Slashdot Mirror
Domain: symantec.com
Stories and comments across the archive that link to symantec.com.
Comments · 1,115
-
Old news
I thought they already had a web interface?
-
Norton Ghost
I think they're going to have a hard time trademarking "Ghosting"
Especially because Norton got there first.
-
Patching SAV
Actually, there isn't a patch for this per se. They are releasing a bloodhound signature that should catch any currently unknown viruses that try to exploit this. This really isn't a patch. The only way to fully protect any machine with these Symantec Products is to upgrade to the latest version of the software.
-
Re:Deja vu...
If you read the Symantec security advisory, you will see that it's a buffer overflow problem with a carefully crafted UPX-compressed file. It's not an "execute-to-test" issue.
-
Re:Immediately patch? Really?From TFA:
Symantec product engineers have developed and released updates or Maintenance Releases for all impacted product versions that were not already upgraded in the latest product build release. Updates and Maintenance Releases are available either through Symantec's LiveUpdate for those products that have LiveUpdate capability or from the Symantec Product Support site at http://www.symantec.com/techsupp.
-
Re:Immediately patch? Really?
For reference, the download site for corporate users is https://fileconnect.symantec.com/licenselogin.jsp
. You need to log in with your corporate serial number. -
Re:Surprisingly honest
Actually, there doesn't even seem to BE an update on their webpage where the announcement says it's going to be: Symantec AntiVirus Corporate Edition 9.0 Product Updates "There are no update files available for download for Symantec AntiVirus Corporate Edition 9.0."
-
Re:Surprisingly honest
Actually, there doesn't even seem to BE an update on their webpage where the announcement says it's going to be: Symantec AntiVirus Corporate Edition 9.0 Product Updates "There are no update files available for download for Symantec AntiVirus Corporate Edition 9.0."
-
Re:Immediately patch? Really?
You are correct. The article is misleading. Not all symantec products are vulnerable. Go here to see if your product requires the update.
Luckily my product here at work does not require the update. I will however have my qmail/ClamAV mail router filter out UPX files as a precaution. -
Re:Wouldn't it be better?
As I've stated before, whatever OS is the dominant one, is the one that virus writers will explore and find the exploits for. Already Symantec has ported to the Mac platform because of the growth it's realized lately. Virus writers are now beginning to attack it, (although not as much as Windows.)
And already the OSS community has been attacked by spyware. If this vulnerability, done by a JavaScript can effect Firefox on Unix, then any browser can be compromised.
Now, that said, I do believe that MS should not be charging for this software, but if they made one for free then the compition would thin out quite quickly. And a search of Virus Bullitin shows nothing on this company participating in any of there tests.
So, how good can it be? -
Re:Swindle?
I don't use antivirus software and have never gotten a virus yet.
I guess you also have no mirror, but know you look great?
Or you could go to Symantec's site and use their online ActiveX virus scanner. -
Re:I got spyware from Firefox
Look here:
http://securityresponse.symantec.com/avcenter/venc
or here:
http://securityresponse.symantec.com/avcenter/venc
for information about that spyware program. It's very likely that you contracted it in another way than some unknown exploit in FireFox. What email program are you using for example? Outlook Express maybe? -
Re:I got spyware from Firefox
Look here:
http://securityresponse.symantec.com/avcenter/venc
or here:
http://securityresponse.symantec.com/avcenter/venc
for information about that spyware program. It's very likely that you contracted it in another way than some unknown exploit in FireFox. What email program are you using for example? Outlook Express maybe? -
Re:virus software?This wasn't a phishing trip
Backdoor.Coreflood is a Backdoor Trojan horse that is primarily designed to conduct Denial of Service (DoS) attacks. The Trojan connects to an IRC server and gives control of the infected computer to an attacker.
Well, here's one guy whose business won't make it into Microsofts shills next TCO "study". $90,000 gone, plus having to take out a loan for $30,000 and dump in an additional $20,000 in cash to keep his business afloatType: Trojan Horse Infection Length: 43,008 bytes, 24,576 bytes, 28,160 bytes, 69,632 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux
-
Re:Plus it isn't open source.
SH.Renepo.B
MacOS.MW2004.Trojan
MP3Concept
Didn't bother looking up more, but the Mac people is in for a big surprise if they are naive about this. -
Re:Plus it isn't open source.
SH.Renepo.B
MacOS.MW2004.Trojan
MP3Concept
Didn't bother looking up more, but the Mac people is in for a big surprise if they are naive about this. -
Re:Plus it isn't open source.
