Slashdot Mirror
Symantec Exec Warns Against Relying On Free Antivirus
thefickler writes "Clearly, the rise of free antivirus is starting to worry Symantec, with one of their top executives warning consumers not to rely on free antivirus software (including Microsoft's Security Essentials). 'If you are only relying on free antivirus to offer you protection in this modern age, you are not getting the protection you need to be able to stay clean and have a reasonable chance of avoiding identity theft,' said David Hall, a Product Manager for Symantec. According to Hall, there is a widening gap between people's understanding of what protection they need and the threats they're actually facing."
"IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attack their core system files. In some cases, this caused the machines to display the dreaded blue screen of death"
If there were any high-quality for-pay alternatives, I'd say he might have a point.
Unfortunately, most antivirus software sucks, with Symantec more or less epitomizing how good ideas on paper can turn into terrible/buggy/bloated security software that actually increases your exposure since it adds another node malicious code can attack. Symantec's argument-from-assertion notwithstanding, there doesn't seem to be any correlation between antivirus software being for-pay and higher quality.
From my experience, there's really bad antivirus software (such as Norton, which I have zero confidence in and would never let touch my machine), and slightly less bad antivirus software. What went wrong? Why does this industry suck so badly? Anyone have any insight?
except the one at www.virustotal.com when on rare occasion I encounter a suspicious file
Of course they say that. They are in the business of scaring people into buying their crap so they think they are safe -- when in actuality their vict^Wcostumers get pwned by exploitable holes in IE anydangway.
________
Entranced by anime since late summer 2001 and loving it ^_^
Free of free antivirus, paid antivirus and viruses, because I want my computer's CPU to do something useful.
Microsoft warns against free operating systems. "They're so inferior! Look at ours, it runs the London Stock Exchange...oh wait."
--
BMO
If Symantec's "security" security programs were worth a damn, the "free" products wouldn't stand a chance. So far, that hasn't been the case eh?
...Rob
The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
they would know since they are the major malware authors. Duh.
As the island of our knowledge grows, so does the shore of our ignorance.
During my windows time, I stopped using Norton because it was useless and bloated. In fact, anti-virus was the reason I ditch windows.
Math is beautiful... e^(pi*i)+1=0
If there choice were only: install Symantec or get a virus, then that's a really difficult choice. I'd be inclined to risk the virus, since Symantec invades and slows your system in a worse way than many infections.
Fortunately, there are many free anti-virus products that work better than Symantec. It's a no-brainer choice. Free is cheaper and better.
I have no understanding of how Symantec remains in business. There's something deeply wrong with that.
If I grew bananas, I would warn everyone that free bananas could be detrimental to their health. After all, consumers have no idea how hard it is to grow good bananas. Free bananas could leave them lacking in any number of impossible to define vitamins and minerals.
As a software author, I've found that free anti-virus, like Avira and Avast, pretty good, given my understanding of computers, email, spam, and security threats. Symantec are just creating FUD. I used to use Norton Security software, but found that it just slows down a Windows XP machine far too much, guesstimate 15 to 20%. The UI would take ages to load. Symantec might be good for the peons, but for experts the performance hit is too much. Expert users can find better, cheaper, and faster working solutions.
Dear Symantec,
The reason you are steadily losing market share has less to do with the availability of reasonably good antivirus software for free, and more to do with the staggeringly awful quality of your own products. Norton Internet Security was so completely terrible, that not only did it fail to stop critical attacks, but it slowed down systems more than the worst available spyware infections. Removing those spyware infections was also easier than removing your software, because the uninstaller would fail more often than it would function. I began to keep the latest version of the Symantec removal tool in my kit because it was better to assume the uninstall would fail, and not bother to use it. Until I managed to get a significant portion of my clients away from your products, they paid me to fix problems with your software more often than any other single product by a factor of 10. At this point, even if your company came out with the perfect security product, I would advise my clients not to buy it purely based on past experience, because you do not deserve their money.
In my experience (which is fixing other peoples Windows infested crap) the most reliable way of detecting a virus is to run from a Linux livecd.
Download clamav, then check the drive.
