A Bad Week for Symantec

Evan Hughes writes "NeoSmart Technologies has published a scathing editorial regarding 3 high-profile mistakes by Symantec Corp. — all in less than a week. In what seems to be a string of stupid mistakes culminating in the infection of CNN-parent Turner Broadcasting Systems by Rinbot— a virus dedicated to the eradication of Symantec from the known world."

maybe...

[User+956]

NeoSmart Technologies has published a scathing editorial regarding 3 high-profile mistakes by Symantec Corp. -- all in less than a week

Maybe they're not mistakes... maybe it's just a form of viral marketing.

Re:maybe...

[Master+of+Transhuman]

It was such a scathing article that it destroyed itself - "no input file specified" when I go to the site.

NeoSmart must not be smart enough to deal with a /.ing...

With all due respect...

[devphaeton]

....in my experience modern Symantec products such as Norton Internet Security is the most malicious, but successful form of malware ever. It actually gets people to pay money for the product, and in a lot of cases, pay other people to install it and keep it on their system.

I'm so glad I moved out of software maintenance and into hardware maintentance. Now I just wipe harddrives clean as a whistle and make sure the hardware works. Such a load off!

Re:With all due respect...

[kmassare]

Why would I pay for their product? Norton AV is regularly offered with enough rebates to make it effectively free.

Re:With all due respect...

[digitig]

"Effectively free" is still overpriced as far as I am concerned. The amount it slows the system down is unforgivable.

Re:With all due respect...

Geek squad eh?

someday you will get a real IT job. Keep going to college and get that degree!

Re:With all due respect...

[nmos]

The strategy seems to be to give away the program and then nag the user to purchase an update subscription and then completely break the users machine if they try to uninstall.

Re:With all due respect...

[Zantetsuken]

yes, its close to zero cost when you buy the software in store, but its still subscription based, which is where they get you - its like a subsidized cell phone from a major carrier - sure, the phone is zero cost or 50 bucks off, but you've still got to pay for airtime minutes...

Re:With all due respect...

[MerlynEmrys67]

do() || do_not(); // try();

I prefer
0x2b || ~0x2b of course anyone can answer shakespears ultimate question with 0xFF

Re:With all due respect...

[Tim+Browse]

Reminds me of a phrase we used at a company I once worked at, to describe 'free' equipment we were given, and co-erced into using.

"It didn't cost us anything. Well, not at first."

Re:With all due respect...

[Bluesman]

Oh yeah? Is that signed or unsigned 0xff?

Shakespeare's way ahead of you. :-)

Re:With all due respect...

[Dunbal]

anyone can answer shakespears ultimate question with 0xFF


      I don't get it. What does End of File have to do with anything? To be, or not to be - end of file. Sounds lame and makes for a rather short play ;-)

Re:With all due respect...

[bluephone]

So you go to the store once a year and get the new version with a rebate rather than paying full price to update online. The upshot is you have reinstall media, too.

Re:With all due respect...

[bluephone]

I used to swear by it, but around 2002, it just sucked up too much in the way of system resources. I switched to the Corporate client and got back a lot of CPU and memory, ditched the flashy idiot-targeted UI, and kept the engine. For the past 15 years it hasn't let me down once.

Re:With all due respect...

[Sillygates]

Unforunately that is 0x1 :( it should be:
0x2b | ~0x2b
and it will evaluate to 0xffff as a short, and 0xffffffff as a 32bit int/long

Re:With all due respect...

[Serious+Callers+Only]

He's talking about committing suicide, hence EOF - if he decides not to be.

Re:With all due respect...

[Anpheus]

~ is a bitwise 'NOT' operation.

Thanks for playing!

Re:With all due respect...

IF malware . it cannot escape an external outgoing /incoming firewall log

What are the IP address or names of the stuff to which the malware comes are goes ?
What IP or names will be in my router s log ?

Anyone have any input about the above so I can maybe block it ?

What IPs. and URI's . URL's and names might I expect to see in my external router log?

  The proof of the pudding is an unsolicited connection and nothing else .
If any company makes malware there is no point in just causing problems on a Pc , it must convey unwanted something to your or from your computer
Malware must therefore connect to somewhere and receive data from somewhere .
  To where and from where ?
Please don't say it's part of the updates themselves
Aren't the updates encrypted ? So how do you ID malware ?

I can identify just about everything in my outgoing log and many things in my incoming
tell us what we need to see

Re:With all due respect...

[ATMD]

...and I for one welcome our Norton engine-running virus-free overlords from the future!

Re:With all due respect...

[DevilDoc]

What the fuck are you talking about? Isn't it a little early to be hitting the hooch?

Re:With all due respect...

OMG mods, get a fucking sense of humor already!

Re:With all due respect...

[Gr8Apes]

It's uninstallable. Just not by Mom and Pop, or even anything under an expert guru.

Live update is a pita. Requires a manual cleansing of the registry and file system. bah!

Re:With all due respect...

[amuro98]

Effectively free, maybe, but that still doesn't make it EFFECTIVE (oh, you meant at destroying your computer's productivity? it's plenty effective for that.)

Re:With all due respect...

[Rycross]

I wouldn't take Norton AV if they payed me to install it. Its one of the worst AV options out there. Download AVG for home use.

Re:With all due respect...

[BoyIHateMicrosoft!]

I hate to post offtopic here but to work at Geek Squad, at least at my home Best Buy, they required a four year degree and minimum three years experience in PC troubleshooting. Geek Squad still ain't worth a shit though. Just thought I would point that out.

Re:With all due respect...

[bluephone]

Norton Antivirus has been around since 1990. I started using it in 1991 or 1992. MS licensed a subset of features for the MSAV that came with Dos 6.

Now, granted I'm from the future, but I don't talk about that in public.

Err, crap.

Re:With all due respect...

Ah, yes; update once per year... so you can end up like the subject of the article.

Brilliant. You're a clever one indeed.

coral cache don't work. Slashdotted. copy needed.

already slashdoted. If you have watched the blog article pls put a copy here.

No great loss

[ravenspear]

Every experience I have ever had with a Symantec product has been utterly terrible. Generally they cause more problems than they solve.

Re:No great loss

[TFGeditor]

"Every experience I have ever had with a Symantec product has been utterly terrible. Generally they cause more problems than they solve."

Give this man a kewpie doll http://en.wikipedia.org/wiki/Kewpie_doll_(toy) or mod up, or something.

Re:No great loss

[Farmer+Tim]

Symantec: more full of bugs than a frog on a binge.

Re:No great loss

[sumdumass]

You must be reletivly new to their products. They used to have good/decent products but around 2002/2003 it started going downhill fast. I have stopped recomendig them since 2005 or so and get really frustrated when I have to remove them now.

You right, They suck now. But they used to be half way decent at one time. I don't know what happened.

Re:No great loss

Indeed. They have fallen so far since Peter Norton's warmly crossed arms invited me to test my memory and check my FAT tables. The last Symantec product I was happy with was Norton Utilities 3.0 for Windows 98. I still proudly have the jewel case & CD. Boy I *loved* cleaning out my registry and repairing every little shortcut! It just made me FEEL fresher!

Since then.. craptasticular. Everyone else makes a better app, as proven by Symantec's purchase-and-sit-on-it methodology with Partition Magic.

No no.. it's okay, the corporate world deserves them.

Re:No great loss

[DigiShaman]

Agreed! Symantec NAV sucks ass nowadays.

While Trend Micro is known to be good, my faith in it has been shattered when I cleaned up a web server that was infected with some unknown virus. It was so nasty, that it disabled the Trend Micro services!!!

Because I use AVG Free at home (and has always prevented infections), I decided to download and install the 30 day trial of AVG for file servers. Needless to day, it found the viri and purged them.

I think I'm on day 8 of the trial period without further incident. Because the trial version of F-Prot also failed, I fairly certain we will go with AVG.

Re:No great loss

[sumdumass]

I have used the AVG server and pro versions at a couple locations. I love them. The administration control console thing (if you use the server and a few clients too) allows you to update and push them out, You can schedule scans and checks the status of them. You can even delete the files remotly if neccesary. There is quite a bit of control it gives you. And best of all, the service doesn't take a brand new computer with plenty of memory and proccesing power and make it apear to be some slow piece of yesterdays stuff like symantec products do. (well, their corperate version wasn't as bad as the home or pro version but symantec does take a lot out of the systemit is running on for some reason)

They have several different kinds of license and purchasing offers. I think the paid updates are two years if i'm not mistaken and each install averages less then a symantec corp or NAV price. I'm convinced and I use AVG for all my anti virus needs (even on linux mail and file servers)

Re:No great loss

[Radon360]

Well, somewhere in 1990, Peter Norton sold things to Symantec. They (Symantec) continued to associate themselves with Peter Norton up until 2001 or so. About that time is the consensus that things went downhill. I'm not certain how much involvement Norton had with Symantec up until that point, but I'm willing to speculate that when the two parted companies, that's when Symantec began their transformation into selling the crap they do now.

Gosh, I miss the good ol' days of Norton Utilities and the like...in DOS nonetheless. Now there was a powerful piece of software that was truly easy to use. The UI actually showed you some shred of respect that you knew what you were doing.

Re:No great loss

[dragonquest]

This is a a bad generalization. I admit I'm not a fan of their Norton line of security products, but some products they make are a real boon to enterprises. Let's step aside from Personal Computing for a moment and look at NetBackup or BackupExec (which were formerly from Veritas). Anyone who's backing up more than 250GB of data in a huge organization would swear by these products.

Re:No great loss

[monsted]

We're migrating about 250 TB (no, not GB) from Legato^WEMC Networker to NetBackup because some bean counter made a better deal with Symantec and have so far only found drawbacks to that move. Worst of all, Symantec is requiring us to install full (including X, open office and every single piece of software known to man) Solaris packages if we want support from them...

Re:No great loss

Backup Exec sucks, actually. I swear AT it.
It is really buggy and fails intermittently on long running stuff.
250GB of data? Huge? That chickenshit dude.

Re:No great loss

250 GB ? Please......

We do twice that that as a daily incremental backup.
From about 40 clients: W2K, W2K3, Aix 4, Aix 5L and several Linux flavors. (We ditched Solaris last year.)
Keeping multiple copies/versions of each file in backup with varying retension periods from 7 days upto 6 months depending on source-system and file-type.
Over 2.000.000.000 files, about 10 TB totally on tape (LTO3).

We tried Veritas...... Shudder......

Tivoli Storage Manager. It's the only thing out there that can handle it, and handle it well.

Re:No great loss

[nurb432]

Guess you never used Ghost.. ( yes i realize they BOUGHT that product, but it is there now. )

Or PCA ( again, another acquisition ).

