Symantec AntiVirus Hole Found

Hotwater Mountain writes "eWeek has a story about a gaping security flaw in the latest versions of Symantec's anti-virus software suite that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine 'without any user action.'"

That saves time!

[bunbuntheminilop]

Symantic will only have to make viruses for its own programs!

(ouch, that was a little harsh)

Re:That saves time!

[jon1nim]

and this surprises who? I guess only the people who use this cr@p software!

Re:That saves time!

[bunbuntheminilop]

seems our opinions are a little unpopular.

Re:That saves time!

Yep, say something utterly stupid about Symantec and you're a jerk and a troll. But do the exact same about MS you're +1.0E+100 Insightful Funny Coolest Guy Evar. So you see, you only made two mistakes:

1. Failed to understand the masses of drooling idiots and full-blown wackos that make up the vast majority here
2. Simply posted in the wrong discussion

Know thy peers, for they are as predictable and easily played as they are moronic and irrational.

Re:That saves time!

[jon1nim]

I sure hope option 3 is PHONE A FRIEND because Mcafee and Norton could suck money out of an Enron Execs. hand!

Re:That saves time!

[thc69]

Pardon my grammar naziesque intrusion, but...sometimes funky grammar is merely a minor annoyance, and other times, it has quite an effect on readability.

For example, when I read "could suck money out of an Enron Execs. hand!", I thought you meant that they could suck money out of Enron executives, and just had a gratuitous "an" shoved in there (or accidentally pluralized "Exec"); and I couldn't understand the seemingly misplaced exclamation "hand!" So, I read it as follows:

"...could suck money out of an Enron executive.

Hand!"

This thoroughly confused me. It took me way too long to determine that you were attempting to properly abbreviate the word "executive" while also making it posessive. While probably not more gramatically correct, a clearer way to write it would be:

"...could suck money out of an Enron exec's hand!"

Now, if I thought it took a long time to figure out what you meant, imagine how much time I've wasted writing this!

ObSymantec: I try to discourage people from using Symantec products. In my ~14 years experience with their stuff, I've found that their antivirus is expensive, slows the computer down way too much, and is no more effective than any other; and I've also found that their other utilities tend to be mostly snake oil. It wasn't always that way -- DOS and even Windows 3.1 versions of Norton Utilities were actually useful _and_ unique. Since the program that gazillions of folks use to secure their machine is opening holes, maybe it's time for everybody to move on.

Oh yeah, and...

Hand!

Re:That saves time!

[scovetta]

Not to mention Norton Commander, probably the greatest piece of software ever created.

(and, of course, Midnight Commander if you want something that's been updated in the past 15 years)

Re:That saves time!

[pwnawannab]

How about skipping it ;) Seems like you have quite alot of time on your "hand"

Re:That saves time!

[Tsen+Wrath]

I think the reason a lot of people still insist on NAV is because they have fond memories of it actaully working compared to macfee and MSAV back in the day.

Re:That saves time!

[Jerf]

Adding to your confusion, "HAND" is an ancient Usenet acronym for "Have A Nice Day!", which usually shows up in the full acronym phrase "YHBT. YHL. HAND!", which is of course "You Have Been Trolled. You Have Lost. Have A Nice Day!"

"hand!" really looks like someone just lowercased the acronym.

Re:That saves time!

[whmac33]

that should be... time on your. Hand!

Re:That saves time!

[tehcyder]

say something utterly stupid about Symantec and you're a jerk and a troll

I think you're a bit behind the times, Symantec are Bad Guys too on slashdot.

Even if you have only ever used Linux or Apple, the officially approved response to the mention of the name Symantec is a vitriolic comment on how bloated, resource-intensive and generally sucky Norton Anti-Virus and all their other products are.

A tinfoil-hatted rant about how they probably wrote all the world's computer viruses themselves to make people buy their product is optional, but gains points for style.

Re:That saves time!

A tinfoil-hatted rant about how they probably wrote all the world's computer viruses themselves to make people buy their product is optional, but gains points for style.

I beg to differ. Anytime I've seen someone try to validate the claim beyond just paranoid conspiracy theories they get modderated as a Troll.

(Yes, sometimes they even link to pretty compelling information that some might take for evidence.)

Posting A/C because the topic seems to cost me Karma way too often.

Re:That saves time!

[Bill+Dog]

Yes, you gotta learn the officially approved responses, including which delusionary ideas are allowed (many are, but a few are prohibited). Then you can rack up the karma.

Bonus points for slipping in, esp. in IE topics, that you're typing it on Firefox.

Re:That saves time!

Aw, look, another wannabe's parents bought him a 'puter and he's discovered Slashdot - how cute!

Details?

[SomeGuyFromCA]

Is it server-side or client-side? Is it push or pull?

If it affects the install on the clients, but needs to get access to them, I wave my paw and say "bah."

If, on the other hand, it can attack the server...

Well, then again, everything should be behind a firewall anyway, with only needed ports forwarded.

I mean that's just common sense...

Re:Details?

[neil.orourke]

http://www.smh.com.au/ had a writeup about this which said that Norton Internet Security guarded against this flaw in Norton AntiVirus. Go figure on the implications of that.

Re:Details?

[cp.tar]

OK, let me try:

• First they sell you an antivirus to protect you against viruses and other malicious code.
• Then they sell you a security package which will protect you against malicious code which the antivirus cannot detect. Or which attacks the antivirus itself.
• Soon they'll sell you an additional package which will make sure nothing gets past the security package.
• And another one to keep all those in check.
• Therefore, soon enough no code will be able to execute because all the CPU cycles will be reserved for Symantec security.

Perfect security - and the Quis custodet ipsos custodes? problem solved. Rather neat...

Re:Details?

[mapkinase]

Now I have to convince my laptop that not to be able to use half of the apps without annoying IS popups is better that having the security hole... Luckily, all it can say is multiple choice question: "How long do you wish to have Norton Internet Security turned off?" And the answer always is: "Until system restarts, honey".

Re:Details?

[Jesus_666]

Norton Antivirus offers perfect security. Just leave it installed on a home user PC for long enough. Sooner or later the system will shut down in an unclean fashion, which NAV will take as a reason to hang at startup, taking the NIC with it.

Bang - no NIC, no malicious traffic from the internet.

Re:Details?

[sumdumass]

Firewall?

Just wait until some PHB or road warior brings thier laptop in and it is infected. Or my favorite, Someone (law clerk) was bringing in Files that her computer at home wouldn't open corectly to see if the work computers could open them because they seem to do more. I guess the idea was to make sure they weren't needed before they got deleted.

And what of the firewall is a nortan product? or spread VIA email too. Ohh well

Re:Details?

[Fred_A]

Therefore, soon enough no code will be able to execute because all the CPU cycles will be reserved for Symantec security.

I thought everybody agreed that this was the purpose of dual core CPUs for Windows machines. One to run the bundled Norton crud, one to run the apps.

Of course some people follow the advice of their more enlightened friends/neighbours/family and switch to other products or other systems.

(note: this does not apply to corporate networks unless they are handled by idiots. Um. Doesn't apply to *all* corporate networks.)

Re:Details?

From all the installations I've had to fix, I believe that by "Norton Internet Security" what they really mean is that "it protects the internet from YOU".

Re:Details?

[chrish]

But with dual-core CPUs becoming more popular, it'll only take up 100% of one CPU, leaving you a whole other CPU for running XP and your apps! Win-win!

Re:Details?

[brix_zx2]

I thought everybody agreed that this was the purpose of dual core CPUs for Windows machines. One to run the bundled Norton crud, one to run the apps.

Unfortunately this is only half right. With the release of Windows Vista it'll be one processor for the OS and one for Norton.

Trio Core CPU next??

Re:Details?

[BiggyP]

"I thought everybody agreed that this was the purpose of dual core CPUs for Windows machines. One to run the bundled Norton crud, one to run the apps."

That hadn't occured to me, it could certainly make a big difference cutting down the effect of the overhead from norton antivirus and firewall software, not to mention the worms it feels like letting in to join the party.

"Of course some people follow the advice of their more enlightened friends/neighbours/family and switch to other products or other systems."

most can't manage it without help though, norton/symantec AV and the various internet security packages, and mcafee to a lesser extent, are pretty insidious and can sometimes be a real pain to remove, most likely a deliberate attempt by the software publishers to stop users from switching to a free version when their demo expirese a few months after purchasing the new PC it came with. At this point an average user will invariably glance at their windows security center with a look of fear and simply pay to extend the subscription.

Re:Details?

So, in conclusion, Microsoft intentionally adds OS vulnerablilities becuase Symantec is really a secret subsidiary of Microsoft.

Re:Details?

Dang, seen in that light this is the most useful piece of commercial software around!

Re:Details?

[iminplaya]

They should call it "Norton Network Security", since it seems to block most local traffic also. My big question is whether I should wait until the subscription expires before unistalling it, or rip it out now to save on future headaches.

Re:Details?

[drinkypoo]

Laptops should be on a separate network segment from desktops. All laptops should have a firewall turned on - preferably the one that comes with the OS. They don't need to accept incoming connections anyway, laptops are typically handled as clients and not peers. (Soon work will be buying me a core duo-based desktop replacement, so this of course isn't universal.) Really though, all machines should be firewalled, allowing only connections they actually need; in the typical organization this might look something like netbios (137-139, some tcp, some udp, IIRC) and terminal services (is that 3389, or the 14xx port? one of those is ms sql) and that's probably it. Terminal services is key for remote admin, for those systems which support it - like XP Pro.

Re:Details?

[TheDreadSlashdotterD]

Didn't they already annouce the quad core in anticipation?

Re:Details?

"norton/symantec AV and the various internet security packages, and mcafee to a lesser extent, are pretty insidious and can sometimes be a real pain to remove"

Not in my experience. You just grab an install CD from Ubuntu/RedHat/Debian/SuSE/YouNameIt... and "the various internet security packages" wheep away quite nicely.

