There was this security announcement today: Another time a Symantec product does not what it’s supposed to and actually executes UPX-Packaged .EXE-Files to find out whether they conain malicious code or not.
This is certainly not the best way to accomplish that…
So this is anoter point why I’m no fan of security software in place of user education (and regular flaw-patching): Such software creates a false sense of security (“should I click here? Oh well.. I have my NAV running, so nothing’s going to happen”) and may even open bigger holes when itself is not secure.
As it stands now, a educated user without NAV that receives an email with a prepared UPX-packaged .exe will just delete the file and be happy.
An educated user with NAV will delete the file too, but before he can, NAV will have scanned the email and thus executed the malware. This is a case where the infection comes from the software supposed to be preventing it.
It’s just like with firewalls: Why installing a packet filter filtering unwanted packets to open ports when you can close the ports in the first place?
Security is (mostly) a social thing (not counting exploits which must/can be prevented by updating the affected software) that can be achieved best using social skills, not software-barriers (as software has flaws – education at least has the possibility of achieving its goals).
So I’m not bashing Symantec (for once), but security-software as such.