SH.Renepo.B
MacOS.MW2004.Trojan
MP3Concept
Didn't bother looking up more, but the Mac people is in for a big surprise if they are naive about this. -
Re:You're asking too much of MS
The original poster was not lying, the original poster simply doesn't waste his limited time on Earth reading MS blogs. All the original poster was trying to illustrate is that there are still buffer overrun exploits that keep happening, and wanted to illustrate that fact simply without writing a thesis.
-
Re:I got hit
-
Re:Yeah
I'll back it up.
It is the explicit (and logical) intention of AV comapanies not to name rogues in the fashion the author desires.
Symantec's Policy is as folloes
Virus names consist of a Prefix, a Name, and often a Suffix.
* The Prefix denotes the platform on which the virus replicates or the type of virus. A DOS virus usually does not contain a Prefix.
* The Name is the family name of the virus.
* The Suffix may not always exist. Suffixes distinguish among variants of the same family and are usually numbers denoting the size of the virus or letters.
The Code Red virus got its name from an eEye Digital Security researcher's beverage of choice -- the cola variety of Mountain Dew soft drink -- the night they picked through the corruptive code.
Symantec Security Response senior director Vincent Weafer, who referred to Code Red's caffeine-based name, told NewsFactor that there are some things researchers do not use when naming worms:
"We don't use the name of the virus writer because we don't want to give name recognition for something that's done for publicity, and we don't use the date because there are so many trigger dates and it's such an easy thing to change that it wouldn't make any sense," Weafer said.
"After that, it comes down to the researcher and what they find unique about a particular virus," Weafer added.
Quotes above from
http://securityresponse.symantec.com/avcenter/vnam einfo.html/
http://www.newsfactor.com/perl/story/15662.html#st ory-start/
http://users.tcworks.net/virus/naming.htm/ -
Re:It's not only about certificate errors
On the "discern between unimportant stuff and cc stuff", I know in Norton AV (and I think, somehow, in Firefox) you can tell it what your personal data is, such as credit cards etc. I've never used it, but I think this allows it to go "Hey, You just sent your credit card encryption via an insecure connection. I'm going to have to say no, until you confirm that you want to ignore that and do it anyway."
Here's a web page explaining it in detail, and yes, it works as I described it seems. -
Symantecs
-
Re:Learned?
-
small code == legal app?
This might be pretty cool, though it was postet before and MoleSter is already down to 6 lines with 466 bytes, but is small code size really a reason why it must necessary be legal? Don't get me wrong, I don't think that code can be illegal at all. But stating that small code size implies that the resulting app and it's uses are legal sounds quite silly to me, considering SQL Slammer is only 376 bytes.
-
Re:Not just for servers
The Blaster worm, as the grandparent said, was primarily targeted to servers because it targeted only computers with a version of Windows that was NT based.
-
Re:Hmm... GoogleLogins anyone?If users are going to use a client-side application, why not use a password manager?
There are already companies that provide client-side password managing, such as Norton Password Manager.
Then there's always Autocomplete in Internet Explorer as well.....
-
Re:Could we have a distinction here?
The
According to Symantec, there is one but I can't see why the classify it as a virus - it looks like a trojan horse.
At least we know people are trying to write one - just having a heck of a time at it. -
Re:Viruses? Or spyware and malware?
-
I think we all know what is coming
Hmmm, these kind of sites are becoming a nuisance.
Sorry, that website uses broken embed tags and Windows-specific registry CLSIDs to point to quicktime player. I don't have a "registry" or a "quick time" player. For those of us who choose our own browser helper applications (instead of it being decided by a "registry") here is the relevant link [mac.com].
For those of you with a "registry" that decides which applications will open what, and when, you might want to go here [symantec.com].
pmr -
Re:Ummm, it's called "reading".
http://securityresponse.symantec.com/avcenter/sec
I specifically said "bypass OS security" and you bring up this?u rity/Content/2001.10.04.html
Office is not a part of the operating system. A vulnerability in Office is not a vulnerability in the OS. Office cannot bypass system security including the execute permission.
You've yet to show any exploits that will bypass system file ACLs, which is what you appear to have been referring to in an attempt to refute a execute deny ACL's effectiveness.
If that's not what you were talking about, you need to be more clear. The only security settings I mentioned were file ACLs; if you wanted to bring up something else, you should say so.
