Slashdot Mirror

symantec also makes firewalls.

http://www.symantec.com/Products/enterprise?c=prod cat&refId=1006

Perhaps you missed this... http://www.symantec.com/vista/sav-vista.html

They *arent* stopping the need for this software, just making it harder for the competition.

Windows OneCare is not built into Windows Vista and must be bought seperatly. You can thank Symantec for that. The only thing that is integrated into Vista is Windows Defender, which the AV companies will probably sue MS over, and I can bet that both OneCare and Defender use the same protocol that MS is telling the AV vendors to use.

As For The Competition that MS is trying to "Screw"...
Trend Micro runs on Vista
Computer Associates runs on Vista
Avast runs on Vista
Sophos Runs on Vista
AVG Runs on Vista
Mcafee runs on vista
Symantec runs on vista

There is no good reason why a Web browser should ever run as a privileged user.

I acknowledge that there may be reasons why this is done, but none of them are good reasons.

The report is available at http://www.symantec.com/enterprise/threatreport/in dex.jsp

It never fails to amaze me that slashdotters tend to post news stories rather than the source.

Symantec Security Response encourages you to ignore any messages regarding this hoax. It is harmless and is intended only to cause unwarranted concern. Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it. [emphasis theirs]

all other security vendors won't be able to run properly.

Trend Micro runs on Vista
Computer associates runs on Vista
Avast runs on Vista
AVG Runs on Vista
Mcafee runs on vista
Hell, Symantec runs on vista

If you watch the WWDC keynote telecast (and the accompanying "PC guy" intro video, both of which are available on the Apple Web site), you'll notice immediately that Apple is more than a little preoccupied with Windows Vista.

Vista is an embarassment to Microsoft, and a source of cheap entertainment to everyone who isn't hooked on Windows. Every new announcement about Cairo-I-mean-Longhorn-I-mean-Vista has put the final release date further off, has reduced the promised features, until the final release seems more like a fat Windows 2000/XP service pack.

Apple's new features might be unexciting to geeks, but does anyone expect them to get cut before release? Does anyone expect them to have features like this? It's certainly possible that Apple could use the TPM module to lock down the kernel like that, but Microsoft's already done it... pretty soon the only way to modify the kernel will be by embedding a virus in a video or image file, using the kernel hooks for Windows Media Player the put in to lock down the DRM.

[Microsoft] is at least deferential to its customers in public, about as far from smug as is humanly possible, and it very rarely takes pointed shots at the competition.

Ballmer: Linux is a virus, Linux is Communism, ... ah, forget it. Ballmer's an easy target.

But I'd still take that over Bill Gates' slippery innuendoes. "With Linux you have to pay for virus protection." Please, Bill.

And, really, I don't care how deferential Microsoft is being when they pull pranks like this. And given my own experience with Microsoft support when it came to licenses (their support line gave me bad advice on how to handle client licenses, then demanded I get a support contract before they'd help me fix it), they can be as nice as they want when they ask me to piss in the Windows Genuine Advantage cup but it's not going to make me feel any better about the latest outbreak of Palladium poisoning in Vista.

He even took a shot at Vista's glass-like logo, because it looks too much like an OS X icon. Whatever. Microsoft is pushing a "glass" theme in Vista, and the logo represents that.

Microsoft is pushing a theme inspired by early releases of OS X, and the logo represents that. Whatever.

I saw a demo of this product and it seemed neat. You install the daemons on your systems and it monitors all the socket & file opens. In this way it can map application dependencies on different machines or the same machine. I think it can scale to a few thousand machines. On the down side it's not free. When Symantec acquired Relicore the product was renamed to some bland, information free name like Configuration Manager. http://www.symantec.com/Products/enterprise?c=prod info&refId=1461

I'll second that, I ran into this almost a year ago, I too wrote an email to complain and received no reply.

After a long holiday from Dilbert coincidently I visited Dilbert again just last night and to my shock got an even more agreesive form of attack which left me scanning my hard disk for a good two hours afterwards just to make sure that they hadn't used a browser exploit to infect my machine.

I emailed United Media again last night here's a copy...

I think you should know that one of the banner ads that is occasionally appearing when you visit the Dilbert comic website redirects you from the Dilbert site to another domain - www.errorsafe.com. Where upon you are continuously assaulted with popups attempting to get you to install Errorsafe's spyware software. This software poses as an antivirus application but in actual fact deliberately installs malware on to your machine, and then attempts to get you to pay money to remove it. This is basically outright fraud and blackmail, I have no doubt you'll find this company operates in a country beyond reach of litigation.

Errorsafe is notorious and well documented by numerous anti-spyware companies such as symnatec http://www.symantec.com/security_response/writeup. jsp?docid=2006-012017-0346-99. I think it's a very serious matter to allow Errorsafe to inject malcious script into your sites exposing visitors to your domain to such a deceptive incidious organisation whose business is to cause damage and monetary loss to those unwary enough to fall pray to it. I could go so far to say that whilst Errorsafe may be beyond the law, you may actually be in part (or fully) liable for any damages caused by Errorsafe to those visiting your domain.

This has been going on for quite some time now (at least a year). I'm really quite shocked that such a high profile site such as United Media would be linked to such criminal activity.

In short, I really think it would be in your best interest to make sure that Errorsafe is not permitted to "advertise" on any of your websites.

Michael

I've since added this domain (www.errorsafe.com) to the list of no go domains for my browser to ensure that my computer never attempts to load content from that domain again. Can anyone suggest a reliable site that you might find a list of domains that a security conscious user should put in their ban list ?

Having some sort of service that updates a list of banned domains on your system would be a great way to nullify these sorts of attacks. However I guess this could become an extremely dangerous tool for an authority wanting to censor the web.

Paper, with blog post introducing it:
http://www.symantec.com/enterprise/security_respon se/weblog/2006/07/post.html

Here's a link to the paper:

http://www.symantec.com/enterprise/security_respon se/whitepapers.jsp

42 pages, by Tim Newsham and Jim Hoagland

Yes. Google is good for viruses. I guess it works both ways.

The summary really should have linked to this page which describes the virus in a bit more technical nature. Not "reporter speak".

http://www.symantec.com/enterprise/security_respon se/writeup.jsp?docid=2006-071212-4413-99&tabid=2

Apparently the victim launches the PowerPoint slide show (probably spread via email like every other virus) and it uses PowerPoint to drop the virus and infect the machine. Although the link doesn't say, my guess is that it does this without prompting the user if it's okay to run a macro.

The virus also displays a slide full of Chinese (?) characters. Anyone know what that translates to? "All your slide are belong to us"?

Check out this blog article which goes into detail on this new phishing scheme.

"Porn in the US is a fairly regulated industry. Asserting that a significant amount of it is illegal, without any evidence is empty rhetoric."

The first part of your statement is the key "Porn in the US" http://search.bbc.co.uk/cgi-bin/search/results.pl? scope=all&edition=i&q=Slavery+%2B+pornography
are a list of articles from the BBC on slavery and pornography. Most of which occur outside of the US.

"Perhaps you should be a little more conservative with your metaphors. Your metaphor was dangerously close to some arrogant, aristocratic racism I hear regularly. In any case, I've yet to see a correlation between people who merely visit sites and who become infected with malware and certainly nothing to demonstrate causality."

I grew up in some of the worst neighborhoods of NY and Philly, you don't have to tell me about racism or as they say in Philly Zipcodeism where job apps from certain zipcodes get thrown out unlooked at.
My experience with the malware issue is that of an ISP cleaning machines that are infected with malware. the correlations that I have seen are porn - spambots, gambling - trojans/keyloggers, gamecheat/filesharing - trojans/toolbars.

"Most malware (by infection number) does not spread through Websites at all. Of that which does, a good portion is posted on public forums and on cracked servers of all kinds. I'm looking at the infected host list for an entire class A right now as well as a list of the DNS request history for them. The vast majority has no correlation at all because most infections do not spread from a particular kind of Website. The only correlation I know of is particular sites that trick people into installing some sort of malware, often spyware."

The first thing I would like to know is where your data is coming from and which time period you are using for your data. According to a symantec white paper http://securityresponse.symantec.com/avcenter/refe rence/techniques.of.adware.and.spyware.pdf "Most adware and spyware programs are obtained initially by BROWSING THE WEB or along with some
unrelated ad-supported software. The programs are rarely installed from a conspicuous website, but
rather through social engineering banner ads, drive-by-downloads, and through peer-to-peer networks
with misleading filenames. Some adware and spyware programs are even installed by exploiting software
vulnerabilities." (Caps added) from p8 of the above whitepaper. Trojans, which now make up a vast majority of infected pc's do indeed come from risky surfing.

I have used JMeter a couple of times to detect bottlenecks and synchronization problems with web apps. Very simple to set up and run just using a GUI. Apart from http/https it can appearently call java methods, EJBs etc too, but I haven't tried that. I think this tool is easier to use for stress testing rather than going through a whole use case. Also, when running against a web server of course it just tells you that something is slow, not what.

