Slashdot Mirror

I don't ever recall auto-execution of applications on floppy disks on any version of Mac OS (or System x.x).

I suspect your thinking of the Hong Kong Virus outbreak of 1998 that piggybacked on the behaviour of QuickTime 2.5 and later's AutoPlay feature.

[let's use Symantec as they're topical]

http://securityresponse.symantec.com/avcenter/venc /data/autostart.9805.html

Most of the vulnerabilities in 'Classic' Mac OS were to do with System Extensions and Control Panels which loaded up at boot time. Since they were analogous to kernel extensions, they had deep access into the heart of the OS.

Simpsons@mm is an AppleScript worm that targets the Macintosh platform. It may open Microsoft Outlook Express or Entourage, and send a copy of itself with the original message to everyone in your address book. The name of the script is "Simpsons Episodes." This worm does not appear to be particularly malicious, and is similar to other mass-mailing worms that affect Window's computers such as VBS.LoveLetter http://securityresponse.symantec.com/avcenter/venc /data/mac.simpsons@mm.html

http://www.symantec.com/ Norton Systemworks 2003 came with Wipeinfo, which claims to permanently remove files from your hard drive. You can also use a "government wipe" which conforms to a DoD document on industrial security.

From the help file:
Wipe Info erases files or folders from your hard disk so that they cannot be recovered. On Windows 98/Me, Wipe Info also wipes the free space on your hard disk.
When you wipe a file, Wipe Info wipes the file and attempts to wipe any free space associated with the file and the file's directory entry.
When you wipe a folder, Wipe Info wipes all of the files in the folder, and then, if the folder is empty, it attempts to wipe the directory entry for the folder.
When you wipe free space in Windows 98/Me, Wipe Info wipes the free drive space, free file space, and erased file entries.
In general, you cannot recover files that have been wiped. Windows Me/XP System Restore can restore files that have been wiped if they are one of the protected file types. By default, many document types, such as .doc and .xls files in My Documents, are protected. Windows Me/XP System Restore maintains copies of protected files. Wiping the original file does not wipe the copy that Windows Me/XP System Restore maintains.
Wipe Info eliminates a file's contents from the disk, but does not remove the file name. While the file name remains on disk, it is no longer visible in Windows Explorer, and there is no data stored with it. On NTFS volumes, streams (alternate data that belongs to a file but is not stored with the file) are also wiped.

There are ISP-grade products that do it. Sun has one. See http://www.sun.com/software/products/messaging_srv r/home_messaging.xml

You need to break up the jobs of message storage, client connections, and mail transfer into isolated components that can scale independent of each other and be clustered for scalability and high-availability.

Message Transfer Agents (MTAs) are often dedicated for either inbound and outbound and also interface to scanning software (e.g. BrightMail Anti-Spam & Anti-Virus, see: http://enterprisesecurity.symantec.com/products/pr oducts.cfm?ProductID=642%20) to check for the usual suspects. For inbound mail, they leveraage directory servers (which replicate with ease) to find the specific message store used to host the mailbox for the inbound message, and then route it correctly. These are load balanced for availability and scalability.

A user's mailbox will only exist on a single message store, but the message stores can be clustered for high-availability.

Client connections similarly allow an array of "message multiplexors" to scale that end of the problem. The multiplexors speak webmail, IMAP, and POP. Similar to the MTAs, they are load balanced. A user can connect to any multiplexor and a directory server is used to find that user's proper message store to connect them to their mailbox.

To the end user it looks like a single server that does POP, IMAP, and WebMail. In truth it's broken into components to achieve high scalability and availability.

A single message store can usually store a few hundred thousand mailboxes -- for a million mailboxes you'd probably only need a handful of them.

Many people are now putting e-mail security devices in front of the "receivers".

Products such as Ironport, Openwave Edge Gx, and Symantec Mail Security Security use technologies such as traffic shaping, reputation services, directory harvest attack detection, etc. to help keep spam out of your network.

http://www.symantec.com/press/1998/n980928.html

Guess what,Symantec has been offering this for a while now, and there are others, even some free ones. Just Google for them and you'll see what i'm talking about.