The reason I say it is better is because many virus/malware disable AV features in Windows so you can never be 100% sure - I know you can get clamwin but again some 'bad thing' could have disabled some it it's features...and linux allows you to write to folders that would be normally projected by the system (i know there is any obvious danger to this)
There has been at least 2 cases in the last month where a vista machine (one had norten and signed up to onecare,,,) which had av protection was not able to completely get rid of a trojan - even using clamwin - clamav in linux sorted it.
You know what is really a non-protection in AV? Products from large companies. No, really.
Malware is today routinely tested against the big players before it's leaving the door. More and more often, you also see protection against specific AV suits (Norton, McAfee, Kaspersky are amongst the top on that list), where the malware specifically tries to disable those AV suits or at least blocks updates.
Malware protecting against smaller players in the AV field is rare. Market dictates that. It does not pay to protect your malware against an AV suit the market share or which is less than 5 percent.
So, I essentially agree with him: MS Antivirus will offer ... well, let me say not the best protection, because EVERY piece of malware will be tested and hardened against it. But, and I guess Mr. Hall will not enjoy that, Symantec doesn't offer protection any better, because, since they're big enough with a big enough market share, they, too, are on the malware writer's radar.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I agree, all free antivirus sucks, so does all paid for software. However there is a magical amulet which will protect you from all computer attacks, I happen to be selling these items for a very reasonable price.
Enter "symantec" in google with google suggestion feature on and the first two results are "symantec antivirus" and "symantec removal tool"
...
On the other hand, I know plenty of people running active commercial anti-virus software that's been plagued with virii.
The reason?
1. No Awareness.
2. No Patching.
3. No Prudence.
4. Running Windows
There. Fixed that for you.
Worm/Virus are spread so fast these days, the AV software just can't catch up in time to prevent the infection and in quite a few cases, the Worm/Virus disables the AV software, making it more difficult (in some cases impossible) to remove the infection without booting to another OS (Live OS from a CD/USB Drive).
Except that spreading fast is nothing new. Most worms hit peak a few hours sooner than the average time it takes for the AV makers to create and push out a new profile.
That's why I use ClamWin for occasional scanning.
ClamWin, ClamAV are fine for remedial action. The best remedy, as in all things, is prevention and that can be accomplished by moving to systems that are resistant to malware. Here even the consumer unions fall flat on their faces and fail to mention the Linux distros. Most mainstream distros are years ahead of Windows as far as ease of use, maintenance and speed. The main weakness of real systems (non-M$) is that Web 2.0 script crap.
If someone wanted to make a really hardened desktop or netbook appliance, the following steps can be taken:
I wrote the word appliance above, because with extreme settings like that, you are not going to want to try to add, remove or radically reconfigure any packages.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
So what this means is that the McAfee antivirus is so thorough it even finds trojans and viruses that MS ships. Symantec's product manager is right!
Apple has "Mac vs PC", Microsoft has "Laptop Hunters", Linux has recession
A quick Google search shows Symantec products are not much different: Norton - From Symantec - Problems, Problems, Problems..
Or, Multiple serious problems with symantec endpoint 11 - Please help.
Or, Norton Internet Security 2009 has caused me problems. (Norton.com is owned by Symantec, of course.)
You know there are problems when Symantec provides a Removal Tool.
Symantec has cleaned up their performance and bloat issues in internet security 2009. I have some machines running Norton, some running McAfee, using freeware stuff like Spybot, AVG and NoScript as additional lines of defense. Norton is definitely faster and smaller than McAfee this year and doesn't put perceptible overhead on any of the machines where I have it installed, including the old Athlon single core. McAfee chews up a full core of a CPU for a minute or so when it installs updates and the full scan can take days.
The detection rates for both are still mediocre, but those vary from month to month and vendor to vendor so much that I accept anything in the 95-99% detection range. There are too many new threats to rely on reported detection rates that are more than a couple of months old. The only major vendor that I've completely ruled out for a while is CA, and a few years ago they had the best detection rates in the (pay) industry. Compensate for mediocre detection by multi-layer defenses: NoScript to prevent website attacks, Spybot to provide a cross-check against spyware (especially "commercial" spyware that commercial vendors turn a blind eye to) and so on.
