A Bad Week for Symantec

Evan Hughes writes "NeoSmart Technologies has published a scathing editorial regarding 3 high-profile mistakes by Symantec Corp. — all in less than a week. In what seems to be a string of stupid mistakes culminating in the infection of CNN-parent Turner Broadcasting Systems by Rinbot— a virus dedicated to the eradication of Symantec from the known world."

maybe...

[User+956]

NeoSmart Technologies has published a scathing editorial regarding 3 high-profile mistakes by Symantec Corp. -- all in less than a week

Maybe they're not mistakes... maybe it's just a form of viral marketing.

With all due respect...

[devphaeton]

....in my experience modern Symantec products such as Norton Internet Security is the most malicious, but successful form of malware ever. It actually gets people to pay money for the product, and in a lot of cases, pay other people to install it and keep it on their system.

I'm so glad I moved out of software maintenance and into hardware maintentance. Now I just wipe harddrives clean as a whistle and make sure the hardware works. Such a load off!

Re:With all due respect...

[digitig]

"Effectively free" is still overpriced as far as I am concerned. The amount it slows the system down is unforgivable.

Re:With all due respect...

[Zantetsuken]

yes, its close to zero cost when you buy the software in store, but its still subscription based, which is where they get you - its like a subsidized cell phone from a major carrier - sure, the phone is zero cost or 50 bucks off, but you've still got to pay for airtime minutes...

Re:With all due respect...

[Tim+Browse]

Reminds me of a phrase we used at a company I once worked at, to describe 'free' equipment we were given, and co-erced into using.

"It didn't cost us anything. Well, not at first."

Re:With all due respect...

[bluephone]

I used to swear by it, but around 2002, it just sucked up too much in the way of system resources. I switched to the Corporate client and got back a lot of CPU and memory, ditched the flashy idiot-targeted UI, and kept the engine. For the past 15 years it hasn't let me down once.

Re:With all due respect...

[Anpheus]

~ is a bitwise 'NOT' operation.

Thanks for playing!

Re:With all due respect...

[Rycross]

I wouldn't take Norton AV if they payed me to install it. Its one of the worst AV options out there. Download AVG for home use.

No great loss

[ravenspear]

Every experience I have ever had with a Symantec product has been utterly terrible. Generally they cause more problems than they solve.

Re:No great loss

[Farmer+Tim]

Symantec: more full of bugs than a frog on a binge.

Re:No great loss

[sumdumass]

You must be reletivly new to their products. They used to have good/decent products but around 2002/2003 it started going downhill fast. I have stopped recomendig them since 2005 or so and get really frustrated when I have to remove them now.

You right, They suck now. But they used to be half way decent at one time. I don't know what happened.

Re:No great loss

[DigiShaman]

Agreed! Symantec NAV sucks ass nowadays.

While Trend Micro is known to be good, my faith in it has been shattered when I cleaned up a web server that was infected with some unknown virus. It was so nasty, that it disabled the Trend Micro services!!!

Because I use AVG Free at home (and has always prevented infections), I decided to download and install the 30 day trial of AVG for file servers. Needless to day, it found the viri and purged them.

I think I'm on day 8 of the trial period without further incident. Because the trial version of F-Prot also failed, I fairly certain we will go with AVG.

Re:No great loss

[sumdumass]

I have used the AVG server and pro versions at a couple locations. I love them. The administration control console thing (if you use the server and a few clients too) allows you to update and push them out, You can schedule scans and checks the status of them. You can even delete the files remotly if neccesary. There is quite a bit of control it gives you. And best of all, the service doesn't take a brand new computer with plenty of memory and proccesing power and make it apear to be some slow piece of yesterdays stuff like symantec products do. (well, their corperate version wasn't as bad as the home or pro version but symantec does take a lot out of the systemit is running on for some reason)

They have several different kinds of license and purchasing offers. I think the paid updates are two years if i'm not mistaken and each install averages less then a symantec corp or NAV price. I'm convinced and I use AVG for all my anti virus needs (even on linux mail and file servers)

Re:No great loss

[Radon360]

Well, somewhere in 1990, Peter Norton sold things to Symantec. They (Symantec) continued to associate themselves with Peter Norton up until 2001 or so. About that time is the consensus that things went downhill. I'm not certain how much involvement Norton had with Symantec up until that point, but I'm willing to speculate that when the two parted companies, that's when Symantec began their transformation into selling the crap they do now.