Or Altiris.. err wait, that product sucks anyway :)

Do they develop anything on their own or just eat other companies now?

Re:No great loss

[empaler]

When I was a first line supporter in a place where Symantec habitually was a problem, I would usually say "Weeeerll, the Norton brand has produced some awesome products. In the 90s. However, I am not sure I would recommend renewing your subscription when that time comes. That is of course up to yourself."

Re:No great loss

[lordofthechia]

One more worth checking out is AV Personal from Avira. I've using it for years (till I switched to Linux) and always recommend it first to friends and family. I've always noted it to be lean and effective.

So this is kinda obvious, but....

[rasafras]

Turner apparently got hit because it had not yet updated the Symantec programs on its computers. A fix for the flaw has been available since May and security experts have repeatedly urged users to protect their computers by applying the update.

Hmm hmm hmm people are dumb.

Re:So this is kinda obvious, but....

[Bacon+Bits]

If you'd ever been the person responsible for updating the Symantec Antivirus client, you would not be so quick to judge. LiveUpdate only handles scanning engine updates and virus definitions. Anything else is a huge nightmare.

I don't like Symantec products because they make the life of a sysadmin *more difficult*.

Re:So this is kinda obvious, but....

[killjoe]

I think that's a copout. If updating your product is not dead easy and absolutely 100% safe and undo-able then you can't blame people for being cautious about their updates.

How many times have you run a windows update and messed something up? Yea me too. That's why I always wait a while before updating windows. I know it's risky but I am damned if I do and damned if I don't.

Re:So this is kinda obvious, but....

[York+the+Mysterious]

LiveUpdate only updates the defs for Corporate, but you can easily deploy updates via Active Directory. Corporate is the only good product that Symantec makes. I admined 300+ seats of it. Granted Turner has more than 300 seats, but it took me about 10 minutes to get my 300 seats updated. They have no excuse. Someone wasn't on top of this.

Re:So this is kinda obvious, but....

[drinkypoo]

Corporate is the only good product that Symantec makes. I admined 300+ seats of it.

NAV/SAV Corporate is a gigantic pile of shit. I worked for Yuba College's MIS department for a while where we had NAV 7, then SAV 8 and 9, and they all shared the same stupid bug where after a while they would stop getting updates. Happened whether we used the management server or not.

AVG is where it's at, period, end of story. I used to use AVP, but now we call it AVPoo (I resolve to remain forever, if not a child, then childish) because it's actually worse than Symantec at this point. No other on-access scanner I've used has slowed me down to the same degree except that freeware thing, winpooch with clamwin. THAT made my system UTTERLY UNUSABLE and I had to remove it. I've got 2GB of RAM and my machine was behaving as if it were swapping constantly. I don't think that winpooch is very clever about filesystem access or something. Or maybe it calls clamwin separately for each file to scan after it gets done scanning, elefino... but it's goddamned slow.

Re:So this is kinda obvious, but....

[jp10558]

Eh, Eset NOD32. But Symantec Coporate Manged server is basically impossible to update (the server), you have to do a new install.

Re:So this is kinda obvious, but....

[webheaded]

I'm not seeing what part of this is Symantec's fault. Yes it's hard..boo hoo...so is finding video card drivers for Linux...but people still do it. I abhor Symantec's products quite a bit, but this is 100% user error (ID107 Error). If there is a patch out for as big of an exploit as this for SEVERAL months, you'd damn well better get around to updating it. The best part was that this was not even the first time. Yeah, Symantec makes shitty software, but that doesn't excuse the security people from being retards.

Is this guy serious?

[RESPAWN]

What kind of anti-virus product only updates once a week (on Wednesdays)... And most importantly, what kind of security company lets its product remain installed without updating? To be quite honest, those are all user configurable options, are they not? To think! Some of us may not WANT Symantec to hold our hands when it comes to maintaining our AV installs. Can you really hold Symantec liable for the mistakes of its customers?

Furthermore, doesn't Free AVG only update once a week as well?

Re:Is this guy serious?

[Bin_jammin]

What kind of virus rule updates would you not want to download? Is there a particular virus you don't mind getting? Installing an antivirus scanner means you're trusting people with more experience than you to do what they promise and remove malware. It seems that people with your line of thinking can get a job at CNN... just saying

Re:Is this guy serious?

[SwashbucklingCowboy]

What kind of virus rule updates would you not want to download?

The kind that treat widely installed legitimate programs, e.g. Excel, as a virus.

Re:Is this guy serious?

> Furthermore, doesn't Free AVG only update once a week as well?

Free AVG updates itself everytime I make a network connection on my machine, or whenever I tell it to update manually. Pretty nifty.

Re:Is this guy serious?

[RESPAWN]

My point is this: the corporate version of Symantec does not automatically install any download rules. They leave this up to the installer who is hopefully capable of properly configuring their update rules and/or updating their servers manually, most likely so that they can properly test the latest virus definitions for errors or anomalies before pushing them in to production. See the comment below that links to the article about Excel being treated as a virus.

I work for... well, it doesn't matter. In our facility absolutely NO patches or virus definition updates are applied without first being approved by another group whose sole job it is to make sure these pathces don't affect something critical to our operations. Furthermore, we only download our defs from approved (IE our own) sources so as to ensure that we are ONLY downloading what's already been tested.

In short, we are all professionals and we should be capable of ensuring that our defs are up to date. We don't need (nor will we allow them to in our case) Symantec to hold our fuckin' hands throughout this process. When I install a corporate virus scanner, I fully expect to have to configure the machine policies in order to match our IT policies. If somebody's only updating their definitions once a week, then that's not Symantec's fault. That's the fault of whatever sysadmin was too stupid to properly configure his software.

That said, I still think Symantec's a piece of shit and I wish we were allowed to use other solutions in its place, but that's not for me to decide. Their management software is no where near as feature rich as EPO, and I seem to have to spend more time dealing with Symantec issues than I do with EPO issues. (Because, yes, we do monitor our machines each day to ensure that they are updating properly. CNN we are not.) Please don't think for a minute that I like defending Symantec. I just believe in placing the blame properly where it belongs, and in this case it's the idiot sysadmins who weren't doing their job.

Re:Is this guy serious?

AVG Free updates at least every morning, occasionally during the day as well.

Re:Is this guy serious?

[yellowalienbaby]

afaiaa avg updates as and when needed. I certainly get update notices more than once a week. Before and after the recent switch.

Re:Is this guy serious?

[RESPAWN]

OK. For some reason I thought it was only once a week, but I could be mistaken. I only have it installed on one of my laptops here and that laptop hasn't been turned on in ~2 months -- I installed Ubuntu on another laptop and have been using the Ubuntu laptop instead.

Re:Is this guy serious?

[NoCorR]

For me, AVG Free Edition updates everytime I turn on my computer in the morning. One of the reasons I love AVG.

Re:Is this guy serious?

[Mex]

No. By default AVG free updates every day, and the update takes about 10 seconds at most (at least for me).

Re:Is this guy serious?

[justthinkit]

Free AVG does signature updates daily. It also, as needed, updates components -- it did this 3 or 4 days ago, labelling update Recommended.

You can force an AVG update to happen "now" by a right-click and select -- beating the pants off the NAV piece-of-crapola web-like interface.

Re:Is this guy serious?

[red+crab]

Even when I had configured my Symantec Corporate AV for daily updates, I don't remember seeing virus definitions being updated daily. Besides there were instances where I had to resort to using AVG Home Free Version to clean some viruses which Symantecsimply couldn't take care of.

Re:Is this guy serious?

To be quite honest, those are all user configurable options, are they not? To think! Some of us may not WANT Symantec to hold our hands when it comes to maintaining our AV installs. Can you really hold Symantec liable for the mistakes of its customers?

Furthermore, doesn't Free AVG only update once a week as well?

You are so wrong. Symantec releases just 1 update per week. Even AVG Free has more frequent updates than Symantec AV.

Re:Is this guy serious?

[cerberusss]

and in this case it's the idiot sysadmins who weren't doing their job.

Everyone including you is blaming sysadmins. Don't forget there's a PHB somewhere within CNN who is definitely ultimately responsible and might be the cause.

Re:Is this guy serious?

[RESPAWN]

Everyone including you is blaming sysadmins. Don't forget there's a PHB somewhere within CNN who is definitely ultimately responsible and might be the cause. Good point. It's hard for me to imagine that there would be somebody out there with such an idiotic policy... Then I remembered a client of mine back in '03. The office was such that it had a nominal IT position to handle minor stuff, but then would bring my group in for the more advanced IT tasks. Anyway, after repairing a couple of computers I informed the "IT" guy that I really needed to patch his servers ASAP as there was a new virus running rampant and infecting 2K/XP machines and I knew that their servers hadn't been patched yet. (If I didn't do it, nobody did.) I explained that I would show him how to patch his 15 or so Windows 2K machines so he could do those. Anyway, long story short, he told me that this patch couldn't be that big a deal and that "virus scanning was handled at the firewall" (note, this office didn't have a firewall -- they were completely open to the rest of the corporate WAN) so he was safe. I just said "whatever" and went home. The guy was one of those who had to make his own mistakes before he actually learned anything, and I knew this about him. About 3 days later, guess who gets the call to eradicate the virus from their servers and 2K machines?

So yeah, you might just be right. It could be the PHB's fault.

Re:Is this guy serious?

[just_another_sean]

Furthermore, doesn't Free AVG only update once a week as well?

No, it defaults to daily but as with any good AV product (to your point) it is configurable by the user.

IMHO it therefore wins in the default department and doesn't differ in the configurable part.

As for shutting off if it's not updated, I don't know of any AV product that does that. As far as I'm concerned users already ignore the "urgent" messages from Windows XP and their AV, so shutting off the AV would most likely either go unnoticed or be ignored. At least with an outdated version your protected from some things, not saying that's enough, just better then nothing to clueless people that don't keep an eye on it...

Re:Is this guy serious?

[RESPAWN]

I actually don't have much experience with most of the consumer level virus scanners these days anyway. I install (and recommend) Free AVG, but I obviously proved my lack of knowledge where it's concerned. I only run it on one machine at home, which hasn't been turned on in months, and which never leaves the cozy, secure confines of my private network -- so yeah, I tend to ignore it. In fact, I have yet to upgrade it to the new version (7.5?) since I haven't used the laptop since early January. I don't know why I thought it only updated once a week, but it never bothered me since I rely on other methods to ensure my network security. (Safe computing practices, monthly Windows patching, and essentially three routers of differing brands with inbuilt SPI firewalls which SHOULD keep any thing else out. The wireless is a concern, but it's about as secure as I can make it, too. The weakest attack vector would probably be my (physical) windows, and anybody likely to break one of those would be more likely to steal my computers than infect them with a virus.)

