Symantec Exec Warns Against Relying On Free Antivirus 459
thefickler writes "Clearly, the rise of free antivirus is starting to worry Symantec, with one of their top executives warning consumers not to rely on free antivirus software (including Microsoft's Security Essentials). 'If you are only relying on free antivirus to offer you protection in this modern age, you are not getting the protection you need to be able to stay clean and have a reasonable chance of avoiding identity theft,' said David Hall, a Product Manager for Symantec. According to Hall, there is a widening gap between people's understanding of what protection they need and the threats they're actually facing."
Bloated (Score:3, Interesting)
Anything is better than Norton (Score:5, Interesting)
Dear Symantec,
The reason you are steadily losing market share has less to do with the availability of reasonably good antivirus software for free, and more to do with the staggeringly awful quality of your own products. Norton Internet Security was so completely terrible, that not only did it fail to stop critical attacks, but it slowed down systems more than the worst available spyware infections. Removing those spyware infections was also easier than removing your software, because the uninstaller would fail more often than it would function. I began to keep the latest version of the Symantec removal tool in my kit because it was better to assume the uninstall would fail, and not bother to use it. Until I managed to get a significant portion of my clients away from your products, they paid me to fix problems with your software more often than any other single product by a factor of 10. At this point, even if your company came out with the perfect security product, I would advise my clients not to buy it purely based on past experience, because you do not deserve their money.
Re:Rock and hard place (Score:4, Interesting)
I can explain that to you. It's called a delusional dominant reality.
If you act as if you were the godking of antivirus, you will start to ignore your flaws. If you then are so strong in that belief, that you pull others into it, they will start to ignore them too.
As you might imagine, this is quite easy with the uninformed masses, who never have seen anything else.
I mean that "Dr. Norton" with his white doctor coat, his cool name, and all this... He looks so sure of himself. And others have it too. So it must be good. Ever if it is bad there, and there, and there, and there, etc.
It's the same thing that makes you believe a medical doctor actually had any more competence than a better pharmacist. And him stating "there is no cure" except of "I did not go to a further training for the last three decades, and just don't know a cure, but there might be one, and we still have to find it", does not help it. (This is his delusional dominant reality in action.)
It is also the thing that can make you good at dating, pickup, etc. (Don't hear to the Mistery method losers and their a million and one imitators. That stuff is outdated for at least a decade now.)
Re:Be Afraid! Buy Our Product! (Score:2, Interesting)
You are mixing stuff. On Windows, ClamAV is the only OSS solution, and it doesn't (yet) have decent support for on-access scanning (It is possible to use WinPooch to do it, but WinPooch is unmaintained and not compatible with Vista or XP SP3). This is mostly because the developers of ClamAV are more focused on using it for server side email scanning and so forth.
So sure, an OSS solution for on-access scanning on workstations would be attractive for lots of reasons, but there isn't one right now, so it doesn't really matter.
Re:Symantec is saying this? (Score:5, Interesting)
Re:Symantec is saying this? (Score:5, Interesting)
look for an unbiased neutral party.
Unfortunately, these have become hard to find in our pay to play economy. And being able to tell who is a good unbiased source of information is a monumental challenge. So far, the only thing that seems to be for sure is that the louder and more often someone says that they are unbiased and neutral the less they are. I would throw out some names and advertising slogans but, I'm not wearing my flame-proof underwear (AC).
Re:Meh (Score:3, Interesting)
Re:Anything is better than Norton (Score:3, Interesting)
I loved how Norton Internet Security would *DISABLE* windows firewall when you uninstall their Norton shit
Comment removed (Score:5, Interesting)
Re:Symantec is saying this? (Score:4, Interesting)
+1 for NOD32.
Best combo of fast and accurate out there.
I will say that turning off "scan on write" on older computers in any virus engine often gives a great speed boost, NOD32 included. I have found that speed/security tradeoff to be worth it, as files are still scanned on read, and on scheduled full scans.
Not QUITE right (Score:5, Interesting)
You know what is really a non-protection in AV? Products from large companies. No, really.
Malware is today routinely tested against the big players before it's leaving the door. More and more often, you also see protection against specific AV suits (Norton, McAfee, Kaspersky are amongst the top on that list), where the malware specifically tries to disable those AV suits or at least blocks updates.
Malware protecting against smaller players in the AV field is rare. Market dictates that. It does not pay to protect your malware against an AV suit the market share or which is less than 5 percent.
So, I essentially agree with him: MS Antivirus will offer ... well, let me say not the best protection, because EVERY piece of malware will be tested and hardened against it. But, and I guess Mr. Hall will not enjoy that, Symantec doesn't offer protection any better, because, since they're big enough with a big enough market share, they, too, are on the malware writer's radar.
Re:Anything is better than Norton (Score:2, Interesting)
Re:Of course... (Score:3, Interesting)
W^X (Score:4, Interesting)
...
On the other hand, I know plenty of people running active commercial anti-virus software that's been plagued with virii.
The reason?
1. No Awareness.
2. No Patching.
3. No Prudence.
4. Running Windows
There. Fixed that for you.
Worm/Virus are spread so fast these days, the AV software just can't catch up in time to prevent the infection and in quite a few cases, the Worm/Virus disables the AV software, making it more difficult (in some cases impossible) to remove the infection without booting to another OS (Live OS from a CD/USB Drive).
Except that spreading fast is nothing new. Most worms hit peak a few hours sooner than the average time it takes for the AV makers to create and push out a new profile.
That's why I use ClamWin for occasional scanning.
ClamWin, ClamAV are fine for remedial action. The best remedy, as in all things, is prevention and that can be accomplished by moving to systems that are resistant to malware. Here even the consumer unions fall flat on their faces and fail to mention the Linux distros. Most mainstream distros are years ahead of Windows as far as ease of use, maintenance and speed. The main weakness of real systems (non-M$) is that Web 2.0 script crap.
If someone wanted to make a really hardened desktop or netbook appliance, the following steps can be taken:
I wrote the word appliance above, because with extreme settings like that, you are not going to want to try to add, remove or radically reconfigure any packages.
Re:Symantec is saying this? (Score:5, Interesting)
It's not just AV software. The entire software industry operates this way.
1. Shovel feature-rich bug-ware onto unsuspecting schlubs to build "brand" (especially in the enterprise/IT market where the person purchasing the software is often not the person who has to use it, so they make decisions based on feature list and brand name rather than quality)
2. Wait for hobbyists, researchers, or smaller companies to figure out how to do it right
3. Buy their companies
4. Repeat
Remember when Norton was actually decent? It was before Symantec bought them. After the acquisition, Symantec went back to Step 1 and gradually bloated and encrapified the antivirus. Now they are on Step 2. I wouldn't be surprised if they bought up someone like TrendMicro soon, spouting promises of a glorious and euphoria-inducing Norton/PC-cillin integration.
-- 77IM
Re:Predictable much? (Score:3, Interesting)
And you just hit right on the head the biggest security measure you can do-get them off IE!
What - precisely - are the problems you see with IE 8?
Firefox has not been proven immune to attack. Security Advisories for Firefox 3.0 [mozilla.org]
Is the technology of the browser still the most significant line of attack?
Does IE 8 Equal Safer Surfing? [itsecurity.com]
Re:Symantec products are apparently the same. (Score:5, Interesting)
You don't want the uninstaller resident, that's a point of weakness for attack.
Re:Lies, damned lies, and statistics (Score:3, Interesting)
But in almost every severe case of a worm or trojan infecting Windows, at least ones that got large enough to gain media attention (Code Red, Blaster, Storm)--the vendor had a patch out that was available long before the worms existed.
This is proven and very well known. Even Storm's exploit was fixed in October of 2008, many months before the botnet gained media attention.
There are Windows installation methods and procedures that people on Windows forums tend to follow that make it significantly easier to exploit Windows even though they think they are doing other users a service.
It comes down to the fact that:
A. Any notable worm or trojan has generally used exploits where a patch was already available.
B. IE7/8 (and Chrome) under Vista/7 operate under a low security level which limits the potential impact of any known or unknown trojan or exploit. Safari, Opera, nor Firefox (even 3.5) voluntarily reduce themselves to a low security level.
C. All of the products have reasonable update standards. While Microsoft generally waits until Patch Tuesday to fix flaws (unless a severely critical flaw with known malware using it is running wild), each product does update itself automatically. Read my above statement regarding what people think they are doing "for the good of the PC" to see why there might be more to this particular point.
Re:Symantec products are apparently the same. (Score:5, Interesting)
Most of those posts aren't current, but let me assure you that Symantec Endpoint Protection still does this shit.
We use it at work, and I've discovered the suite does something really retarded:
There's a part of it they call "network threat protection"; because of the overblown name, it took me a bit of googling to figure out that the thing is literally nothing more than a cheap little firewall. However, unlike real firewalls, if you do something it doesn't like - run the FTP client that comes with Windows, run the Windows wget binary, try to install a program over the network, try to use certain software - it will crash. And when it crashes, it will take down the entire Windows network stack. And when the Windows network stack goes down, the computer becomes unusable and you have to cut the power.
