Symantec Exec Warns Against Relying On Free Antivirus

thefickler writes "Clearly, the rise of free antivirus is starting to worry Symantec, with one of their top executives warning consumers not to rely on free antivirus software (including Microsoft's Security Essentials). 'If you are only relying on free antivirus to offer you protection in this modern age, you are not getting the protection you need to be able to stay clean and have a reasonable chance of avoiding identity theft,' said David Hall, a Product Manager for Symantec. According to Hall, there is a widening gap between people's understanding of what protection they need and the threats they're actually facing."

Anything is better than Norton

[Zaphod-AVA]

Dear Symantec,

The reason you are steadily losing market share has less to do with the availability of reasonably good antivirus software for free, and more to do with the staggeringly awful quality of your own products. Norton Internet Security was so completely terrible, that not only did it fail to stop critical attacks, but it slowed down systems more than the worst available spyware infections. Removing those spyware infections was also easier than removing your software, because the uninstaller would fail more often than it would function. I began to keep the latest version of the Symantec removal tool in my kit because it was better to assume the uninstall would fail, and not bother to use it. Until I managed to get a significant portion of my clients away from your products, they paid me to fix problems with your software more often than any other single product by a factor of 10. At this point, even if your company came out with the perfect security product, I would advise my clients not to buy it purely based on past experience, because you do not deserve their money.

Re:Symantec is saying this?

[Zedrick]

Different on different markets I guess. Here in Sweden I see TV-commercials for NOD32 all the time. Assuming you're from the US, I guess they might be focusing on the EU market?

Re:Symantec is saying this?

[TheReaperD]

look for an unbiased neutral party.

Unfortunately, these have become hard to find in our pay to play economy. And being able to tell who is a good unbiased source of information is a monumental challenge. So far, the only thing that seems to be for sure is that the louder and more often someone says that they are unbiased and neutral the less they are. I would throw out some names and advertising slogans but, I'm not wearing my flame-proof underwear (AC).

Re:Predictable much?

[hairyfeet]

And you just hit right on the head the biggest security measure you can do-get them off IE! I have found by getting them off IE, either with FF, Seamonkey(the older folks seem to prefer its Netscape style layout to FF), Kmeleon(for older machines) or Flock(for those into social networking) the rate of infection goes WAY down with my users.

The second biggest security advice I can give is don't make your users think. I have Comodo set to auto scan nightly based on their usage patterns, Spybot set to do the same, Foxit does its own updates, Windows set to autoupdate, etc. I have found that by relying on the user as little as possible it helps to keep the system up to date and less of a target. Relying on the user is how so many end up with a four year old out of date Symantec "product" as the only AV on a users machine.

But I personally think it is funny that the head of Symantec is warning about free AVs, when oftentimes his "product" will drag a machine to its knees worse than any malware infection! When I hand the customer a box that previously had Symantec their machine with something like Comodo installed the first thing they comment on is how much faster their machine is, which is kinda sad, as once upon a time (during the days of DOS and Win9X) Norton was a sign of quality. But like most things Symantec touches Norton turned to crap. BTW, is there any product the Symantec bought that hasn't turned to crap?

Not QUITE right

[Opportunist]

You know what is really a non-protection in AV? Products from large companies. No, really.

Malware is today routinely tested against the big players before it's leaving the door. More and more often, you also see protection against specific AV suits (Norton, McAfee, Kaspersky are amongst the top on that list), where the malware specifically tries to disable those AV suits or at least blocks updates.

Malware protecting against smaller players in the AV field is rare. Market dictates that. It does not pay to protect your malware against an AV suit the market share or which is less than 5 percent.

So, I essentially agree with him: MS Antivirus will offer ... well, let me say not the best protection, because EVERY piece of malware will be tested and hardened against it. But, and I guess Mr. Hall will not enjoy that, Symantec doesn't offer protection any better, because, since they're big enough with a big enough market share, they, too, are on the malware writer's radar.

Re:Symantec is saying this?

[S77IM]

It's not just AV software. The entire software industry operates this way.

1. Shovel feature-rich bug-ware onto unsuspecting schlubs to build "brand" (especially in the enterprise/IT market where the person purchasing the software is often not the person who has to use it, so they make decisions based on feature list and brand name rather than quality)
2. Wait for hobbyists, researchers, or smaller companies to figure out how to do it right
3. Buy their companies
4. Repeat

Remember when Norton was actually decent? It was before Symantec bought them. After the acquisition, Symantec went back to Step 1 and gradually bloated and encrapified the antivirus. Now they are on Step 2. I wouldn't be surprised if they bought up someone like TrendMicro soon, spouting promises of a glorious and euphoria-inducing Norton/PC-cillin integration.

  -- 77IM

Re:Symantec products are apparently the same.

[sqlrob]

You don't want the uninstaller resident, that's a point of weakness for attack.

Re:Symantec products are apparently the same.

[IICV]

Most of those posts aren't current, but let me assure you that Symantec Endpoint Protection still does this shit.

We use it at work, and I've discovered the suite does something really retarded:
There's a part of it they call "network threat protection"; because of the overblown name, it took me a bit of googling to figure out that the thing is literally nothing more than a cheap little firewall. However, unlike real firewalls, if you do something it doesn't like - run the FTP client that comes with Windows, run the Windows wget binary, try to install a program over the network, try to use certain software - it will crash. And when it crashes, it will take down the entire Windows network stack. And when the Windows network stack goes down, the computer becomes unusable and you have to cut the power.

Note that this isn't some sort of retarded blocking behavior; although NTP is installed, the traffic rules are set to basically "block two or three inconsequential things, allow otherwise". We ended up having to uninstall it on the computers of the people who were most affected.

Re:McAfee false-positive glitch fells PCs worldwid

[muridae]

If you make a product and then make a new version how can the new version freakout and break because you once had the older version made by the same company?

That's a pretty easy question. You skip the regression testing phase. Or maybe they trusted the OS too much, moved a function from one dll to another, changed how the function worked, and forgot to have the update script remove the dll from the OS. If the program gets the invalid response from the older function, it might cause problems. Anyway you work this, it all comes down to them not testing enough.

Re:Don't Worry

[darkpixel2k]

Exactly. Isn't this just like a wolf warning that the chicken coop should have a free and open society with no fences?

Or to put it another way: Is there any answer that you're going to give that doesn't recommend I spend dump trucks full of cash at your company?

Re:How do you know you need anti-virus?

[donaldm]

I don't need anti-virus because I use Linux (Ubuntu, Puppy, PCLinuxOS)! "Malware", Virus, Worms, Trojans, etc., do not effect my PCs.

I run Linux as well, however what you just said applies to a Linux user not running as root. Unfortunately many people I know who should know better are quite happy logging in as root and this can lead to issues not unlike those affecting a Microsoft OS. All machines I set-up or even manage are set-up such that you cannot login as root either via telnet (now depreciated) or ssh. Of course that won't stop people logging in as root on the console in the case of a personal computer or workstation.

From personal experience Linux in the enterprise requires Anti Virus protection at least for those machines that are internet facing not because Linux is actually affected by mall-ware associated with Microsoft OS's and applications but because you need to protect any Microsoft products that may connect to the Linux machines. It has never ceased to amaze me that many businesses see this as normal and it is utterly pointless to try an explain to them what is wrong with this picture.