I do hate the fact that most of the consumer AV software has essentially become nagware, but in this day and age, I guess that's what's needed to help the masses keep their software up to date.

Re:Is this guy serious?

[just_another_sean]

I'm kind of in the same boat as you. I run the free one on a Windows VM because I feel like I need something (It's Windows after all!) but I rely more on common sense and my perimiter security in the long run.

But, that said, I, as you, recommend it to people and occassionly support it (upgrades, etc.) for friends/family.

I did however hear such good things about it from everyone that when the management here wanted something a little beefier then desktop only AV we bought the server version for a Citrix server, the email version for Exchange and a network server edition that rolls out installs and updates to workstations. I have to say it's better then any pure commercial version that I've ever used. It's light but feature rich enough to make the job easier...

As far as I'm concerned once Peter Norton stopped being involved any product with the name "Norton" in it is bound to be crap... A shame really.

Re:Is this guy serious?

[CrossChris]

In short, we are all professionals and we should be capable of ensuring that our defs are up to date.

Nonsense. If you were really professional, you wouldn't be running anything that requires "anti-virus" software at all!

We are professionals, and migrated our entire corporate IT infrastructure away from Gatesware and all the "security" rubbish over 5 years ago. Number of servers? 210. Number of desktop machines? 38000. Number of security related issues in the last 5 years? Zero!

Game Over, Microsoft!

Symantec - semantics

[L.+VeGas]

a virus dedicated to the eradication of Symantec from the known world

That's not a virus. That's a feature.

Re:Symantec - semantics

[PockyBum522]

One which I would pay good money for :)

slashdotted

neosmart link provides a page which states...

PHP has encountered an Access Violation at 7C8224B2

Looks like they were "violated" :)

Is this guy downloadable?

"Furthermore, doesn't Free AVG only update once a week as well?"

No.

AVG

AVG(free) checks for updates every reboot or once a day which ever comes first.

Re:AVG

[nsayer]

every reboot or once a day which ever comes first.

Since we're talking about Windows machines, I can tell you for certain which comes first.

Re:AVG

[TheRealMindChild]

What the HELL are you doing that you need to reboot your Windows machine daily?

Re:AVG

"What the HELL are you doing that you need to reboot your Windows machine daily?"

If you follow the link, you'll discover that he's a self-proclaimed "all around *nix geek". That is the first clue: It means that he probably doesn't have any current real-world experience with Windows in general, save perhaps for a PC or two that he keeps around to play games (unless he's *really* hardcore, then, he only plays *nix games)- and he hasn't bothered to learn how to maintain them, because he's so smug in his "*nix 'leetness", that he can't be bothered: If it doesn't work the way that his beloved *nix computers do, then it is, by definition, broken, and, since it IS Windows, he can just make snide comments on Slashdot, and trust that he'll get modded up.

In short, he's a smug, self-righteous, arrogant ass - exactly the kind of person that shouldn't be an advocate for ANY OS.

Re:AVG

[Southpaw018]

Seconded. The only time I get reboots is when it's required for a security patch, or the occasional "application freaking the #$@%^& out" kinda thing...servers, workstations, all of 'em. And if it weren't for that, I'd be pushing 90-120 day uptimes on most of my machines. Yes, Windows machines.
In fact, I'll get you the data.

Main server has rebooted twice in the last four months for security patches, total ~19 minutes downtime.

Re:AVG

[flyingfsck]

Windows is pretty damn good nowadays, but my Linux web server only goes down when the ISP has a power problem. That happens about once a year. In four years, the machine rebooted 5 times and never once due to Linux.

Re:AVG

Most of the reboots on my XP box are on the second Tuesday of each month.

Re:AVG

[Bill,+Shooter+of+Bul]

By the same token, I've never seen AVG prevent, or detect an actual virus. I've then removed avg and installed f-prot /or fsecure and watched the virus count run up. But at least avg is free, right? I'm sure it prevents some, but for my parents, it doesn't deal with their weekly virus infection. always YMMV

Re:AVG

[mortonda]

I only use Windows for maybe 2 hours a day to play a game, then I reboot to Ubuntu for real work.

Yeah, actually it's really annoying, because AVG is always trying to scan the hard drive when I go to play a game.

Re:AVG

[justthinkit]

I've never seen AVG prevent, or detect an actual virus.

This is a completely ridiculous statement. Maybe you just haven't checked C:\$VAULT$.AVG, a normally hidden directory. Mine currently has 121 xxxxxxxx.FILs, going back to Feb 4, 2007. AVG is alive and well, TYVM.

Re:AVG

[putaro]

Here's a nickel sonny - buy yourself a real computer.

Re:AVG

[weicco]

So your Linux box was without kernel update... for how long?

Re:AVG

[nsayer]

Mostly tweaking people who have no sense of humor.

Not it.

Re:AVG

[digitalchinky]

Like the parent said YMMV - Just today I found 6 viruses using sophos that AVG chose to ignore. One of them hosed every word document across several computers.

Re:AVG

[MightyYar]

Wow, where do you people surf? :)

Or is this just what happens when you have kids?

Re:AVG

[thc69]

Your parents get weekly virus infections? Are they doing warez trading from back in 1999?

Re:AVG

[justthinkit]

6 to 8 years ago I gave out code to people that allowed them to query my site's data. The code (with a bit of javascript) needed to be embedded on their existing (poorly coded) pages so I knew it would stop working at times -- so I put an "if this is not working" link with my email address and exposed it...on about 750 pages at last count. I used to average about 100 viruses per day. Oh well, no big deal and I've never been infected.

Re:AVG

[MightyYar]

I never count getting a virus in an email as "getting a virus" because I'm not stupid enough to click on one :)

Actually, I don't even run virus scan on email or web browsing anymore - it was slowing the machine down too much for my taste. I try to mitigate my susceptibility by running non-MS tools where possible... even my wife uses Firefox and Thunderbird for web and email, with the Palm organizer software for addresses and calendar. Security through obscurity... don't knock it!

Re:AVG

[justthinkit]

Well, a virus in an email is a virus received. This discussion started with AVG's behavior. Someone said AVG never detected one that some other AV did -- but AVG detects and deals with them without a permanent dialog box -- it times out and man I wish other program dialogs would, for non essential messages.

I agree about not MS tools. I think I first thought of it when MS tried to include Central Point's anti virus in DOS 6. Everyone proceeded to target CPAV, that we had been using for years prior to that.

Personally, I use Eudora (that happens to have auto dismissing dialogs as an option) rather than Outlook (has MS ever made a good email program?). I switched to Opera for browsing about a year back (thanks to osnews discussions) and quite like it. My address book is a flat text file -- why would I want more than that (I don't need it on the street, on the road I take a laptop with that file).

Re:AVG

Come on, you've heard of hot-patching the kernel, haven't you?

Re:AVG

[MightyYar]

Heh, I guess I never considered that I "got" a virus if it was just emailed to me :) Especially on my Mac.

A flat text file is perfect for an address book - it's also easier to sync even if you did take it on the road via laptop. However, if you have a PDA or cell phone that can sync to your PC, it is handy to have the address book in some format that is machine-friendly. My wife has a Palm and so she uses that software. I use the Mac address book application, which syncs up with my cell phone, as well as Outlook on the PC for work.

Re:AVG

[Bill,+Shooter+of+Bul]

Ok, I guess I don't know much about the internals of AVG. The other antivirus programs tell you with big warning dialogs whenever a virus is found. I don't really want to have to know the internals of any AV, to be honest. In any case it has missed several virus that others, with much older definition files have found.

I don't trust it.
I don't like it.
It doesn't get a second chance from me.

Why is this is only news now?

[winkydink]

because CNN is infected?

1. Estimates are 100-150 million machines are currently part of botnets
2. Loss estimates exceed 200 billion annually on a global basis
3. Over 80% of all spam comes from botnets

Yes, I can cite. Or you can Google. They are all easy to find.

This is a HUGE problem that is, in many ways, like spam was in 1996 or 1997. The technical community acknowledges it, the average consumer has no clue, and, left unaddressed the problem and associated looses will get much, much worse.

Re:Why is this is only news now?

[Gothmolly]

How much worse can it get?

Re:Why is this is only news now?

[winkydink]

People said that about spam in 1997.

Re:Why is this is only news now?

[Ash+Vince]

Please don't ask fucking stupid questions that those of us who have to deal with this crap on a daily basis don't want to know the answer to.

Every piece of spam or malicious software that makes it into my company finds its way to my inbox attached to the question "Why did I get this?", so I really don't want to know how worse it can get.

Re:Why is this is only news now?

...associated looses...

What are "associated looses"? Does it have anything to do with hookers? Or blackjack? Never mind the blackjack.

Re:Why is this is only news now?

[winkydink]

It's my way of giving the nitpickers, who otherwise have nothing of value to contribute, something to do.

How much will it take?

[jellomizer]

How bad does it have to be for people to Stop using windows? With all these security issues and putting there eggs in 3rd party tools which are more of a hack on the the OS then actual protection.

Re:How much will it take?

[SwashbucklingCowboy]

How bad does it have to be for people to Stop using windows?

Really bad. But if everyone started using Linux or OS X then all of their security problems would have a spotlight shown on them.

Re:How much will it take?

[Lumpy]

How bad does it have to be for people to Stop using windows?

when the OS let's Steve ballmer and Microsoft know when you are in the shouse so a guy can show up dressed as clippy and forcibly anal rape you.

Yes, it will have to get that bad before the sheeple out there actually switch.

Re:How much will it take?

[sumdumass]

As far as I know, The exploits in mac or linux don't really have automation in them. And i'm not talking about getting a tool to let some scipt kiddie pown your system. I'm talking about every infection requires some human intervention to be succesful.

And while this isn't going to stop infections, It is going to slow them down to a point they would never rival windows current state unless something changes. Also, one could argue that it would leave a trail to a degree making it possible to catch some of the perpetrators. And this is even knowing that bots could be used to hide the identity.

Re:How much will it take?

[pak9rabid]

The reason Windows has so much malware problems is because it's the most common operating system used, therefore it's in the best interest of the malware developers to write malware for Windows. If the most popular operating system was OS X, then OS X would have the most malware problems. The same goes for Linux or .

Re:How much will it take?

[tb3]

This has been disproved so many times it's not even funny. you must be a complete fucking idiot to make such a statement.

Re:How much will it take?

[goarilla]

The reason Windows has so much malware problems is because it's the most common operating system used

yeah and most servers run a form of *Nix, most notable linux and apache
don't you think a decent server with a 100 Mbit uplink isn't of any interest to the skilled attacker?

why am i even bothering and feeding this troll anyway

Re:How much will it take?

