OneCare to be discontinued...!???

[pgamble]

Quote:

Originally Posted by tonybro

I 've also heard that Symantec's most recent offering has been back to the drawing board for a re-write to keep the footprint and impact on host platform to a minimum.

Looks like they are back in the game!

I also agree with Bydandie's statement too!

CISSP accreditation has nothing to do with a vendor. I'm happy for everyone to have their own opinion ... all I suggest is that it isn't fair to others to suggest definitive views about products when those views are not based on comprehensive tests.

For those that have several machines .. like me .. and can't bring themselves to pay for expensive commercial products for all of them they will obviously explore freeware variants. I use them for 2 PCs and a w2k laptop (the latter mainly because the big commercial vendors don't support w2k) ... AVG and Avast. For the machine I use for banking and online purchases I use a commercial product ... in the past it was McAfee ... since NIS2008 / 360 it has been Symantec .. it is based on real facts .. not quickie reviews or rumours by non specialists. It's up to you ... but check the VB results ... they speak for themselves. Old commercial versions were slow on small machines but they still had the better capability. That has changed completely in the last 2 years.

[pgamble]

Quote:

Originally Posted by bydandie

<p>you have you're right to your opinion Paul but I know more than most in the security world and have to disagree that Symantecs technical expertise means a good corporate or home product.</p>

I'm in complete agreement with you regarding translation of expertise in to good product ... all I suggest is that you are 2 years out of date.

If you were looking back then it would be fair to suggest Symantec's enterprise product particularly was too resource hungry and it's heuristics imperfect. I didn't use the commercial product back then as I suggested so I can't comment. The current products are a long way ahead (both commercial and the latest SEP update). They bare no relation to the early versions. As regards your god like position in the security world (I'd love to know how you can suggest that .. I'm guessing I must have seen you on the conference circuit ... I'm pretty repected in the space but I'd never suggest I know more than most .. you're either good old Bruce or a little arrogant ... what is your specialty / background) ... your simplistic comment about detection rates would suggest otherwise .. but I could be wrong. I referenced my accreditation in the hope that you may make some more detailed current investigations to qualify your views ... as you say ... your own opinions are fine ... regarding the freeware products I use ... I would standby the McAfee, Sophos and Symantec as being far more capable ... and the real professional tests will verify that ... magazines don't use security professionals or decent testing procedure .. they also tend to standup for the small players .. in the same way most of support open source.

... have fun

[bydandie]

Quote:

Originally Posted by pgamble

I'm in complete agreement with you regarding translation of expertise in to good product ... all I suggest is that you are 2 years out of date.

If you were looking back then it would be fair to suggest Symantec's enterprise product particularly was too resource hungry and it's heuristics imperfect. I didn't use the commercial product back then as I suggested so I can't comment. The current products are a long way ahead (both commercial and the latest SEP update). They bare no relation to the early versions. As regards your god like position in the security world (I'd love to know how you can suggest that .. I'm guessing I must have seen you on the conference circuit ... I'm pretty repected in the space but I'd never suggest I know more than most .. you're either good old Bruce or a little arrogant ... what is your specialty / background) ... your simplistic comment about detection rates would suggest otherwise .. but I could be wrong. I referenced my accreditation in the hope that you may make some more detailed current investigations to qualify your views ... as you say ... your own opinions are fine ... regarding the freeware products I use ... I would standby the McAfee, Sophos and Symantec as being far more capable ... and the real professional tests will verify that ... magazines don't use security professionals or decent testing procedure .. they also tend to standup for the small players .. in the same way most of support open source.

... have fun

I knew that would come across wrong but didn't have the chance to edit it!

I know more people than the rank and file in our industry and therefore have access to what goes behind the scenes. Symantec have lost key people who were brought over when they bought the companies that make up their product line.

IMHO Deepsight and their Managed IDS offerins are shadows of their former selves and most of the good people have gone. the ex-Symantec people I know refuse to use Norton and I personally wouldn't trust an AV product that is too mainstream as that is what the crisis writers use to test.