Yeah, I guess you are right; viruses could still spread across e-mail without needing any extra binary files when the client has a vulnerability. Still, preventing users from running arbitrary executables (at least the ones in the IE cache) would be helpful wouldn't it?
Regardless, all of these have been patched. 3 years ago. If your patches are up-to-date, these vulns are moot. Vulnerabilities and patches are hardly something Microsoft has a monopoly on.As for how this would be implemented, it is in the original post you replied to, DUH!
At that point, I wasn't sure what you were talking about.
And your post looks like a good outline to implement security on a Windows network for average users.
Just curious, how well is your system working? Do you still have any virus/malware infections? Do you use the default permissions or do you apply a security template, perhaps a custom one? Do you implement a deny-execute ACE for normal users where they have write access? It won't prevent everything by itself, but will provide another layer of security. How do you deal with (poorly designed) apps that require excessive permissions just to run? -
Ummm, it's called "reading".
By "it" do you mean viruses or the admin account or what? How do you propose that prevention be implemented?
Viruses and worms, of course. Why/How would I stop the admin account from showing up? As for how this would be implemented, it is in the original post you replied to, DUH!
http://slashdot.org/comments.pl?sid=133250&cid=111 31863
What sort of magical exploits are these that can bypass OS security on a patched system?
http://securityresponse.symantec.com/avcenter/sec
Are you saying that you haven't implemented this? If you had, the users would be unable to propagate e-mail virus attachments because they would be unable to run any attachments containing them.u rity/Content/2001.10.04.html
It's happened before, it can happen again.
Defense in depth, kid.
It's the way the professionals do it. -
"Symantecization"
I used to work with Symantec, and I hear quite painfully where a lot of you are coming from. We used to call new software acquisitions the "Symantecization" process - where a new product is eaten, digested and excreted in a new, "improved" yellow box version. Usually in a broken way. Then commences the multi-year, multi-$million project to try and undo the damage done by product management in the re-branded launch. You can imagine what a nightmare this causes for the guys in support - so go easy on them. Their job is far harder than you imagine and the problems you folks experience are _not_ their fault. You want to yell at someone - yell at the sales reps, marketeers and product managers. The single biggest problem that I've seen is that each product team has their own GUI design people - none of whom speak with any of the other GUI designers. The result ? You have firewalls, IDS systems, network audit systems etc. that are all administrated via a browser console - each requiring its own build of Java and none of which are compatible with each other. I'm glad I left. Digging holes and carrying bricks is a far more enjoyable way to make a living. And FYI, there _was_ a genuine Symantec created product - http://www.symantec.com/sabu/n2000/n2000_ret/
-
Symantec isn't just security
Products page. (I was going to cite examples, but it's easier to just link that page.)
-
Symantec does more than anti-virus...
Have a look at their enterprise product listing to see what else is available.
-
Re:When Will AntiVirus remove it?
Symantec's v9 of their antivirus software does do this (at least the corporate edition), but they do a piss-poor job of it. Of course, this keeps in line with their antivirus efforts, which suck as well. While it's decent at removing files, spyware references in the registry are regularly missed.
-
Re:Free anti-virus alternatives?
Norton can be updated for free last time I tried. As I seem to understand, you just have to disable the Symantec/Norton Services, reboot, download definitions manually from Symantec, install, and the re-enable services. I remember doing this to help a friend that said their "liveupdate subscription cancelled", and they were kinda annoyed that they were paying for freely downloadable updates
-
Re:My Favorite Splash Screen
-
Re:Makes me wonder...
Actually there is a virus that attacks M$ JVM through a security hole. Take a look at Symantec's note regarding this. This is the only issue I've ever had with Java.
It figures that it would be M$ that would once again introduce security problems into software that has proven to be quite secure.
-
Re:Hahahaha.... the fools!
file sharing
game, specifically the only one your girlfriend/mother/mother in law probably cares about.
more games
games
Of course, this is kind of silly, because if you're worried about saving money you're not playing games on a PC or a Mac. "Let's see, I can buy a whole Playstation 2 with a couple of nice games for $200, or I can buy a new video card for for $200 so I can play Doom 3". PC's are excellent gaming platforms, but they are nowhere near as cost effective as any of the console systems. The games, especially when new, cost about the same (if the PC version isn't a little more expensive). It's almost cheaper to have one each of the "big three" consoles than try to keep PC hardware up to spec for playing the newest video games over any given 5 year span. PC's are also nice, open systems, so for online gaming you get access to the wide world of cheaters, where console games at least have some semblance of sofware control. PC games will look nicer, and probably be a little more of a rich experience, but as far as cost-effective, a PC is really far down.