[Heir+Of+The+Mess]

I have nothing to worry about as I'm running Solaris. Despite the fact that people are continuously trying to hack me I have no worries. Right now (I'll look at the network activity) ?? funny someone has telneted in using some -froot argument. I wonder wha[No Carrier]

Re:How much will it take?

[toddestan]

This has been disproved so many times it's not even funny. you must be a complete fucking idiot to make such a statement.

Since you seem so smart, how exactly has this been disproven so many times?

Re:How much will it take?

[SwashbucklingCowboy]

I have nothing to worry about as I'm running Solaris. Despite the fact that people are continuously trying to hack me I have no worries.

ROFL! As if Solaris were immune to bugs.

You might want to check out the Solaris telnet problem. Yeah, it's been fixed. But if you wait eight months to install the update that fix ain't gonna do you any good.

No software of any consequence is bug free.

Re:How much will it take?

[tb3]

Google something like "Apache vs IIS", or "email exploits in Linux" or "open ports in OS X" or "botnets" or "Nimba" or "Code Red".
Use what little brains you have.

Re:How much will it take?

[toddestan]

Those are mostly worms, which are pretty much old news. Welcome to 2007, where most malware is installed by tricking the user into running something on their computer which then takes it over. Even Microsoft gets it (You're trying to use the mouse. Allow/Deny?). You don't.

Re:How much will it take?

[quanticle]

>>As far as I know, The exploits in mac or linux don't really have automation in them. And i'm not talking about getting a tool to let some scipt kiddie pown your system. I'm talking about every infection requires some human intervention to be succesful.<<

Windows Vista has the same sort of protection built in as well. However, the protection is triggered so many times by non-malicious programs that users quickly become used to clicking "Yes" to every dialog prompt that pops up. This behavior can then be exploited by virus writers.

The key difference between Linux/Mac and Windows is the quality of the applications written for them. Linux and Mac applications do not normally require root access to function. Therefore, the system almost never has to ask the user to give root permission. And for the rare times that the system does ask for root permission, the event is sufficiently unique that the user takes a close look at what they're trying to do before making a decision.

Windows will be vulnerable to viruses as long as everyday applications require root access to perform.

Re:How much will it take?

Your face: *|*

Your face against a joke: ?|?

Note, I'm not saying you are an idiot, just that you are clueless.

Re:How much will it take?

[Bungie]

lol I wish I had mod points right now! That really brightened my day!

Re:How much will it take?

It's 2007 who the fuck is still using Telnet? SSH use it, its good for your body and mind. I swear people who still use Telnet to connect over the internet probably have more security problems then the listed.

Re:How much will it take?

[Ilgaz]

http://www.phishtank.com/phish_archive.php , how many of them running windows servers? Almost NONE.

This kind of stupid windows bashing even makes pure OS X owner like me to type this message. Think about it.

Re:How much will it take?

[Tony+Hoyle]

Aside from you completely missing the joke, that's Solaris 10 which hasn't got wide commercial adoption yet - most people are still on solaris 9 which is rock solid at the moment.

Re:How much will it take?

[DuctTape]

The reason Windows has so much malware problems is because it's the most common operating system used...

And this is why I'm switching to OS X for desktop and (already been) Linux for server. I'm sick and tired of having to go scrounging for anti-virus, anti-malware, anti-pop-up, anti-anything. I finally bought a couple years' worth of Spybot and all it does is call everything it finds in my temp directory "db trojan". On a PostgreSQL install Spybot wiped out some files that were necessary for operation, so I had to make it disregard yet another type of threat. Sheesh.

So now all y'all just keep using Windows, y'hear? I want to be safe.

DT

Re:How much will it take?

I, for one, am looking forward to the day this happens to me.

Re:How much will it take?

[Experiment+626]

How bad does it have to be for people to Stop using windows?

The average consumer does not look at the situation and think, "Windows is a pain. I should switch to Mac OS X or GNU/Linux." They think, "Computers are a pain. I hate dealing with them." The concept that there are other operating systems and that they don't have the same issues with viruses, spyware, etc. is completely alien to Joe Six Pack.

Re:How much will it take?

[tb3]

And what the hell does that have to do with Windows exploits? Anything can be set up as a phishing server. In fact, it's probably better to use a non-Windows server, because you can spoof the ISAPI.DLL URI with impunity.

Re:How much will it take?

[Just+Some+Guy]

But if everyone started using Linux or OS X then all of their security problems would have a spotlight shown on them.

Exactly, just like Apache has been a horrible smoking crater of wormy infection compared to the far less widely used IIS. Oh, wait...

I'm not saying that IIS is awful (anymore), but it's clear that marketshare does not automatically mean a higher rate of compromise.

Re:How much will it take?

[Ilgaz]

Do you think phishers buy domains, hosting with their credit cards? No, they hack them and plant phishing pages and they are generally Linux/FreeBSD hosts. So, Linux and FreeBSD are hopeless insecure systems or there are idiots who doesn't download/install security updates with all that symetric bandwidth they got?

How long will it connect?

The problem isn't Windows. It's having an always-on connection to the internet.* This wasn't as big an issue in the dial-up days.

*Especially if it's not really needed, except under the guise that slashdot must always be accessable or the geeks will revolt.

Re:How long will it connect?

[JasonBee]

That's funny...I've got an "always on" setup of Linux Unix, and MacOS X and I've never experienced an issue.

Then again...I did once! It was when I was running Windows 2000. Someone rooted my Hotline Server and deleted all my files ;)

JB

Re:How long will it connect?

[Shatrat]

Same here, my ubuntu box is on nearly 24/7 and it is pretty amusing that my system is more secure than Turner Broadcasting even though I haven't spent a dime on software in years.
I would love to see how much money in fees and lost productivity Symantec milked out of that corporation only to let this happen.

Re:How long will it connect?

[zakezuke]

The problem isn't Windows. It's having an always-on connection to the internet.* This wasn't as big an issue in the dial-up days.

Ummm.... sure it was. I remember countless cases of machines shipped with win2k and xp which got infected circa 2001/2002 on dialup connections.... while attempting to install SP4 (2k) or sp2(xp). If you didn't already have the approperate service pack, one pretty much had to download it, copy to disc, re-install windows, install the service pack, then connect to the internet, and hope the service pack didn't get infected.

Re:How long will it connect?

[Bungie]

That's funny...I've got an "always on" setup of Linux Unix, and MacOS X and I've never experienced an issue.

Well try to install any older RedHat 6 default installation off of the CD (especially ones with an unpatched RPC service) and watch how secure and problem free the system be. Of course your machine will still be up 24/7, but only because the kid who installed the rootkit needs to connect to it.

The reality is that every operating system needs to be maintained, no matter how "secure" the reputation. Even if they would have been running something like Linux, MacOS or Solaris, if left unpatched they would get taken down just the same.

Sounds as Though Turner Made One Mistake

[SwashbucklingCowboy]

A fix for the flaw has been available since May and security experts have repeatedly urged users to protect their computers by applying the update.

Turner can't update their software in EIGHT MONTHS? That's not a problem with Symantec, that's a problem at Turner.

Re:Sounds as Though Turner Made One Mistake

[Ex-MislTech]

That is because "clods" at Turner hire ppl that Christopher Walken
in the movie the Prophecy referred to as "Talking Monkeys".

I work in the IT support sector and receive calls everyday from
some ppl that are brilliant and some ppl that should send their
server back now.

That's right, I said "server" .

I am baffled by how many ppl call in for support on a "server"
that are clueless, and don't know how to download their
drivers from a "well known" support site.

Ppl that ask why their server crashed when they have NEVER
done ANY updates in YEARS. ...Talking Monkeys...

The suits clean up the Money, the Techies clean up the garbage.

Money is in management, not in tech work, that is why IT enrollment
is WAAAAAAAYYYYYY down at most US universities.

As an IT worker at most Corprocracies your viewed as a disposable expense....

Not an asset .

What kind ?

[Archfeld]

the kind that crash servers, it is not like they haven't done it before, but for most purposes I agree with you. In a large scale environment with lots of custom apps. you had better be checking these patches prior to general deployment or you WILL get bitten...*speaks from experience*

A what now?

[PockyBum522]

A virus dedicated to the eradication of symantec? Sign me up! ...I suppose I'll have to turn off AVG first...What then?

Dont Blame Symantec

[Nurv44]

You cannot blame symantec for this. The update was released months ago. Blame the CNN IT deptarment.

Re:Dont Blame Symantec

[chromozone]

Maybe CNN was burned by Symantec updates before. In my time on computers I have had more problems with the various "helpful" updates than I have with malware etc.

Re:Dont Blame Symantec

[Nurv44]

But they(Symantec) update their signature files almost daily, that means they haven't updated their systems signatures in months. Thats just asking for problems. I mean if they were burned, why not test it offline to see? But to risk a high profile company because maybe you will get burned? I think that is a lack of responsibility on the IT dept. side.

Re:Dont Blame Symantec

[SwashbucklingCowboy]

Maybe CNN was burned by Symantec updates before.

Perhaps. McAfee had a problem once where they were identifying Excel as a virus, but I've never heard of Symantec having such a problem. More likely, the CNN IT staff is either incompetent or just plain stupid.

Also, if they had been burned by Symantec, they should have gone with another vendor's product. A company like CNN not having up to date AV software is inexcusable.

Re:Dont Blame Symantec

[v1]

if they hadn't dropped the ball in the first place and left the hole there to begin with this would not be their problem. But they did. A patch is like an apology, it helps but it doesn't undo the damage and it doesn't remove your liability for your prior actions.

Re:Dont Blame Symantec

[ZX3+Junglist]

While I half-heartedly agree with you, I suppose the argument you could make is: 1) Blame Symantec for making a product that doesn't make it easier to protect from newer threats. 2) Blame Symantec for not escalating the severity of the impact from this threat. 3) Blame CNN for trusting Symantec AV to protect against this, without updating. Either way, it's a class-A blunder.

Re:Dont Blame Symantec

[jotok]

Wow. What's it like never having made a mistake?

You must produce the most elegant and error-free code imaginable. Can I study at your feet?

Re:Dont Blame Symantec

[v1]

I make mistakes, but I take responsibility for and ownershio of them. I don't just issue an opology and then expect the world to forget it ever happened.

Re:Dont Blame Symantec

[jotok]

So issuing a patch doesn't constitute "taking ownership?"

If not, then what does? What else are you looking for from a vendor?

Re:Dont Blame Symantec

[v1]

I consider "taking ownership" to mean

- admitting fault
- taking actions to correct or at least mitigate the problem
- accepting responsibility for other problems that arise as a result
- understanding that you have lost a degree of trust due to your neglegence, and not assuming you will just get that trust back immediately after taking action
- making changes necessary to lessen the odds of a reocurrance

Issuing a patch covers the first three, but Symantec seems to have a problem with the other two. Just how many times do you have to see the fourth one before you find someone else to work with? It's naive to expect a customer to just keep forgiving you for your neglegence.