Oh! and the next few years you will be glanzing about all those "millions of users at risk"

Today is Symantec, but...
Symantec on Windows failure, millions of users at risk
IExplorer on Windows failure, millions of users at risk
Outlook on Windows failure, millions of users at risk
Sony on Windows backdoor, millions of users at risk
Word on Windows failure, millions of users at risk
uPNP on Windows failure, millions of users at risk... ...See a trend?
(Hint: mi...soft)

Re:Details?

[bhiestand]

But with dual-core CPUs becoming more popular, it'll only take up 100% of one CPU, leaving you a whole other CPU for running XP and your apps! Win-win!

I think you meant to say "a whole other core for running Vista." You will, of course, need a third or fourth core for running your actual applications.

In all fairness, I wish I had office 07 when I was going through school. It's pretty damned good (even though it takes about 80MB of RAM and runs slow on my P4M laptop)...

Re:Details?

From all the installations I've had to fix, I believe that by "Norton Internet Security" what they really mean is that "it protects the internet from YOU".

You're from Russia, aren't you?

It's hard to imagine....

[HotNeedleOfInquiry]

How a company could fsk itself more or harder. First the totally bogas licensing restriction of Ghost, the last good product they made, and now this. Sad.

Re:It's hard to imagine....

Symantec hasn't actually ever made a good product. They BUY good products and then drive them into the ground. Ghost was just the last of the Norton suite of products that they got arround to breaking.

Actually as far as I can tell Symantec hasn't actually ever made a product at all. I'm sure they must have once, how else did they ever get the money to buy Norton in the first place (venture capital I guess), but every Symantec product I can think of was originally aquired from someone else.

I'd find it very hard to imagine a company that has done nothing but destroy every piece of intelectual property it aquires and continues to make money. Unfortunately I've seen it...

Re:It's hard to imagine....

[wibwib]

What's worse is they bought Ghost of a Kiwi. Antivirus companies blow

Re:It's hard to imagine....

[Simon+Garlick]

That was the old "classic" Ghost. The new one is just a rebadged Powerquest DriveImage.

Re:It's hard to imagine....

Wow, I can't believe some slashbot modded this flamebait. Normally Symantec is somewhere between RealMedia and Computer Associates on the "Software Companies Every Nerd Hates" index.

Re:It's hard to imagine....

[bm5k]

I'd find it very hard to imagine a company that has done nothing but destroy every piece of intelectual property it aquires and continues to make money.

Why? AOL's been doing it for YEARS. Remember ICQ? Winamp? Need I say more?

Re:It's hard to imagine....

[b0wl0fud0n]

They also bought out Sygate Personal Firewall. Fortunately you can still get the old version here.

Re:It's hard to imagine....

You have not heard of Creative Technology.

Fortunately, they've been losing a war of attrition against apple and its ipod :)

Re:It's hard to imagine....

Well AOL seems to drive decent products in the ground better, look at Netscape! Ghost I think is actually just getting good; you can finally easily make a boot CD! Now if you could only make a multi-card boot CD! The company that originally made Ghost is http://www.binaryresearch.net/ a company from Wisconsin! They make some pretty great supplements for ghost now, the UIU is the best!!

Re:It's hard to imagine....

[Himring]

I'd find it very hard to imagine a company that has done nothing but destroy every piece of intelectual property it aquires and continues to make money.

computer associates....

Re:It's hard to imagine....

[adam.dorsey]

I'd find it very hard to imagine a company that has done nothing but destroy every piece of intelectual property it aquires and continues to make money. Unfortunately I've seen it...

...so have I.

So have many other people.

Re:It's hard to imagine....

I was going to mention CA. It's where all good software goes to die.

Re:It's hard to imagine....

[krewemaynard]

netscape?

Re:It's hard to imagine....

[lgw]

The current Ghost actually seems to be the same old Ghost, but booting from WinPE instead of DOS. This of course made drivers harder to come by for a while, but since just about every RAID controller and NIC in the world had a DOS driver just to support Ghost, driver availability under WinPE should ramp up. At least I hope so; I don't know what I'd do without Ghost.

Symantec also makes a Ghost-like product that you can run without shutting the system down (LSR something). I haven't used that one, as it doesn't seem to fit either for what I use Ghost for (simple system deployment) or as a backup product. LSR isn't a replacement for Ghost, in any case, though it's existance may be confusing.

Re:It's hard to imagine....

[jafac]

Well, in American Capitalism, there's actually a way to make MORE money than the traditional way (invent a better mousetrap), and that way is to STOP other people from making better mousetraps, by buying their companies and driving their products into the ground.

I used to work for one of the companies Symantec bought. I'm happy to say that this company is now getting to experience what they previously made many other companies experience. They bought other companies to pull their products off the market. And now they've been bought by Symantec, and their products are systematically being pulled off the market or marginalized.

Artificial scarcity adds value. It's sick. It's twisted. It's evil. In the information age, when production costs approach zero because the product can be infinitely reproduced with perfect fidelity, it's the only business model these numbnuts seem to be able to follow.

Re:It's hard to imagine....

[Aram+Fingal]

Way back, Symantec was a development tools company. That's where the name came from. I only used their Think Pascal product for a short time as a student but I understand that it was really good in it's day. As I remember, the editor and debugger were much better than the competition to the point that, even long after the product was discontinued, a lot of programmers developed code in Think Pascal and then compiled it in Code Warrior (to get fat binaries).

Re:It's hard to imagine....

No, Think Pascal and the others in the product line were a purchase as well. It was Lightspeed Pascal before the buyout. The compiler product line was not the original reason for the Symantec name. The original product line of Symantec was expert systems.

Re:It's hard to imagine....

[sfgoth]

They bought Think Pascal from someone else too.

Re:It's hard to imagine....

[frrrp]

> Ghost was just the last of the Norton suite
> of products that they got arround to breaking.

Wrong. Ghost was from Binary Research, a New Zealand company

> Actually as far as I can tell Symantec hasn't
> actually ever made a product at all.

They actually have - Norton 2000. It saved the planet from the Y2K apocalypse. Be grateful. Grovel in awe. Kiss their sneakers.

> I'd find it very hard to imagine a company
> that has done nothing but destroy every piece
> of intelectual property it aquires

Its called "Symantecization".

> and continues to make money. Unfortunately I've seen it...

Their shares are in the toilet. Veritas was too big a bite to swallow.

No wai-

[RenHoek]

Protect your computer! Remove your virus scanner! .. hang on.. :) Very sloppy.. It's like the firebrigade trying to save your house with flamethrowers.

Re:No wai-

[B3ryllium]

Well, they do say that you should fight fire with fire ...

Re:No wai-

[Lord+Kano]

It's like the firebrigade trying to save your house with flamethrowers.

Or it's like politicians destroying the rights of the citizenry to protect them from terrorists.

LK

Re:No wai-

[Nanpa]

A better analogy would be to dam a river with swiss cheese

Re:No wai-

No, I think the flame throwers was better.

Re:No wai-

[Nefarious+Wheel]

Dunno, I find that the cold proc of Blade of Walnan works better for fire elementals in Nadox than Fist of Ixiblat, which is a fire proc.

Oh, wait...

Re:No wai-

[HotNeedleOfInquiry]

We had to 0wn the machine in order to secure it.

Re:No wai-

[ThePengwin]

Oh no the flamethrowers arent working!!

Use the ethanol!!!

well i have dreaded the day when an antivirus program could do more damage than good.. it shows that human error can occur anywhere. on a kind of off note.. how many viruses dont work properly?? i would like to see some figures of that :)

Re:No wai-

[Zane+Hopkins]

Some firebrigades do use flamethrowers.

Re:No wai-

[Jesus_666]

Fighting fire with fire. Phh. Did that work in Kuwait? No, sir. Real firefighters use explosives to extinguish the fire, which is why our local fire department has completely switched over to C4. It saves a lot of water, too.

As for NAV... Maybe you could use a special NIC that detects malicious traffic and self-destructs rather than passing the packet to the rest of the system.

Re:No wai-

[Alef]

Actually, I have never (unintentionally) gotten any of my PCs infected with a computer virus, but thrice I have had the system severely broken by the virus scanner (each time a different brand). I have started to think it is a greater risk to have a virus scanner installed than not to have one, at least for me...

Re:No wai-

[moro_666]

It's like the firebrigade trying to save your house with flamethrowers.

If you have flamethrowers big enough, this will work, since they use up all the oxygen and the fire in the house will go out. If you have observed some Steven Segal movies, you've seen the same trick on the oil drilling stuff, that's the easiest way to put something out, remove the oxygen.

I suppose you should use something that burns at really low temperatures in that flamethrower, otherwise when the natural oxygen from the environment returns, it will lit up again due to the high temperature. Otherwise, the idea works and works rather well. On paper and in theory.

However for removing the virus scanner, if you bundle this with installing an unix or linux instead of win, the effect will be better.

Re:No wai-

That reminds me of an old The Onion headline (I think):

Scientists discover fighting fire with fire only works for metaphorical fires.

Re:No wai-

Squirtle was always a good one to use against fire types.

Re:No wai-

The truth is that fighting fire with fire *does* work.

It's only the fire has to be big enough.

You know, on a forest fire how are firewalls made? Opening a clear in the hood with, yes, more fire.

Re:No wai-

[Nefarious+Wheel]

Actually, I heard they put out most of the oil well fires in Kuwait with a jet engine mounted on a tank chassis, with fire hoses blowing into the jet exhaust.

Amazing what you can do under pressure...

Good news, everyone!

[christopherfinke]

"This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine."

Well that's a relief. Who would ever want to use the Windows shell? I'd call that security through, uh, suckurity.

Re:Good news, everyone!

[gbobeck]

I'd call that security through, uh, suckurity.

Toss in the complete inability to hack that most script kiddies have... and now you also have security through stupidity.

I always loved watching my snort logs when some kiddie attempted to 0wn my FreeBSD server running Zope/Plone + Apache by tossing every IIS 5 attack they have a script for.