Gosh, I miss the good ol' days of Norton Utilities and the like...in DOS nonetheless. Now there was a powerful piece of software that was truly easy to use. The UI actually showed you some shred of respect that you knew what you were doing.

Re:No great loss

[monsted]

We're migrating about 250 TB (no, not GB) from Legato^WEMC Networker to NetBackup because some bean counter made a better deal with Symantec and have so far only found drawbacks to that move. Worst of all, Symantec is requiring us to install full (including X, open office and every single piece of software known to man) Solaris packages if we want support from them...

So this is kinda obvious, but....

[rasafras]

Turner apparently got hit because it had not yet updated the Symantec programs on its computers. A fix for the flaw has been available since May and security experts have repeatedly urged users to protect their computers by applying the update.

Hmm hmm hmm people are dumb.

Re:So this is kinda obvious, but....

[Bacon+Bits]

If you'd ever been the person responsible for updating the Symantec Antivirus client, you would not be so quick to judge. LiveUpdate only handles scanning engine updates and virus definitions. Anything else is a huge nightmare.

I don't like Symantec products because they make the life of a sysadmin *more difficult*.

Re:So this is kinda obvious, but....

[York+the+Mysterious]

LiveUpdate only updates the defs for Corporate, but you can easily deploy updates via Active Directory. Corporate is the only good product that Symantec makes. I admined 300+ seats of it. Granted Turner has more than 300 seats, but it took me about 10 minutes to get my 300 seats updated. They have no excuse. Someone wasn't on top of this.

Is this guy serious?

[RESPAWN]

What kind of anti-virus product only updates once a week (on Wednesdays)... And most importantly, what kind of security company lets its product remain installed without updating? To be quite honest, those are all user configurable options, are they not? To think! Some of us may not WANT Symantec to hold our hands when it comes to maintaining our AV installs. Can you really hold Symantec liable for the mistakes of its customers?

Furthermore, doesn't Free AVG only update once a week as well?

Re:Is this guy serious?

[SwashbucklingCowboy]

What kind of virus rule updates would you not want to download?

The kind that treat widely installed legitimate programs, e.g. Excel, as a virus.

Re:Is this guy serious?

[RESPAWN]

My point is this: the corporate version of Symantec does not automatically install any download rules. They leave this up to the installer who is hopefully capable of properly configuring their update rules and/or updating their servers manually, most likely so that they can properly test the latest virus definitions for errors or anomalies before pushing them in to production. See the comment below that links to the article about Excel being treated as a virus.

I work for... well, it doesn't matter. In our facility absolutely NO patches or virus definition updates are applied without first being approved by another group whose sole job it is to make sure these pathces don't affect something critical to our operations. Furthermore, we only download our defs from approved (IE our own) sources so as to ensure that we are ONLY downloading what's already been tested.

In short, we are all professionals and we should be capable of ensuring that our defs are up to date. We don't need (nor will we allow them to in our case) Symantec to hold our fuckin' hands throughout this process. When I install a corporate virus scanner, I fully expect to have to configure the machine policies in order to match our IT policies. If somebody's only updating their definitions once a week, then that's not Symantec's fault. That's the fault of whatever sysadmin was too stupid to properly configure his software.