On the other hand, the Symantec exec IS spreading FUD saying that the free stuff can't do the job. I just ignore that kind of crap, it's endemic to the industry. The main reason I pay for commercial products is convenience (all other things being equal on the quality front). The free stuff is either nagware that wants you to upgrade to a pay version or it isn't an integrated suite, so I have to monitor separate installations for Antivirus, Anti-spyware, Intrusion Detection, Firewall and so on.
We are the 198 proof..
And *that* is a crap statistic; it does nothing to describe the severities of the vulnerabilities, the vendor response, or the amount of time each was left unpatched. Who cares if FF had 184 vulnerabilities and IE 1, if the FF ones were hard to exploit and patched within a few days and the IE one was left open all year and readily attackable by script kiddies?
I don't think Norton is crying foul over loosing market share to freebie software. Free software gives you some protection which is better than nothing but its a lot like having a monkey instead of having a kid. Do you stay up with reviews on the latest graphics card and CPU benchmarks? Why wouldn't you do the same with software? Norton seams to be much faster and less bloated now days. Free AV software doesn't offer tech support and you dont get frequent virus definition updates. Norton gives you an update every 5 min. Nothing will completely protect you against everything. Users are delusional to believe this. Feel free to quote the fanboys law at anytime. Windows is the #1 target due to popularity. A few things you should have to stay "safe" - Practice safe browsing - Have real time virus protection - Robust Firewall - Password protect your password.. don't just let firefox save them for you. - Run a full scan once a week. - Don't use multiple virus scanners as they will conflict with each other. As an IT professional I'm just shocked by many of the previous comments. Do your home work.
I once wrote a program to allocate every byte of free memory and consume every CPU cycle and I got a cease and desist letter from Symantec. Apparently I was infringing on a patent in NAV...
Any insufficiently advanced magic is indistinguishable from technology.
Here's a problem with ESET's Nod32 discussed on March 9, 2009: NOD32 was deleting very critical and required Windows files.
."
... the gripe is that you can't opt out of this during the purchase. OneCare is the most difficult of the three to opt out of. In fact, you can't. Instead you must must cancel your subscription altogether by calling 866-663-2273."
The fundamental problem is that Microsoft makes more money if there are security problems in Windows.
OpenBSD doesn't require anti-virus and anti-spyware programs partly because it was written to be secure. Apple's Mac OS X is based on BSD, and users rarely have problems with that operating system being insecure.
Amazingly, Microsoft is not only supplying insecure software, it is charging for programs to fix the insecurities!!! See Windows Live OneCare.
Microsoft charges Microsoft Windows users $50 for software to fix problems in Windows! Windows Live OneCare has "Antivirus and antispyware all in one". More: "Two-way firewall helps stop hackers in their tracks". Hmmm, Microsoft, if Windows needs a "Two-way firewall", and it certainly does, why do you supply a one-way firewall with Windows???
See Windows Live OneCare Gripes. Quote: "Create the problem, then charge people money to solve it." Another quote: "Why should Microsoft profit from the plague of viruses and Spyware? Shouldn't it have designed Windows better to begin with? And if it has indeed found a way to protect Windows, isn't it a tad exploitative to charge for it? Microsoft has no convincing answer for these questions . .
Another quote: "McAfee, Symantec and Microsoft (with Windows Live OneCare) all set your credit card up for automatic renewals when you purchase their security software on-line.
To me, it seems like this: Testing... Testing... How much abuse will computer users accept?
If you make a product and then make a new version how can the new version freakout and break because you once had the older version made by the same company?
That's a pretty easy question. You skip the regression testing phase. Or maybe they trusted the OS too much, moved a function from one dll to another, changed how the function worked, and forgot to have the update script remove the dll from the OS. If the program gets the invalid response from the older function, it might cause problems. Anyway you work this, it all comes down to them not testing enough.
Symantec is worried about Microsoft Security Essentials and not other third party vendors offering free solutions. Most of those vendors offering free options also offer subscription based models as well. Even Symantec offers a free scanning tool.