Re:Good news, everyone!

[Frightening]

Hi! I'm a script kiddie, could you provide me with your IP please? I promise it will be very entertaining. For both of us.

Wait, that sounded all wrong.

Also, snort is for women. Real men read httpd logs. /*Turns off computer, hides under bed.

Re:Good news, everyone!

[gbobeck]

Sure... my IP address is 216.250.128.12 , although you may have more fun going after my gateway router at 224.0.0.1

Real men read httpd logs.

No, real men read the raw packet data in binary as it streams by on their 1000BaseT connection.

Re:Good news, everyone!

[iminplaya]

Once exploited, you get a command shell that gives you complete access to the machine.

Cool. So now I can change the region code one more time.

Re:Good news, everyone!

Niiiice gateway... ;-) That would be fun indeed!

what a joke they are

[deglr6328]

Why does anyone even use thier products at all anymore? Three little letters: A V G. after removing symantec's bloatcrap and installing AVG free its practically equivalent to gaining ~.5 GHz.

Re:what a joke they are

[jofi]

No kidding.

I installed the 2006 trial on a clean test pc, it took an hour to install, and the PC is by no means slow. After rebooting when told, ccApp.exe and CfgWiz.exe were using the CPU 50/50 and continued to do so with nothing showing up. So the install technically never finished. Same thing with 2005, and 2005 SE from the Google pack.

Re:what a joke they are

People use Norton Antivirus for it's virus detections. People use AVG because it's free. When it comes to detecting viruses, AVG doesn't compare to Norton.

Re:what a joke they are

[Macthorpe]

That's the funniest thing I've seen all day.

When I switched from Norton to AVG because I was a penniless student, AVG found 3 viruses that Norton completely missed. When my father used Norton for his business he lost 2 days of chargeable business to a virus (SirCam) that was widely known about for weeks but wasn't detected by Norton because it hid in the Recycle Bin.

People use Norton because it's called Norton. It's bloated and it's useless.

Re:what a joke they are

[Mistshadow2k4]

Pure, unadulterated BS. I've used both and Nortons absolutely sucks compared to AVG. With Norton's my computer got so badly infected that I had to reinstall the OS two different times. Installed AVG and never had that problem again. Did I download anything that had the virus in it? No! Both times the viruses downlaoded themselves straight into my computer from the internet -- which means Norton's firewall didn't do anything to stop them. On top of this, one time I uninstalled it in order to reinstall it and I couldn't boot Windows afterward.

Nevertheless, I think Avast! is the best antivirus, but I've heard a great deal of good aobut NOD32 and Kaspersky's. Any of them beat Norton's. Hell, as bad as Norton's can screw up your computer no antivirus is sometimes better. I don't know how many times I had to reinstall it because it started screwing up or just didn't install right in the first place. All of that applies equally to McAffee too.

I don't know what the deal is here with you and whoever is modding anything critical of Symantec as "flamebait" and your BS as insightful, but you can't quit with the outright lying. You've both made yourselves as transparent as freshly-cleaned glass. Normally, I'd think someone who made such an accusation was paranoid, but that's how blindlingly obvious you guys have been. And the thread is still young. Too bad the people running this site aren't involved enough to care anymore.

Re:what a joke they are

[HaydnH]

Cool, I can turn my PII 300 into a 800mhz?? Why wasn't I told about this before?!?

Re:what a joke they are

[EvilMonkeySlayer]

I call bs on that.
Give us proof.

Re:what a joke they are

Actually SAV turns a P4 3GHz into something that feels like a PII 300. (I have the unpleasant job of persuading SAV not to cripple our network and/or servers whilst actually preventing infections from dodgy discs and pen drives brought in by users)

Re:what a joke they are

[slugstone]

I like AVG better then any of the other virus scanner junk. Oh I never have seen it catch a virus before. Maybe I should reformat my PC to make sure it is clean. :-)

Re:what a joke they are

[Himring]

Well, in our case we tried hard to replace symantec's enterprise av, but nothing could fit our network as well. The main selling point is that the SAV console works for us. We have 100s of sites across the country on every imaginable type of connection, and each and every other AV "enterprise" suite fell on its face -- except Symantec's. We really, REALLY, wanted trendmicro's officescan product to work. It is, by far (IMO), one of the best admin-centric AV tools out there, but it, too, could not handle our disparate network.

There's more to AV than your home computer. Managing 1000s of machines across the country takes more than the tinyest AV program you can stick on one computer. Our needs are first and foremost having an AV install on each system, with good virus defs, and that we can actually manage remotely. SAV is still the best for that in our opinion....

Re:what a joke they are

[Groucho]

I've used Nod32 for years - it uses hardly any system resources and has a stellar record of detecting viruses according to the Virus Bulletin's 100% awards.

Recently though it didn't detect a couple of p2p trojans on clients' machines and a demo of Kaspersky did. I'm considering switching to Kaspersky when my Nod32 license expires.

Re:what a joke they are

[dave562]

There's more to AV than your home computer. Managing 1000s of machines across the country takes more than the tinyest AV program you can stick on one computer. Our needs are first and foremost having an AV install on each system, with good virus defs, and that we can actually manage remotely. SAV is still the best for that in our opinion....

And that's a pretty sad state of affairs when more often than not, an upgrade to the newest version requires a complete uninstall of the old version because the upgrade functionality simply doesn't work. And then the uninstall falls flat on it's face and that requires running CleanWipe.

I've been using Symantec / Norton "corporate / enterprise" AV since 7.6 and the program blows. It takes more time to maintain than is reasonable. The upgrades are a complete PITA. But for the most part, it seems to get the job done. I was at a client yesterday, and the lady is the cheapest person in the entire world. She is still running Norton 7.6 Corporate edition to protect her 10 PCs. Much to my surprise, they haven't been infected.

Regarding the most recent exploit, I figure it has something to do with port 137/139 (NetBIOS) exploits. Those ports need to be opened on the client machines so that the central server can administer them. I don't know anyone these days who is letting those ports through the perimeter firewall, so for 99% of the world, the exploit won't big that big of a problem (assuming that it truly is related to an RPC vulnerability). And for what it's worth, most of the time those ports are opened via an explicitly defined group policy that limits connections to those ports to the IP address of the central AV server.

Re:what a joke they are

[Himring]

You are entirely correct about upgrades not working at all. We had a massive project, took a half dozen people off and on, writing scripts to uninstall all sorts of versions of norton and symantec retail so that we could install SAVCE 8.x. However, the upgrade from 8.x to 9.x seemed to work ok from what I recall.

The thing is most other enterprise AV packages require the local, parent-server, to have a web server installed (Trend) or some other thing that we simply were not going to do on our ancient remote servers. SAV will nicely install a parent-server piece from our corporate office and then install down from there to the clients no problem. Once it all gets working -- barring the deplorable upgrade issues your mentioned -- it works fine.

So people have discovered Nortons DRM Rootkit?

[oztiks]

They are just calling it an exploit just so they dont get into trouble ;)

Symantec Corporation

[Alien+Being]

With friends like us, who needs enemies?

stating the obvious

All your SAV are belong to us?

Who has heard that conspiracy theory

[Sentri]

That the Antivirus people are the ones putting the virus's out there to keep their businesses running

*grabs tinfoil hat*

Re:Who has heard that conspiracy theory

LOL, they don't need to. And if they did, chances are they'd just move on to something else.

Re:Who has heard that conspiracy theory

[wraithgar]

That the Antivirus people are the ones putting the virus's out there to keep their businesses running

I remember saying that quite awhile ago, or at least something vaguely along those lines.

Re:Who has heard that conspiracy theory

[Half+a+dent]

Who HASN'T heard that conspiracy theory? No really I'm interested, I might even get a grant for a study.

Re:Who has heard that conspiracy theory

[Limburgher]

The virus's WHAT?

Re:Who has heard that conspiracy theory

[pcmills]

I guess that is why most of the viruses out there are poorly written.

Throw me a friggin bone!

[BarryLoper]

OK that leaves about every question unanswered.

At least give us a little bit on how this vulnerability could be exploited other than: This flaw does not require any end user interaction

• Do I have to browse to a malicious website?
• Do I have to download an infected file for it to scan?
• Does it somehow come in on Live Update?
• What if I have a firewall?

Throw me a friggin bone here! I'm the user... Need the info...

I suppose the important part is they got the scoop!

Re:Throw me a friggin bone!

[skiflyer]

I didn't read this link, but I read it on CNN, and to answer your first two questions no... they very specifically said the real concern here is that a user can be attacked without doing anything.

As far as #3, the hows were unaddressed.

#4, it seems that at least several firewall packages block it just fine... but there was no discussion as to whether or not it was something special about the packages mentioned, or if it's just blocking some specific port that makes you safe.

Re:Throw me a friggin bone!

[LordFolken]

The advisory is rather bleak at the moment, so following is pure speculation:

Past exploits in software firewalls where issues in the packet inspection engine. The engine packs itself infront of the tcpip stack of windows and inspects _every_ packet that goes in or out, regardless of wheter it connects to some port or not. This is done in order to log the packet and to reassure the user with annoying popups that his investment was worth his money.

Back to antivirus: This thing also scans email. It does this by scanning the traffic on pop3 and imap ports. My suspicion is that it does this regardless of the connection state. E.g. if you send packets from port 110 to the target machine it probably inspects them, even if the target machine isn't currently downloading any email. Again: this is speculation on my part.

To answer the parent's questions:

If the above is the case:

- Do I have to browse to a malicious website?
Probably not.

- Do I have to download an infected file for it to scan?
It's possible that the worm also works when an email is scanned. So if you recieve an email that has such a virus attached your machine would be also infected even if you'd use a hardware firewall.

- Does it somehow come in on Live Update?
Unlikley. You'd have to do a man in the middle attack for that. E.g. capture the users dns traffic or route his traffic through the mitm. Both rather unlikley in an Internet scenario unless you have a _really_ lousy provider.