That said, I still think Symantec's a piece of shit and I wish we were allowed to use other solutions in its place, but that's not for me to decide. Their management software is no where near as feature rich as EPO, and I seem to have to spend more time dealing with Symantec issues than I do with EPO issues. (Because, yes, we do monitor our machines each day to ensure that they are updating properly. CNN we are not.) Please don't think for a minute that I like defending Symantec. I just believe in placing the blame properly where it belongs, and in this case it's the idiot sysadmins who weren't doing their job.

Re:Is this guy serious?

[yellowalienbaby]

afaiaa avg updates as and when needed. I certainly get update notices more than once a week. Before and after the recent switch.

Symantec - semantics

[L.+VeGas]

a virus dedicated to the eradication of Symantec from the known world

That's not a virus. That's a feature.

Why is this is only news now?

[winkydink]

because CNN is infected?

1. Estimates are 100-150 million machines are currently part of botnets
2. Loss estimates exceed 200 billion annually on a global basis
3. Over 80% of all spam comes from botnets

Yes, I can cite. Or you can Google. They are all easy to find.

This is a HUGE problem that is, in many ways, like spam was in 1996 or 1997. The technical community acknowledges it, the average consumer has no clue, and, left unaddressed the problem and associated looses will get much, much worse.

Re:AVG

[nsayer]

every reboot or once a day which ever comes first.

Since we're talking about Windows machines, I can tell you for certain which comes first.

Sounds as Though Turner Made One Mistake

[SwashbucklingCowboy]

A fix for the flaw has been available since May and security experts have repeatedly urged users to protect their computers by applying the update.

Turner can't update their software in EIGHT MONTHS? That's not a problem with Symantec, that's a problem at Turner.

What kind ?

[Archfeld]

the kind that crash servers, it is not like they haven't done it before, but for most purposes I agree with you. In a large scale environment with lots of custom apps. you had better be checking these patches prior to general deployment or you WILL get bitten...*speaks from experience*

A what now?

[PockyBum522]

A virus dedicated to the eradication of symantec? Sign me up! ...I suppose I'll have to turn off AVG first...What then?

Re:How long will it connect?

[JasonBee]

That's funny...I've got an "always on" setup of Linux Unix, and MacOS X and I've never experienced an issue.

Then again...I did once! It was when I was running Windows 2000. Someone rooted my Hotline Server and deleted all my files ;)

JB

Updates

[fm6]

People often don't update their software for years at a time. Hey, it costs. Which is why NAV is designed to update itself automatically. You just have to configure it correctly.

I'm no fan of Symantec. It's perfectly true that they're badly run. Hey, they used to be a lot more than a "security software" company, but all their other business (natural language databases, compilers, IDEs, desktop software, backup software) just died on them. But to blame them for the ineptitude of the CNN's IT department is idiotic.

Re:Dont Blame Symantec

[Nurv44]

But they(Symantec) update their signature files almost daily, that means they haven't updated their systems signatures in months. Thats just asking for problems. I mean if they were burned, why not test it offline to see? But to risk a high profile company because maybe you will get burned? I think that is a lack of responsibility on the IT dept. side.

Just in time for us to migrate to Symantec

[gelfling]

We're chucking our desktop firewalls, spyware tools and AV scanners for one big Symantec managed client. And if any of you have ever tried to uninstall Symantec you'll know that you're chained to them for life.

Re:Just in time for us to migrate to Symantec

[jd142]

I uninstall Symantec Corporate Edition all the time. Works a treat.

We've got an AV server and all of our clients are managed. We set the server up to check Symantec every two hours for updates and those updates are pushed down to the clients almost immediately.

Need to install all of your clients to the latest version (say from 9 -> 10)? Click Tools | Install Client Remotely and push it down from a central location.

We check our clients and any computer that is more than a week out of date is turned on and updated.

The only reason I can think of that so many people are complaining is because they've only used the consumer version. When we get student laptops we immediately remove it and install the corporate version that is free for them. I've never had a problem uninstalling the trialware version of the AV that ships with so many laptops.