The concern about MSSE is because with this tool there will be no real need to install a third party solution at all. The Windows Firewall is just as good, if not better than vendor solutions. Security Essentials is in the same playing field scoring good on detection and removal and very good on real time detection and prevention. The other tools such as disk defrag, registry defrag, and backup utilities aren't needed from security vendors. These are either built in to Windows or there are free solutions such as CCleaner that render this fluff in security suites a no-seller. This is why Symantec is starting their early marketing campaign. I expect to see other vendors jump in on this as well.
Don't think of it as a flame, more like an argument that does 3d6 fire damage.
Antivirus software would be required on WHATEVER was the popular platform, because not being able to run code makes a computer worthless and sheeple can easily be tricked into running bad code.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I used Norton Antivirus for a while (made by Symantec).
number of times it stopped me from getting a virus: 1
Number of false positives: 7 (security tools and a Y2K joke program)
Number of times it screwed up my computer: 2 (Once randomly and once when I went to uninstall that piece of crap)
honestly Id be better off with no protection than with their product.
All misspellings and grammatical errors in the above post are intentional and part of my artistic expression.
It's been getting harder and harder for me to distinguish Symantec and McAfee software from malware.
I personally am very vocal about my hate of purchased anti-viruses for end users.
Most of the home user computers I've seen use some kind of outdated anti-virus technology that wasn't updated in ages. They purchase the computer, they got a 90 days free AV deal, then weeks before it ends up, they are asked to subscribe to this crap for some kind of amount, they say "later", next reboot "later", next reboot "later", next reboot GAAAH "never! there!", and they are stuck with that piece of crap that slows down their computer than gives them a false impression of security "because they got Norton installed", even if they totally forgot they even had to subscribe.
Even worse are the computers with some outdated version of the software that isn't even updated anymore, like they got this 3 year old version of (example) Symantec they purchased, asked for the year update, then got a message about that brand new (shiny) version with more features. They said no because they aren't doing anything fancy with their computers. Now they are stuck with some 3 year old solution that isn't updated anymore. How appropriate.
So my suggestion for all the computer users: don't use a bundled anti-virus unless you get explained what's the deal pay their due diligence everytime they are asking for it. Then, they are very good (usually vastly superior) products. -- Instead, use some free anti-virus, like AVG, that will automatically update everyday, and won't become outdated, and you won't have a popup message asking for money or else... Use spybot for the lesser evils. There, you are free of pains.
Rather than advocating a specific anti-virus product, I feel that the question is how do you know you need anti-virus. I would recommend choosing two anti-virus product and keep them up to date for the shortest subscription period allowed. During this time, work as usual, and take note of any virus alert you get, and how that happens. Get rid of one of the anti-virus that doesn't appear to be as effective (and recommend the remaining one to other people). Also adjust your computer using habit until you get no virus alerts. Then make sure you keep your habit within the confines of rules you find working well for you, so you don't get virus alert. Then get rid of the anti-virus software altogether.
I regard anti-virus software as some sort of potty training. You only need it until you find out what behavior will get you into trouble.
I once had a signature.
Exactly. Isn't this just like a wolf warning that the chicken coop should have a free and open society with no fences?
Or to put it another way: Is there any answer that you're going to give that doesn't recommend I spend dump trucks full of cash at your company?
There's no place like
Symantec is taking a page right out of the republican/democrat "anti (not for profit) universal health care" hand book. Instead of having universal single payer health care that would cover us all, for the good of man kind... the special interest groups are spreading FUD because they would lose profit and power.
Same thing with Symantec. They would have you believe that Free AV would destroy humanity itself and leave you unprotected. Symantec would have you believe that only they can protect you properly.
The reality is free AV will help prevent the spread of virii thanks to more people having anti virus software.
Apparently Symantec doesnt really care about protecting users... they just want a profit.
They "sell" over 125 'security products'. Not including the other 30 Altiris downloads, and likely others.
Personally I have little faith that Symantec can securely maintain their insanely fragmented product lines.
And they all look so good... I do wonder how a business/server would run if every single applicable one was installed.
