Symantec Archives

Tech Optimizer

April 14, 2026

Norton (durch Symantec Übernahme teilweise verknüpft, aber Marke liegt bei Gen Digital. Broadcom i

Norton, owned by Gen Digital, provides antivirus software, VPN services, and identity theft monitoring to protect users from cyber threats such as malware and phishing attacks. The company emphasizes subscription-based revenue through Norton 360, which bundles various security features, ensuring predictable cash flow. Norton competes with other antivirus brands like McAfee and Bitdefender, maintaining a strong market share in North America due to its established brand trust. The demand for cybersecurity tools is driven by rising cyber threats, including ransomware attacks and increased remote work, which necessitate robust online protection. Gen Digital is investing in AI-driven threat detection and expanding its offerings to address evolving security needs. However, Norton faces challenges from free alternatives, potential privacy concerns, and macroeconomic pressures that could affect consumer spending on security products.

Tech Optimizer

April 7, 2026

Norton 360: Comprehensive Cybersecurity for Devices

Norton 360 is a comprehensive cybersecurity solution that protects consumers and businesses from digital threats, integrating features like a VPN and password manager. It safeguards various devices, including PCs and smartphones, and offers multiple editions for individuals, families, and small businesses. Key features include real-time threat detection, a smart firewall, a no-logs VPN, a password manager, parental controls, behavior-based detection for zero-day threats, cloud backup functionality, and performance optimization tools. The suite is effective against phishing, malware, and ransomware, with a 100% detection rate confirmed by independent tests. Norton 360 also caters to small businesses with endpoint protection, compliance tools, and secure file sharing. It employs heuristics and machine learning for threat adaptation and supports unlimited devices in premium plans. The software is compatible with Windows, macOS, Android, and iOS, and offers a VPN service with servers in over 30 countries. Norton 360 competes in the global cybersecurity market, maintaining a strong presence in North America and Europe, with subscription models ranging from basic to deluxe editions. Demand for the product has increased due to high-profile data breaches, and it is available in over 150 countries. Common use cases include protecting home networks, securing client data for freelancers, and safeguarding school-issued laptops. Norton 360 is part of Gen Digital Inc., which focuses on consumer cybersecurity.

Tech Optimizer

January 22, 2026

Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware

A large-scale campaign is exploiting the truesight.sys Windows security driver from Adlice Software’s RogueKiller antivirus to disable endpoint detection and response (EDR) and antivirus solutions, facilitating the deployment of ransomware and remote access malware. This attack utilizes over 2,500 validly signed variants of the driver, allowing attackers to manipulate legacy driver signing rules to load pre-2015 signed drivers on Windows 11 machines. The vulnerable TrueSight driver exposes an IOCTL command that enables attackers to terminate security processes, providing them with kernel-level access to bypass user-mode protections. The infection chain typically starts with phishing emails or compromised sites, leading to the installation of a downloader that retrieves additional malicious components. The malware establishes persistence and deploys an EDR killer module targeting nearly 200 security products. Once defenses are disabled, the final payload, often a remote access trojan or ransomware, executes with minimal visibility, completing the attack in as little as 30 minutes.

Tech Optimizer

January 7, 2026

Norton in 2026: Is the Old-School Antivirus Brand Still Worth Your Trust?

Norton has evolved into a comprehensive cybersecurity suite by 2026, transitioning from traditional antivirus software to a holistic solution under Gen Digital Inc. Its offerings include Norton 360, which provides real-time malware and ransomware protection, a built-in unlimited data VPN, password management, dark web monitoring, and identity protection on higher tiers. The Norton 360 Deluxe plan is popular for households, offering high protection scores, a usable VPN, dark web monitoring, cross-platform support, and identity protection features. Users appreciate its ease of use, strong protection record, and the value of the VPN, while some express frustration with upselling, auto-renew pricing, and performance on older machines. Norton competes with brands like Bitdefender, Kaspersky, and McAfee, with its all-in-one convenience being a key advantage. It is suitable for families and less tech-savvy users but may not be ideal for those preferring minimalist setups or who have older hardware.

Winsage

October 31, 2025

Windows LNK File UI Misrepresentation Enables Remote Code Execution Attacks

A vulnerability in the Windows operating system, identified as ZDI-CAN-25373 and disclosed in March 2025, allows advanced persistent threat (APT) actors to deploy malware by manipulating whitespace in Windows LNK files. This technique has been adopted by espionage groups from North Korea, China, Russia, and Iran for data theft and intelligence-gathering. The flaw enables malicious PowerShell commands to be concealed within seemingly legitimate shortcut files, which execute automatically when opened. The exploitation involves weaponized LNK files that initiate obfuscated PowerShell commands to decode embedded TAR archives containing a legitimate Canon printer utility, a malicious loader DLL, and an RC4-encrypted payload with remote access trojan malware. The legitimate executable, although signed with an expired certificate, is trusted by Windows due to its valid timestamp. As of October 2025, Microsoft has not released a patch for this vulnerability, prompting organizations to implement defensive measures against its exploitation.

Tech Optimizer

October 17, 2025

Russian tech firm attacked by Chinese state hackers in allied attack

The Chinese APT group Jewelbug infiltrated a Russian IT provider undetected for five months. They have increased their activity, targeting Russian entities as well as interests in South America, South Asia, and Taiwan. Jewelbug used a disguised version of the Microsoft Console Debugger (CDB) to bypass security measures and exfiltrate data. They cleared Windows Event Logs to avoid detection and used Yandex Cloud for data exfiltration. Symantec's report indicates that Russian organizations are vulnerable to attacks from Chinese state-sponsored groups.