- What if I have a firewall?
In a connection-state tracking software firewall it would matter in what comes first: the antivirus or the firewall. A hardware firewall would protect you better as it comes first in any case, but it wouldn't protect you from an exploit that travels from your e-mail account to your machine.

IMO symantec products all suffer from bloat:
  - Way too many features, no average user can comprehend. (and i have a suspicion that the devlopers don't either.)
  - The install base from the complete package is probably above 100MB. I think a firewall and
antivirus should be doable in a fraction of that. (excluding signature files)
  - They slow the systems they are installed to to a crawl.
  - I get 5+ support calls a day that deal with broken symantec products. (e-mail and internet related.)

Please use FreeAVG, AntiVir or learn how to use ClamAV!

Better yet: install FOSS software like i have done years ago, and get rid of _all_ these problems in an instant.

It depends

[smvp6459]

I'm not a Symantec fanboy but Symantec Antivirus (SAV) - the enterprise version - is pretty lean. As for Norton Antivirus or whatever they call it now...I couldn't agree more with your estimation of its bloatedness.

Re:It depends

[Amouth]

yea the corprate editions of norton rock.. none of the flashy bloated crap.. jsut install and forget.. talks to the managed server and does it's job.. with less overhead than i have ever seen any other virus scan for windows.

Re:It depends

[MillionthMonkey]

I work at a big stupid company that has a site license for Rational Clearcase, a totally retarded product we are forced to use by upper management. Fortunately, SAV 10 is incompatible with the Clearcase Windows client- it diagnoses it as malware and attempts to remove the "infection". So we cannot upgrade from SAV 9. When they were doing the automated rollouts a few days ago, we had to send our machine names to the CC administrator to prevent the upgrade process from installing SAV 10 on our machines.

So now we don't have to worry about this security hole, which means we can finally say that something good came out of using Rational Clearcase.

Re:It depends

[homer_ca]

Symantec Antivirus Corporate Edition is okay, but try loading the firewall too (the bundle is called Symantec Client Security). All the processes use over 100MB of RAM. The interface is clean, but the bloat is still there.

Re:It depends

[tomstdenis]

No, take that back. Clearcase is the bane of all existence. Slowest POS ever...

Sure virtual file systems "views" sounds great on paper, the reality of it, specially over the 100Mbit at my work, is it's slow as fuck. You can take any 2 hour build and turn it into a 4, 6, 8 and I've even seen 10 hours on a dedicated box [e.g. only sharing the network not the CPU].

Give me CVS any day :-) At least when I check out 10GB of source [once] I can build it locally as much as I fucking want!

Tom

Re:It depends

I'm with SAV on this one: ClearCase is malware that should be removed. Actually, base ClearCase is quite powerful but UCM+ClearCase is totally retarded. Speaking of retarded, did your managers clobber you with the whole ir-Rational suite of RUP, UCM, ClearCase, ClearQuest, RequisitePro, XDE, RSM? They are all crap. 30-40% of project time is wasted on this crap. Following RUP, to put 120 lines of SQL into production required 32 "work products" - the new RUP term for artifacts (can't we just call them documents?) - and took 3 people 5 months. Crap, crap, crap.

Re:It depends

[mungtor]

You can do that creating Snapshot views in ClearCase.

One shop that I worked at ran ClearCase on Solaris and Linux (RH 7.3) and it was fine. No noticable difference between ClearCase and any other build over an NFS mount.

Running it on Windows was miserable. It didn't matter what the back end was (NFS or CIFS) it just sucked.

Re:It depends

[Low2000]

A quick search of Symantec's knowledge base yeilds this...

http://service1.symantec.com/SUPPORT/ent-security. nsf/14ad416970eb952688256fc700654269/ca4ca66ddf64d c0c882570310079224f?OpenDocument&src=bar_sch_nam

Re:It depends

The true solution is to use an actual firewall, not some software. Unfortunately those are hard to come by for non-believers.

Re:It depends

Yep, it is a POS, and yes (I am not the person you are replying to) my company DID f'ing buy the entire rational suite. Stupidest thing in the world, and so bloody expensive too. Guess who's using it now? No one. Literally NOT INSTALLED. We wiped the server and installed Team Foundation Server. Beta. Don't get me started on that. The dumbshits.

Re:It depends

[lgw]

I agree, I've never had a problem with corporate SAV. Ghost is still the most useful utility I need regularly. The stuff Symantec bought from Veritas seems as good as ever. It's a shame that the hate for a couple of Symantec consumer products smears across the whole company. Clearly it does, though.

Re:It depends

[kwalker]

Except that SAV 9 is vulnerable to a buffer overflow attack that forced my company to upgrade to SAV 10.

Older Versions?

[tecker]

I noted that the eEye details point out this:

Symantec Antivirus 10.x
Symantec Client Security 3.x
(Other Symantec Antivirus products are also potentially affected, waiting for vendor list)

Question 1: Are norton Consumer level products (Norton/symantec Antivirus 2006 for example) in this list.

Question 2: Where does this security vulnerability lie? In the scanning engine or in the GUI appliation wrapper or helper dll. This could let us know if the Symantec Antivirus 9 -> 1 are bad.

Im holding Slashdot to a Slashback on this as this unfolds.

BTW, any takers on the ammount of time till patch. Clock starts now.

Re:Older Versions?

[Amouth]

i bet June 7th 2006

jsut because they release updates on wensdays and i don't thing they will have a cert'ed patch ready by wensday as this is a holiday weekend and their customers don't matter to them (at least the ones that could be infected)

Re:Older Versions?

[jonadab]

> BTW, any takers on the ammount of time till patch. Clock starts now.

I'll take the 30th of May (yes, 2006) if that's available. Sooner is possible, but... well, I'll say the 30th. Bear in mind, the operative word here is "patch". A workaround, such as "shut off such-and-such an option until the real fix comes out" doesn't count as a patch, IMO.

Consumer versions not affected

Coverage on http://www.cnn.com/2006/TECH/internet/05/25/antivi rus.flaw.ap/index.html CNN notes that it appears only the corporate version is affected.

"eEye said it appeared consumer versions of Symantec's Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw, though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected."

Re:Consumer versions not affected

It figures. They use the Corp version at work and naturally we have had repeated virus attacks inside the network anyway, and worse, the attitude that the viruses can't be here because big name, big dollar Symantec is protecting us. So we're safe and that's that.

We have had to nearly beg to get servers fixed. "Bargain.exe is supposed to be taking 100% of the CPU and network. No it doesn't matter if SQL server has every port in use by unknown processes. Symantec would never let a virus run amok so it can't be a virus so it's not a problem. Q.E.D."

Not to say Norton at home is any better: I tried AVG on a machine that had been running Norton and found a virus that had apparently been inside a zip file that had been on the drive for three years, totally undetected. Norton said nothing the entire time despite having been set to scan zips.

But AVG is not free of faults either: one of my AVG-protected machines got hit hard by a virus that just completely bypassed AVG. It was no protection at all. So much for free.

I use NOD32 now.

Re:Consumer versions not affected

[v1]

I'm going to guess wildly here after seeing this only affects corporate, and say that Norton, in their infinite wisdom/paranoia, set up one of those "networked license verification" systems, where a product, once installed, broadcasts on the network to find copies of itself to compare license codes with. It then sets up a listener of its own to listen for other copies broadcasting, hunting for duplicate or too-many-user licenses.

Then the listener code is bugged and has a hole in it, and now, courtesy of Norton, you have now INSTALLED a back door on your system.

Lovely.. Just lovely.

There oughtta be a law against companies being able to install listeners on your machine without your explicite consent.

Re:Consumer versions not affected

[AaronLawrence]

NOD32 seems to be the best Antivirus for geeks, IMHO.
Pretty good at finding viruses (the best if you listen to them, but hey, thats marketing), comparitively lightweight, and with lots of options that don't result in blaring alerts when you configure them in "unapproved" ways.

I found that NOD uses about 17MB of memory, compared to more than 60 for Norton's (home).

Symantec

[ikejam]

Symantec seems to be pulling a lot of crap these days, that is charecteristic of a company struggling to stay relevant and by making up for the degradation of quality in its products by othe means (like the other big one) - writing threat exaggeration articles trying scare customers, bloated inefficient personal antivirus solutions, and now vulnerabilities!

Re:Symantec

[balevine]

Would you rather have VISTA take care of it?! I'm sure they've been holding out their super-secert-super-duper virus scanners that will make all future Windows systems as safe and secure as Linux or OS X........right?

Re:Symantec

[bobcat7677]

What does Microsoft have to do with Symantec/Norton's problems? The Symantec/Norton line of products have not offered an acceptable level of virus protection since mid-2001 or so and have suffered from bloat and incompatabilities for much longer then that. I can remember telling more clients then I can even count to "uninstall Norton" in order for them to be able to install or even run some other program back in the '90s. There are probably a whole lot of software companies out there that deserve to have about 60% of their support costs charged back to Symantec. These products have been suffering from poor development and general code bloat for years. I'm guessing it's not the developer's fault, they have probably been downsized and overworked for years to match. The only surprise to me is that it's taken this long for the serious issues with these products to actually make the headlines.

Exploits!

I expect to see exploits, if possible, in short order. Sounds like a nice little thing to add to one's bot nets... You must think like the spammers to defeat them, only with rapid patching will we be safe from their scum, or maybe not. Alot of things really depend on user ignorance, and that is always availible.

startkeylogger

[DrunkenTerror]

startkeylogger

DUH! we've been calling it Norton Virus for years!

[aaron_pet]

I've never seen a program cause as many problems as some of these name brand anti-virus programs.. they're worse than having the viruses!!! and they add extra complexity that gives attackers more possibilities for exploitation.

Keep your patches up to date, or don't connect to the internet...
Don't open ANY freaking attachments, unless you expect it, and you know where it came from... or don't connect to the network.

