ABOUT SYMANTEC

Press Release

New Computer Virus Attacks Windows NT File Security Settings

Symantec First to Provide Cure and Special Repair Tool for W32.FunLove.4099

CUPERTINO, Calif. – Nov. 12, 1999 - Symantec Corporation (NASDAQ: SYMC) today announced that researchers at the Symantec AntiVirus Research Center were the first to develop a cure for the W32.FunLove.4099 virus. W32.FunLove.4099 is a relatively easy virus to detect; however, once a system is infected, it is extremely difficult to cure because of its ability to hide itself from anti-virus scanners and reinfect a user’s system.

W32.FunLove.4099 uses a new strategy to stay resident in memory under Windows NT. Developing a cure is challenging because traditional anti-virus software for Windows NT cannot remove the virus that is active in memory. Any attempt to disinfect the system results in reinfection from the background viral tasks unless the virus is fully disabled from memory.

W32.FunLove.4099 attacks the Windows NT file security system and modifies the Windows NT kernel, giving the virus the ability to change security settings, compromising sensitive data once the machine is restarted with the modified kernel. The virus also creates a program for itself and replicates in the background while it executes the host program, therefore, the user will not easily notice any delays in system performance.

"Although we don’t expect the virus to spread rapidly, its ability to change Windows NT file security settings and its ability to reinfect cleaned files means that FunLove poses a threat to corporate data," said Vincent Weafer, director of the Symantec AntiVirus Research Center at Symantec Corporation. "We want to make sure that users are aware of the threat and that our customers are protected immediately."

To be protected immediately, Norton AntiVirus customers can download the current virus definition set through Symantec’s LiveUpdate feature or from the Symantec Web site at www.symantec.com/avcenter/download.html. Infected users can currently obtain a special tool to successfully repair their Windows NT machines through Symantec’s technical support department.

Description
W32.FunLove.4099 is a new virus that replicates under Windows 95 and Windows NT systems and infects applications with EXE, SCR or OCX extensions. The virus drops a file named fclss.exe into the Task Manager in the Windows system directory. What is notable about this virus is that it uses a new strategy to attack the Windows NT file security system. The virus can then spread to any machine to which it has access via the network.

Symantec AntiVirus Research Center
SARC is one of the industry’s largest dedicated team of virus experts. With offices located in the United States, Japan, Australia, and the Netherlands, the sun never sets on SARC. The center’s mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.

About Symantec
Symantec is a world leader in Internet security technology and technology solutions that help companies manage and support workforces that use laptop computers and other mobile devices.

The company is a leading provider of software products for the consumer market and is rapidly growing its presence as a provider of solutions to enterprise organizations

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, view the Symantec Press Center at www.symantec.com/PressCenter/ on Symantec's Website.

Brands and products referenced herein are the trademarks or registered trademarks of their respective holders. All prices noted are in US dollars and are valid only in the United States.