Re:Just in time for us to migrate to Symantec

[will_die]

The corporate/enterprise versions of symantec and mcafee are great. They scan mail and scan the system and files so they do everything you want from a virus program.
In additon they take up alot less resources then the home versions, and are usally easy to uninstall. Even without the management software you can use them, and they will download info from the web sites of the appropriate company.

Re:Just in time for us to migrate to Symantec

[Brimstar]

As a former Symantec Corp customer, I'll disagree with that. The uninstaller for 8 was horrible, and the push install of 9 flat out didn't work for about half of my network (frequently caused by issues with 8). Nothing special about the network either, it just didn't work. In fact, about 1 in 20 network installs didn't work at all for some reason and I had to go install by hand. 9->10 seemed like it was going better until I had several systems start randomly screwing up and causing our EE and ME CAD applications to crash. I was getting sick of all the issues with security between the server and the clients as well as a multitude of other things.

I moved to NOD32, and couldn't be happier. Uses less than half the resources Symantec Corp did, and does a better job. I've had systems come out cleaner using a 3 month old set of definitions with NOD than Symantec Corp. I've got a central management interface that hasn't needed updated in over 6 months because there's been no security holes. Updates happen according to my policies by dropping them in the correct directory if I don't want it to auto-download, although I do just use auto-downloading. I can have one central server per location, then have the server upload it's logs to my central server a few times a day to keep traffic on my VPN links down. It works better and has caused fewer issues. Plain and simple, it's been a better product. Cheaper too!

Re:Dont Blame Symantec

[SwashbucklingCowboy]

Maybe CNN was burned by Symantec updates before.

Perhaps. McAfee had a problem once where they were identifying Excel as a virus, but I've never heard of Symantec having such a problem. More likely, the CNN IT staff is either incompetent or just plain stupid.

Also, if they had been burned by Symantec, they should have gone with another vendor's product. A company like CNN not having up to date AV software is inexcusable.

Re:How much will it take?

[SwashbucklingCowboy]

How bad does it have to be for people to Stop using windows?

Really bad. But if everyone started using Linux or OS X then all of their security problems would have a spotlight shown on them.

Re:How much will it take?

[Lumpy]

How bad does it have to be for people to Stop using windows?

when the OS let's Steve ballmer and Microsoft know when you are in the shouse so a guy can show up dressed as clippy and forcibly anal rape you.

Yes, it will have to get that bad before the sheeple out there actually switch.

Re:AVG

[Southpaw018]

Seconded. The only time I get reboots is when it's required for a security patch, or the occasional "application freaking the #$@%^& out" kinda thing...servers, workstations, all of 'em. And if it weren't for that, I'd be pushing 90-120 day uptimes on most of my machines. Yes, Windows machines.
In fact, I'll get you the data.

Main server has rebooted twice in the last four months for security patches, total ~19 minutes downtime.

Astroturfing

[jotok]

Symantec has seen quite a bit of negative publicity in the past year on slashdot.

I have to wonder how much of it is simply astroturfing by disgruntled former employees? When there's a negative op/ed piece on a "software development and security research" website where none of the SQL even works, I just have to wonder if some no-talent assclown is pissed off because he lost his helpdesk or HR job.

Re:Astroturfing

[swordgeek]

OK, there's no doubt that Turner is pretty incompetent for not fixing this hole with a patch that's been out for most of a year.

But at the same time, I have to ask how incompetent a company that writes security software can be, when their own code is written so as to allow this type of exploit.

Furthermore, I've had quite a bit of experience with Symantec over the past few years. I've been using Veritas products for a decade and change (Netbackup and Volume Manager primarily), and know them very well. Once in a while, I'll come up against a bug and phone Veritas for support/workarounds/whatever. For years they weren't top notch, but they were decent and consistent.

Since Symantec took over, support has fallen through the bottom of the toilet. Their help desk is driven by 'time-to-close,' and actual technical experts are no longer brought in for difficult cases. Bug reports are not even accepted anymore! (Well they'll _take_ the bug report, but won't give you a bug ID to track it with.)

