Norton security

Hi
I am a computer engineer and spend a large part of my working hours removing viruses from infected computers.
Most of these PC's are "protected " by Norton and the viruses have gone straight through. NAV does not protect against trojans and worm types which for an application which supposedly offers complete protection is crap.
In the shop we use Panda internet security which gives you anti-virus, firewall,anti-spam, anti-spyware will take out trojans and worms and is cheaper than Norton---no contest as far as we are concerned.
Another consideration which I read was that as Norton is the most popular solution, most of the hackers and virus writers will have this in mind and write their malicious script accordingly.
I have no axe to grind with Symantec (norton) in fact they have provided us with loads of work by being so ineffective but felt people should be aware of our findings.
Regards
Jim

I also work with computers, smallish network, 600 or so PCs, couple of exchange servers and some NT/2000 servers and I swear by Trend Micro.. it's a case of finding something you trust that works and works well.

I get lots of people asking me to look at their PCs and if I had a penny for every time they said they were running Antivirus, only to find that yes they are, but with definition files from the day they brought the bugger!

At work I have our control box set to check Trends site for updates every hour, things sometimes still get through before release an update, and that's with some pretty heavy attachment blocking, and Trend are pretty on the ball with pattern updates, so it's no surprise Joe Bloggs gets caught out.

Moral of the story, if there is one, is that however often you have your AV set to update, it ain't enough :-)

regards,
Paul

Hmm,

I would say that, on balance, Mick has still clearly made the right decision. His software works and he hasn't had any of the problems people insist he will have or should have had!!!

I agree with Monkfish re: Norton but my experience of repairing PCs with viruses has been that the biggest problem is user error and ignorance and, if you're really not stupid and don't open every attachment and click on every window that appears etc., then you will avoid most problems. The same users used to come back again and again and it's not because they don't use the latest whizz bang software it's more bacuse the way they use their PC causes the problem. That applies just as much to home PCs as it does to business.

When I repair any virus ridden PC I don't make any recommendations re: AV or firewalls. Rather I give the user a checklist of stupid things to avoid. I suggest they install AV and a firewall and I gear any solution around their needs if they ask. In recent years, since adopting this strategy, less and less find the need to come back with virus issues.

I use NAV 2002 and Zone Alarm (free version). I am W98SE and I haven't had a trojan, worm or virus in four years. I am on the net every day and I have to check out new sites and problems every day. This seems to me to not be dissimilar to Mick. He hasn't had problems (as far as we know) of any great magnitude (apart from his continued use of the word "chaps") so his decision to stick with what he knows is amply justified.

The rest of what is here is just people with an agenda.

Mike

quote:

---

he hasn't had any of the problems people insist he will have or should have had!!!

---

Oh yes he has. A while ago a dialer got onto his PC and ran up a phone bill of £200.

Jez

Yes that did happen to me about 3 years ago. NTL let me off after 18 months of me threatenening to refer them to OFTEL.

It is worth mentioning that at the time, I had no anti virus or firewall protection and I am now on broadband which offers better protection against dailers.

Regards

Mick

Mick, don't forget the single cream when you go shopping later ?


Fritz Von Cannietakeemnowhere

3 years ago? Funny how some things stick in the memory, and others vanish seconds later.

Good point about broadband and dialers. Next step from that is to get a router which will make your software firewall redundant.

Peter Router that's the name just wash your troubles down the drain, Rotten Peter. !


Who Can Tell me where that originated from, Let's see how brilliant you geníus's really are, innit ?


Fritz Von Koolaidacidtest²

I don't see how a router makes a software furewall redundant, unless the routr is pretty sophisticated.

Most home routers just do NAT. It stops most stuff, but not the very nasty stuff that comes in (and sends your identity out) on port 80.

Regards.

Phil

quote:

---

I don't see how a router makes a software furewall redundant, unless the routr is pretty sophisticated.

Most home routers just do NAT. It stops most stuff, but not the very nasty stuff that comes in (and sends your identity out) on port 80.

---

Yer right Phil, a router doesn't make a software firewall redundant--it monitors outbound nasties (a router doesn't)and it adds to a layered security approach.