Maybe its because Linux and BSD aren't popular platforms for most home users. OSX is 8% - which is large, but considering the rest of that is Windows (most people pin Linux at around 1% on the desktop it seems).
Even then - there are viruses for the Mac
There's also plenty of evidence to suggest OSX really isn't all that secure.
One of my clients bought a new Dell Inspiron notebook with an integrated Verizon cellular card. He wound up needing my help getting the Verizon card set up, because every time he ran the Dell utility to manage the card, it just hour-glassed the PC for about 30 seconds, and finally returned an error message about being unable to connect to one of its components.
I fought and fought with it, checking to see if the cellular card might be disabled at the BIOS level, or if a Windows service was incorrectly set to "disabled" or something.... nope.
I finally gave up and called Dell tech support, to see if they knew anything about the issue. The tech had no clue, other than suggesting steps I already tried, and seeing if I could launch the configuration program from the START menu, as opposed to from its system tray icon (same result).
Then, on a "shot in the dark" troubleshooting step, I did a full uninstall of the McAfee Security Suite provided with the machine (with 1 year subscription). That did the trick! McAfee was blocking the cellular card utility from launching, despite its firewall not even listing it as a blocked executable or anything! Nice.....
Your facts are so bizzarely wrong its hilarious.
OneCare has been discontinued. The scanning engine it was based on, along with definition updates, are now available free. If you'd even bothered to read *anything* about the product related to this article, you'd know that.
Windows does ship with a two-way firewall, and it's remarkably powerful and versatile. OneCare was basically a giant patch for those fools still running an 8-year-old OS.
"designed Windows better..." You can't fix stupid. The OS itself is pretty damn secure these days, much more so than (for example) OS X - see the Pwn2Own contests and the competitor's comments for an interesting case study. Actually exploiting Windows pretty much requires third-party software, and even then you have to deal with security features that no other os *except* OpenBSD has fully implemented (DEP, ASLR, etc.). What most malware for Windows (and usually for other platforms too) is, these days, is Trojans. Not a lot your OS can do to protect you from those. See the Dancing Pigs (or Bunnies) Problem. Pop up a warning dialog? Users will click right through it. Make them run as non-Administrators? They'll gain whatever rights the program says it needs (in the case of Trojan-infected installers, you would probably need admin rights anyhow). Antivirus provides only a very small amount of protection against this, but I suppose if you're going to have that kind of person online anyhow they should have that protection. If a company wants to charge more to protect against that stupidity, though, I don't see that as being so evil.
There's no place I could be, since I've found Serenity...
An executive warning against the lower priced and free products of competitors is not surprising to anyone. As one who has been paid to REMOVE Symantec products from customer machines because of the huge performance hit I do not havegood comments to say about the actual security products. I do use AVAST and find that it works really well. My own belief continues to be that the best defenses against the bad guys are to avoid working as an Administrator and to use THE HUMAN BRAIN to avoid opening unsolicited/unexpected attachments. Using Firefox and Linus helps also. Speaking of Linux and other open source platforms.... In spite of all of the real good Microsoft has produced in the software realm I am a firm believer that they should focus on creating SOFTWARE and leave platform development in terms of servers and clients to community efforts. If a virus/malware author attacks Windows then we are dependent on Microsoft and Vendors like Symantec to develop solutions. If there is an attack against Linus, for instance, the author is instantly outnumbered and outclassed by the army of community talent which would act to stop them. On my Windows XP system, NO ONE including me runs as Admin. NO ONE is allowed to use Internet Explorer until I observe better security against Malware. NO ONE is allowed to download or open any email attachments which are unexpected or are programs without consulting me first. On my Linux system I have almost nothing to worry about......
Fuck you Symantec.
Your shit is just as bad as the free stuff. It gives me a false sense of hope, makes me feel I'm safe when I'm not.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Symantec Exec to board members: "Holy underwear! Free Antivirus! From Microsoft! We have to protect our phoney baloney jobs here, gentlemen! We must do something about this immediately! Immediately! Immediately! Harrumph! Harrumph! Harrumph!
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith