Symantec Urges Use of Full-Application Inspection Firewalls to Protect Against Growing Number of Vulnerabilities

Symantec’s Full-Application Inspection Firewalls Default Configuration Protects Unpatched Sendmail Servers

CUPERTINO, Calif. - March 7, 2003 - Given the rise in newly discovered network vulnerabilities, including the recent Sendmail Header Process Vulnerability, Symantec strongly recommends that organizations use their Internet-facing firewalls in full-application inspection mode.

"Network-layer security mechanisms dominate current deployments, but are proving inadequate in the face of more frequent application-layer attacks," said Mark Bouchard, META Group. "Vendors and users alike need to increase their focus on application-layer security controls in order to proactively protect networks from an increasing number of vulnerabilities."

The total number of moderate and high severity vulnerabilities documented in 2002 was 84.7% higher than the total documented in 2001, according to the Symantec Internet Security Threat Report, released last month. On average Symantec analysts documented seven new vulnerabilities each day over the past year.

"The increasing rate at which vulnerabilities are being discovered, coupled with the growing sophistication of malicious code that exploits these vulnerabilities, leaves organizations more open to attack than ever before," said Greg Gotta, vice president of product delivery at Symantec. "Stateful inspection firewalls examine the source of the information packet, but don’t look at its contents in depth. By using externally facing firewalls in full-application inspection mode, organizations can examine the contents of the information packets for anomalous activity and further prevent attacks."

Symantec's full-application inspection firewalls employ advanced security features up to and including the application layer. In the case of an attempt to exploit an application in an anomalous manner, Symantec Enterprise Firewall, Symantec VelociRaptor, and Symantec Gateway Security protection solutions will detect this attempt and block it by default.

On March 3, 2003, a remotely exploitable vulnerability was discovered in Sendmail, a widely deployed email server. The vulnerability is due to a buffer overflow condition in the SMTP header-parsing component. Remote attackers may exploit this vulnerability by connecting to target SMTP servers and transmitting to them malformed SMTP data. Since these attacks violate parameters defined in the RFCs, no configuration changes to the default settings in Symantec’s full-application inspection firewalls are required to protect against this Sendmail exploit.

Full-application inspection technology utilizes application layer proxies to offer the highest level of security for an enterprise firewall. Instead of traffic being scanned after only a cursory inspection at the IP or Session layer, the entire contents of the packet can be scanned through all of the layers of the TCP/IP stack. This allows for a much greater range of security features, as unique protocols are understood and examined. Stateful or network-layer inspection firewalls do not examine traffic at all layers of the TCP/IP stack, instead making a determination about the individual information packets based on headers rather than contents.

About Symantec
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to enterprises, individuals and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering and remote management technologies as well as security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries. For more information, please visit www.symantec.com.

Symantec’s Canadian operations are headquartered in Toronto with offices in Montreal, Ottawa, Calgary and Vancouver. For more information on Symantec products or current promotions, contact the Canadian office at (416) 441-3676 or access Symantec’s Canadian Web site at www.symantec.ca. Symantec is an active member of the Canadian Alliance Against Software Theft (CAAST).

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

FORWARD LOOKING STATEMENT: This press release contains forward-looking statements, including anticipated activities and results that involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to differ materially from results expressed or implied by this press release. Such risk factors include, among others: the sustainability of recent growth rates, particularly in consumer products; the anticipation of the growth of certain market segments, particularly enterprise security; the positioning of Symantec's products in those segments; the competitive environment in the software industry; general market conditions, fluctuations in currency exchange rates, changes to operating systems and product strategy by vendors of operating systems; acquisition risks, including the risks that Symantec will not successfully integrate the Riptech and Recourse businesses, technology and/or personnel; and whether Symantec can successfully develop new products and the degree to which these gain market acceptance. Actual results may differ materially from those contained in the forward-looking statements in this press release. Additional information concerning these and other risk factors is contained in the Risk Factors sections of the Company's previously filed Form 10-K for the year ended March 31, 2002 and Form 10-Q for the quarter ended June 30, 2002. Symantec assumes no obligation to update any forward-looking information contained in this press release except as otherwise required by law.