Btw, forward port 80, 113, or any other port via the router to a non-existent IP address on your LAN. Matter of fact, it doesn't hurt to place the same dummy IP addy in the router's DMZ to achieve stealth on all ports (even stubborn unsolicited UDPs go into the bit bucket).

regards,

dave

Phil and Dave,
If the rig is fully stealthed by the hardware firewall in the router, and a good AV/Trojan killer is installed on each PC, I can't see that a software firewall is worth its keep. Am I missing something?

quote:

---

If the rig is fully stealthed by the hardware firewall in the router, and a good AV/Trojan killer is installed on each PC, I can't see that a software firewall is worth its keep. Am I missing something?

---

Hi Jez,

I'll agree with you since you've thrown an anti-trojan program into the mix. Actually, I'll even forego the software firewall IF you're behind a router AND practice safe hex (forget the anti-trojan software also). The problem is, how many do the latter (safe hex)...damn few judging by the number of infected machines world-wide. A software firewall will at least alert these folks they are about to ship out malware or personal data into the ether.

best regards,

dave

[This message was edited by dave simpson on Sat 21 August 2004 at 14:16.]

quote:

---

A software firewall will at least alert these folks they are about to ship out malware or personal data into the ether

---

Even then I guess average Joe/Joan wouldn't know whether 'incomprehensiblename.dll' should or should not be allowed free passage through Zone Alarm.

quote:

---

Even then I guess average Joe/Joan wouldn't know whether 'incomprehensiblename.dll' should or should not be allowed free passage through Zone Alarm.

---

I know it's not a perfect solution...but we've got to start somewhere. Perhaps artificial intelligence (or the family dog) will handle this problem one day since Joe and Joan@aol.com can't be bothered;-)


regards,

dave

P.S. Maybe we should require a license to use the 'net....'nother thread ehh?

quote:

---

we've got to start somewhere. Perhaps artificial intelligence (or the family dog) will handle this problem one day since Joe and Joan@aol.com can't be bothered;-)

---

Bill Thompson, a technology journo for the BBC/Guardian, and elsewhere, wrote this recently:

"using the net is becoming more and more important in our daily lives. Few companies now feel able to operate without e-mail, net access and a website, even a token one, and over half of our homes have internet access.

The real problem, however, is that the internet is still far too visible in people's lives.

Ten years ago, when the web was just starting to take off and net users were few and far between, it took a lot of technical skill to get online.

Going online should be as easy as making toast
At the time we did not mind because it was all new, but I cannot help being depressed at how little progress has been made in freeing the net from its geek roots.

After all, when I buy a new toaster I do not have to worry about compatibility with my existing kitchen appliances or whether it has support for the new FastToast protocol. I buy it, I plug it in, it makes toast.

But I am constantly surprised by just how much technical knowledge you need to get, and stay, online in 2004. I spent this morning fighting with the DHCP server on my girlfriend's cable modem to persuade it to give me a new IP address for my 802.11b wireless connection so that I could share her connection.

I understand the acronyms, know which commands to type and can wield a screwdriver if I have to. But I cannot help thinking that this technology has been around long enough for us to have made it a lot simpler for users who just want to surf the web, chat and send e-mail.

It is not just the technicalities of making the connection work, either. Microsoft has just released its second service pack for Windows XP, and we are all being encouraged to download and install it.

Few of the millions of XP users will know what the update does, or why it was deemed necessary. Fewer still will be aware that it may cause problems with programs they already have installed, or that the changed security settings might affect their net use. Hardly any will know what to do about any problems they encounter.

You may think that this happens because the technology is moving so fast that it is just impossible to make it simpler, but that just is not true. The core network protocols have not altered much in the last decade, the basics of getting online are the same as they were in 1994, and the design of our modern computers remains the same as the EDSAC and Atlas in 1949.

What is missing is any real sense that it is necessary to turn internet-connected computers into mainstream consumer products.

When we see how many people will rush out to buy the latest model PC or the newest version of Microsoft Office, perhaps we have to admit that we, the users, have not done enough to make the developers, manufacturers and network providers realise that what matters is not the computer but what you can do with it.

Great article Jez. Unfortunately, he's spot on but I don't see any easy way to rectify the problem we've created.

regards,

dave

The article is pretty dumb as it basically says the equivalent of "I can't belive that when my video breaks I have get someone who understands how they work to fix it". If you buy a modern PC, plug it in and attach it to a web connection and follow some simple instructions it will correctly configure itself 9 times out of 10. This was not remotely the case 10 years ago. He also ignores any number of failed attempts to launch turnkey net/mail capable devices like smartphones and the like.

