Antivirus: August 2006 Archives

I noticed that a few copies of W32.Stration were detected in the inbound email today. Its a nice break from all the Phishing and mytob.

It seems like someone decided that Symantec is no longer a favored company. I think it started last year when support hold times were up over an hour. Whatever the cause, SAV admins are looking for any opportunity to complain. SAV updates the product, complain. SAV doesn't update the product, complain. SAV doesn't provide updates in the method you'd like, complain.

Which leads us into today's item. An admin from the University of Richmond would like the ability to push out SAV updates via the Symantec System Center. Does he enter a feature request? No! He posts to the Full Disclosure mailing list as if this were some sort of discovered exploit.

Symantec does need to take a look at distribution systems such as those used by McAfee ePolicy Orchestrator or Webroot SpySweeper Enterprise. But ultimately, this is an enterprise product, and enterprises invest in products such as SMS to perform software rollouts.

Consumer Reports reviews antivirus products in its September 2006 edition. Most of the article requires a subscription, as a result I have not had a chance to look at it yet.

McAfee responds in their weblog. The author "Igor" obviously has no clue who Consumer Reports is. As a result, he is confused by the September 2006 date. Since the material is undoubtedly part of the September 2006 edition of the magazine, that is the correct way to date the article on their website as well.

Igor gets his nose out of joint because CR used a live fire test, creating new viruses in the lab. Igor prefers tests where three month old virus definitions are used so any virus that came out after that can be tested as a "new" virus.

Complaining about that reminds me of when a vendor complains about the method of disclosure to distract from the vulnerability in their product. (although there is actual damage from full disclosure and no damage from this private lab test). Igor needs to get over it. Signature based detection is dead, and antivirus products will be judged by their heuristic and behavioral protections. That said, CR needs to look into the standard virus testing methodology. They are unaware of the testing performed by av-comparatives for example. These types of tests are not as new as CR imagines.

http://www.avertlabs.com/research/blog/?p=71

Symantec IMManager 8.0.5 is out with release notes located here.

This release includes support for Yahoo Messenger 8.

Symantec IMmanager (Imlogic) support slipped further this month. They implemented futher changes to integrate the IMLogic purchase with their exisitng support framework.

The knowledge base was integrated into Symantec's existing knowledge base. Before it was possible to sort the responses by relevancy, date modified, and by how many customers used an answer. It was also easier to restrict the search results by version and product.

It is no longer possible to enter tickets via email.

Creating a ticket online has migrated to a new system, and I have not been provided with a password.

Calling support is now as annoying for IMLogic as is for the antivirus product.

It was easy to communicate with IMLogic. I am afraid that this has been lost in the Symantec purchase.

"Symantec Security Response will post LiveUpdate virus definitions today, August 3, 2006 to address an Adware.VirtualBouncer false positive detection on pskill.exe from Sysinternals."