My mom's computer has their security suite? set up on it... it basically just nags her when programs try to do anything... it's nice that it warns about Real Player's nasties... but we all know to unistall that basterd and just use the codec... ... I'm saying stuff that everybody already knew... but nobody cared enough to nuke that company for the good of the world.

no proof of concept yet?

[themysteryman73]

"there are no publicly shared proof-of-concept exploits or other information to suggest an attack is imminent"

Great, so lets just advertise that it's vulnerable instead of fixing it! How many h4x0rz are going to try to 'sploit this now as opposed to before for a quick ego trip?

Re:no proof of concept yet?

[A+beautiful+mind]

Let me correct it for you.

"there are no publicly shared proof-of-concept exploits or other information to suggest an attack is imminent that we know of "

The best approach to vulnerabilities is to assume by default that the blackhats already know about them and are actively exploiting it, because you can't prove otherwise, so what you need asap is to inform the people about it.

Re:no proof of concept yet?

[slugstone]

If it does not get advertise when will the fix happen. If we follow Microsoft example it will take untill the explote gets in the wild.

Ever since Symantec took on Microsoft...

[jkrise]

This was bound to happen.

0 Day and Away we GOOO!!

[mycall]

This is a job for a 0 day attack. Attack!!

Yet again . . .

[pembo13]

. . . it sucks to be a Windows user.

Re:Yet again . . .

. . . it sucks to be a Windows user.

You were mod'ed "Flamebait" for saying that?! ON /. !?

Oh my God! My cat and dog are sleeping together! Zule is coming!!!

AntiVirus is for Newbs

I got the 'Stoned Virus' in 1989. Had another one that I can't remember about 4-5 years ago. Those are the only two virii I have ever gotten.

I had a bit of a problem a few years ago with SpyWare, first I Installed a IE plugin and then moved to FireFox.

These 'Security' behemoths are insane. They hog 20%+ of computer resources with their 'real time scanning'. The only time anything needs to be scanned is when it's first comming to your computer. Downloads need to be scanned, that's it! If I download something questionable, I'll run it through Trend Micro online scan before running.

Daily backups are the key. And not Whole Fucking Hard Drive Backups like most insane backup programs want to do. Backup your damn documents and data.

Firefox and a little common sense and this whole virus/spyware thing is just not an issue for me. I haven't run SpyBot/AdAware since last year. I occasionally scan my download folder with TM Online.

Re:AntiVirus is for Newbs

[Parham]

Everything you said is absolutely right... except that only someone with a firm understanding of computers and software would be able to accomplish them. I don't know of many normal people that virus scan every file that first comes into their computer, backs up their MOST important documents, and uses Firefox.

The fact is that, even as a computer science student, I don't use Firefox always (because I'm currently using Windows), I don't make daily backups because they can sometimes waste a lot of time, and I let my virus scanner scan regularly even after I know my computer has no viruses (luckily I use AVG which doesn't hog resources).

Re:AntiVirus is for Newbs

[atarione]

~~~ I don't use Firefox always (because I'm currently using Windows), I don't make daily backups because they can sometimes waste a lot of time, and I let my virus scanner scan regularly even after I know my computer has no viruses (luckily I use AVG which doesn't hog resources). ~~~

ummm..... you do realize they make firefox for windows too right =p

Re:AntiVirus is for Newbs

[Parham]

D'oh, it sounded wrong the way I read it... I was referring to the level of integration IE has with Windows; you just can't run away from it.

Re:AntiVirus is for Newbs

[IHateChoosingAName]

Daily backups are the key. And not Whole Fucking Hard Drive Backups like most insane backup programs want to do. Backup your damn documents and data.

The problem in Windows is even knowing where your documents and data are stored. Some programs still store settings and documents created under them in their program folder. Without a whole hard drive backup, most non-expert computer users would probably miss some of their important documents and data in their backup.

Re:AntiVirus is for Newbs

[v1]

Daily backups are the key. And not Whole Fucking Hard Drive Backups like most insane backup programs want to do. Backup your damn documents and data.

It's possible to have the best of both worlds. Use a free app like Rsync and the first run, yes it will be a full backup. Once it has completed that, the next time you run it, it only updates the backup to match the changes you've made to your hard drive recently. In most cases it only needs to move a few megabytes. The compare process takes about 5 minutes for a 160gb HD, and in most cases the sync that occurs afterward takes about 2 minutes. No catalog sets, no databases to get corrupt or need reindexing. (retrospect comes to mind immediately...) Fast, effortlessly networked, and yet works as a full backup for very easy restores.

I rsync my flash drive (4gb) to my laptop (160gb), and my laptop to my server. It's very comforting knowing my laptop's HD is fully backed up at least weekly, as my life is on there. ;)

Re:AntiVirus is for Newbs

~~~ I don't use Firefox always (because I'm currently using Windows), I don't make daily backups because they can sometimes waste a lot of time, and I let my virus scanner scan regularly even after I know my computer has no viruses (luckily I use AVG which doesn't hog resources). ~~~ ummm..... you do realize they make firefox for windows too right =p

ummm... you do realize that we have <blockquote> tags, right?

Re:AntiVirus is for Newbs

The only time anything needs to be scanned is when it's first comming to your computer.

What a wonderfull theory. It would work, too -- assuming that your scanning software was always ahead of the malicious software. What if you download an infected file before your AV product is updated to detect that specific infection?
In that case, UBpwn3d d00d.

tit for tat?

[mysticgoat]

Recent history:

1. Symantic files suit against Microsoft with some kind of anticompetitive or abuse of license beef involving Vista.
2. A day or so later, Symantic announces a zero-day exploit of Word. The malware in the Word document drops the ginwui worm that opens a backdoor and uses rootkit technology to hide itself and its activities. Symantic says that some companies have been victimized by this perhaps for months.
3. And now a day or so later, a company with close ties to Microsoft announces that a major Symantic product contains a massive security flaw.

Does anyone else feel that this time line suggests that the last item or two might be part of a hidden agenda? Are we witnessing the start of a FUD throwing contest between two of the industry's major players?

I am so confused. What web news publishers should I now put my faith in?

Re:tit for tat?

Faith?

Re:tit for tat?

[v1]

Look on the bright side of that though... they are digging up all the dirt and skeletons from each other's secret vaults. We all know that "security through obscurity" is a farce, so this forced openness can only help us, the consumer.

Alternatives to Symantec Antivirus?

My company has invested in Symantec Antivirus Corporate Edition, and while I do like the centralized management features and the Symantec Antivirus Client's unobtrusive nature, these exploits (and there have been several for version 10 alone) are getting ridiculous. With antivirus on the gateway catching 99.9% of the incoming viruses, and account restrictions for users preventing them from doing any real damage if they do get infected, it seems like Symantec Antivirus serves more as a vector of virus and worm attacks than a layer of protection against them. The fact that we pay thousands of dollars a year for the privilege makes it that much worse.

Has anyone deployed something other than Symantec Antivirus in a 250 PC company? If so, I'd like to hear your experiences.

Re:Alternatives to Symantec Antivirus?

[smash]

We run trend officescan in a ~1000 PC corporate network and have only ever had one problem, with a bung pattern file that chewed up 100% cpu - which was fixed within a day or so (affected people world-wide).

Fairly happy with it.

smash.

Re:Alternatives to Symantec Antivirus?

[myxiplx]

Been running Sophos Anti-Virus in the last two companies I worked for. It's always been far faster and more stable than either McAffee or Symantec's offerings. It's more CPU and memory intensive these days, but that's an unavoidable side-effect of signature scanners and 35MB of RAM isn't excessive on a modern machine.

The downside is that it's not as user friendly as the others. Sophos only sell to business customers and hence expect it to be installed by a competant sysadmin. Once you've learnt how to manage it though it's beautiful. One of the products I can install on a network and then ignore for the next 18 months with 100% confidence that it'll sit there and do its job, and will warn me if it can't.

In 4 years I can remember only one bad update, they had a workaround within hours and a fix within a day or two.

Sophos technical support is another good reason for dealing with them. You get straight through to a native english speaking team and even their first line staff have a depth of experience with the product that makes a welcome change from the usual idiots.

Re:Alternatives to Symantec Antivirus?

[grolschie]

NOD32 has awesome corporate anti-virus software. Very lean on memory/cpu resources and the remote admin features are very powerful. I tend to remove Symantec products from pcs where possible, because they are so bloated and resource hungry that they slow the pcs down to a crawl.

Re:Alternatives to Symantec Antivirus?

[kula.shinoda]

Linux :)

Re:Alternatives to Symantec Antivirus?

[laffer1]

Until it starts getting desktop marketshare...

Re:Alternatives to Symantec Antivirus?

[sshutt]

Not on a massive install base here, but we're using avast's corprate edition, seems to do pretty much all you need, it installs a client and lets the admins control it from a central location, it even installs the client remotely (I'm not sure if this is standard with other AV's as I have no experience)
As far as I can tell it should be scalable up to a few hundred systems

Re:Alternatives to Symantec Antivirus?

[cspaz]

+1 Sophos is great! I installed it personally in several companies and schools and as myxiplx said, once configured, you can safely ignore it and just let it do it's job. Also, my experiences with Sophos' technical support have been nothing but stellar. Sophos 4tw!

Re:Alternatives to Symantec Antivirus?

[fdiskne1]

We also use Symantec Antivirus, actually Client Security with the firewall included. The key is to use a different vendor for each level of protection. Use one vendor's email gateway, another vendor's email server mailbox protection and a third vendor's client protection. As an example, we use Barracuda at the email gateway. It appears to act pretty much like a managed Spam Assassin box. I know Spam Assassin is the way to go but I just don't have the time to manage it. This way we get what appears to be the quality of protection of SA but I don't have to spend as much time on it. Then we use Sybari (now Microsoft) Antigen on the mail server. This protects all mailboxes (not the mail server itself) with five different scan engines. Of course, all this is protected by a firewall and an intrusion prevention system plus the vast majority of users are locked down to prevent them from damaging anything anyway. This is on a network with well over 1000 pcs.

