Burned by well-chronicled security
flaws within its products, Linksys on Monday announced it would use
software from Internet security specialists Symantec on its line Cable/DSL
routers sold in the U.S.
Irvine, Calif.-based Linksys announced that Symantec’s Norton Internet
Security 2003 software suite would be available on its cable/DSL routers to
provide network security to home small business users.
Norton, known for its virus protection tools, would be offered to Linksys customers during the
router installation process. To lure customers in the U.S. into paying for
the virus protection tool, there are free offers built into the sign-up
process.
The plan is for Linksys router customers to get a 60-day subscription
service from Symantec that will deliver regular updates for virus
definitions, firewall rules and the intrusion detection signatures. For
subsequent updates, annual subscription would be required.
Linksys and Symantec said Norton Internet Security 2003 would be bundled
with all Linksys EtherFast Cable/DSL, HomeLink and wireless access point
routers. Norton will provide features like parental controls, privacy
controls, anti-virus management and personal firewall protection.
A Linksys spokesman said the product would work out to less than ten cents a
day for “maximum protection from the perils of the Internet.”
Earlier this month, a remote management flaw affecting older versions of the
Linksys EtherFast Cable/DSL Router was detected by security consultants iDefense.
The vulnerability could allow attackers to break into the router using a
simple remote exploitation by attaching a .cgi request to the router’s IP
address to crash the router.
The threat, discovered in August, was never acknowledged by Linksys
officials, who asked iDefense to hold off publishing the vulnerability until
its engineers had a chance to look into the issue. Immediately informing its
customers of the vulnerability, the company waited two months for a Linksys
response.
According to Karen Sohl, Linksys spokesperson, the fix has been corrected
since Sept. 4, when it released a firmware upgrade that addressed the
vulnerability.