When you have a piece of software on your computer for protection, you expect it to do the basics. And some of the basics include protecting you from the software itself. Just recently it was found that a popular antivirus software, called Norton, may have had the source code to its client leaked by a group of Indian hackers calling themselves The Lords of Dharmaraja . This may seem like a bunch of tech talk, and the leaked version may very well be an old version, but believe me it is a bad thing.
Source code is the typing that a programmer does to be able to make a computer program. It is thousands, maybe even millions in some cases, lines of text that tells the computer what to do. The results of that text are what you see on the computer screen. If you are looking at your computer or your mobile right now then you are looking at the results of millions of lines of code. So, basically, the building blocks of the Norton antivirus were released to the public to look at.
Now some people might be wondering why this is such a big deal. There are open source projects available all of the time. Who cares if everyone is able to see the source code? Well it may a big deal because now the bad guys know how to evade an attack on their malware when it comes to Norton antivirus (of course this depends on how recent a version of the source code they really have – and we should have the answer to that tomorrow). While before they would have had to guess what the software is doing now that they have the source code they know exactly what is going on. Sure they could have ran the program through a disassembler and find out what was going on that way, but that is a very long process which only gives you an overview and not the whole process. In most cases it is very hard to reverse engineer a program that has millions of lines of code to perfection.
So what happens to you if you are using Norton antivirus software?
In this case probably nothing as Symantec, the company behind Norton, are saying that the compromised source code is from enterprise products that are over four years old. If that is the case then their latest version will probably be a completely different collection of code. But it does make you think what would happen if a security company has it’s latest version compromised doesn’t it?