Furthermore, they've started to crank up the version release numbers so that they can promise support for two versions, but only support products for two years from initial release. TWO YEARS FROM RELEASE!!! That's completely unacceptable even in the home PC marketplace, let alone in an enterprise environment, where a product rollout may take over a year.

So yesterday I went to install the newly-free version of Storage Foundation, because I needed to migrate some data from an old system (flawlessly running vxvm 3.5) to a new one, where we'd then move it to ZFS and be done with Veritas for good. The installer put 40 packages on my newly built Solaris 10 system (11/06 release), but failed to actually install the volume manager! After screwing around with it for a while, I gave up and went to uninstall it. The uninstaller hung in kernel space, and for twelve hours did nothing but couldn't be killed.

I don't care about any axes that people have to grind. Symantec is an incompetent company, and DESERVES all of those people holding grudges against them. I'll be glad to see them die horribly.

Re:Astroturfing

[GJSchaller]

I do not, and have not, worked for Symantec, but I will concur their products are crapware, and their staff is made up of A-Grade assholes. As another person posted above, their support is driven by time to close - when I opened a case with them that went unresolved for several weeks (and not due to lack of trying on my end), I finally got a call back from someone that sounded more like a back-alley enforcer than a support specialist. He tried to bully me into closing the case by blaming me for the issue. When I refused and higher levels of support got involved, they mentioned repeatedly how my issue compared to other cases that had "been open this long."

Someone once commented that Symantec makes nothing of their own - they purchase other great products, and ruin them. Norton Anti-Virus, Ghost, Brightmail, and Veritas - we used to use them all, but have migrated away from them one by one, as Symantec swallowed them up, partially digested them, and barfed them back on their customers. I've stopped people in stores from buying their products - a majority of the time I work on a home machine with Symantec products on it, that product is the cause of the issue they are having.

The real kicker, as it relates to TFA, is the updating of the software. Symantec's patches for their corporate AV client need to be rolled out manually - while you can automate the actual client install, or even installing a newer client over an old one, patching a current client must be done manually, or using a support tool that is tedious at best. I have no idea why it's not automated (or optionally automated), and that the patching doesn't use the same push system the install does. We dropped Symantec for Sophos - it's patched itself several times without us needing to intervene, and even did a minor version update without us needing to do a thing.

Symantec deserves the scorn that has been heaped upon it by the IT community.

Re:Astroturfing

[Dunbal]

OK, there's no doubt that Turner is pretty incompetent for not fixing this hole with a patch that's been out for most of a year.


      Personally I'm surprised that he hasn't broadcast it on the news as a terrorist attack and recruited the Boston police and bomb squad to deal with this threat...

Re:Astroturfing

[swordgeek]

Thanks for your note. I'm going to reply to it rationally (more or less), hoping that you'll see it and take my comments as constructive criticism rather than just ranting.

First of all, I may have misstated Symantec's support policy, but that is verbatim what I was told by a support engineer. (I even have the email to prove it.) Maybe some internal training is in order?

"...you've downplayed the fact that two years is a long time in the world of security software."

Did I mention the "Veritas products" part of the equation? Two years is barely time to get one's feet wet with most (former) Veritas products. There's also support from other vendors to consider: Sun didn't actually provide support for Volume Manager 4.0 until after 4.1 was released. Already we're into the two year window, and we haven't even started a cluster OS upgrade!

And that's just volume manager. A full-blown enterprise Netbackup installation is a MAJOR event. Here's one scenario I dealt with recently:

NBU 5.0 gets released. After six months of waiting for it to become stable enough to actually use, the company started the implementation. This involved $980k of new hardware (and they already had the tape library and infrastructure in place). The planning, architecture, implementation, cutover, and validation took a total of roughly eight months. That's 14 months after initial release, and we've just gone live with the product. At that point, after over a million dollars of gear and time and effort, I am NOT planning on a major version upgrade in ten months or twenty or thirty. I want a MINIMUM of three years of full support after that point, and five is much more reasonable. We shouldn't be forced to upgrade our software until we've outgrown our infrastructure, which is about a 3.5-4.0 year turnaround for most big companies.