At Java One I talked to some fellow Swedes who were a bit disappointed with JProbe, they claimed it was a bit of a resource hog and that they had found a better more light weight open source library to use instead. I've looked through my notes, but it seems I didn't write down the name of the one they recommended. Darn.

Symantec had an app that seemed pretty impressive, though I don't know how much they charge for it. I think it was this one. I remember them because unlike most who just had a lottery for prizes, you actually had to run the demo to be able to answer their quiz. Pretty clever, made people remember and gave you a better chance of winning because most people wouldn't bother. I won a PSP. :-)

Also at Java One this year Sun had loads of labs and talks on profiling tools and frameworks that come with the JDK itself these days - JMX (especially in combination with DTrace if you run on Solaris), jconsole, jmap, jhat.

And then of course there is this whole site...

And if GMAIL decides to make RAR files a banned attachment for some reason, you are SOL with your years of free backup and storage.

If you did not open a mail whose subject was "New Graphic Site", you are not infected.

Reference: Symantec advisory at http://securityresponse.symantec.com/avcenter/venc /data/js.yamanner@m.html

from Learn about threat levels.
ThreatCon Level 1
Low : Basic network posture This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.
Threatcon Level 2
Medium : Increased alertness
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.
Threatcon Level 3
High : Known threat
This condition applies when an isolated threat to the computing infrastructure is currently underway or when malicious code reaches a severe risk rating. Under this condition, increased monitoring is necessary, security applications should be updated with new signatures and/or rules as soon as they become available and redeployment and reconfiguration of security systems is recommended. People should be able to maintain this posture for a few weeks at a time, as threats come and go.
Threatcon Level 4
Extreme : Full alert
This condition applies when extreme global network incident activity is in progress. Implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure.

With respect to:
Although the worm is spreading quickly, and no patch has been issued, Symantec is rating the threat a '2.'
According to Symantec, "The worm cannot run on the newest version of Yahoo Mail Beta." so I would use that if you are nervous, then again, you could also not open werid emails from people you don't know.

Hasn't this been around for a while? According to this page, the password has been know for at least a month.

http://securityresponse.symantec.com/avcenter/secu rity/Content/2006.05.25.html

this is the url with the downloads. if you have LiveUpdate working properly it will probably propagate by itself but if you want the patches now they are there.

Patched or not, the information presented here and in the pages linked therein make it clear that -- until all machines are patched -- there is a distinct possibility of an exploit getting through. To that end, I have no doubt some groups have been hot on the issue looking for the hole.

The same page ^^^ implies that symantec released IPS signatures for their products. With that said, do any signatures exist for other IPS/IDS solutions (snort, etc) ? If so, I would very much like to utilize them until any possibility of a threat has passed.

Except that SAV 9 is vulnerable to a buffer overflow attack that forced my company to upgrade to SAV 10.

A quick search of Symantec's knowledge base yeilds this...

http://service1.symantec.com/SUPPORT/ent-security. nsf/14ad416970eb952688256fc700654269/ca4ca66ddf64d c0c882570310079224f?OpenDocument&src=bar_sch_nam

I.e., their corporate version. At least that's what they say:

• http://www.symantec.com/avcenter/security/Content/ 2006.05.25.html

http://www.symantec.com/avcenter/security/Content/ 2006.05.25.html

When I was in school, I worked as 'student support'.
We used to have a program named DeepFreeze installed. We would give students admin rights (because a few computers still ran Windows 98), and it worked great. Each time the computer was booted, it would mirror back to the original setup. If a teacher needed a certain program for his/her class, we would just turn off deep freeze, install it on the computer, and run Ghost to get it mirrored. Faster than installing the cd on each computer.
The biggest problem we ever faced was a student that found a pc in the library, which was turned on 24x7. He installed Kazaa and started downloading via the 100 mbit connection. :-) He even stored it on a network share, and unfortunately accessed that particular account logged on as himself. He had a nice little talk with the principal while we booted the computer.

Poked around a litle more, found F-Secure's bulletin. Says 'rootkit like features.' Symantec has a rundown of what it does: http://www.symantec.com/avcenter/venc/data/backdoo r.ginwui.html The 'rootkit like features' refers to this:

4. Hooks the following APIs to hide itself:

[list of APIs deleted thanks to LAME LAMENESS FILTER]

Can this be done without admin privileges? I don't know enough about Windows to say.

It is at least so far detected by Symantec security software as of today.