The Windows PC can't do this, at least without buying expensive software. GarageBand comes with a new Mac, and this is also bundled into a new Mac. The ability to painlessly sync my phone and my computer's contact list is pretty valuable. And I can run most other software too, because I've got X11.
Now, admittedly there are lots of things you can't get to work on a Mac. this isn't available, neither is this, or this, or this. As a side effect, neither this nor this is available on the Mac. So, ya know, you're right, there's a lot of stuff that is much harder to do on my Mac than on my Windows PC, like being a Spambot and reporting my personal information to advertisers.
-
Re:Hahahaha.... the fools!
file sharing
game, specifically the only one your girlfriend/mother/mother in law probably cares about.
more games
games
Of course, this is kind of silly, because if you're worried about saving money you're not playing games on a PC or a Mac. "Let's see, I can buy a whole Playstation 2 with a couple of nice games for $200, or I can buy a new video card for for $200 so I can play Doom 3". PC's are excellent gaming platforms, but they are nowhere near as cost effective as any of the console systems. The games, especially when new, cost about the same (if the PC version isn't a little more expensive). It's almost cheaper to have one each of the "big three" consoles than try to keep PC hardware up to spec for playing the newest video games over any given 5 year span. PC's are also nice, open systems, so for online gaming you get access to the wide world of cheaters, where console games at least have some semblance of sofware control. PC games will look nicer, and probably be a little more of a rich experience, but as far as cost-effective, a PC is really far down.
The Windows PC can't do this, at least without buying expensive software. GarageBand comes with a new Mac, and this is also bundled into a new Mac. The ability to painlessly sync my phone and my computer's contact list is pretty valuable. And I can run most other software too, because I've got X11.
Now, admittedly there are lots of things you can't get to work on a Mac. this isn't available, neither is this, or this, or this. As a side effect, neither this nor this is available on the Mac. So, ya know, you're right, there's a lot of stuff that is much harder to do on my Mac than on my Windows PC, like being a Spambot and reporting my personal information to advertisers.
-
Re:netherlands.tell us the company, so the dutch readers can find the company if it ever does this again. We do have an anti spyware commnuity over at the netherlands.
Good point...
The toolbar being installed was the http://www.dotcomtoolbar.com/
The toolbars install was launched from a page counter. The toolbar is well known spyware... http://www.spywareguide.com/product_show.php?id=6
2 8 and http://securityresponse.symantec.com/avcenter/venc This is the company that made the "free" page counter http://www.realtracker.com/
Here's a quote from their website http://business.realtracker.com/index.asp?reselle
r =RTUSRealTracker specialises in analysing visitors, but our innovative software goes further. We offer high-quality information, such as a detailed description of surfing behaviour, browser and computer settings, geographic information, origin and the key words used for search engines. 1.001.271 companies already use our marketing tools worldwide.
So they give away a "free" toolbar and then sell your web surfing information and put pop-ups, desktop links, and banners on your computer. The links installed on my desktop had plenty of porn links mixed in as well. This appears to be their entire business model.
Here's a snippet from an "article" by the founder http://www.theezine.net/articles/44/RealTracker-O
n -USA-Market.htmlRealTracker recoups expenses by placing mini-banners on users homepages. The revenue generated is split between the service provider and RealTracker. It is an innovative business model.
They are based out of Amsterdam. Have at them!
-
Author supports GNU/Linux/Google
Whoever wrote this one is a supported of GNU/Linux, Google, BSD, math, pgp, and more.
I was reading the technical details of the virus on Symantec's site, and noticed that the virus will send itself to all email addresses it finds, except when they contain the following:
acketst
arin.
berkeley
bsd
fido
fsf.
gnu
iana
ibm.com
ietf
isc.o
isi.e
kernel
linux
math
mit.e
mozilla
pgp
rfc-ed
ripe.
sendmail
tanford.e
unix
usenet
utgers.e d
There is more that it filters out, check it out. -
Re:Dell is the low price builder
Yeah, my other computer is Linux too. So what?
The several hours to install all that stuff included a lot of time wandering away from the computer while it took forever to do who knows what and download various updates (and sit like a brick waiting for user input). 25MB of updates just for the preinstalled Norton software and it made me reboot no less than six (6) times during that process, so every time you go back to the computer it's sitting there like a lump waiting for you to click "reboot". Just because you aren't around doesn't make the time go any faster. It usually makes the whole process slower since you aren't there to click every unnecessary dialog that pops up.
