I uninstalled SAV 10, and ran the SAV 9 version of no nav to get rid of any other odd remnants. I’d already run the windows installer cleanup utility. After a reboot and a new install, SAV 10 is working fine now. I’m running a “quick” scan. Its using 87 MB of ram. :0 Hopefully that does down once the scan is done. I have found on other systems SAV 10 seems to gobble up 30-35 MB.
Archive for August 2005
ARGH! SAV 10
I tried an upgrade on my desktop this evening to Symantec Antivirus Corporate Edition version 10.0.1.1000. The computer went into a perpetual reboot loop.
The errors I’ve dug out of the log dont really match anything. It could be the Adaptic Easy CD creater bug mentioned in the Symantec tech support site, or it could a kernel memory issue. I managed to stop the reboot loop by going into safe mode and disabling some SAV services. I think tomorrow I’ll see if I can get a newer copy of nonav and remove all remnents of SAV from the system and try again.
Symantec Antivirus 9 Privilege Escalation
Symantec has reported a privilege escalation vulnerability in Symantec Antivirus 9, 9.0.1, and 9.0.2 as well as Symantec Client Security 2.0, 2.0.1, 2.0.2. The solution is to upgrade to MR3 or later.
Webroot 2.5 update notes
Spy Sweeper Enterprise 2.5 is currenntly available for new installations only. They say they will be releasing an upgrade package for current customers “shortly.”
Just as well, I’ve got some other things to be working on anyway.
Earthlink acquires assets of aluria
Another bit of news from Donna’s security flash. Earthlink has picked up the assets of Aluria software.
Aluria is a small company from Lake Mary Florida. That’s just north of Orlando, so I know the area a bit from my time down there. Although Aluria’s consumere product has been highly rated, I was never high on them. I seem to recall some controversy about them whitelisting whenu.
Doesn’t Aluria currently provide the antispyware functionality in the AOL Security Edition? Also I believe that Webroot had been providing Earthlink’s antispyware capability. Interesting changes, hmmm.
I figured after Pestpatrol got bought by CA that two things would happen: 1) Pestpatrol would no longer be highly rated. 2) There would be more consolidation as the major companies try to buy into the antispyware market.
Webroot Spysweeper Enterprise 2.5 Update Released
I saw over on Donna’s Securityflash that Webroot has put out a press release that their enterprise version 2.5 is now available. I’m sure as a customer, they’ll let me know this sooner or later. 
Actually there is a “news” page within the product, so I would probably have learned this next time I opened the admin console.
http://www.webroot.com/resources/archive/pr/2005/aug/ssenterprise2-5.html
Sounds like they have some good features including enhanced reporting, faster scan times, the ability to set a safe mode scan, enhanced scanning ability, and a new web admin interface, alternate data stream prevention, and enhanced client updates for mobile users.
Sounds like I have a few busy days ahead of me. I probably should resist the urge deploy for about a week and let other people be the guinea pigs. I’ll probably at the least deploy the upgrade to my test group now.
ISO RSS Reader that supports enclosures
I’m looking for recommendations for an RSS Reader that supports enclosures. i.e. can be used with blogcasting/podcasting feeds.
I’ve been using SharpReader, and its not as big a memory hog as the last aggregator I used, but it doesn’t support enclosures. Any new reader should also support OPML technology so I can import/export my feeds.
CSOnline article on fighting ddos attacks
I saw this link over at TaoSecurity. It is an account of Distributed Denial of Service attacks on a gambling site and the efforts to stop them.
http://www.csoonline.com/read/050105/extortion.html
MSDDS.dll exploit via Internet Explorer
Microsoft now has a writeup on this vulnerability. The page to keep an eye on for updates related to this is here.
I was very happy to see this. I called my TAM at lunch to see if setting the activeX kill bit on this dll was a good or bad idea. I didn’t want to do it, not knowing what the end result would be. Microsoft now has this listed in their “workaround” section of this post. There is no aftereffect of making this change because this file was not intended to be accessed using this method.
I’m working on getting this added to our ActiveX Kill Bits file that we deploy with SMS. I also need to see when that is next going getting deployed to our comptuers.