They detected it as Trojan.Mdropper.H

Details are here...

http://securityresponse.symantec.com/avcenter/venc /data/trojan.mdropper.h.html

SAM became NAV--Norton Antivirus for Macintosh.

Norton started using neural networks in 1999 in their anti-virus software. Any number of adaptive systems will do the job quite nicely.

While these methods have a proven track record, and I'm sure this will bring improvement to Microsoft's products, but really, everybody else has been using it for a while.

What's next? "Microsoft announced that its upcoming release of the Windows 2012 operating system (formerly known as "Vista"), they have used a devlopment technology called "for-loops"..."

The really successful virusses rely upon users running them rather than them trying to get in through the back-door, which in this age of NAT and Firewalls is increasingly difficult.

I hate to be a killjoy but these "really successful virusses" aren't viruses at all then -- if an attack relies "upon users running them" we call them trojan horses. This makes the whole argument basically meaningless because there is no cure for users.

Anyhow... the "really successful" worms for Windows used exploits that required no user intervention (of course).

http://www.symantec.com/avcenter/venc/data/codered .worm.html
http://www.google.com/search?q=nimda&btnG=Search

By definition viruses (and the subset worms) require no social engineering. A virus exploits the system not the user.

I have no idea.

For completness of discussion, a product that deserves mention is PC Anywhere. It has some additional features not found in TermServ, like X11 compatibility

Their "ultimate" package is really a crock of shiat, and really only called "ultimate" because the of "ultimate" income it brings to Best Buy. First of all, recovery disks should come with a new PC no matter what. It should NEVER be an option. I would never buy a computer without recovery disks.

Secondly, their, "system optimizations," are mainly a bunch of useless commercial tools for removing spyware and adware and basic stuff. You can get much better stuff online for either free or cheaper. I will say that a good antivirus application is something you want, though, so that part of the package is worth something.

Instead of giving more money to Best Buy, I would recommend going online once you get your computer and obtaining the following software packages:

• Download all of the critical and important updates from windows update (this is free).
• Norton Antivirus (ok, this one will cost something, but usually only about $20-$30, though if you work for a non-profit or a school, you can probably get a copy through them. Don't waste your money on Norton Internet Security, Norton Personal Firewall, or Norton SystemWorks.).
• Spybot Search & Destroy (this is free, though the guy that invented it does deserve a donation, and will keep your system generally free of spyware & adware).
• Mozilla Firefox (don't use an insecure browser like IE).

Anybody that can't go to these sites and download a few simple software titles themselves, probably shouldn't be using a computer in the first place,...

Adobe Reader: http://www.adobe.com/products/acrobat/
Sun Microsystems Java: http://www.java.com/en/
Azureus: http://azureus.sourceforge.net/
iTunes: http://www.apple.com/itunes
Winamp: http://www.winamp.com/
AudioScrobbler: http://www.last.fm/
Mozilla Suite: http://www.mozilla.org/
Opera: http://www.opera.com/
GIMP: http://gimp-win.sourceforge.net/
GAIM: http://gaim.sourceforge.net/

I also suggest to get:
B's Recorder gold: http://www.bhacorp.com/products/gold8/index.html
Corel Painter IX: http://www.corel.com/
Powerquest.. sorry Norton Partition Magic: http://www.symantec.com/home_homeoffice/products/s ystem_performance/pm80/index.html

I'd like to write a small descriptions for each software but I have busy now so this is just fast reply. :)

Anybody who bought a brand name system with the 90-day NAV or McAfee trial version, but didn't just go to Best Buy and buy the new box version.

OK, I'm still clueless I guess.

I've bought brand name computer systems from HP, Dell, Sun, and Apple. And _none_ of them came with a 90-day NAV or McAfee trial version. I've bought something like 200 or so of these machines, and, again, none of them came with this stuff.

http://ca.mcafee.com/root/package.asp?pkgid=100
From McAfee, $42.99 (CAD) for the first year, $36.84 for a renewal.
http://www.symantec.com/home_homeoffice/products/v irus_protection/nav2006/index.html
From Symantec, $29.99US for 1 year renewal, $59.99 for 2 years.

It seems like not paying the 59.99 option is the best.

Errr...a subscription to their anti-virus software?

And I need that for what?

You don't have to pay anything as long as you're not a moron and open every email attachment or install every free dialer program promising FR33 pR0N!
It doesn't guarantee you won't get sick any more than health insurance guarantees you won't get sick.

OK, so only morons need to buy the stuff, and even then morons can still get their computers "sick". Hmm.

Then you're completely out of touch with the computer world, and shouldn't be allowed to use one.

