Linksys puts a Norton patch on home wireless router vulnerability

by Guy Kewney | posted on 02 December 2002

The same day that Linksys routers were discovered to be vulnerable to denial-of-service attacks, Linksys announced that Norton Internet Security 2003 software suite is now available with the entire line of Linksys cable/DSL routers sold in the US. But it isn't clear that the announcement deals with the threat.

Guy Kewney

The patch appears to coincide with the announcement of a denial-of-service (DoS) vulnerability in Linksys cable or DSL routers, by Net-Security. Both the announcement of the vulnerability and the "fix" of the Norton bundle appeared on the Web on the same day, leaving readers with the obvious deduction that the vulnerability announcement was held back until the deal could be revealed.

The bundle was announced on Linksys's own web site as a US-only deal with Symantec. Buyers of any of the vulnerable cable/DSL routers get Norton Internet Security 2003, which normally comes with a one-year licence.

However, it's not clear from the Linksys release that this package actually deals with the DoS threat specifically. Norton Internet Security 2003 features protection from viruses, hackers and privacy threats and includes Norton Parental Control to keep children safe; Norton Privacy Control to keep applications and children from divulging personal and confidential information via Web forms, e-mail, instant messages and Microsoft Office attachments without permission; Norton AntiVirus; Norton Spam Alert, and finally, Norton Personal Firewall and Norton Intrusion Detection to protect against hacker and malicious attacks.

"With this partnership, families can link their PCs to a broadband connection whether wired or wirelessly through Linksys routers with the knowledge they are also adding comprehensive cyber security and protection," said Steve Cullen, senior vice president, Consumer and Client Product Delivery at Symantec.

But there was no reference to the DoS vulnerability, nor any assurance that the package was relevant to the threat. Denial of service was mentioned by Chey Cobb, home and office security expert and author of "Network Security for Dummies," who said: "In today's heightened security environment, citizens should also secure their home PCs so their computers cannot be used to attack other systems through viruses or denial of service attacks," - but he made no reference to the Net-Security vulnerability.

The normal one-year licence has been cut, too; Linksys router customers will receive a 60-day subscription service from Symantec for the normal update service for virus definitions, firewall rules and the intrusion detection signatures. "Annual subscription service is available for subsequent updates," says the release.

Norton Internet Security 2003 will be bundled with all Linksys EtherFast Cable/DSL, HomeLink and wireless access point routers sold in the U.S., including these models: BEFSR11, BEFSR41, BEFSR81, BEFSRU31, BEFVP41, BEFSX41, BEFW11S4, WRT51AB as well as other Linksys routers as they are introduced.