Symantec's AntiVirus 10 Deployment Woes?

loraksus asks: "We recently deployed Symantec AV Corporate version 10 across on our network and have been having nothing but problems. The new client breaks the MS Office install and causes machines to slow down significantly - some almost to the point of being completely unusable. The client (doscan.exe) also crashes very frequently (daily), and tends to take other things down with it. Symantec's 'workaround' is to drop by every workstation and insert the Office (or Wordperfect, it screws up both applications) CD, remove some office shortcuts and disable some virus scans. Since we manage clients over WAN links hundreds of miles away, this really isn't an option, nor is it an acceptable option given the number of workstations we manage. Are there any other admins dealing with this? Any advice? Solutions?" "It seems that more and more closed source companies are now rushing software out the door that not only has a couple bugs, but glaring errors that would have easily been caught in even the most basic testing. Of course, we in IT usually have no recourse against these companies other than never buying their products, again.

Do you folks have any advice when it comes to dealing vendors who release software that is unusuable and can't provide an acceptable resolution?"

Sure

[dtfinch]

Do you folks have any advice when it comes to dealing vendors who release software that is unusuable and can't provide an acceptable resolution?

Just tarnish their name with a slashdot article.

I personally don't run virus scanners because of the problems they create. We have Symantec Antivirus 8 at work, but we've removed it from our slower systems and opted for more preventative measures.

Virus scanners do like 1000 times the scanning necessary to be _reasonably_ sure that your system is virus-free. While useful when they actually stop something, overall the cure is worse than the disease. A human just has to check the task manager and run msconfig to spot 90% of the malware out there.

Re:Sure

[dtfinch]

There's a simple solution to that. You just change all the server admin passwords, unplug their workstation from the ethernet switch, and when they ask what's going on, tell them to clean their desk.

What I've seen

[MikeDawg]

We just got the new Symantec 10 version. An IT co-worker of mine installed it independent of the control center, and we have noticed major problems with it already too. Outlook works fine, however it completely breaks Thunderbird, and also the terrible performance hit that Windows XP took on his machine. We have the control center installed on a Win 2003 server right now, but the server is completely bare, but there is really no performance hit with nothing else running. We are still testing it though.

Re:What I've seen

[over_exposed]

I just did a rollout on about 400 XP Pro (SP2) machines and only about 2% of them had that Office issue. All it took was pointing that dialogue box to our network installation source and viola! No more problems. It's actually gone surprisingly smooth given the very random assortment of hardware we have.

We have remote offices too and we VNC or RDC over the WAN. It's slowish, but I think having the Office installation on a network share would alleviate many of the submitters woes. It's helped us big time...

The name should have been your first clue

[MarkusQ]

The client (doscan.exe) also crashes very frequently (daily), and tends to take other things down with it.

That would probably be the reason they named it that.

You can't even say they didn't warn you.

--MarkusQ

P.S. If the next update contains a program called something like "fuscan.exe," "bsodscan.exe," or "solscan.exe" I'd advise against running it.

Re:pain

[G-Licious!]

Even though I'm really all for the projects you mentioned, if I had any modpoints left, I'd mod you down.

He's managing systems across a WAN, it should be obvious that that's even less a solution than Synaptic suggested.

I do like to get one point across, though: all those virus scanners, malware removers, and lots of other Windows 'toys' have all this unnecessary cruft around them. They all have a different look and feel, or even a theming system people really don't care about when they use them. There's only a handful of applications I'd apply a theming system too; I even consider Winamp a questionable case.

This just seems like waste, the money invested in the programming and design for such an interface could probably have been spend on reaching the goals the application was actually made for, or fixing stupid bugs. You can have a friendly interface using Windows' native look. If the user wants eyecandy, get him to use WindowBlinds or something.

I hope I don't get to see any of this on my favourite OS anytime soon..

No incentive to make decent AV-ware

[mabu]

The legacy that Microsoft created, of bundling free software with other core products has scared away many good software developers from wanting to compete in this and other arenas. So just a few who have managed to stay alive because they got started early (Symantec and McAffee) are still around, but there's really not much incentive for them to make their products solid -- I suspect most of these companies are outsourcing programming to India anyway, and their products are so compartmentalized for the purpose of managing big, cheap programming teams, this results in crappy software.

Symantec relies on a mafia-subscription-type structure, and software so complicated and bad, that un-installing it in many cases isn't an option unless you want to have to re-format your hard drive. That's their business model. It's not based around producing a really excellent product.

This is one of those scenarios where the "competition" has become so lazy, it's almost desirable for Microsoft to put the final nail in the coffin and put them out of business. Their products couldn't be any worse than Microsoft's versions, and at least we'd probably have better work-arounds with bugs.

Testing

[RabidMonkey]

As much as everyone hates testing, this is one thing that should have been caught in QA before the patch/update was released. Come on - you just dropped a major version into how many machines? You mean you didn't catch something like frequent crashes and office breaking in your QA Cycle? In your pilot?

As much as I hate doing QA and Pilots, they work. For little stuff, screw change management and just change it. But for something like a major release or update, you need to do some testing before you dump the code out to users.

It just makes sense in a CYA way, and makes the weekends yours again.

SAV CE 10 is pretty bad

[k00laid]

We got into the testing phase of deployment and it didn't make it past there, instead we've gone back to 9.0.3. A couple things of note from our experience though:

1. Doscan.exe isn't the primary client application, rather it is the startup scanner app. It is also the proverbial root of all evil. When Doscan is allowed to run, it kicks off a memory leak in Rtvscan.exe (the real client) and we saw memory usage hit the 75-100 MB range, causing the sluggish performance.
   
   
2. The fix that Symantec is going with now is to keep the startup scan from running through a registry change, either before or after installation (KB article here). I tried this and it did help, but not enough to make it worth it , since I still saw a 30 MB+ memory hit.
   
   
3. As far as I know anything between 9.0.1 and 10.0 is not readily available or even offered unless you call Symantec Licensing Support and ask for it. The very latest version of 9 is the 9.0.3 we have and it seems pretty good.