Imagine the public's reaction if ford trucks started spontaneously catching on fire? OK they found a problem with the fuel tank, ok that's fixed now. Next month two more trucks catch fire, oops guess there are issues with the gas line, ok that's fixed. Whoops, three weeks later we see a pattern of fuel pumps being defective and causing a fire under the hood. At that point, don't you just lose trust in their ability to produce a quality product? How many times do you turn the other cheek? Symantec is making my face sore.

Updates

[fm6]

People often don't update their software for years at a time. Hey, it costs. Which is why NAV is designed to update itself automatically. You just have to configure it correctly.

I'm no fan of Symantec. It's perfectly true that they're badly run. Hey, they used to be a lot more than a "security software" company, but all their other business (natural language databases, compilers, IDEs, desktop software, backup software) just died on them. But to blame them for the ineptitude of the CNN's IT department is idiotic.

Error establishing a database connection

Error establishing a database connection
This either means that the username and password information in your wp-config.php file is incorrect or we can't contact the database server at localhost. This could mean your host's database server is down.

Are you sure you have the correct username and password?
Are you sure that you have typed the correct hostname?
Are you sure that the database server is running?
If you're unsure what these terms mean you should probably contact your host. If you still need help you can always visit the WordPress Support Forums.

Just in time for us to migrate to Symantec

[gelfling]

We're chucking our desktop firewalls, spyware tools and AV scanners for one big Symantec managed client. And if any of you have ever tried to uninstall Symantec you'll know that you're chained to them for life.

Re:Just in time for us to migrate to Symantec

[jd142]

I uninstall Symantec Corporate Edition all the time. Works a treat.

We've got an AV server and all of our clients are managed. We set the server up to check Symantec every two hours for updates and those updates are pushed down to the clients almost immediately.

Need to install all of your clients to the latest version (say from 9 -> 10)? Click Tools | Install Client Remotely and push it down from a central location.

We check our clients and any computer that is more than a week out of date is turned on and updated.

The only reason I can think of that so many people are complaining is because they've only used the consumer version. When we get student laptops we immediately remove it and install the corporate version that is free for them. I've never had a problem uninstalling the trialware version of the AV that ships with so many laptops.

Re:Just in time for us to migrate to Symantec

[rapidweather]

I'm sure I am not the only one who has had to format the Windows XP partition to get rid of these products that have seemingly "gone bad".
When I got through, I had two new XP installs on the same computer, different partitions. I left AOL off of one, and it seems to run very well, using a free virus scanner there. So far so good, but I really do not know if those installs will stay put. Windows updates as needed, and so does the scanner. Just lucky I guess.
I don't use that machine, others do, and if they have a problem, they see me.
That's not really good either, since the viruses don't always announce their presence. I don't feel safe running Windows, and certainly don't like the fact that others use that OS to do online banking, and pay bills, make purchases.

Rapidweather

Re:Just in time for us to migrate to Symantec

[will_die]

The corporate/enterprise versions of symantec and mcafee are great. They scan mail and scan the system and files so they do everything you want from a virus program.
In additon they take up alot less resources then the home versions, and are usally easy to uninstall. Even without the management software you can use them, and they will download info from the web sites of the appropriate company.

Re:Just in time for us to migrate to Symantec

[Brimstar]

As a former Symantec Corp customer, I'll disagree with that. The uninstaller for 8 was horrible, and the push install of 9 flat out didn't work for about half of my network (frequently caused by issues with 8). Nothing special about the network either, it just didn't work. In fact, about 1 in 20 network installs didn't work at all for some reason and I had to go install by hand. 9->10 seemed like it was going better until I had several systems start randomly screwing up and causing our EE and ME CAD applications to crash. I was getting sick of all the issues with security between the server and the clients as well as a multitude of other things.

I moved to NOD32, and couldn't be happier. Uses less than half the resources Symantec Corp did, and does a better job. I've had systems come out cleaner using a 3 month old set of definitions with NOD than Symantec Corp. I've got a central management interface that hasn't needed updated in over 6 months because there's been no security holes. Updates happen according to my policies by dropping them in the correct directory if I don't want it to auto-download, although I do just use auto-downloading. I can have one central server per location, then have the server upload it's logs to my central server a few times a day to keep traffic on my VPN links down. It works better and has caused fewer issues. Plain and simple, it's been a better product. Cheaper too!

Re:Just in time for us to migrate to Symantec

[jotok]

"One big managed client?"

You mean you have SAV pushing virus definitions to all of your seats, right?
And you're using their anti-spam, firewall (network and client), and correlation solutions as well?

If not, then your statement above is in error.
If so, then you need to realize that as a big customer you can and should demand a level of support from that company. If you have a problem with the software, you have a million-dollar stick you can beat them with. If you fail to do so, blame nobody but yourself for your dissatisfaction.

Re:Just in time for us to migrate to Symantec

[A_Non_Moose]

I uninstall Symantec Corporate Edition all the time. Works a treat.

Heh, well that's one person it worked for (client or server, tho).

Let me share my anecdote/exp from last week:

I had 10.0.2.2000 and using their patching system brought it up to 10.0.2.2020, but would go no further on
the server or admin install. ooookaaay.

Found out the license key for my .edu and got the 10.2 update/full installer and proceeded to update the
AV server.

Try 1: Update option selected, gets to update phase, hits 1% and says error. click on "view errors" and
am greeted with "no errors occured". Riiiiight.

Try 2: Unload/stop services and try again, same result.

Try 3: full install bitches you must uninstall previous version. Fine. Install goes on its merry way,
w/o complaint/error. Reboot, all seems well.

Opening the mmc for the server says the admin user does not have the rights to change settings.

W...T...F?

Run thru the steps to fix this error, reboot as advised, no rights to change settings. (SIGH)

Uninstall, blast settings, dirs, regclean...same thing "no rights".

Format, reinstall (thx nlite!) and all works well. (sarcasm) Yippie (/sarcasm)

Of course I initially had no reservations of 10.0 migration to 10.2 as it would not be that big
of a jump, so I thought, *and* I did an 8.x to 9.x migration that went perfectly.

Everything went fine on the client side, FWIW, but damned if the server wasn't a nitemare and the
reinstall took my WSUS server with it (data on another drive, thank $deity).

I'd still like to know what the solution was to the error, because the info I got did not do a damn
thing.

Even after that little episode, I still like their Corp stuff, but the consumer stuff makes even
Sony CDs with the rootkit look respectable.

Re:Not nearly as bad as the week was for the BBC:

[Sneakernets]

KEEP the LAME shit on DIGG please!

Astroturfing

[jotok]

Symantec has seen quite a bit of negative publicity in the past year on slashdot.

I have to wonder how much of it is simply astroturfing by disgruntled former employees? When there's a negative op/ed piece on a "software development and security research" website where none of the SQL even works, I just have to wonder if some no-talent assclown is pissed off because he lost his helpdesk or HR job.

Re:Astroturfing

[SLaSHer99]

I was just going to comment on that very thing. Has anyone read the article or know of another location for it? I'll bet dollars to doughnuts it ain't worth a damn seeing how the site is all screwed up, I heard of the Slashdot effect but this is ridiculous.

Re:Astroturfing

[swordgeek]

OK, there's no doubt that Turner is pretty incompetent for not fixing this hole with a patch that's been out for most of a year.

But at the same time, I have to ask how incompetent a company that writes security software can be, when their own code is written so as to allow this type of exploit.

Furthermore, I've had quite a bit of experience with Symantec over the past few years. I've been using Veritas products for a decade and change (Netbackup and Volume Manager primarily), and know them very well. Once in a while, I'll come up against a bug and phone Veritas for support/workarounds/whatever. For years they weren't top notch, but they were decent and consistent.

Since Symantec took over, support has fallen through the bottom of the toilet. Their help desk is driven by 'time-to-close,' and actual technical experts are no longer brought in for difficult cases. Bug reports are not even accepted anymore! (Well they'll _take_ the bug report, but won't give you a bug ID to track it with.)

Furthermore, they've started to crank up the version release numbers so that they can promise support for two versions, but only support products for two years from initial release. TWO YEARS FROM RELEASE!!! That's completely unacceptable even in the home PC marketplace, let alone in an enterprise environment, where a product rollout may take over a year.

So yesterday I went to install the newly-free version of Storage Foundation, because I needed to migrate some data from an old system (flawlessly running vxvm 3.5) to a new one, where we'd then move it to ZFS and be done with Veritas for good. The installer put 40 packages on my newly built Solaris 10 system (11/06 release), but failed to actually install the volume manager! After screwing around with it for a while, I gave up and went to uninstall it. The uninstaller hung in kernel space, and for twelve hours did nothing but couldn't be killed.

I don't care about any axes that people have to grind. Symantec is an incompetent company, and DESERVES all of those people holding grudges against them. I'll be glad to see them die horribly.

Re:Astroturfing

[GJSchaller]

I do not, and have not, worked for Symantec, but I will concur their products are crapware, and their staff is made up of A-Grade assholes. As another person posted above, their support is driven by time to close - when I opened a case with them that went unresolved for several weeks (and not due to lack of trying on my end), I finally got a call back from someone that sounded more like a back-alley enforcer than a support specialist. He tried to bully me into closing the case by blaming me for the issue. When I refused and higher levels of support got involved, they mentioned repeatedly how my issue compared to other cases that had "been open this long."

Someone once commented that Symantec makes nothing of their own - they purchase other great products, and ruin them. Norton Anti-Virus, Ghost, Brightmail, and Veritas - we used to use them all, but have migrated away from them one by one, as Symantec swallowed them up, partially digested them, and barfed them back on their customers. I've stopped people in stores from buying their products - a majority of the time I work on a home machine with Symantec products on it, that product is the cause of the issue they are having.

The real kicker, as it relates to TFA, is the updating of the software. Symantec's patches for their corporate AV client need to be rolled out manually - while you can automate the actual client install, or even installing a newer client over an old one, patching a current client must be done manually, or using a support tool that is tedious at best. I have no idea why it's not automated (or optionally automated), and that the patching doesn't use the same push system the install does. We dropped Symantec for Sophos - it's patched itself several times without us needing to intervene, and even did a minor version update without us needing to do a thing.

Symantec deserves the scorn that has been heaped upon it by the IT community.

Re:Astroturfing

[Dunbal]

I have to wonder how much of it is simply astroturfing by disgruntled former employees?

      Work for Symantec, do you?

