Symantec Labels Vicars' Software as Spyware

ukhackster writes "The curse of Norton Antivirus has struck again. This time, Britain's vicars have been hit. Norton mistook a legitimate file for a piece of spyware, and those who followed the instructions found that their sermon-writing application no longer worked. Norton was once an essential application. Is it turning into a joke?"

To be fair....

[8127972]

....we can replace the Norton name with any other vendor's name and still have the same discussion. The only reason that we're beating up on Norton is that they've shot themselves in the foot like this before.

Re:well... yes?

[User+956]

So what's the solution?

Kaspersky AntiVirus. It's a small enough company that the malware writers don't test against it.

Re:well... yes?

[pete6677]

Norton has become the AOL of antivirus. Living off a brand. Too bad Symantec destroyed what was once a great product.

turning into? hardly..

[wfberg]

Signature-based virus scanners have ALWAYS been a joke. Basically, it's a technology that was barely good enough when the first one was written, and all that time we've been using it until something better comes along.

The real solution to virusses lies not in signature-based scanners, but in policing applications. The discontinued Thunderbyte AV (of DOS days) had the right idea. It scanned files for instructions that shouldn't be in normal programs, like an API call to format your hard disk. It had a list of exceptions (format.com etc.), but otherwise, it would complain loudly.

Nowadays, we can do much better. We have usernames, credentials, priviliges etc. Why don't programs run as separate users with separate priviliges? There is NO reason why Word (or openoffice for that matter) should be able to access every part of the registry or harddisk that the user running it can. Firefox should basically be restricted to making TCP connections and writing it's configuration, cache, and a download directory. The security model now allows it to write to c:\windows\system32 if you're logged in as administrator, even though it clearly has no business doing so.

Newly downloaded applications should be granted permission only to write to registry keys they themselves created, and files likewise. And if an app overstretches its default permissions, the OS should complain loudly and ask permission (OS "professional" edition), lookup a policy file (OS "corporate/enterprise" edition) or simply disallow it and require some sort of wizzardry - e.g. editing an .ini file - to overrule it (OS "home" edition).

This doesn't require rocket science to implement, though it will break some stuff and force users to copy files from My Documents\Microsoft Office to My Documents\Firefox if they want to upload a document. Small price to pay, I say.

Of course Norton and McAfee suffer not just from being unreliable in detecting virusses, they also fuck up your OS so it won't work properly anymore, and are a bitch to uninstall. But the solution to that is simple; switch to another product. The fact that the other product would, again, be a signature based scanner is the lamentable part.

Re:turning into? hardly..

[honkycat]

While this is a more secure approach, I see two problems. First, although the inconvenience is objectively a small price to pay for the additional security, few people see security issues objectively. The thinking is "well it hasn't been hacked yet so it must be secure." As a result, a change that adds inconvenience with no benefit other than increased security will not be welcomed. I don't think this is insurmountable, though.

The other problem is that a scheme like this requires that someone determine what privileges a particular application needs. You cannot trust the application to do this, obviously. I don't see a good way for the OS to know what privileges are needed. Really, I think this requires a technically sophisticated administrator for the machine. That may work well for businesses or high-security environments, but it's not going to fly at home, where most machines are administered by someone who knows enough to insert a CD and run install but not much else -- and that's the optimistic characterization.

Re:turning into? hardly..

[ultranova]

I know saying something good about Trusted Computing around here is largely akin to taping meat to myself and dancing with lions, so here is an AC post.

Only when you are clearly lying; in this particular case, you are trying to make it seem like Digital Restrictions Management is increasing security for the user of the computer, as opposed to some remote authority, which is a lie.

One of the goals that Trusted Computing is working towards is 'Sealed Storage': only the program that generates the data can access the data it has encrypted.

This is only usefull if the goal is to lock the user of the computer out of the data - that is, to prevent the user of the computer from doing anything with the data that the program make doesn't want them to, such as, say, opening a Word file in OpenOffice.

For increasing security for the user, kernel-enforced access controls are far preferable - they are both sufficient and allow the user to transfer data from application to application. For an example of such controls, see the access control system of Unix-like operating systems, such as GNU/Linux; these controls need to be revised somewhat to allow finer-grained control, but this doesn't require DRM.

I hope your corporate masters gave you a good price for your soul, astroturfer, but I doubt it very much.

Re:well... yes?

[ShadowBlasko]

What is it about say... AVG that you don't like?

I like the small memory footprint, the timely updates, and the ease of interface. (hit it and forget it)

Is there a reason they are not to be trusted? (seriously... not being a smartass)

Re:Really?

[plantman-the-womb-st]

No no no, let the silly Emac-fundamentalists preach the damnation and hell fire while thumping their lisp manuals.

VI users don't preach, they just get the job done.