Linksys Allies With Symantec

Burned by security flaws, Linksys teams up with Symantec to add the popular Norton security tool on cable/DSL routers sold in the U.S.

by Ryan Naraine of internetnews.com [November 27, 2002]

Burned by well-chronicled security flaws within its products, Linksys on Monday announced it would use software from Internet security specialists Symantec on its line Cable/DSL routers sold in the U.S.

Irvine, Calif.-based Linksys announced that Symantec's Norton Internet Security 2003 software suite would be available on its cable/DSL routers to provide network security to home small business users.

Norton, known for its virus protection tools, would be offered to Linksys customers during the router installation process. To lure customers in the U.S. into paying for the virus protection tool, there are free offers built into the sign-up process.

The plan is for Linksys router customers to get a 60-day subscription service from Symantec that will deliver regular updates for virus definitions, firewall rules and the intrusion detection signatures. For subsequent updates, annual subscription would be required.

Linksys and Symantec said Norton Internet Security 2003 would be bundled with all Linksys EtherFast Cable/DSL, HomeLink and wireless access point routers. Norton will provide features like parental controls, privacy controls, anti-virus management and personal firewall protection.

A Linksys spokesman said the product would work out to less than ten cents a day for "maximum protection from the perils of the Internet."

Earlier this month, a remote management flaw affecting older versions of the Linksys EtherFast Cable/DSL Router was detected by security consultants iDefense.

The vulnerability could allow attackers to break into the router using a simple remote exploitation by attaching a .cgi request to the router's IP address to crash the router.

The threat, discovered in August, was never acknowledged by Linksys officials, who asked iDefense to hold off publishing the vulnerability until its engineers had a chance to look into the issue. Immediately informing its customers of the vulnerability, the company waited two months for a Linksys response.

According to Karen Sohl, Linksys spokesperson, the fix has been corrected since Sept. 4, when it released a firmware upgrade that addressed the vulnerability.

— End