      I'm not a symantec employee. Their programs have the following annoying features:
1) Bloat
2) they don't necessarily protect your PC as advertised
3) the popups are designed to make you feel the program is doing its job however the program is only mediocre at doing its job - the "firewall" is a JOKE
4) it's IMPOSSIBLE for the average user to uninstall that program completely - despite activating an icon called "uninstall"
5) Heaven forbid you have to reinstall because your activation key is toast, and because you must be a dirty pirate, you're not getting another one. Unless you want to pay $50 again
6) did I mention bloat? the program is huge, slow, clunky but not only that, it does NOT behave well and affects the whole system. I've had windows throw many exceptions with Norton running, and none when it's (completely) uninstalled and the best:
7) they got into bed with Dell and managed to slow down tens of thousands of PC's right from the factory floor. Just think of all those wasted CPU cycles...

      Hmm, but heaven forget anyone say anything "bad" about Norton. You know, the big anti-virus software co's (Norton, McCaffee, etc)used to be GREAT - before Windows 95... nowadays you can find much better on the internet, for less (and even free).

Re:Astroturfing

[Dunbal]

OK, there's no doubt that Turner is pretty incompetent for not fixing this hole with a patch that's been out for most of a year.


      Personally I'm surprised that he hasn't broadcast it on the news as a terrorist attack and recruited the Boston police and bomb squad to deal with this threat...

Re:Astroturfing

Furthermore, they've started to crank up the version release numbers so that they can promise support for two versions, but only support products for two years from initial release. TWO YEARS FROM RELEASE!!! That's completely unacceptable even in the home PC marketplace, let alone in an enterprise environment, where a product rollout may take over a year.

I am a support developer for Symantec, supporting corporate customers.

We support every active product for two years from release. Suppose you bought version 4.0 of a product. You'll receive service packs and hotfixes until version 4.1 or version 5.0 ships. At that time, the clock starts on version 4.0 support: service packs and hotfixes for it will continue until two years after the newer version shipped.

So, you've mischaracterized Symantec's support policy.

As well, you've downplayed the fact that two years is a long time in the world of security software. Although I keep dev environments active for all currently-supported versions of the products I support, it's quite rare that anyone wants a hotfix for a product once a newer version has been out for six months.

I also like my job. Although I can't speak for other divisions in the company, the office where I work is genuinely interested in keeping customers happy.

Re:Astroturfing

[jotok]

Can you elaborate on some of those?

I mean, aside from the duplicate items you used to pad the list--Is that what you meant by "bloat?" Your list comes down to "It's bloatware, it doesn't do its job, and I have an issue with the support."

In all seriousness, these are all valid complaints. I suppose you used the appropriate feedback channels to communicate this?

Re:Astroturfing

[swordgeek]

Thanks for your note. I'm going to reply to it rationally (more or less), hoping that you'll see it and take my comments as constructive criticism rather than just ranting.

First of all, I may have misstated Symantec's support policy, but that is verbatim what I was told by a support engineer. (I even have the email to prove it.) Maybe some internal training is in order?

"...you've downplayed the fact that two years is a long time in the world of security software."

Did I mention the "Veritas products" part of the equation? Two years is barely time to get one's feet wet with most (former) Veritas products. There's also support from other vendors to consider: Sun didn't actually provide support for Volume Manager 4.0 until after 4.1 was released. Already we're into the two year window, and we haven't even started a cluster OS upgrade!

And that's just volume manager. A full-blown enterprise Netbackup installation is a MAJOR event. Here's one scenario I dealt with recently:

NBU 5.0 gets released. After six months of waiting for it to become stable enough to actually use, the company started the implementation. This involved $980k of new hardware (and they already had the tape library and infrastructure in place). The planning, architecture, implementation, cutover, and validation took a total of roughly eight months. That's 14 months after initial release, and we've just gone live with the product. At that point, after over a million dollars of gear and time and effort, I am NOT planning on a major version upgrade in ten months or twenty or thirty. I want a MINIMUM of three years of full support after that point, and five is much more reasonable. We shouldn't be forced to upgrade our software until we've outgrown our infrastructure, which is about a 3.5-4.0 year turnaround for most big companies.

Furthermore, service packs or not, the very WEEK that NBU6.0 was released, we were told we couldn't get any more NBU 5.x client licenses. That's it, no more, thanks for coming out. Suddenly, regardless of bug support, we're left without any legal means of growing without upgrading to 6.0.

That is, in a word, crap.

This isn't a $100 anti-virus package for a PC that's going to be chucked in two years, this is software that runs enterprise installations. We don't spend $5k per client machine for a product that's obsolete almost as soon as we install it.

Now you can say that Symantec doesn't operate like this, that my details are all incorrect. That may be, but that is what we were told by our local sales guys, our regional managers, and the other end of Symantec's international support group.

So on the one hand, we have the model you describe, which is crap. On the other hand, you have the reality that I've described which is rancid festering crap. Add to this the fact that VxVM5.0 Basic (the freebie package) simply doesn't work, and you've got a company that is either too incompetent to survive, or trying very hard to destroy the Veritas products/division they bought a few years ago.

As for you liking your job, that's great. I really am genuinely happy every time I hear about someone enjoying their work, because we spend a lot of time at it. (random aside: Until recently I hated my job although I love my work, so I quit--now I'm working for a better company for less pay, and loving it.) Unfortunately, that doesn't change the fact that your company doesn't even have the vaguest understanding of what enterprise computing is really about.

Re:Astroturfing

[InfiniteVoid]

Turner != Fox

Re:Astroturfing

[jafac]

As a former Veritas backline support rep, I can testify that long before Symantec ate them, Tech Support was a declining priority at that company. From about the point of the Seagate Software merger on. (as a former Seagate Software backline support rep - well, this is where the problem came from - the Veritas - Seagate merger. Management wanted to cut support as a cost center, and part of that was reducing the role of backline support, and driving the front lines with "time to close" types of policies. (as well as stacking the front lines with the cheapest, most throwaway labor as possible). To be fair - this was a widespread industry trend that really took hold in about 1994-1996.)

When Symantec ate Veritas, I knew Symantecs reputation. And I knew that everything Symantec was going to do to Veritas, was pretty much what Veritas was already doing to itself. And that came from Seagate Software (by way of Arcada software). Veritas was not ruined by Symantec. Veritas was ruined by Seagate Software. Symantec just pushed the process faster on the Unix products side.

First thing I Uninstall is Symantec

[flyingfsck]

Whenever I have to fix a screwed up PC, MsAfee or Symantec is disabled by the malicious code. So, I always uninstall whatever is on the machine and install something else like AVG or ClamWin.

Re:First thing I Uninstall is Symantec

[tom_jaimz]

I tried ClamWin on a recent install of Windows, and despite keeping it up-to-date I got infected with a virus for the first time since the early 90s (Brontok.N - pretty annoying little thing). ClamWin never detected it, not even after I was badly infected. I'm back on Kaspersky now. I won't be recommending ClamWin to anyone.

Re:First thing I Uninstall is Symantec

[Spad]

Clamwin, at least last time I used it, doesn't offer real-time scanning, only on demand. So if you just installed it and then expected it to protect you then I'm not suprised you ended up with an infected machine.

Re:Not nearly as bad as the week was for the BBC:

[gd23ka]

"KEEP the LAME shit on DIGG please!"

KEEP telling people of the SHAME called the BBC

Re:Not nearly as bad as the week was for the BBC:

WTF are you talking about? Seriously, it must be some really bad street drugs that you're using!

No sweat off my nose....

[purduephotog]

... Every machine that comes to me for service has one requirement: No Norton. Take norton off, and people are *amazed* at how much faster their machines run.

I substitute Free-av.com for Norton- better infection detection, less memory overhead, free (with the option of buying a license- I usually guilt them into doing it), and nightly upgrades.

Re:No sweat off my nose....

[Falladir]

When AOL and McAfee teamed up, the result was a 30-minute boot on my mother's 1.0 GHz XP box. I will never install anything from McAfee.

Re:No sweat off my nose....

[Tim+Locke]

I used Avira Antivir (www.free-av.com or www.freeav.com) until I found Active Virus Shield from AOL.

Benefits:

1. It uses the better Kaspersky engine.
2. It also checks for spyware so you don't need yet another scanner.
3. It scans email in transit.
4. It updates every 4 hours instead of every 24 hours.
6. It doesn't have any popup ads.
7. It doesn't open a window during scheduled scans.
5. It will pause scheduled scans while the CPU is busy.

Get it here: http://www.activevirusshield.com/

Re:No sweat off my nose....

[drinkypoo]

The Kaspersky engine? AVP is, bar none, the slowest commercial on-access virus scanner on the planet. AVG is the answer. AVG does all the same shit that you talk about, and AVG has been known to be the first to have a definition for a new infection on many, many occasions.

Deepest Hater--The Ex-Employee

[curmudgeon99]

Rinbot is devoted to destroying Symantec? Must have been written by an Ex-employee. The only ones you really despise a company are the disgruntled ex employees.

Re:Deepest Hater--The Ex-Employee

[XdevXnull]

A wild Symantec killed my parents, you insensitive clod!

Re:Deepest Hater--The Ex-Employee

[curmudgeon99]

Eh--they probably deserved it--the twits.

Re:Deepest Hater--The Ex-Employee

i dunno, i've never worked for microsoft.

Re:Not nearly as bad as the week was for the BBC:

Hey assholes, this is **not** going to go away. You're fucked.

Who's the stupid one here?

Ok, I read over the articles. I like how they mentioned that the security hole in the Symantec software that was used to infect TBS has had a patch available for over 8 months. (I forgot if they said march or may.)

So TBS didn't bother to update their security to deal with known issues. TBS gets hit by infector because they didn't bother to update. How is this Symantecs fault?

Gee, what year are their virus definitions for? Did they ever update those? When was the last time they made a backup, and tested it? Are their doors still using those old two cylinder locks that open with skeleton keys? Maybe their IT department heads idea of a car alarm is giving a buck to a passing kid to watch his car.

Sorry Symantec bashers, It's time to bash TBS for being stoopidd. (That's stupid for the really dumb.) Seriously, whoever didn't update (or prevented the update) should be fired. (I can bash Symantec better than most of you when I want, but lets at least stick to something that's actually their fault.)

Re:Not nearly as bad as the week was for the BBC:

[Zwaxy]

He's talking about how the BBC reported that building 7 of the WTC had collapsed before it actually happened, and how when asked about it they claimed to have lost all their recordings of the events of 9/11 in a 'cock up'.

For some reason this isn't newsworthy.

Yes, he is serious.

[Gary+W.+Longsine]

Symantec typically releases new definitions once a week. You an fetch them as often as you like, though.

Re:Yes, he is serious.

[RESPAWN]

Odd. Are you sure about this? We receive new defs (with new date stamps in our management software and new .vdb file names) each day. Are they just changing the dates and renaming the updates before we receive them?