Thats twice in one week that I've been told that! Three times, and I'm going to look behind me for a tail! The other time was here.

feigning ignorance of anti-virus software in general, as you really seem to be doing, just makes you look like an incompetent boob.

As far as Windows goes, yes, I'm an incompetent boob. I used to be a Windows developer, but I had another incompetent boob take care of the anti-virus stuff for me. I really haven't had the need personally or professionally to use a Windows machine since 2001.

For your case, though, I should have added an extra adjective: asshole.
Because you certainly seem to be one of those.

Ouch. A funny thing is that when I took a personality class from the psychology department, the teacher asked if there were any personalities that were missing from the book. I raised my hand, and said, "Asshole!". That must of been a self-fulfilling prophesy.

Does an anti-virus subscription get rid of assholes?

Name me one unlazy, smart, or educated person that pays for an anti-virus subscription?

Enlighten me. How much does something like that cost?

How much of my time does it take to run it?

What does it give me?

Is this parallel to health insurance for my computer? So I only have to pay a copay of $25 or so for an in-office visit?

Granted, I'm lazy, but I'm not dumb or uneducated, but I have no concept of an "anti-virus subscription".

My point was that I don't use any computers that need such a thing or to my knowledge, there are even subscription offerings for anti-virus subscriptions.
Currently, I run OS X, Linux, and Solaris, and I have never known anybody that has needed an anti-virus subscription for them.
Am I missing out on the fun?

Now, if those bacteria give off energy as they devour the styrofoam, we already have some sort of algorithm to try to get the bacteria to follow courtesy of Symantec's recent coding contest.

Uhhh, there were two recent Viruses found for OS X: http://www.symantec.com/avcenter/venc/data/osx.lea p.a.html http://www.symantec.com/avcenter/venc/data/osx.inq tana.a.html

Uhhh, there were two recent Viruses found for OS X: http://www.symantec.com/avcenter/venc/data/osx.lea p.a.html http://www.symantec.com/avcenter/venc/data/osx.inq tana.a.html

"It doesn't matter which version of Windows you run (okay, not necessarily with '95, '98 or something even more ancient) you can install the same .exe file and run it."

I disagree. For example, my company uses pcAnywhere. Version 8 will not run on XP. http://service1.symantec.com/SUPPORT/pca.nsf/docid /199877142828 Here is a list from symantec of which versions will run (and in this case NOT run)on different Windows Operating Systems. There are many.

Another one: pfs FirstChoice. Without a lot of tweaking it won't run.

There are more, but I've proven my point.

We have a penalty for blatant ignorance. This results in a two year internet privilege suspension and an additional beating around the ears with an Internet for Total Fucking Dummies book. PLease step away from the keyboard and assume the position!

Symantec Antivirus Center
Computer Associates Virus Information Center"
McAfee Virus Library
Kaspersky Virus Encyclopedia
Panda Software Virus Encyclopedia
Sophos virus analyses
BitDefender Virus Encyclopedia

For those that will argue that these search engines do not behave as the article requested; it is simply a matter of searching for the right symptoms. If you accurately describe the behavior of the virus, all of these search engines give you the answer.

The fact of the matter is that the very best solution is simply to use a commercial antivirus solution. If you are infected with a 0hour virus, simply wait an hour and run the update utility. Such a product will at least see the virus and tell you its name, even if it is unable to clean it. Worst case you have to use a bootable CD-ROM OS to catch/clean it.

Go here https://www-secure.symantec.com/avcenter/home_home office/vinfodb.html and type in "symbos". You'll find that there are already plenty of cell phone viruses.

http://www.symantec.com/avcenter/global/vinfodb.ht ml

This is the one I always have bookmarked. It seems to be the most comprehensive database on the Internet.

Not very long ago, when the Kama Sutra (Nyxem.E, MyWife, whatever) worm was released to the world it seemed to take absolutely forever to find anyone with a solution for the removal or even the detection of the thing.

• Kaspersky (I think) - which seems to use GMT for their times,
  
• Symantec - I don't know what timezone they use.

This is not a virus. It's not self-replicating. Implant this very helpul link's information into your brain, so we can finally understand WTF the difference is between virii/trojans/worms.

Take the advice from one of the 'top' companies in AV protection.

Symantec has removal tools for their software, it's one of the few things that they've managed to do right.

http://service1.symantec.com/SUPPORT/nip.nsf/docid /2001090510510636 for Norton Internet Security 2003 and prior.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf /docid/2005033108162039 for NIS 2004 and later versions.