I don't like that we're going to have to roll out an upgrade to all machines, but I believe that given our other levels of protection, we should be ok long enough to get this done.

Re:Alternatives to Symantec Antivirus?

We have been using Symantec for years now. I finally was getting sick and tired of all the bloat that it contained and was not interested in going to version 10 becuase it required MS SQL, etc to run the backend database.

I did some heavy research and found Sophos. Sophos is strictly a B2B organization, support is fast 24/7 and the product is solid and rocks.

We have rolled it out -EASY (BTW we have about 250 workstations).

When our users got it, it was like getting a brand new PC for them.

I will never go back to Symantec.

Re:Alternatives to Symantec Antivirus?

[jonnythan]

Check out Norman. Very unobtrusive, easy centralized environment that makes it simple to install, uninstall, etc. Automatic updates distributed from server to clients. Not very expensive, either.

Re:Alternatives to Symantec Antivirus?

[Splab]

Sophos is probably one of the most annoying AV programs I've tried. For some insane reason it has to do it's virus scans each day - and during work hours. You cant dismiss it and it keeps getting focus from windows, that means during the 3-5 minuttes it's scanning I can't do anything.

(This is on a corporate network, I haven't got anything to do with how/why it's running )

Re:Alternatives to Symantec Antivirus?

I am currently on a panel at a major university to evaluate a replacement for Symantec Antivirus Corporate Edition. We have had major problems with SAV, including some mentioned in this discussion and others affecting some of the specific applications that we use. Sophos is the early favorite but I have several more dog and pony shows to sit through before we move on to the final discussion.

Re:Alternatives to Symantec Antivirus?

We've dropped Symantec for TrendMicro. We are a K-12 system, 3000+ machines, a couple of w2K3 servers, 19 Novell servers. SpamAssassin and ClamAV front-end the mail systems. We are extremely happy with the change.

Re:Alternatives to Symantec Antivirus?

[myxiplx]

huh? This got a +4 insightful?

Sophos is completely customisable as to when you want to run your scans. Ours run once a week at 9pm on friday nights.

The fact you state that this is on a corporate network and you have nothing to do with how / why it's running would seem to imply that you are just a regular user on your network and have not installed Sophos yourself.

Since you haven't installed sophos yourself, how on earth do you know what it can and cannot do. I would suggest a far more likely interpretation is that your network admins have configured sophos to run in this way.

Instead of whinging about sophos, how about you speak to your manager and point out that the way your IT department have configured things is affecting your productivity.

Re:Alternatives to Symantec Antivirus?

[Splab]

1. you assume power is free, leaving machines running over the weekend costs alot of money, 1kW around here is about 2DKR.
2. Leaving computers running unattended is a fire waiting to happen.
3. See the part where I say you can't dismiss it? I'm pretty sure the IT department can't do jack shit about that.

When Sophos is running, it's _running_ - you don't have a say against it (I got local administrator priviledges, and I don't have the power to make it go away)

Re:Alternatives to Symantec Antivirus?

[myxiplx]

1. Fair enough, so you're saying your IT guys have made the right call running it in the day.
2. Yeah famously inflamible things computers... In 12+ years of working with them I've never seen a single one catch fire. But, I agree, there is a risk. If you think the risk is too high, run your AV during the day.
3. Yes they can. Sophos can be configured so that the end user *can't* do anything to configure it, or more flexibly so that they can.

Oh look, *your* IT department don't want you messing with the settings on the company's anti-virus program, or preventing it running.

You may have local admin rights. Sophos however has an additional layer of security. Local admins can't do anything the network admin hasn't already approved.

Like I said before, you haven't installed the program, you're not responsible for it and your network admin have locked it down so you can't change the settings. Why you got modded informative I'll never know.

--- end of flame ---

Re:Fire elementals

[hackwrench]

But what do fire elementals feed on? If you use Fist of Ixiblat to burn up their food source, that would be using fire to fight fire as suggested.

AAAARRRGH!

Why is it that whenever a horiffic security lapse is discovered, the technology media feels the need to broadcast it so that every net-malcontent can take advantage of it before the company can patch it?

I'll bet the wanna-be hackers and script kiddies are already cooking up something rude.

Re:AAAARRRGH!

[FooHentai]

Squeaky wheel gets the grease. It's not uncommon to leave exploits unfixed if they're largely unknown of outside the dev team.

From there it's a sliding scale on how urgently it has to be fixed (Read: how many resources have to be diverted from other activities) depending on how big the hole is, how many proof of concepts are actually around, and how much noise the clients are making.

Blame management for this, it's an inevitable consequence of always keeping your eyes on the bottom line.

I'm getting tired trying to keep up.

I'm getting tired, keep up with all these holes that need to get fixed to save my employment of a basic pay cheque.

We need to fix root cause of the problem. Not restore service, but fix it.

It's time to tackle this problem at the compiler level. Get rid of the various IDE wizards, where the latest summer student can spend 5 minutes building a so called enterprise class application.

Instead of the next dual core processor, maybe the industry could spend some time on software and get it right.

heh

[smash]

As someone who has witnessed the norton (now symantec) suite go from being a decent bit of software in the DOS days, to the steaming pile of shit that it is now, this does not surprise me in the least :)

smash.

Re:heh

[orielbean]

Norton Commander ruled! Loved that little nugget. Worked so well! So did norton for 3.1, fixed lots of problems. Now symantec can't get out of its own way. This is the single problem of conglomeration with hardware/software. All the exploits are pointed straight at it and very little else. These companies end up becoming the Maignot Line for hacker nazis - they see it a mile away and roll right around it with their zombiebot panzer divisions.. :-(

idiots

[chiseen]

probably found their own exploit. :P

oh piffle

[OctaviusIII]

My NAV is using a total of 9Mb RAM on my system as I type. It's always been more reliable in catching viruses than AVG, too.

Re:oh piffle

Thankfully there are others to try. E.g. avast home edition (I have nothing to do with them, but I post anon. so as not to be modded down) with looking out for im, torrent, mail, net shield, file hash, etc. eating about 15 megs, frequent updates and no hassle.

Information from Symantec

[walter-t]

http://www.symantec.com/avcenter/security/Content/ 2006.05.25.html

Best Example of Irony

[kie]

Teachers look no further...

this has to be one of the best examples of irony, ever.

Re:Best Example of Irony

[Slashcrap]

Teachers look no further...

this has to be one of the best examples of irony, ever.

We need to track down Alanis Morrisette immediately. When we catch her, you hold her down and I'll smash her repeatedly in the face with a copy of this story engraved on the bottom of a frying pan.

I don't normally advocate violence against women, but that bitch has it coming.

Only affects Norton Antivirus Version 10

[dalroth5]

"Researchers from eEye Digital Security Inc. of California., discovered the vulnerability and provided evidence to Symantec engineers this week, said eEye's chief hacking officer, Marc Maiffret. He demonstrated the attack for The Associated Press."

So it's probably genuine.

"Maiffret said eEye's testing showed the problem affects Norton Antivirus Version 10, including its corporate editions."

"He said Symantec's current security suite - which includes both antivirus and firewall features - did not appear to be vulnerable."

But it doesn't affect the Symantec most used by consumers.

Nothing to see here. Move along.

Re:Only affects Norton Antivirus Version 10

I'm not sure where you got that info, but it's backwards. Symantec Antivirus is affected, not the Norton suite.

"Maiffret said eEye's testing showed the problem affects Symantec Antivirus Version 10, including its corporate editions. He said Symantec's consumer antivirus product, known as Norton Antivirus 2006, and its current security suite -- which includes both antivirus and firewall features -- did not appear to be vulnerable."

GAH SYMANTEC

[insomnyuk]

I've almost always convinced people I've helped with spyware and virus problems to just uninstall Symantec AV, as well as McAfee. They are resource hogs and not really very helpful in my experience. It's an easy sell given these people were running the "anti-virus" software before, during, and after they got infected.

They're better off with two or more good anti-spyware apps, a good firewall, Firefox as the primary browser (I've converted at least a dozen or more people to it), and updated Windows.

Symantec has noly been good for the odd virus removal tool executable (same for McAfee stinger), even their online scan is pretty limited.

Re:GAH SYMANTEC

Symantec / Norton is an OK AV engine *provided you keep it up to date*, but it is indeed horribly bloated with worthless crap these days. We got a new Dell for the office recently and it's noticeably sluggish despite being easily our fastest machine, due mostly to the Symantec 'security suite' crap.

McAfee AV is the worst big commercial player IMO ... it's basically stuck in the 90's with almost wholly signature-based detection. Sure it'll probably catch anything it KNOWS about, but some of the first COM and EXE viruses I ever wrote went through its heuristic engine like it wasn't there. AVG free caught them all.

and what better place than announce it than on

[Rooked_One]

the site where quite a few people of intellegence read their news daily. Both good and bad, of course.

ClamWinAV

[digitalhermit]

I've been using ClamWinAV for a couple months now. It seems to do as good a job as the commercial products that shipped with my laptops. And it's free... It does not do live scanning (or, I don't think it does), but works perfectly for scanning the computers at night when it will run unnoticed. It may not be perfect for everyone but is great for me.

Re:ClamWinAV

[joe+155]

if you like that you'll love clamav for Linux machines - although I do find symantec faster for scanning big files.

Re:ClamWinAV

Similarly, there's ClamXAV for macs. Works fast, well, unobtrustively, and doesn't suffer the stupid bloat PLUS fee PLUS breaking when they can make you pay again for a new version that Norton Virus does.

Re:ClamWinAV

[nuzak]

ClamAV is of course perfect in every way, right?

meanwhile...

[devhen]

symantec is buying out anyone who begins to compete with them, limiting user choice to a single application suite that is both badly engineered and insecure. sounds like a perfect match for Windows.

Re:meanwhile...