Note that this isn't some sort of retarded blocking behavior; although NTP is installed, the traffic rules are set to basically "block two or three inconsequential things, allow otherwise". We ended up having to uninstall it on the computers of the people who were most affected.
Re:Symantec products are apparently the same. (Score:2, Interesting)
Unless, of course, you make the antivirus itself pop up a simple "Yes/No" dialog when its attempted to be uninstalled, warning that malware could be the one behind it. That's what Avast! did last time I uninstalled it, its simple, efficient, and the antivirus app doesn't get classified by *me* as malware unlike dear old Norton.
Re:McAfee false-positive glitch fells PCs worldwid (Score:5, Interesting)
If you make a product and then make a new version how can the new version freakout and break because you once had the older version made by the same company?
That's a pretty easy question. You skip the regression testing phase. Or maybe they trusted the OS too much, moved a function from one dll to another, changed how the function worked, and forgot to have the update script remove the dll from the OS. If the program gets the invalid response from the older function, it might cause problems. Anyway you work this, it all comes down to them not testing enough.
Re:Not QUITE right (Score:2, Interesting)
Re:Predictable much? (Score:1, Interesting)
IE has a pretty bad security track record. It may be that Microsoft is getting better at security... but anyone who has had to clean up a PC infected simply due to running IE6 is going to be a bit hesitant to trust anything labeled IE.
Chrome has similar anti-phishing features to the ones listed. Also, IE is the most popular browser on any survey I have seen, so switching means switching to a minority, which will be a less appealing target: FF's security isn't wonderful -- it seems to be more based on fast responses to bugs rather than wonderfully good code -- but when it had less than 10% of the browser market, no one bothered to attack it. Even though those other browsers may be vulnerable to some of the same exploits due to sharing code with Firefox or Chrome, very few, if any, attackers are going to make a, say, Flock version of their exploit if it takes more time for almost no gain.
There is also the unrelated point that a lot of people (well, probably mostly web developers) are against users using IE as Microsoft is still dragging their heels on web standards.
Re:Symantec is saying this? (Score:3, Interesting)
Yes it is better than older versions but .... you're doing it wrong
download and run this - http://secunia.com/vulnerability_scanning/personal/ [secunia.com]
It will tell you what programs you need to update. It will tell you every 1 to 3 days that you have a problem with Word, Excel, IE, Flash, Adobe Acrobat, etc, etc and really need to download the update from which ever companies website. It's made me decide to switch to Linux just out of shear annoyance... It's really funny how the update programs that litter my process list don't tell me this information for at least 1 to 4 weeks as I'd really like to know sooner... Can a brother get a damn RSS feed or something?
More than likely all of the above apply; Your mom is using IE, has an old version of Flash, Java, and Shockwave installed or has malware installed that is not detected yet. If you or your mom like the War3z then you more than likely have something not detected. A lot of stuff doesn't get added for a long long time when it doesn't break anything.
Re:Predictable much? (Score:3, Interesting)
Here's their problem - the malware/virus guys have been working against their products for so long now, they KNOW how they work, and with the level of embededness these programs have in the operating system, the m/v guys have figured out now all they have to do is exploit the security software - they can handily shut it off while making it appear to the user it is still on ... ahem... and do what they want. Having cleaned some very nasty stuff off of both Symantec's and McAfee's premiere CONSUMER products that were up to date and "working" it really makes you wonder just wtf! Of course this make the clients REALLY angry when you tell them the product they just bought/"LICENSED" for 2 more years at a DISCOUNT price of $80 a piece of crap and allowed the miscreant malware to molest their system. Why oh why do they NEVER call the company they just paid for support - because the AV Corp tells them TO GO ONLINE AND FOLLOW THE INSTRUCTIONS ON THEIR WEBSITE - in most cases the sites are blocked ... aaaaaaaaaaaaaaaaaaaaaaaaaaahahahahaah. /faceplant on desktop/
Why I hate bundled AV (Score:3, Interesting)
I personally am very vocal about my hate of purchased anti-viruses for end users.
Most of the home user computers I've seen use some kind of outdated anti-virus technology that wasn't updated in ages. They purchase the computer, they got a 90 days free AV deal, then weeks before it ends up, they are asked to subscribe to this crap for some kind of amount, they say "later", next reboot "later", next reboot "later", next reboot GAAAH "never! there!", and they are stuck with that piece of crap that slows down their computer than gives them a false impression of security "because they got Norton installed", even if they totally forgot they even had to subscribe.
Even worse are the computers with some outdated version of the software that isn't even updated anymore, like they got this 3 year old version of (example) Symantec they purchased, asked for the year update, then got a message about that brand new (shiny) version with more features. They said no because they aren't doing anything fancy with their computers. Now they are stuck with some 3 year old solution that isn't updated anymore. How appropriate.