The time also included Spybot S&D, Adaware, Spyware Blaster, Norton's firewall, and configuration of the various options in each application to make them actually do what they needed to do without user intervention, which the owners were not capable of. Plus configuration of three different desktops for the people who would be using the computer, so they can keep all their files and settings separate. The 3-5 minute login/logout/reboot processes must have ended up adding an hour or more to my time. After the RAM upgrade it logs in/out in like 20-30 seconds. Still slower than a Mac at less than one quarter the "speed".
Instant on? Any fool knows desktop computers aren't instant on. No need to be facetious or sarcastic. But when someone buys a brand new 2.8GHz computer with 256MB RAM and it boots up and switches between users slower than an old 333MHz with 32MB I have at home, I find it upsetting and ridiculous. A 2.8GHz computer should be fast, especially when it's not running anything. The extra 512 made a lot of the problem go away, but it shouldn't have been necessary, and it added to the base cost of the computer. Before the RAM upgrade it was not "perfectly usable", it was dog slow, like their 5-year-old PC which runs Win98 and is basically dying. For further comparison I've also seen an ancient 350MHz iMac running Mac OS X and it is perfectly usable and was even before we upgraded its memory. Booting up and logging in and out are all reasonably quick, and that computer was new in 1999.
Remember what they say about assumptions. I said "we" there because "we" as a group decided that she should invest another $100 with Crucial.com and get another 512MB stick of RAM. It turned out to be a good decision, since it made the computer "perfectly usable". Before that it was not "ok", which was the whole point. It was so slow it made me and the owners think that a lot of cash had just been wasted on a piece of junk.
I don't buy PCs. The next computer I do buy will be a Mac. Also, you can almost always get cheaper RAM upgrades from someplace like Crucial.com rather than buying from the OEM. Yes, you can even get RAM upgrades for Macs there, you don't have to buy everything from Apple.
Then use Linux. I wasn't talking about 'the total cost of ownership', just the initial cost of purchasing one from Dell and Gateway vs. other PC manufactures.
I was just making a comment that I didn't think base cost was the whole story. It wasn't aimed directly at you, but at anyone who might read it as they browse the comments attached to this story. I raised a separate issue for consideration by others. Ask yourself if it was really necessary to respond by talking to me like I'm an idiot.
You may also want to read that link about Dell's customer service that you gave me, funny thing is I see a lot of hardware problems being discussed. Hard drives dying after a week, things like that.
-
Re:English, motherfucka, do you speak it?
One virus two virus three virus four....
Virus is one of those sheep like works that is both singular and plural
And hey, I can EVEN cite the use of virus as plural here.
View all virus threats link All meaning plural, hense virus is the correct word to use for 1 virus or 10,000 virus. and you got +4 informative hah! -
Re:you mean...
I recommend DeepFreeze only as an absolute last resort for business environments.
It becomes more work than its probably worth to update critical system applications and security patches, as well as creating an aggravating environment for the user.
A user may require a 3rd party application, in which case they will need to contact the administrator to come and install it for them, which can potentially slow productivity by a significant margin.
I recommend Norton Ghost http://www.symantec.com/sabu/ghost/ghost_personal/ instead. Ghost will create a "copy" of the harddrive to a disk, and you can use it to revert back at a later time. This solution allows users to install whatever they may need, as well as ease your headache for installing those pesky updates. Revert back machines on regular intervals, or whenever a serious problem arises. This solution also lets you setup a single machine (assuming they are all the same) and use that Ghost image to update all the others -- very handy utility. -
Use Norton Ghost
Norton Ghost is what I use for multi-disk CD-R backups.
-
Use Norton Ghost
Norton Ghost is what I use for multi-disk CD-R backups.
-
'Symantec' Web?
Yes, but will it have built-in virus scans and removal tools?
-
Re:Immune
Let's just hope such a "virus" wouldn't be another welchia.
-
Re:Sweet Spot?
_Most_ programmers with any measurable breadth can sit back and shake their head. Sorry!
I completely agree that most programmers still agree with your point of view. That's why so much software is still full of security holes, crashes so frequently, requires hundreds of megabytes of memory, and misses so many deadlines.
struggling to grip with a wide variety of blindlingly obvious fact.
Yes, the facts are blindingly obvious.