Furthermore, service packs or not, the very WEEK that NBU6.0 was released, we were told we couldn't get any more NBU 5.x client licenses. That's it, no more, thanks for coming out. Suddenly, regardless of bug support, we're left without any legal means of growing without upgrading to 6.0.

That is, in a word, crap.

This isn't a $100 anti-virus package for a PC that's going to be chucked in two years, this is software that runs enterprise installations. We don't spend $5k per client machine for a product that's obsolete almost as soon as we install it.

Now you can say that Symantec doesn't operate like this, that my details are all incorrect. That may be, but that is what we were told by our local sales guys, our regional managers, and the other end of Symantec's international support group.

So on the one hand, we have the model you describe, which is crap. On the other hand, you have the reality that I've described which is rancid festering crap. Add to this the fact that VxVM5.0 Basic (the freebie package) simply doesn't work, and you've got a company that is either too incompetent to survive, or trying very hard to destroy the Veritas products/division they bought a few years ago.

As for you liking your job, that's great. I really am genuinely happy every time I hear about someone enjoying their work, because we spend a lot of time at it. (random aside: Until recently I hated my job although I love my work, so I quit--now I'm working for a better company for less pay, and loving it.) Unfortunately, that doesn't change the fact that your company doesn't even have the vaguest understanding of what enterprise computing is really about.

First thing I Uninstall is Symantec

[flyingfsck]

Whenever I have to fix a screwed up PC, MsAfee or Symantec is disabled by the malicious code. So, I always uninstall whatever is on the machine and install something else like AVG or ClamWin.

Re:First thing I Uninstall is Symantec

[tom_jaimz]

I tried ClamWin on a recent install of Windows, and despite keeping it up-to-date I got infected with a virus for the first time since the early 90s (Brontok.N - pretty annoying little thing). ClamWin never detected it, not even after I was badly infected. I'm back on Kaspersky now. I won't be recommending ClamWin to anyone.

Re:AVG

[flyingfsck]

Windows is pretty damn good nowadays, but my Linux web server only goes down when the ISP has a power problem. That happens about once a year. In four years, the machine rebooted 5 times and never once due to Linux.

No sweat off my nose....

[purduephotog]

... Every machine that comes to me for service has one requirement: No Norton. Take norton off, and people are *amazed* at how much faster their machines run.

I substitute Free-av.com for Norton- better infection detection, less memory overhead, free (with the option of buying a license- I usually guilt them into doing it), and nightly upgrades.

Re:How much will it take?

[pak9rabid]

The reason Windows has so much malware problems is because it's the most common operating system used, therefore it's in the best interest of the malware developers to write malware for Windows. If the most popular operating system was OS X, then OS X would have the most malware problems. The same goes for Linux or .

Can you say AVAST?

[rizzo320]

Although they may hold on to the enterprise market, why even bother with Norton AntiVirus or Internet Security when you can get Avast AntiVirus Personal edition for free! http://www.avast.com/eng/download-avast-home.html/

No, I don't work for them, or own stock. They've even updated it for Vista. The cost? Register for a free serial number every 14 months.

Comodo firewall http://www.comodo.com/ is nice free step up for those who think they need something more than Windows firewall.

In the year 2007, there is really no need for a consumer to pay for a product from Symantec/Norton, McAfee, or any other security software vendor that has been fleecing us for the last several years.

Re:Can you say AVAST?