Good Lord... This is old news. There are plenty of alternative antivirus for smart devices, like Simworks for Symbian or Airscanner for Windows Mobile. Or Symantec Antivirus for Palm. All these have been out for a while already...

think of the the amount of scammers that would go out of business

when there is so much money in it, its never gonna stop until we kill the disease, not treat the symptoms

W32.Wullik.B@mm is a "mass mailer", which means it uses email to send copies of itself. Technically it's not a worm, but the AntiVirus industry calls them "email worms" or sometimes simply "worms".

The confusion is partly due to the hybridization of malware in the last few years. The same bit of malware might exploit buffer overflow vulnerabilities over a network remotely and without user participation, like a worm, make copies of itself to removable media or other files on a hard drive or network drive, like a virus, or send copies of itself via email. The latter technique didn't get a cute name like worm or virus, and the lack of a cute name dedicated to this technique has helped foster the confusion.

Mass Mailers are typically the agents responsible for causing email outages in large organizations where the mail servers are Exchange and the clients are Outlook (and related). The mass mailer viruses cause particular grief in those environments because they are often equipped with the ability to harvest email addresses from the Outlook address book, so a handful of contaminated PCs can pretty quickly bog down the mail server by sending copies of the virus to everyone in the company over and over.

For the moment, organizations using other email systems tend not to get hit as hard. However, there really isn't any reason that these viruses couldn't learn how to read other address book formats and wreack havoc in other places, too, so someday they probably will.

Maybe you would like to give that another thought... For instance, how about Win95.CIH (aka Chernobyl)?

http://securityresponse.symantec.com/avcenter/venc /data/cih.html

"Systems Affected: Windows 95, Windows 98, Windows Me

Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 2000, Windows NT, Windows XP"

And I'm pretty sure the old PingPong virus I had on my 8086 with MS-DOS 5.0 would be at a loss on my XP desktop.

http://www.symantec.com/avcenter/venc/data/ping_po ng.html

Windows viruses (or virii) exist and continue to grow in numbers because of faulty/crappy/patchy/etc OS and program code. Maybe Windows' "backwards compatibility" philosophy makes it more so but Windows is not the only OS struggling to keep old programs working...

If anything, this shows you how crappy backwards compatibility on Windows actually is!

Maybe you would like to give that another thought... For instance, how about Win95.CIH (aka Chernobyl)?

http://securityresponse.symantec.com/avcenter/venc /data/cih.html

"Systems Affected: Windows 95, Windows 98, Windows Me

Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 2000, Windows NT, Windows XP"

And I'm pretty sure the old PingPong virus I had on my 8086 with MS-DOS 5.0 would be at a loss on my XP desktop.

http://www.symantec.com/avcenter/venc/data/ping_po ng.html

Windows viruses (or virii) exist and continue to grow in numbers because of faulty/crappy/patchy/etc OS and program code. Maybe Windows' "backwards compatibility" philosophy makes it more so but Windows is not the only OS struggling to keep old programs working...

If anything, this shows you how crappy backwards compatibility on Windows actually is!

I think the OP just wanted software to remove one specific virus. In that case, go to Symantec Security Response, and look for the particular virus, then download the removal tool.

SR page for Zotob.L
Direct link to to removal for e.g. Klez.A (old, obviously ;))

They don't always provide removal tools, but often do for the major viruses that cause problems. Stinger is good too ;)

I think the OP just wanted software to remove one specific virus. In that case, go to Symantec Security Response, and look for the particular virus, then download the removal tool.

SR page for Zotob.L
Direct link to to removal for e.g. Klez.A (old, obviously ;))

They don't always provide removal tools, but often do for the major viruses that cause problems. Stinger is good too ;)

I think the OP just wanted software to remove one specific virus. In that case, go to Symantec Security Response, and look for the particular virus, then download the removal tool.

