround, but weren’t we supposed to have learned our lesson ten years ago?
This bug, which only affects Symantec Endpoint Security products and not any of their other offerings, isn’t leaving most customers vulnerable. Symantec is simply dating all new definition files 12/31/2009 and giving them new version numbers so users stay up to date. They claim to be working on a more permanent solution.
As unbelievable as it may sound, other trusted companies are suddenly finding Y2K10 bugs in their software. Both SpamAssassin and Windows Mobile cell phones are having issues with messages being suddenly marked as from the future — and I’m sure they’re not the only ones. If a dedicated hacker could get a 20-year-old Apple Newton PDA compliant with the new year, why can’t these huge companies?
No doubt, Symantec has taken its lumps over the years with endpoint security. The company’s initial endpoint protection offerings were considered bloated and slow, though a so-called Maintenance Release 3 addressed those issues.