[evilgiu]

Kudos to Avast! I've been using it for the past 3 years and it is beautiful. I even bothered to upgrade to the paid Pro version, which has a couple more resident scan modules and works with push updates from their servers, instead of me having to remember/set a schedule for it. There have been occasions where I got up to 3 virus definitions updates in a single day =) Could it be just eye-candy? Perhaps, but it feels good, is not invasive and doesn't clog my system. Very happy customer here.

Re:AVG

[Bill,+Shooter+of+Bul]

By the same token, I've never seen AVG prevent, or detect an actual virus. I've then removed avg and installed f-prot /or fsecure and watched the virus count run up. But at least avg is free, right? I'm sure it prevents some, but for my parents, it doesn't deal with their weekly virus infection. always YMMV

Re:How much will it take?

[Heir+Of+The+Mess]

I have nothing to worry about as I'm running Solaris. Despite the fact that people are continuously trying to hack me I have no worries. Right now (I'll look at the network activity) ?? funny someone has telneted in using some -froot argument. I wonder wha[No Carrier]

Re:How much will it take?

[toddestan]

This has been disproved so many times it's not even funny. you must be a complete fucking idiot to make such a statement.

Since you seem so smart, how exactly has this been disproven so many times?

Re:How much will it take?

[toddestan]

Those are mostly worms, which are pretty much old news. Welcome to 2007, where most malware is installed by tricking the user into running something on their computer which then takes it over. Even Microsoft gets it (You're trying to use the mouse. Allow/Deny?). You don't.

Re:How much will it take?

[quanticle]

>>As far as I know, The exploits in mac or linux don't really have automation in them. And i'm not talking about getting a tool to let some scipt kiddie pown your system. I'm talking about every infection requires some human intervention to be succesful.<<

Windows Vista has the same sort of protection built in as well. However, the protection is triggered so many times by non-malicious programs that users quickly become used to clicking "Yes" to every dialog prompt that pops up. This behavior can then be exploited by virus writers.

The key difference between Linux/Mac and Windows is the quality of the applications written for them. Linux and Mac applications do not normally require root access to function. Therefore, the system almost never has to ask the user to give root permission. And for the rare times that the system does ask for root permission, the event is sufficiently unique that the user takes a close look at what they're trying to do before making a decision.

Windows will be vulnerable to viruses as long as everyday applications require root access to perform.

Re:AVG

[mortonda]

I only use Windows for maybe 2 hours a day to play a game, then I reboot to Ubuntu for real work.

Yeah, actually it's really annoying, because AVG is always trying to scan the hard drive when I go to play a game.

Re:AVG

[justthinkit]

I've never seen AVG prevent, or detect an actual virus.

This is a completely ridiculous statement. Maybe you just haven't checked C:\$VAULT$.AVG, a normally hidden directory. Mine currently has 121 xxxxxxxx.FILs, going back to Feb 4, 2007. AVG is alive and well, TYVM.

not all that obvious, really

[Gary+W.+Longsine]

One of my clients has a relatively large Symantec AntiVirus deployment (something like 35,000 Windows PCs). I was, among many other things, directly and soley responsible for their Symantec AntiVirus architecture for several years. I assure you that there are many issues which can be easily overcome at the scale of 300 machines which are pretty close to show stoppers at the 30,000 node scale. I agree that Symantec Enterprise Edition is a reasonable AntiVirus product, but its weakest link, ironically enough, are the issues that arise when trying to deploy, operate, and maintain it at the scale of a real enterprise.

Re:So your point is?

[Spudds]

Everyone who runs as administrator in windows right now would be running as root in linux and then you would see the exact same problems on linux that you do with windows.

That's just asinine.

Windows (barring Vista which won't take major effect for a while and has it's own serious design flaws) runs EVERYTHING as administrator by default.
Linux runs EVERYTHING as a limited user by default.
Most average joe's would be using the *desktop* environment and would log in as a USER, thus protecting themselves from malicious software targetting their system.

Sure, they may lose personal files by running a nasty program someone emailed to them, but at least they won't become a botnet zombie machine that spams my inbox ALL-DAY-LONG.