[tomstdenis]

But but but free markets and all that jazz. Monopolies aren't bad. That's what the folk here keep saying about MSFT. :-)

Tom

Re:meanwhile...

[SwashbucklingCowboy]

symantec is buying out anyone who begins to compete with them

They bought McAfee and Trend Micro?!

eEye close to MS?

[fv]

I don't know why you think eEye has such close ties to MS. They have been embarrassing and exploiting the hell out of MS for years. They drive MS crazy by releasing powerful exploit code and giving conference presentations such as "Remote Windows Kernel Exploitation" (BlackHat 2005). I like these guys a lot :).

-Fyodor (Insecure.Org)

Re:eEye close to MS?

Twas the night before Christmas, and deep in IE
A creature was stirring, a vulnerability
MS02-066 was posted on the website with care
In hopes that Team eEye would not see it there

But the engineers weren't nestled all snug in their beds,
No, PNG images danced in their heads
And Riley at his computer, with Drew's and my backing
Had just settled down for a little PNG cracking

When rendering an image, we saw IE shatter
And with just a glance we knew what was the matter
Away into SoftICE we flew in a flash
Tore open the core dumps, and threw RFC 1951 in the trash

The bug in the thick of the poorly-written code
Caused an AV exception when the image tried to load
Then what in our wondering eyes should we see
But our data overwriting all of heap memory

With heap management structures all hijacked so quick
We knew in a moment we could exploit this $#!%
More rapid than eagles our malicious pic came --
The hardest part of this exploit was choosing its name

Derek Soeder
Software Engineer
eEye Digital Security

(Copyed by anon from http://www.eeye.com/html/research/advisories/AD200 21211.html)

Free alternatives to Symantec Antivirus

[mlow82]

Avast!
AVG Anti-Virus

Re:Free alternatives to Symantec Antivirus

[tomstdenis]

Gentoo.

Ahhh, much better.

Re:Free alternatives to Symantec Antivirus

[Linker3000]

'AVG Free' is free for home users but not for business use

Re:Free alternatives to Symantec Antivirus

Sorry, but Gentoo is no good: while I like Lunix, I could never switch to it until it runs all the essential Windows applications I rely on, like Firefox, Openoffice.org, GIMP, and Cygwin.

Norton Antivirus not affected, only Symantec AV

[LarryWest42]

I.e., their corporate version. At least that's what they say:

• http://www.symantec.com/avcenter/security/Content/ 2006.05.25.html

The Hows: A well reasoned theory and some impacts

[allroy63]

How the exploit functions (a loose theory) 1. It is widely accepted that the Corporate versions of the software are those that are affected. The major difference between the Symantec corporate and home use anti-virus clients is their ability to be managed by a centralized server. From the server environment one can initiate any number of tasks - including a remote installation of the client, remote scans, etc. IIRC this functionality is accomplished through connection to a listening port on the client machine. This would fit the theory of what it is that is so different and that a user needs to do absolutely nothing but have the machine on a network with the Symantec service running. 2. The current CNN coverage located here (http://www.cnn.com/2006/TECH/internet/05/25/antiv irus.flaw.ap/index.html) indicates that home use editions of the software are not affected, "though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected." Many of these same users are also granted secure access to remote servers behind their companies' firewalls... 3. This is a major concern because it means that we're not looking at a situation of massive numbers of zombie bots that are all deployed to do some low level inane task like e-mailing tons of spam to people. It means that the firewalls of the various institutions of power, privilege and profit around the globe who have purchased Symantec's products become functionally useless as employees head home to plug into their non-firewalled-my-cousin-set-it-up-for-me cable or DSL connection at home. It also means that any confidential data stored on those remote machines is more likely to theft. Consider the recent stories in the U.S. media of the theft of a laptop containing thousands of citizens social security numbers. Now magnify that situation by imagining that everyone with access to confidential data on a laptop running Symantec place the laptop on the front porch of their home each night. It will be interesting to see how Symantec handles this. I am hopeful that a LiveUpdate can correct the situation and will be looking into turning off the remote management features on the client machines I manage as a precaution. I don't know that there's a link, but it seems like a fairly plausible source of exploit that is clearly delineated from the home version... 2.

Yet another...

[RM6f9]

reason not to do business with them: When I found out that the consumer versions couldn't even uninstall *themselves* cleanly, I reasoned there was no way they'd be able to remove anything else...

So, how *do* they manage to stay in business with such a large share of the security market?

(bustling off to buy put options...)

Re:Yet another...

[Cro+Magnon]

So, how *do* they manage to stay in business with such a large share of the security market?

Well, my last 2 computers had Symantic pre-installed. Kinda like AOL and Windows.

AS A SYMANTEC EMPLOYEE, I AGREE

If you're a Symantec employee (and you agree) post anonymously under this thread. Just so you know I really am a Symantec employee, let me ask you this: how many "strongly disgrees" did YOU put on the SymPulse survey? Wouldn't it be great if our company actually payed any attention at all to that survey and decided to put the technology first? Guess we'd have to change our name to Sun then.

Re:AS A SYMANTEC EMPLOYEE, I AGREE

[ArsenneLupin]

You sure like to play with fire.

Just let's hope that you're not the only one who answered "strongly disagrees" to all questions, or management will have your name despite the Anonymous Coward.

Re:AS A SYMANTEC EMPLOYEE, I AGREE

Wouldn't it be great if our company actually payed any attention at all to that survey and decided to put the technology first? Guess we'd have to change our name to Sun then.

Sun? Jeez, someone did think of a way to make our stock fall even worse. I guess that's what that that whole Symantec/Sun show was about a few weeks back. I'll admit that Sun has good fundamental strengths and hasn't completely destroyed itself like SGI and HP did, but they're hardly the train to be hitching to.

I didn't bother taking the SymPulse survey. What a load of crap those things are.

Was it a buffer overflow? or a bad pointer?

[master_p]

Because if it was, here we have one more piece of proof that C/C++ is a "not that good" programming language. For how long will the industry have to put up with this situation?

Re:Was it a buffer overflow? or a bad pointer?

Until people like you learn how to code.

Sadly, morons who can't figure out how to check buffer length and pointer cromulence is what the industry really has to 'put up with'.

Re:Was it a buffer overflow? or a bad pointer?

[k8to]

Yes blame the programmers. If only those programmers were magically better, then the tools would be JUST FINE. I'm sure when you stop hiding your magic hat from which you can produce an endless stream of perfect programmers that our long security crisis will be over.

Re:Was it a buffer overflow? or a bad pointer?

[master_p]

The reason other more protective programming languages exist (other than C++) is that few programmers can write flawless C++ code. /. modders: it was not a troll!

Re:Was it a buffer overflow? or a bad pointer?

[lgw]

I've been doing programming in a man's language for 15 years and never had a buffer overrun or the like in the field. Just do it right. C/C++ allows error-prone coding styles, but it doesn't require them.

Thank you

[kanzels]

Now I'm happy that my Windows is safe inside vmware and running only twice a month using Linux as host and firewall :)

Ok so what size fire are you taking about.

Flamethowers do work in a pinch if you have time to back burn in frount of fire.

Flamethrowers/Firestarters will stop a fire if used correctly. Even fires that could not be simplely stoped with water bombers.

Ie Bush Fire fighters do not have anything against using fire against fire. The fire created a wind blowing to it. So starting a fire in a sepreate line away from it will go to it unless some other weather effect is happening. If all fuel in frount of fire is burn out it will stop. The back burning effect.

Bit like using Explosives. They are also used to stop some fires. Lets blow up a few building so the rest don't burn down. Ie save a house by flating a factory. or Flaten a few houses to protect a important factory.

This was to be expected

[ajs318]

Raise your hands if you really didn't see this coming.

For one thing, the closed-source nature of the whole anti-malware market is a fertile breeding ground for exactly this sort of problem.

Fort another thing, if your whole business depends on the very existence and high market penetration of malware, you stand to lose out massively if you actually manage somehow to eliminate it altogether. Symantec et al need the virus writers, the script kiddies, the crackers and the spyware merchants. If it wasn't for them, and the fact that they have such an easy time thanks to closed-source software, then there would be no need for anti-malware services.

Symantec et al are basically providing the electronic equivalent of a huge steel lock fastened onto a cheap balsa wood door with blu-tack. A computer doesn't have, and cannot ever have, any way to distinguish a "good" program from a "bad" one: that has to be determined by a human being somewhere along the line. Nothing anyone can invent will overcome this: it is not a limitation of existing technology, but a limitation of the universe.

It is only because of the existence of closed-source software that hardware has to be binary-compatible, in order to allow execution of foreign binaries. And binary compatibility is the whole reason why viruses and worms work at all. If you are compiling everything locally, nobody else needs to know the instruction set and addressing schema of your hardware; and if all computers were different, code compiled on one machine would not be able to run on any other machine. The only ways around this would be to write malware in interpreted languages {and so allow white hats access to the source code, thereby mitigating the threat greatly} or somehow to persuade users to compile it and run it {and again allow white hats access to the source code}.

The malware problem won't begin to go away till we ditch the 80x86 architecture and all closed-source software altogether. Build every machine to be fundamentally electronically incompatible; and probably with an actual physical switch, hardwired to the motherboard, that needs to be operated to allow the computer to compile anything. That will solve as much of the problem as can be solved in the machine domain. Whatever remains as a problem exists in the human domain and needs to be solved there.

Re:This was to be expected

[SwashbucklingCowboy]

I'll get mod'd down for this, but so be it:

For one thing, the closed-source nature of the whole anti-malware market is a fertile breeding ground for exactly this sort of problem.

CODE is a fertile breeding ground for this sort of problem. Closed source, open source, it doesn't matter. Check out the Coverity page on their work with open source projects. Notice all the defects they've found in open source.

Also, I GUARANTEE you that Symantec and every other security software firm has extensive review processes to try to prevent precisely this sort of thing.