Tech Optimizer

September 27, 2025

Antivirus Statistics 2025: Revealing Growth & Usage

The global antivirus software market is projected to reach approximately billion by 2025 and grow at a compound annual growth rate (CAGR) of around 6.9% through 2029. By 2025, 84% of users are expected to have antivirus software installed on their computers, and approximately 68% will have antivirus protection on their smartphones. In recent testing, antivirus products were evaluated against 212 test cases, with 560,000 new malware variants detected globally each day. Microsoft Defender and Norton achieved perfect protection scores of 100% in evaluations conducted in June 2025. Microsoft is redesigning Windows to relocate antivirus and Endpoint Detection and Response (EDR) applications out of the kernel. In 2024, the U.S. government prohibited the sale of Kaspersky antivirus software due to national security concerns. Gen Digital anticipates revenue between .70 billion and .80 billion for 2026. The integration of AI into malware frameworks is pushing antivirus vendors to adopt machine learning-driven threat detection models. Antivirus plans are predominantly priced between and , with 32.1% of plans falling within this range. Only 3.6% of antivirus options are free, and 93% of products offer a 30+ day money-back guarantee. 79% include defenses against ransomware and phishing attacks, and 61% come with a built-in firewall. The average maximum coverage per antivirus subscription extends to 24 devices. In 2024, around 121 million Americans used third-party antivirus software, with 17 million adults intending to adopt antivirus software within six months. Among users of commercial antivirus software, 74% reported encountering malware in the past year. Detection effectiveness in malware tests often surpasses 99% for leading antivirus products, while false positive rates vary significantly. Symantec leads the Windows antivirus market with a share of 13.81%, followed by AVAST Software (11.93%) and ESET (11.03%). Approximately 560,000 new malware variants are identified daily, and there are over 1 billion documented malware samples worldwide. Ransomware attacks targeting Windows constitute around 93% of all enterprise ransomware incidents. In 2024, 17% of U.S. adults reported using antivirus software on mobile phones, with 73% opting for paid versions. Free antivirus solutions typically offer basic features but lack advanced modules. The enterprise antivirus market is projected to reach approximately .0 billion by 2024, with significant growth expected in the coming years. North America holds approximately 48.3% of the global antivirus market share, while Europe experiences growth due to regulations. IoT devices are increasingly targeted, with unpatched firmware responsible for about 60% of IoT breaches. The average cost of an IoT security failure incident is approximately 0,000. Typical antivirus subscriptions range from to 0 per year, with many vendors offering multi-device bundles.

Winsage

September 1, 2025

Hackers Leverage Windows Defender Application Control Policies to Disable EDR Agents

Cybercriminals are using Windows Defender Application Control (WDAC) policies to disable Endpoint Detection and Response (EDR) agents, creating vulnerabilities in corporate security. Ransomware groups like Black Basta have adopted this method, which evolved from a proof-of-concept tool called "Krueger" into real malware named "DreamDemon." Attackers manipulate the C:WindowsSystem32CodeIntegritySiPolicy.p7b file to implement malicious WDAC policies that block EDR executables during system startup. The technique involves a four-step process: loading the policy, placing it in the CodeIntegrity directory, hiding the policy file, and creating decoy log files. DreamDemon samples, written in C++, exhibit enhanced stealth and target major EDR vendors. Detection efforts focus on monitoring specific registry keys and analyzing file signatures. Despite awareness of this threat, EDR vendors have not implemented sufficient preventative measures, leaving systems exposed.

Winsage

September 1, 2025

Hackers Exploit Windows Defender Policies to Shut Down EDR Agents

Cybercriminals are exploiting Windows Defender Application Control (WDAC) policies to disable Endpoint Detection and Response (EDR) agents. This threat emerged from a proof-of-concept called "Krueger," which demonstrated how to block EDR services by integrating a custom WDAC policy. Following its release in December 2024, various malware families began using this technique, including a new malware called "DreamDemon," which embeds a WDAC policy within its resources and modifies system files to evade detection. Both Krueger and DreamDemon reveal significant weaknesses in EDR capabilities, as current prevention measures are largely reactive and insufficient against these types of attacks. As of September 2025, no vendor has provided a comprehensive solution to prevent WDAC-based shutdowns. Security teams are advised to monitor specific registry keys and file changes to detect potential policy abuses.

Winsage

August 19, 2025

Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft

Microsoft has identified a sophisticated malware called PipeMagic, disguised as a ChatGPT desktop application, linked to the threat actor Storm-2460, who is preparing for ransomware attacks. This malware exploits a zero-day vulnerability (CVE-2025-29824) affecting the Windows Common Log File System Driver (CFLS), first disclosed in April. PipeMagic has targeted sectors such as information technology, financial, and real estate across the U.S., Europe, South America, and the Middle East. It emerged in 2022 during attacks on Asian entities and resurfaced in September 2024. Victims see a blank screen upon opening the malicious application, complicating detection. Hackers modified an open-source ChatGPT project to embed malicious code that activates the malware, allowing privilege escalation and ransomware deployment. Kaspersky reported that PipeMagic was used in a RansomExx ransomware campaign, and Symantec noted its exploitation by the Play ransomware group.