SR page for Zotob.L
Direct link to to removal for e.g. Klez.A (old, obviously ;))

They don't always provide removal tools, but often do for the major viruses that cause problems. Stinger is good too ;)

That's why there's a very popular Windows program called Partition Magic. If I want to move partitions around, I just run partition magice and move them! No muss, no fuss.

A simple google search for "Lover Spy" included Symantec's reference to it on the first page of results. See http://securityresponse.symantec.com/avcenter/venc /data/spyware.loverspy.html for details.

Note also that it's been detected since October 2003, so I really don't have that much sympathy with the victims. The guy who sold this software deserves far worse than arrest and incarceration, but the victims who claim they had current anti-virus software updates installed are full of it.

...With our new LiveUpdate feature...

Then Symantec will sue them for trademark infringement, and two wrongs will make a right! Or something.

Deletes the following registry values:
"MyWebSearch"
"WINDOWS SYSTEM"
"Zotob"
"MyWay"
"WeatherOnTray"
"Apropos"
"IBIS TB"
"TBPS"
"Toolbar"
"Hotbar"
"CMESys"
"NavExcel"
"ViewMgr"
"eZula"
"EbatesMoeMoneyMaker"
"Ebates"
"AutoUpdater"
"Gator"
"Trickler"
"QuickTime"
"GatorDownloader"
"eZmmod"
"Viewpoint"
"TkBellExe"
"180"
"WinTools"
"Real"
"QuickTime Task"
.
.
.

Both Symantec link and F-Secure link

States that only Windows 2000 machines were affected.

F-Secure Writes: "The exploit uses fixed offsets inside Windows 2000 version of umpnpmgr.dll. This means that only Windows 2000 systems (SP0-4) are affected."

anyone notice it is deleting these files;
%PROGRAMFILES%\MyWebSearch
%PROGRAMFILES%\MyWebSearch\*.exe
%PROGRAMFILES%\Hotbar
%PROGRAMFILES%\Hotbar\*.exe
%PROGRAMFILES%\MyWay
%PROGRAMFILES%\MyWay\*.exe
%PROGRAMFILES%\180Solutions
%PROGRAMFILES%\180Solutions\*.exe
%PROGRAMFILES%\EbatesMoeMoneyMaker
as per http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.d.html now if it just woulnt reboot the computer.

Has anyone else noticed that according to the Symantec security response page, this virus removes several common spyware files? kills process, removes registry entry, and deletes. I suppose it does this so that it will have the machine's internet connection mostly to itself, but I find that fascinating.

From symantec, it almost sounds like the worm is trying to decrudify your system. It attempts to kill the realplayer, quicktime, gator, and many spyware/malware/adware toolbars. It alsocleans them out of the registry, and deletes their files.

Too bad it also opens an FTP, IRC connection, and many others, but I do wonder if it's a variant on code originally intended to clean rather than infest?

I also quite like how MS directs you to complain to the Internet Fraud Complaint Center Web site, I'm sure they really appreciate all the extra phonecalls about infected operating systems...

Today is Tuesday Aug 16, 2005 8:50 EST
From securityresponse.symantec.com, the threat assessment included when patterns were released.

Zotob.A Aug 14 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.a.html
Zotob.B Aug 14 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.b.html

Visit this link --> Zotob.D Aug 17 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.d.html
Note the
  Virus Definitions (Intelligent Updater) *
  August 17, 2005

Virus Definitions (LiveUpdate(TM)) **
  August 17, 2005

Zotob.E Aug 16 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.e.html

Well Hmm... is Zotob D scheduled for release tomorrow.

Perhaps Symantec should invest in some of those Desk calendars to schedule the virus releases.

Seriously,
for the suxxors who rely on Symantec Live update, they will have to wait another day to get virus patters for viruses out TODAY.
While anyone with smarts enough to manually download the so called intelligent updater can have today's patterns.