I prefer the following:

Security: educating the unwashed masses
By Daniel Hanson, SecurityFocus
Published Wednesday 31st March 2004 12:22 GMT

If you ask the average Internet user about security for their computer, and they either look blankly at you, or mumble something about anti-virus and firewalls, most often without any real idea of what these things are or what they do.

In fact, many of the people who have these products installed on their computer still open strange email attachments promising pictures of celebrities undressed, or some mysterious, unrequested information. So, what's driving this urge for self-destruction?

Zip no more

We've been watching the latest crop of viruses, including the MyDoom, Netsky, and Bagle virus families and it has caused a re-examination of some fundamental beliefs. Optimistic it may be, but we had always believed that if we, as information security professionals, could present one or two simple rules for security and explain why they matter, the average user could begin to recognise when someone is pulling their strings when they happily unleash viruses, or fall for some phishing scam. These latest viruses have eroded that belief.

Some of these mass-mailing viruses require that users:

1. open an email message
2.

3. open a picture to determine a word used as a password
4.

5. open a zip file
6.

7. enter the password when prompted
8.

9. and then run what is included in the zip file



The virus authors have people jumping through more hoops than a circus seal, and all for what, a glimpse of a naked celebrity?

Some commentators from the IT industry seem to enjoy malicious glee at pointing out how users almost have to work at getting infected by these viruses; in other words, they are morons. While we don't agree with the moron statement, it would be misleading to say that these users aren't aware of the potential risk. The media has picked up on many of the successful versions of these mass mailing viruses and written stories warning about opening attachments. In some cases, they will get infected multiple times and they will do it knowingly. If they aren't morons, and they know the risk of virus, then where does the problem lie?

Some of the blame for this latest crop of viruses does lay with us as security professionals. For years we have said that zip files are the safest and best way to transfer files. This is no longer the case. It is time to retreat, move the line of engagement with the viruses further back, and rethink the defence.

Technology can certainly help or hinder the process. MS-Windows' reliance on hidden file extensions to enable this behaviour combined with the ability to change the icons of files, certainly makes the process easier. How does a user differentiate between my_vacation.jpg and my_vacation.jpg.exe if they can't see the file extension? What rule can we give?

How can we change users' behaviour?
I believe the answer to this question is not technological. Reactionary systems like anti-virus certainly have their place, but a fast-spreading virus is often able to penetrate into organisations prior to signatures being made available - despite the speed that signatures are written and shipped by all the anti-virus firms.

Attachment filtering isn't the answer. We have slowly added more and more attachment types to the list to be blocked. In fact we are almost back at the point where plain text email is the only option to get through gateways. Six months ago, zip files were the most reliable way to get MS-Word documents, batch files, and other potentially harmful file types through filtering gateways. Zip files are now regarded as rats carrying the plague.

How about dumping SMTP mail all together? Won't that be a step in the right direction? After all, everyone knows that viruses don't spread through Web downloads, Peer-to-Peer file sharing systems, IM file transfers or IRC DCC connections. So much for the argument that the weakness is because SMTP was not designed for file transfer. PGP encryption would just prompt the user to type their passphrase; there is always a way to fool the punter. Changing the technology used won't stop people being conned, because any technology can be subverted if decisions are put in the hands of the end user. Fool the user, fool the technology.

Human nature and security: natural enemies?

Security is hard work. Human nature is to look for the shortest route between two points - with the minimum expenditure of effort. What's needed to address the virus menace is a fundamental sea change in peoples' attitudes to viruses. After all, you wouldn't leave your front door open when you went on holiday, would you? No, that would be stupid - you'd get burgled.

Only by making people realise that there are serious personal consequences of opening suspect attatchments can we seriously hope to address the issue. In the end, technology can't do it for them - it's the everyday user who must take the fight to the virus writers.

from The Register

As I mentioned earlier, I don't believe the casual user is exempt from learning a few basic security rules for using the 'net but it's not like our industry has made it easy.

(thanks for article Matthew)

regards,

dave

quote:

---

Changing the technology used won't stop people being conned, because any technology can be subverted if decisions are put in the hands of the end user. Fool the user, fool the technology.

---

Mathew,

Interesting article. I would maintain that all technology that is well designed is about putting the RIGHT decisions in the hands of end users. The problem with PCs is that they are multipurpose and so there is no one way of managing this beyond continued, incremental improvements and education of end users.

Mike