Oh my god have i been waiting for this.

[ralph1]

I bought a copy of defender pro it did not work with my laptop and xp. So after trying to save money i bought norton av it had rebates they said no so i did not get all of them. lame excuses so i was happy to have anti virus but i would never fall for the rebate scam again. My box got f ed up so i reinstalled everything, but now when i put in the key on my paid for cd is says its not valid. i still have 9 more months of time. I installed sabayon linux and have not looked back 64 bit ver is so trouble free. They pushed me into it. I just got tired tired enough than when this laptop no longer works i will not replace it. The fad after the purchase of my 8080 till now is over. I am turning 45 this year and just bought a new hobby it has strings and a amp.:)

Re:Oh my god have i been waiting for this.

I am turning 45 this year

      Whoa, you're almost 45 and you've never heard about capitalizing the "I" when using it as a personal pronoun; or of that useful device called a paragraph? I'm impressed.

That makes sense...

[Viceroy+Potatohead]

a virus dedicated to the eradication of Symantec from the known world."

Set a thief to catch a thief, I suppose.

Can you say AVAST?

[rizzo320]

Although they may hold on to the enterprise market, why even bother with Norton AntiVirus or Internet Security when you can get Avast AntiVirus Personal edition for free! http://www.avast.com/eng/download-avast-home.html/

No, I don't work for them, or own stock. They've even updated it for Vista. The cost? Register for a free serial number every 14 months.

Comodo firewall http://www.comodo.com/ is nice free step up for those who think they need something more than Windows firewall.

In the year 2007, there is really no need for a consumer to pay for a product from Symantec/Norton, McAfee, or any other security software vendor that has been fleecing us for the last several years.

Re:Can you say AVAST?

[evilgiu]

Kudos to Avast! I've been using it for the past 3 years and it is beautiful. I even bothered to upgrade to the paid Pro version, which has a couple more resident scan modules and works with push updates from their servers, instead of me having to remember/set a schedule for it. There have been occasions where I got up to 3 virus definitions updates in a single day =) Could it be just eye-candy? Perhaps, but it feels good, is not invasive and doesn't clog my system. Very happy customer here.

Re:Can you say AVAST?

[turnipsatemybaby]

I also recommend Avast. AVG is also a free one, although I've heard from people who have used it that AVG let some stuff slip through that Avast ended up catching.

And thank you for the heads up on Comodo! I've been using ZoneAlarm where needed and I do find the interface (and the nagging to buy the pro version) mildly annoying. I'll have to try this new one out.

Free AVG

[DogDude]

Free AVG updates daily.

Re:Free AVG

DogDick [a complete asshole] trolls daily.

Nice

"dedicated to the eradication of Symantec from the known world"

So where do I DL this program?

Re:Not nearly as bad as the week was for the BBC:

[gd23ka]

Hi there,

Let's go viral then :-)

help me out with a little karma here? Copy my post and it repost it & link back to the original?
If they shoot that down down go and recruit new people to put it up again?

Regards
G

Re:Not nearly as bad as the week was for the BBC:

[SirTalon42]

News outlets completely screw up the facts all the time (they don't really have much of an issue reporting incorrect information, since who's gonna call them out on it, their own people?). I'm gonna guess in this case someone at the BBC either heard something along the lines of along the lines that build 7 is going to collapse and then accidentally had it reported as 'did collapse', or maybe they just mixed up which buildings were gonna collapse.

But really, why is this one media screw up an issue, when theres probably countless ones on a daily basis where the media reports 'hear say' as facts (I remember a while ago when one of the mining incidents occurred that a reporter over heard some random person asking over the phone something along the 'they're all alive?' and then the reporter and his network started broadcast that they're all alive (quickly followed by every single other network they heard one report it), eventually the rescue crews announced i think that only 1 survived and then the media tried to pretend that they never were saying they were all alive. Pretty much all of the networks want to be the first to report every single thing that they'll be willing to use sketchy (and sometimes even obviously fake) sources. Don't forget Occam's razor, since the options are "they just fucked it up again and don't want to admit it", or "its some sort of vast cospiracy that for some reason they were in on".

Webster University as well

[Hohlraum]

pretty much has brought all staff/faculty/student computers on campus down.

Re:Not nearly as bad as the week was for the BBC:

[gd23ka]

No. They don't screw up on the hard facts. They screw up on details. In this case they didn't
get the timing right.

--"in this case someone at the BBC either heard something along the lines of along the lines
that build 7 is going to collapse and then accidentally had it reported as 'did collapse', or
maybe they just mixed up which buildings were gonna collapse."

Very funny. Actually this reminds me of the Bruce Willis movie where he plays a cop who catches
his best friend hiding in the closet in the bedroom. "No, no, it's alright, I know what happened,
it isn't your fault. You just tripped over the carpet here, stumbled, fell on my wife and your
dick just happened to go into her. It was an accident". (From what BW movie is that scene??)

Come on, you can make better excuses than that.

Argh. Misplaced my marbles...

[Gary+W.+Longsine]

It appears that Symantec has finally begun moving to daily updates. Information about their Live Update system indicates that for their 2006 home user product daily updates were available. Users of prior versions of the product receive only weekly updates. They have been under tremendous pressure from customers to make daily updates available for several years. I'm glad to see them finally moving that direction.

Re:Not nearly as bad as the week was for the BBC:

[Tweekster]

for some reason people never seem to understand the concept that memory recall is imperfect at best. in fact most people remember events out of order and justify the events based on that.

ie you decided to have an orange, but in reality you grabbed the orange and justified it later by recalling that you desired it prior to deciding...

why do you think eye witness testimony is the absolute worst evidence to have in a trial

OT

[1u3hr]

Sig: "-- Best Windows Freeware"

This page is updated regularly. Last update: October 19, 2005.

I suppose "regularly" can mean "every two years".

not all that obvious, really

[Gary+W.+Longsine]

One of my clients has a relatively large Symantec AntiVirus deployment (something like 35,000 Windows PCs). I was, among many other things, directly and soley responsible for their Symantec AntiVirus architecture for several years. I assure you that there are many issues which can be easily overcome at the scale of 300 machines which are pretty close to show stoppers at the 30,000 node scale. I agree that Symantec Enterprise Edition is a reasonable AntiVirus product, but its weakest link, ironically enough, are the issues that arise when trying to deploy, operate, and maintain it at the scale of a real enterprise.

Re:not all that obvious, really

[Bacon+Bits]

I administered about 2,500 to 3,000 seats myself. IMX any one patch would arbitrarily fail on about 2-3% of the systems, either because they were disconnected from the network, because they were not installed in the standard way, or for any other various reasons. I wasn't allowed to use AD to deploy updates so I don't know how well that works. I used Altiris. Still, 2% of 300 is 6. That's not so bad. 2% of 3000 is 60, which is a lot for one person to manage if they have other responsibilities. 2% of 30000 is 600, making it just useless.

I now administer 50 seats, and oddly enough I still get about 15 failures (laptops and remote VPN users). It's easiest to email people instructions and then fix the 2-3 who don't do it.

'known world'?

Was I the only one who thought "when did symantec get into D&D?"

Uptime King

[deathcow]

We had a Cisco router wigging out once.
Our Network Admin decided to reset it, and it offered this up:

Kodiak_Rtr uptime is 6 years, 9 weeks, 3 days, 10 hours, 43 minutes

Go Cisco!

Re:Not nearly as bad as the week was for the BBC:

Come on, are you really still trying to convince people about 9/11 and what not?
Let bygones be bygones, people whom have searched for truth would have stumbled on http://911research.wtc7.net/ or sites opposing it, made their mind one way or another and moved on.

We want to take down Iran now, and sh*t is being falsified all over again. THAT (to me) is more important than what happened.

And finally, your post (and this one) don't have a place in this article. Posting opinions for or against something in this fashion will get you nothing but flamed.

Mod parent up

Used to love good 'ole Norton Utilities in the DOS days, but around the time of Windows '95 they completely lost it. I remember the first supposedly Windows '95 compatible version trashed every long filename on my HDD when I tried to defrag, leading to one of my first (of many) OS reinstalls.

Nonsense.

[jotaeleemeese]

The philosophy under which these OSes are built is completely different and ensure better security.

And now with virtualization made easy (unlike with WIndows, where all kind of asinine licensing restrictions discourage virutalization) one is able to isolate even more logical instance of machines. This enhances security and reliability.

So your point is?

[jotaeleemeese]

Malware is firmly constrained to the priviledges of the user doing dumb things. Many things remain off limits.

And if you install any of the rule based security applications in Linux, the constraints are even stronger, this without sacrificing the versatility or the user's experience.

Linux is not attacked for lack of popularity, it is not attacked because it is more of a bitch to do an attack.

Re:So your point is?

[Eunuchswear]

And any normal person cares about his files - which a Linux virus could fuck up or steal - rather than the OS - which Linux protects rather well.

Re:So your point is?

[PhilipMckrack]

And windows is just as difficult to hack when the proper security is in place. If roles were reversed right now and linux were the king, are all the computer users in the world out there suddenly going to become linux gurus? Everyone who runs as administrator in windows right now would be running as root in linux and then you would see the exact same problems on linux that you do with windows.

Re:So your point is?

[Spudds]

Everyone who runs as administrator in windows right now would be running as root in linux and then you would see the exact same problems on linux that you do with windows.

That's just asinine.

Windows (barring Vista which won't take major effect for a while and has it's own serious design flaws) runs EVERYTHING as administrator by default.
Linux runs EVERYTHING as a limited user by default.
Most average joe's would be using the *desktop* environment and would log in as a USER, thus protecting themselves from malicious software targetting their system.

Sure, they may lose personal files by running a nasty program someone emailed to them, but at least they won't become a botnet zombie machine that spams my inbox ALL-DAY-LONG.

Linux is very popular in datacentres.

[jotaeleemeese]

It is not anymore the little box out there hidden under a desk.

Most (all?) companies offering web hosting or collocations support Linux. Actually being able to 0wn a Linux server gives you much better malware posibilities since a system can have hundreds or thousends of users.

But black hats don't attack Linux not out of popularity, but simply because Linux has a better design when it comes to security (UNIX, and Linux, which takes its inspiration from it, were designed in the understanding that you may have different people working in the same computer at the same time. That has mae immensely easier to make these OSes cracker unfriendly. In the meantime MS has been hacking a multiuser systems in top of their offerings, the amount of holes left behind and the constant form over function ensure the systems will be easier to crack).

Security has nothing to do with popularity, it has to do with proper or improper security policies and their implementation.

That is the point

it should be

0x2b | ~0x2b

(all bitwise operations) or

0x2b || !0x2b

(all logical)

he, he, he, ....