Just why Symantec waits, I suppose is so Press consumer pain can and is generated about infections which only boost sales. Or presuming no ulterior motives, its because their download servers are weak and can't update same day scheduled over the whole day for their paying user base. I seem to remember AOL being sued ( and end users winning) for over selling service lines and having over loaded networks.

Don't know why this came out as Symantec bashing, just they way the note was written.
By the way after replacing NIS 2003 with 2005 with anti spam, my advertising is %1000 more of a pain in the ass and the Ad trash can is missing from the product.

Guess the ad's spam and missing ad trash can is why this came out as Symantec bashing, guess Symantec's bad karma's just making the rounds.

Today is Tuesday Aug 16, 2005 8:50 EST
From securityresponse.symantec.com, the threat assessment included when patterns were released.

Zotob.A Aug 14 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.a.html
Zotob.B Aug 14 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.b.html

Visit this link --> Zotob.D Aug 17 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.d.html
Note the
  Virus Definitions (Intelligent Updater) *
  August 17, 2005

Virus Definitions (LiveUpdate(TM)) **
  August 17, 2005

Zotob.E Aug 16 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.e.html

Well Hmm... is Zotob D scheduled for release tomorrow.

Perhaps Symantec should invest in some of those Desk calendars to schedule the virus releases.

Seriously,
for the suxxors who rely on Symantec Live update, they will have to wait another day to get virus patters for viruses out TODAY.
While anyone with smarts enough to manually download the so called intelligent updater can have today's patterns.

Just why Symantec waits, I suppose is so Press consumer pain can and is generated about infections which only boost sales. Or presuming no ulterior motives, its because their download servers are weak and can't update same day scheduled over the whole day for their paying user base. I seem to remember AOL being sued ( and end users winning) for over selling service lines and having over loaded networks.

Don't know why this came out as Symantec bashing, just they way the note was written.
By the way after replacing NIS 2003 with 2005 with anti spam, my advertising is %1000 more of a pain in the ass and the Ad trash can is missing from the product.

Guess the ad's spam and missing ad trash can is why this came out as Symantec bashing, guess Symantec's bad karma's just making the rounds.

Today is Tuesday Aug 16, 2005 8:50 EST
From securityresponse.symantec.com, the threat assessment included when patterns were released.

Zotob.A Aug 14 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.a.html
Zotob.B Aug 14 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.b.html

Visit this link --> Zotob.D Aug 17 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.d.html
Note the
  Virus Definitions (Intelligent Updater) *
  August 17, 2005

Virus Definitions (LiveUpdate(TM)) **
  August 17, 2005

Zotob.E Aug 16 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.e.html

Well Hmm... is Zotob D scheduled for release tomorrow.

Perhaps Symantec should invest in some of those Desk calendars to schedule the virus releases.

Seriously,
for the suxxors who rely on Symantec Live update, they will have to wait another day to get virus patters for viruses out TODAY.
While anyone with smarts enough to manually download the so called intelligent updater can have today's patterns.

Just why Symantec waits, I suppose is so Press consumer pain can and is generated about infections which only boost sales. Or presuming no ulterior motives, its because their download servers are weak and can't update same day scheduled over the whole day for their paying user base. I seem to remember AOL being sued ( and end users winning) for over selling service lines and having over loaded networks.

Don't know why this came out as Symantec bashing, just they way the note was written.
By the way after replacing NIS 2003 with 2005 with anti spam, my advertising is %1000 more of a pain in the ass and the Ad trash can is missing from the product.

Guess the ad's spam and missing ad trash can is why this came out as Symantec bashing, guess Symantec's bad karma's just making the rounds.

Today is Tuesday Aug 16, 2005 8:50 EST
From securityresponse.symantec.com, the threat assessment included when patterns were released.

Zotob.A Aug 14 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.a.html
Zotob.B Aug 14 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.b.html

Visit this link --> Zotob.D Aug 17 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.d.html
Note the
  Virus Definitions (Intelligent Updater) *
  August 17, 2005

Virus Definitions (LiveUpdate(TM)) **
  August 17, 2005

Zotob.E Aug 16 http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.e.html

Well Hmm... is Zotob D scheduled for release tomorrow.