Re:This was to be expected

A computer doesn't have, and cannot ever have, any way to distinguish a "good" program from a "bad" one: that has to be determined by a human being somewhere along the line.
That's a major leap of unfaith! A human being _is_ a computer, it's just not a binary silicon-chip based one. However, that's completely irrelevant as the hardware isn't the issue. A computer certainly can distinguish a good program from a bad one, as soon as the two have been sufficiently and logically defined by its programming.

22434fff

In Soviet Russia Symantec viruses you!

But if they want to save development cycles...

[Dystopian+Rebel]

All they have to do is rebrand their anti-virus product "PC Anywhere SE".

Re:But if they want to save development cycles...

[RemovableBait]

I don't have mod points today, but consider this my +1, Funny.

You brightened up my day, cheers!

Re:But if they want to save development cycles...

[Dystopian+Rebel]

It's an honour, Sir.

If your organisation is hiring, perhaps you could brighten ~my~ day. :o)

Industrial Espionage

Isn't it about time to admit that when security vendors can't get security done right no matter what, the holes are more about industrial espionage than security and are left there by design. - Like, we've been here a million times.

Obligatory Simpsons quote....

"Haw haw!" - Nelson Munz

Re:DUH! we've been calling it Norton Virus for yea

[Himring]

I find it hard to believe the parent was modded insightful.

Security isn't easy at best, and the more computers, applications and disparate networks you have to manage the worse it gets. Name for me a software firewall that doesn't require "teaching"? Eventually, you'll install something that will not work until you open the port it needs. The newer swfws will at least popup a quick box asking you if you'd like to permanently allow the connection. I've used zone alarm, tpf, netpeeker, scs and, yes, XPs -- to name a few. Of them, XPSP2's swfw seems to be the most "user-friendly" -- i.e., less nagging. But, then again, it only blocks incoming. Most other, "better" swfws will also block outgoing -- which is what you really want to do on a network you're managing.

The other thing that gets me about 99% of the posters here is they seem to only have experience on their home computer. From that POV they are correct and Symantec and other "enterprise" products have areas to improve on, but I help manage a network with 1000s of systems. Correcting applications that refuse to work with XPSP2, or getting most administrative AV packages to work well across a huge and disparate network is difficult. In some cases, you cannot patch and an AV product is all you got. The vast majority of the time, once you push SAV to a remote machine (that could be 3000 miles away) it will install, get good virus defs, and keep humming right along no problem. In the years we've used NAVCE and now SAVCE, only one time did we get a virus that the current virus defs not detect. In that case, we worked with Symantec and they quickly updated their virus defs for us and the problem was solved.

Experience also exists outside the home and on just one computer....

Unitentional release of new feature

[sjonke]

This gaping hole is intentional, but it wasn't suppose to be released yet. That was a mistake. It's a new Symantec Anti-Virus feature called "Wide Open Front Door". WOFD opens up many large security holes in your system, with the intention of confusing attackers - when a potential attacker finds a system with so many massive, gaping security flaws, they figure their must not be anything interesting inside because if there were the system would certainly be locked down tight. The potential attacker will figure it's not worth the trouble and attack some other system instead.

Not the best protection

TinFoil hat's aren;t the best protection, according to some research.

Nothing suprising about this "development"

[hausmaus]

Symantec has putting out terrible products for years now. In addition to totally devastating the products it buys, it also makes them nearly impossible to remove. I have had to forcefully remove Norton products from many of my clients' systems by using the "forced removal" tools that Symantec provides. Now, I don't know if it's just me, but isn't that a bad sign when a company provides tools (even though the tools are buried in their corporate site) to remove their own products because the product's own uninstall routines fail miserably so often?

I normally recommend something along the lines of AVG or Avast! to customers after that little experience. People normally learn after their wallet gets hit a few good times for computer repair.

Re:DUH! we've been calling it Norton Virus for yea

[wannabgeek]

Keep your patches up to date, or don't connect to the internet...

Rrright! There has never been a case when the worm came before MS issued a patch, has it?

In Soviet Russia...

... Antivirus hacks YOU!

er...

Crashed

[BuddhaMonkey]

And this morning on boot up, my SAV crashed. Just for fun, I let it report the error.

surreal irony

[stinky+wizzleteats]

That is so ironic it's almost surreal.

That's like making an operating system that causes a computer not to operate.

Oh, wait...

Just STFU with the tired cliché

Apparently, you don't realize just how widespread NA is used throughout corporate, education, and government networks. It's a big fucking deal so stop trying to minimize the security risk.

Tinfoil Hat

[michalk]

Sometimes you have to wonder. If one reads enough of these vulnerabilities in Windows and antivirus and browser systems, one would get the idea that it's all quite convenient in some ways. I am not a conspiracy theorist ... well after this post I may be. My theory would be that a company could easily be approached by the government and paid to add back doors to their software. It's a lot safer than trying to get records from the phone companies and there's a lot more information to be had. If the company is large enough, it would never get noticed by regular programmers. All it would take is a compromized module, object, dll, whatever to make this happen. Even a compromized compiler would do it.

Re:Details? Secret Identity REVEALED

[Nom+du+Keyboard]

If it affects the install on the clients, but needs to get access to them, I wave my paw and say "bah."

So now we all know that Scott Adams posts to Slashdot as SomeGuyFromCA (197979). :^)

Re:It's hard to imagine....Secretly MS

[Nom+du+Keyboard]

Actually as far as I can tell Symantec hasn't actually ever made a product at all.

So Symantec is actually secretly Microsoft. I tell you I've suspected it all along.

Re:DUH! we've been calling it Norton Virus for yea

[dballanc]

The difference between the home and enterprise version of Norton are absolutely huge. One sucks, one seems to work fairly well. The home version is awful. I mean really, I don't think I could possibly design a worse product. What genius decided that massive dependencies on Internet Explorer is a good idea for an antivirus program. Internet Explorer and related components are usually the ones raped in virus and malware attacks. IE breaks, and the interface to NIS breaks. Brilliant!

Can't uninstall in safe mode. Uninstall works so poorly they even release a standalone uninstaller, which in my experience is necessary almost 50% of the time for broken Norton installs.

The silent breakage. NIS is absolutely famous for this. I get clients call with the broken net access, sluggish response, programs not running correctly, scripting engines not working under IE despite being enabled, etc. Malware, virus, spyware? Nope. It's NIS. I can't count the number of quirky problems fixed simply by uninstalling NIS. It's generally a first step for me anymore.

Learning firewalls are totally pointless for home users. The typical home user can barely check email, and clicks OK to every web-popup. Do you really think they are up to allowing/denying outoing port traffic? Even in the corporate environment, you should never trust a user to make decisions like that. It's not their job. If you're an admin, they pay YOU to do that.

And no NAV, I don't give rats ass unless you actually find an infection. Take your little balloon popups and shove them. If you don't have anything valid to say, leave me the hell alone. All of the major AV programs these days are pretty much adware. "hey look at us, we're working. You paid for us and we're doing something, yeah!". Damn attention whores.

apologies...

ol' Symantec has a hole... eEye, eEye, Oh!
it is a big security flaw... eEye, eEye, Oh!
with a worm attack here and a rootkit there... eEye, eEye, Oh!

Didn't you get the memo?

[Pizaz]

The meaning of "hand" or "HAND" has been updated from "Have a nice day" to the much more hip and trendy "Talk to the (hand)". Please make a note of it.

TTYL.

Re:Didn't you get the memo?

[thc69]

Time to update it again. From now on, "Hand!" means "I participated in a silly thread on Slashdot about Symantec and not-quite-grammar."

Hand!

Re:Didn't you get the memo?

Unknown device: /dev/TTYL

Re:DUH! we've been calling it Norton Virus for yea

[Himring]

Symantec Client Security -- their enterprise software firewall -- allows an administrator to pre-configure the firewall settings and then push to as many workstations as needed w/o the user ever having to deal with anything (popups, whathaveyou).

Unfortunately, all other swfws require the user to be involved at some point -- even MS's that comes with XPSP2 (am I the only one who gets the popups asking if I want to allow the requested connection?). Name for a swfw you could install on your mom's computer that won't need some user interation. Seriously, I hope you can cuz I want it!

Otherwise, I don't get your hostility. Oh wait, yes I do too....

It's bad enough

It's bad enough Symantec AV corp editions have a documented bug from versions 9.x-10.1 that cause windows domain controllers to crash, but this is like adding salt to a wound. Symantec should really open up their support databases and provide better knowledge bases to their customers.

Magic Lantern 2002? CyberStorm anyone?

These guys and plenty others work with the Department of LameLand InSecurity. Their hands are badly stuck in the porkbarrel. Come the revolution it's jail for 'em ;-)

Now mod the incite...

Have a nice day!

meta-antivirus software

[wpegden]

No, no... you guys are all missing the point. This was a strategic move on the part of the antivirus industry as a whole. Look for "meta-antivirus" software packages---in home, small business, and enterprise versions---on your CompUSA shelves soon. One "level" of protection just isn't (profitable) enough!

Great new business idea!

[GWBasic]

I have a great new business idea! We'll sell Anti-Virus Anti-Virus programs!

Re:Details? Secret Identity REVEALED

[SomeGuyFromCA]

*pawwave*

Bah.

Win-win?

Win-win? Do you claim each core will run its own copy of Windows?

I do recall having to type win at the DOS prompt to start Windows and lose performance.

I actually experimented with renaming win.com to lose.com... and that was in the days of Win3.11fW... was I a prophet or what?

Re:AntiVirus is for Newbs: Short version

http://en.opensuse.org/Welcome_to_openSUSE.org

Sorry. Couldn't resist. OK, start flaming now.

Hot Potato

[lon3st4r]

I've dropped Symantec's products like a hot-potato.
It happened one fine day, whwen I saw my harddisk sans netcat. The guy *just* erased all instances of it. When I downloaded a new copy and unzipped, I found the exe 0wner and deleted.

So long, and thanks for all the lost cycles!

* lon3st4r *