So my suggestion for all the computer users: don't use a bundled anti-virus unless you get explained what's the deal pay their due diligence everytime they are asking for it. Then, they are very good (usually vastly superior) products. -- Instead, use some free anti-virus, like AVG, that will automatically update everyday, and won't become outdated, and you won't have a popup message asking for money or else... Use spybot for the lesser evils. There, you are free of pains.
Re:Don't Worry (Score:5, Interesting)
Exactly. Isn't this just like a wolf warning that the chicken coop should have a free and open society with no fences?
Or to put it another way: Is there any answer that you're going to give that doesn't recommend I spend dump trucks full of cash at your company?
No they're not, all 125+ Are different...mostly? (Score:2, Interesting)
Personally I have little faith that Symantec can securely maintain their insanely fragmented product lines.
And they all look so good... I do wonder how a business/server would run if every single applicable one was installed.
My latest fiasco with commercial anti-virus .... (Score:4, Interesting)
One of my clients bought a new Dell Inspiron notebook with an integrated Verizon cellular card. He wound up needing my help getting the Verizon card set up, because every time he ran the Dell utility to manage the card, it just hour-glassed the PC for about 30 seconds, and finally returned an error message about being unable to connect to one of its components.
I fought and fought with it, checking to see if the cellular card might be disabled at the BIOS level, or if a Windows service was incorrectly set to "disabled" or something.... nope.
I finally gave up and called Dell tech support, to see if they knew anything about the issue. The tech had no clue, other than suggesting steps I already tried, and seeing if I could launch the configuration program from the START menu, as opposed to from its system tray icon (same result).
Then, on a "shot in the dark" troubleshooting step, I did a full uninstall of the McAfee Security Suite provided with the machine (with 1 year subscription). That did the trick! McAfee was blocking the cellular card utility from launching, despite its firewall not even listing it as a blocked executable or anything! Nice.....
Re:The fundamental problem is sloppy code in Windo (Score:4, Interesting)
Your facts are so bizzarely wrong its hilarious.
OneCare has been discontinued. The scanning engine it was based on, along with definition updates, are now available free. If you'd even bothered to read *anything* about the product related to this article, you'd know that.
Windows does ship with a two-way firewall, and it's remarkably powerful and versatile. OneCare was basically a giant patch for those fools still running an 8-year-old OS.
"designed Windows better..." You can't fix stupid. The OS itself is pretty damn secure these days, much more so than (for example) OS X - see the Pwn2Own contests and the competitor's comments for an interesting case study. Actually exploiting Windows pretty much requires third-party software, and even then you have to deal with security features that no other os *except* OpenBSD has fully implemented (DEP, ASLR, etc.). What most malware for Windows (and usually for other platforms too) is, these days, is Trojans. Not a lot your OS can do to protect you from those. See the Dancing Pigs [wikipedia.org] (or Bunnies [msdn.com]) Problem. Pop up a warning dialog? Users will click right through it. Make them run as non-Administrators? They'll gain whatever rights the program says it needs (in the case of Trojan-infected installers, you would probably need admin rights anyhow). Antivirus provides only a very small amount of protection against this, but I suppose if you're going to have that kind of person online anyhow they should have that protection. If a company wants to charge more to protect against that stupidity, though, I don't see that as being so evil.
The Unfortunate Truth? (Score:2, Interesting)
Re:McAfee false-positive glitch fells PCs worldwid (Score:3, Interesting)
Symantec Exec to board members: "Holy underwear! Free Antivirus! From Microsoft! We have to protect our phoney baloney jobs here, gentlemen! We must do something about this immediately! Immediately! Immediately! Harrumph! Harrumph! Harrumph!
Re:How do you know you need anti-virus? (Score:5, Interesting)
I don't need anti-virus because I use Linux (Ubuntu, Puppy, PCLinuxOS)! "Malware", Virus, Worms, Trojans, etc., do not effect my PCs.
I run Linux as well, however what you just said applies to a Linux user not running as root. Unfortunately many people I know who should know better are quite happy logging in as root and this can lead to issues not unlike those affecting a Microsoft OS. All machines I set-up or even manage are set-up such that you cannot login as root either via telnet (now depreciated) or ssh. Of course that won't stop people logging in as root on the console in the case of a personal computer or workstation.
From personal experience Linux in the enterprise requires Anti Virus protection at least for those machines that are internet facing not because Linux is actually affected by mall-ware associated with Microsoft OS's and applications but because you need to protect any Microsoft products that may connect to the Linux machines. It has never ceased to amaze me that many businesses see this as normal and it is utterly pointless to try an explain to them what is wrong with this picture.