Re:Not nearly as bad as the week was for the BBC:

[Slashcrap]

Another interesting fact you should keep in mind is that buildings can not be "pulled" or
demolished by explosive within mere hours. It can't be done in one sunny afternoon, it takes
at least a week of careful planning and preparation.

Great post! Very interesting.

Personally I find it fascinating to see the lengths that some Americans will go to in order to explain away one simple fact - that a bunch of Arabs put together a terrorist outrage right under your noses. And weren't even very clever about hiding it. But it didn't matter due to the incredible ineptitude and complacency of your security services.

And I'm sorry to nitpick such a great post, but have you realised that you forgot to blame the Jews? What sort of conspiracy theorist are you?

CA eTrust is better and cheaper

[JavaIsGreat]

Symantec AV is useless. I got it bundled in my laptop and after 60 days I uninstalled and installed eTrust. It is far better and cheaper.

Check it out man, they're really "upset"

[gd23ka]

Oh boy they're really "upset". The parent post got swatted down to 0 within two minutes of me putting it up,
five minutes later when I checked back again it was down to -1. Now in a thread that _already has_ a parent at -1
which means few people will actually ever read this I get all my follow up posts modded down.

Re:Not nearly as bad as the week was for the BBC: Friday March 02, @12:06AM 0, Offtopic
Re:Not nearly as bad as the week was for the BBC: Thursday March 01, @11:10PM 0, Troll
Re:Not nearly as bad as the week was for the BBC: Thursday March 01, @08:57PM 0, Offtopic
Not nearly as bad as the week was for the BBC: Thursday March 01, @08:40PM -1, Troll

Actually they're doing me a favor here, because their over the top reaction and ultramoronic denial
is just going to draw more attention to this.

Re:Not nearly as bad as the week was for the BBC:

Very interesting reactions to that chap's post wouldn't you say?
Say hello to Guy Smith for me.

Re:Not nearly as bad as the week was for the BBC:

[Zwaxy]

News outlets completely screw up the facts all the time

They screw up details, sure, but they don't accidentally predict unforeseeable events.

Don't forget Occam's razor, since the options are "they just fucked it up again and don't want to admit it", or "its some sort of vast cospiracy that for some reason they were in on".

The options are "they just fucked it up again and also managed to lose all the multiple tapes of their entire output for the biggest news day in recent history", or "they received a press report and reported on it". There's no need to suggest that the BBC were in on it - they were just reporting the information they were given.

Eradication?

[skinfitz]

a virus dedicated to the eradication of Symantec from the known world

We can only hope.

eradication

a virus dedicated to the eradication of Symantec from the known world. about time

... ti-Virus - Virus - Anti-Virus - Virus - An ...

[Stooshie]

If I wrote viruses and wanted to make a living from it, subscription-model anti-virus software would do me very nicely, thankyou very much.

No shit

[Moraelin]

No shit. It's like reading about a strain of flu that cures/prevents AIDS. Where can I get it?

MOD PARENT DOWN!

[Bryansix]

Who moderated this guy insightful? His facts are wrong and he doesn't even make a sincere attempt to use logic! AVG Updates daily and virus definition updates should always be updated. That's why you use an anti-virus because you don't have the time to research every threat out there yourself and create a way to catch it and fix it.

Re:MOD PARENT DOWN!

[RESPAWN]

Actually, my initial post was rather brief as I was on my out the door when I made it. That said, it appears that your largest complaint is over my confusion with Free AVG. I have fully conceeded my ignorance over Free AVG in multiple posts in this thread. Here's one example: http://slashdot.org/comments.pl?sid=224774&cid=182 03120. My only explanation for why I thought it was once a week was that I must have been smoking crack and/or I set my own install of Free AVG on my laptop to once a week for one reason or another. I haven't used that particular computer in months and I use other products on my other machines. (Not Symantec.)

Note that I did not mean to bash Free AVG at all. I in fact recommend it to all of my co-workers/friends who like to ask the "is there any way to get my McAfee/Norton to download free virus updates?" I've also installed it on my parents' computers, but I've left it up to my dad to maintain those installs. He's an IT Director -- I think he can figure it out. (Although that does explain why I always notice Free AVG updating as soon as I turn on the kitchen laptop...)

That's why you use an anti-virus because you don't have the time to research every threat out there yourself and create a way to catch it and fix it. If you'll read this post (http://slashdot.org/comments.pl?sid=224774&cid=18 203022), you'll see that I attempt to clarify myself a little more. In case you're too lazy to read it, I'll summarize. For a corporate level virus scanner, there should be no reason for Symantec to even provide a default definition update policy. That should be left up to the sysadmin to configure per his company's own written IT policies. If they don't do that, then they deserve to be infected as a professional sysadmin should not need his hand held. I'm sure that most of us work in environments where our written IT policies do not match whatever default update policies Symantec may provide.

If we were talking about the consumer version (Norton branded product versus the corporate, Symantec branded product), then I would be right there with everybody else decrying the irresponsibility of Symantec for not providing a sufficient default policy. And I really, really don't care much for Symantec's AV products (corporate and consumer versions), but in this case they provided a patch to their AV engine in May of last year, and they do release daily AV updates. It is entirely the fault of the sysadmins and/or their PHB that their software was not up to date and not configured properly.

Truthfully, the linked blog seemed to me like nothing more than a crude attempt to smear Symantec for one reason or another. (And honestly, isn't Symantec bad enough without having to twist the mistakes of others to try to make Symantec look even worse? Let's talk about how uninstalling the Norton product can break BITS (http://djlizard.net/2005/11/18/102) or how about Symantec labeling NSIS as a false positive... four times (http://www.vnunet.com/vnunet/news/2159763/symante c-mistakes-open-source).

Re:MOD PARENT DOWN!

[RESPAWN]

Crap. Forgot to hit Preview...

Re:Not nearly as bad as the week was for the BBC:

[The+Angry+Mick]

From what BW movie is that scene??

That was "The Last Boy Scout".

Re:Argh. Misplaced my marbles...

[jsage]

daily updates have been available to years. just not to certain classes of customer.

WELL

[hurfy]

I'd comment but i can't figure out if that virus is a bad thing or not ;(

Ahh, feel the love here.........

Re:Argh. Misplaced my marbles...

[Gary+W.+Longsine]

Although other AntiVirus vendors provided daily udpates for years, Symantec released updates via Live Update once a week for many many years, and apparantly began more frequent, almost daily updates in 2006. I know (from experience) that as recently as the fall of 2005 Symantec updates were delivered weekly. I used to *beg* on behalf of my client (and via Symantec's expensive enterprise support contract of questionable value) for Symantec to produce more frequent updates. I still have scars on my knees and lips from the chaffing. I'm here as a survivor to tell you they did *not* deliver daily updates via Live Update until relatively recently.

During major outbreaks a mid-week update or two would sometimes become available. Those were sometimes delivered at the request of their enterprise customers (e.g. "We're seeing a rise in foo infections, could you please consider releasing the definition update for that ASAP?") but were made available through all their distribution channels to all their customers.

On occasion Symantec would release a particular definition via consumer channels on an ad-hoc basis (e.g. between the regular weekly udpates) but only via the enterprise-focused "Live Update" system several days later during the regular update. When I asked them about this (each time we noticed) the reason given was that the definition "needed additional testing" before it could be certified for enterprise use. Presumably this was to reduce the number of false positives which when they occur in an enterprise environment can be almost as costly as an actual virus outbreak.

niche status is not protection: Witty Worm et. al.

[Gary+W.+Longsine]

Pining for the fjords, eh? Serious security professsionals realized this argument was stone cold (in fact I took the liberty of examinging this here argument and discovered that the only reason it was still standing on its perch at all was that it had been nailed there) dead when the Witty Worm smacked all the vulnerable systems for a given defect within an hour. The particular realization perhaps didn't sink in until a day or so later when the number of said vulnerable systems was shown to be something quite small, quite possibly as few as 12,000 total vulnerable systems. Exploiting niche platforms became no more difficult than exploting any other platform given a remote root vulnerability.

Elsewhere in this discussion it's claimed that worms are irrelevant because modern attacks are directed at browsers and the like. The continual emergence of new worms suggests that malware authors do not agree with that assessment. Even if it were true, recent surveys suggest that over 4% of web surfers are using Safari. That's millions of potential victims. A botnet master needs only a few thousand systems to spam the bejeezus out of the entire world.

The niche platform argument is bogus and should be consigned to the dustbin of history.

Re:Argh. Misplaced my marbles...

[jsage]

sorry gary, just not so. i've been an enterprise customer for more than seven years. daily updates for enterprise customers started at least before 2004.

Firewall and A/V products

[Oshkoshjohn]

It comes down to what you believe is necessary. I get EZ Armor Firewall and A/V as a gimmee from Roadrunner. My Internet experience is fast, and there is never any slowdown while safe programs get massaged over and over to no purpose.

I didn't lose all the marbles. Dude.

[Gary+W.+Longsine]

You received daily updates only if you were able to use the "Symantec enterprise console" system to obtain and distribute the updates. Symantec had 3 different update paths at that time, LiveUpdate was the original "enterprise" update system which used FTP as a transport and a special "Live Update Administrator" software to fetch from Symantec. The "enterprise console" system used a different mechanism and a "push" transport from the console server to the clients. (Incidentally, I think it is this built in distribution and control system which provided the hole for the worm which spawned this article. The "unmanaged" client configuration didn't have a listener on the client and thus couldn't be exploited that way.) The third mechanism were downloadable update bundles available from the web. Those were updated weekly in concert with Live Update, and occasionally on an ad-hoc basis. There are many, many more details that I could provide, but really, you can't possibly care this much. It was a cluster fsck, the Symantec update situation, for years, and was still a cluster fsck as of the fall of 2005.

Switch to AVG

[peetm]

I'm sure it's been said here already - and that many people have already said that they consider Symantec's AV as deeply flawed product.

Still, just in case:

Symantec's AV is, IMHO, a terrible product. I have a parttime job working on a university heldesk in their central computing facility. We see this AV appear on user's machine regularly, and the first thing we do is get the user to uninstall it [if they can!], and to then install AVG Free Edition. I've never know a user to *not* come back and thanks us, and to report that their machine is running better after they've done this.

AVGFree updates daily

[Ken+Erfourth]

AVGFree updates daily, and is my recommendation for antivirus for regular home users with ordinary security needs.

I turn off the scheduled morning scan (a bit overkillish, and also still slows things down too much, even in low impact mode). I set the Window Task Schedular to launch the Test Center once a week to remind folks to scan their computers and that's it.

It works just fine, and if there is a problem, it's extremely easy to uninstall it and reinstall it, whichs fixes practically everything.

I swore by Norton Antivirus until the 2004 version came out. Then I started swearing at it. Currently, I regard it as worse than nothing.