Perhaps Symantec should invest in some of those Desk calendars to schedule the virus releases.

Seriously,
for the suxxors who rely on Symantec Live update, they will have to wait another day to get virus patters for viruses out TODAY.
While anyone with smarts enough to manually download the so called intelligent updater can have today's patterns.

Just why Symantec waits, I suppose is so Press consumer pain can and is generated about infections which only boost sales. Or presuming no ulterior motives, its because their download servers are weak and can't update same day scheduled over the whole day for their paying user base. I seem to remember AOL being sued ( and end users winning) for over selling service lines and having over loaded networks.

Don't know why this came out as Symantec bashing, just they way the note was written.
By the way after replacing NIS 2003 with 2005 with anti spam, my advertising is %1000 more of a pain in the ass and the Ad trash can is missing from the product.

Guess the ad's spam and missing ad trash can is why this came out as Symantec bashing, guess Symantec's bad karma's just making the rounds.

Check this link for what Symantec is calling the "Zotob.E" variant (which is exactly what's happening with me).

It's not totally bad... I mean at least it is trying to do the average joe some kind of favour:

Kind of anyway:

[http://securityresponse.symantec.com/avcenter/ven c/data/w32.zotob.d.html%5D

Searches for the following files and folders to delete the files and the contents of folders:

%SYSTEM%\pnpsrv.exe
%SYSTEM%\winpnp.exe
%SYSTEM%\csm.exe
%SYSTEM%\botzor.exe
%PROGRAMFILES%\MyWebSearch
%PROGRAMFILES%\MyWebSearch\*.exe
%PROGRAMFILES%\Hotbar
%PROGRAMFILES%\Hotbar\*.exe
%PROGRAMFILES%\MyWay
%PROGRAMFILES%\MyWay\*.exe
%PROGRAMFILES%\180Solutions
%PROGRAMFILES%\180Solutions\*.exe
%PROGRAMFILES%\Common Files\WinTools
%PROGRAMFILES%\Common Files\WinTools\*.exe
%PROGRAMFILES%\Toolbar
%PROGRAMFILES%\Toolbar\*.exe
%PROGRAMFILES%\CxtPls
%PROGRAMFILES%\NavExcel
%PROGRAMFILES%\AutoUpdate
%PROGRAMFILES%\AutoUpdate\AutoUpdate.exe
%PROGRAMFILES%\EbatesMoeMoneyMaker
%PROGRAMFILES%\eZula
%PROGRAMFILES%\eZula\mmod.exe
%PROGRAMFILES%\Common Files\GMT
%PROGRAMFILES%\Common Files\GMT\GMT.exe
%PROGRAMFILES%\Common Files\CMEII

Symantec lists XP as a vulnerable OS, though I'm not certain if that is just a blanket response from Symantec.

However, TFA at CNN quotes the Sans Institute as having identified 'early versions of XP' as being susceptible to the threat, via the MS05-039 hole.

Being that XP is the red-headed stepchild of 2000, I'd say it's susceptible to attack.

Check out http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.d.html to see exactly what this is attempting to do.

Symantec has info on two variants: W32.Zotob.A http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.a.html and W32.Zotob.B http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.b.html

Both describe, "Attempts to spread to systems which can be exploited by a vulnerability in Microsoft Windows Plug and Play Service (as described in Microsoft Security Bulletin MS05-039). If successful, the worm copies the file 2pac.txt to the remote machine."

Symantec has info on two variants: W32.Zotob.A http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.a.html and W32.Zotob.B http://securityresponse.symantec.com/avcenter/venc /data/w32.zotob.b.html

Both describe, "Attempts to spread to systems which can be exploited by a vulnerability in Microsoft Windows Plug and Play Service (as described in Microsoft Security Bulletin MS05-039). If successful, the worm copies the file 2pac.txt to the remote machine."

Symantec list Windows 2000, Windows 95, Windows 98, Windows NT, Windows XP as operating systems affected. However, TFA says XP SP2 and 2003 Server are not, but the patch MS05-039 wasn't released until August 9th. Can we please have more contradictory information?

Symantec copied the DOD definition of "force protection condition (formerly called THREATCON, now called FPCON) and hacked it into their ThreatCon definitions. It's not really relevant, but it sounds official and impressive.

That's Symantec. And yeah, I agree; Personal Firewall isn't gonna cut it for the shuttle.

Really? Does it? Isn't this just an old joke with not much fact to back it up anymore?

Not a joke, but a worm (sasser): http://securityresponse.symantec.com/avcenter/venc /data/w32.sasser.worm.html

I own a $299 Dell. It came with a trial of McAfee Antivirus, after which I plan to use the free AVG Antivirus. It came with McAfee's firewall and Windows' own firewall, which I think are redundant. Pop-up blockers are built in to IE and Firefox now. Ad-Aware is still free, as are many of its competitors. "Backup anti-spyware" software, whatever that is, doesn't have to cost $100.

Outstanding FUD, though. You would do a good job selling Norton Antivirus for Mac.

I mean really, Salon isn't that good of a news magazine. They require payment for mediocre articles, you can't even read the article if you have Norton Ad-Blocker active, their political commentary is out-of-kilter with most of the libertarian Slashdot audience... Why exactly should we care that Salon has a celebrity interview article?

Haven't seen one of these in *years*. All office versions since 2000 have made major steps to reduce malicious code in documents, and they were few and far between in the first place.

They were anything *but* few and far between. Back when I worked at a help desk, we had an Excel virus that had been prevalent in the company for YEARS. Every so often someone would give us a call and say that all the info had been wiped from their Excel spreadsheet. And that's despite the fact that Norton Anti-Virus was blocking most of these viruses before the attachment could be downloaded from the mail server. And I've never seen a user pay much heed to the "This Document is Potentially Unsafe. Open? (Y/N)" prompt.

They are certainly less common, but they are far from gone.

There's been a huge upsurge lately in server side virus scanning for email, and you just don't see a lot of spyware in email.

The problem with these worms is less the corporate email system, and more the matter of users running them from personal email. GMail does an excellent job of sorting the little buggers out, yet it still manages to let a few slip through every once in awhile.

[RPC Vulnerabilities] Not really since windows 2000.

Sasser doesn't seem like it cared for your interpretation much.

How many XP machines do you see with IIS?

XP Professional and up. Thankfully most admins are replacing their servers with Win2003, which is somewhat less vulnerable to these exploits. Of course, SQL Server is still a problem with occasional flaws being found. (Why the blasted things were ever publically accessable, I'll never know.)

It's not that I'm disagreeing that IE is the biggest problem. I'm just saying that Windows has seen (and continues to see) a LOT more vulnerabilities than that. It just so happens that exploiting IE is en vouge right now, so that's what crackers do.

If Service Packs were more frequent, if users' browsing practices were more informed, and if the already discovered exploits were acted on more swiftly by Microsoft and the larger/corporate-market antivirus companies like Norton (notorious for deciding some things, like certain trojans, just aren't worth detecting of fixing - just cross reference shinwow.java here and here, it gets priveleges from the BYTEVERIFY.java exploit).

<rant>
Norton gives removal instructions - but what the site doesn't mention is NORTON PRODUCTS ON WINDOWS DO NOT DETECT THE PRESENCE OF THE VIRUS. Kaspersky, eTrust EZArmor, and others do detect the virus. Which begs the question, why doesn't Norton's latest home AV package?
</rant>

Basically, a guarantee from MS of 24 hour patching wouldn't be an end in itself IMHO. Also, it's easy to make Microsoft look bad if they've got so many exploits that they've got a rapid deployment of patches. Basically, I want Windows Updates the way my Mac updates, click the Apple->Software Update done. I've used it for just under 7 months, so far I've had 10.3.[7-9] and 10.4.[0-1]. In the same time Windows is Service Pack 2, and the only other notable change was the recent auto update about a change to auto update.

So 5 updates to Panther/Tiger, maybe one I noticed for Windows. I wouldn't have any greater impression of security on Windows if daily patches were an option, I think it'd just be something for the CVS users to Beta test with no prospect of an Alpha, unless Longhorn is going to do that by RSS too :-)

This is not talking about email viruses, but worms that make their way through unsecured ports. Like the blaster worm.

Symantec has Mac offerings, at least in the consumer realm. However, Symantec doesn't believe there are such things as Macs in the enterprise, so I doubt it.

I doubt there are any Linux plans. Last I knew, Symantec was tied around Microsoft's little finger. But I left a few years ago, before Microsoft started it's AV thingie. But when I left, they didn't anything beyond a Microsoft world in the corporation. I believe they used to have server security software for Solaris, but dropped it.

Considering the software that often uses bundled adware and spyware is questionable at best (Kazaa at one time, other - more bogus - P2P software bundles) I wonder how much these Fortune 500 companies have funded even dirtier scams.

You know someone who has clicked a "free screensaver" or "system performance" pop-up before only to get trojans and adware. Does Circuit City endorse these scams on user intelligence? [Oxymoron I know]

Let's not even mention Compaq who bundles WeatherBug on their new machines!

Is it always going to be "us" versus the corporations? And why do I feel more libertarian and less "liberal" everyday?

I guess the solution is simple - start a list of people to boycott based on their aggressive advertising.

1. Doscan.exe isn't the primary client application, rather it is the startup scanner app. It is also the proverbial root of all evil. When Doscan is allowed to run, it kicks off a memory leak in Rtvscan.exe (the real client) and we saw memory usage hit the 75-100 MB range, causing the sluggish performance.
   
   
2. The fix that Symantec is going with now is to keep the startup scan from running through a registry change, either before or after installation (KB article here). I tried this and it did help, but not enough to make it worth it , since I still saw a 30 MB+ memory hit.
   
   
3. As far as I know anything between 9.0.1 and 10.0 is not readily available or even offered unless you call Symantec Licensing Support and ask for it. The very latest version of 9 is the 9.0.3 we have and it seems pretty good.

I don't understand...since when did Slashdot become a place for technical support? Here's your official Symantec Tech Support line: http://www.symantec.com/techsupp/enterprise/produc ts/sav_ce/sav_ce_10/contact_ts_online.html

http://service1.symantec.com/SUPPORT/ent-security. nsf/pfdocs/2005042710304248?Open

This is a few of the fixes Symantec is pushing around.

Sorry, folks. Saying *nix doesn't have viruses is just fan-boy. Believing it is ignorant. As a matter of fact, I run Windows and Linux. Windows does tend to get more, simply because it has more market share. However, I can say that the only virus/worm I've ever gotten that DESTROYED important data was on Linux. God damned phpBB worm that replaces *.html among other things.

Anyway, such generalizations are foolish anyway, since it's usually not the OPERATING SYSTEM level software getting the virus/worms. It's some badly written service.

• Can we say Slammer?
• Can we say Santy?

Anyway... you get the point. But please, stop being slashdot zombies and claiming Linux is perfect.

Keith

The major AntiVirus vendors also have automated sytems in place to help their clients collect virus samples and deliver them for analysis. The Symantec feature is called Scan and Deliver.

Cases where it's actually happened:

Slapper
Lion
Scalper

Those are just from a quick Google. Then there's the list of Linux and Mac OS X vulnerabilities (take a look around www.cert.org). How could you possibly claim that Linux and Mac OS X "don't get viruses" when any one of those vulnerabilities might be actively exploited. Just because a worm or virus doesn't make the news doesn't mean it's not out there.

I'll be here waiting

Hope I didn't keep you too long. I'm not sure why you're fighting this fight, particularly if you position yourself as someone knowledgeable on IT.