As for speaking on the conference circuit, does Gartner, the ISF and BCS count?

I'm not saying this due to arrogance, but the fact is that those who present at conferences with the odd exception do so due to political machinations, and you only find this out when you get to know the people I know.

Most of the people I used to revere and believe in I've found to be nothing more than people who rarely do anything but talk a good fight and havent changed there message to adapt with the real threats.

I would pay to hear true thought leaders like Pete Wood and Roger Grimes and maybe Bruce, but few others.

As for the various tests, they don't look for protection against social engineering attacks, mobile code exploitation within the browser or even how a potential attack is communicated to the end user.

It is a fact that the days of malicious payloads being delivered by email are almost over due a reliance on application level vulnerabilities. that's the reason why the av vendors buy other technologies to mask the failings of anti virus by increasing the scope of their brand.

People need innovators and the the old school are slow to react and still push a technical solution to a human threat.

[pgamble]

No problem matey.

Various elements of what Symantec did suffered for a while. Many companies go through this ... and some never come out the other side ... Symantec (thankfully for them) have come through the other side very strongly. I wouldn't say everything is perfect ... but I challenge anyone to find a company of 18000 people and 250 products and services to not have areas from improvement.

Regarding conferences ... not a great fan of Gartner etc ... I'd suggest that fell very much into your negative bucket ... ISF ... can't comment .... I was thinking more on the lines of international practitioners forums like COSAC and F3 ... most others ... I'd agree with you are political points scoring and 'marketing' events (InfoSec / RSA).

Regarding the names you mention ... yes ... I agree ... however there are many others if you see them contribute in the right type of forum where they are genuinely trying to share views and experiences. I'd strongly recommend COSAC (COSAC 2008 - 15th International Computer Security Symposium) if you get the chance - 5 days locked in a nice Irish hotel with well known genuine experts from all over the world talking about what they have seen and done over the last 12 months - no company names ... no products or product presentations ... paradise. Maybe I'll see you there in 2009.

Your point about buying new players to plug holes in AV engines is true albeit a little simplistic.

Over 5 years ago it became clear that Signature Based AV was of limited use moving forward ... partly because of the reduced time for exploitation but also because of the growth of variants ... many of which can't always be captured with generic exploit engines. Within the next couple of years, the sheer number of signatures would make even the new McAfee, Symantec, Sophos (and other) engines totally incapable of keeping up without rendering the clients unusable. This is why many players and security experts (real ones that is) are suggesting that although signatures can't go completely they should be changed from a blacklist to whitelist focus ... decide what can run ... and don't allow anything else ... people will hate this for a while ... and it will lead to all sorts of initiatives around endpoint virtualisation / app streaming etc ... you'll then see the small players flailing because their clever technologies won't fit this new model ... and eventually ... we'll go full circle.

The choice of any large IT company is to either build of buy in. Over the last 8 years or so, small players tried to take on the big players with 'clever' new technology .. some was rubbish ... some very very good, if a little over sold (Whole Security was a case in point when it suggested Signature based AV was not needed at all anymore .... it was however the only genuinely practical heuristic engine because it scored both positively and negatively).

Most vendors (including Symantec) chose to acquire this technology. In Symantec's case they didn't change their traditional offerings until about 2 years ago ... before that, they spent years looking at ways of seemlessly bringing these clever and recognised bits of technology in to a single manageable infrastructure (Whole Security and Sygate being two of the big ones). In addition they exploited (very cleverly) technology from the new Symantec to do genuinely game changing things that no one else would be able to do. The Volume Manager integration I mentioned previously is a case in point.

In the last 18 months or so this has resulted in products with genuine innovation .... prior to that ... I agree with you ... and that is why I say ... it is worth revisiting.

Regarding those small players ... they had clever ... if oversold capabilities ... that were never going to be compete on their own ... they simply don't have the resources to meet the rapidly changing needs .... this I know is a different take on your perspective ... It isn't to say that McAfee, Sophos etc always deliver what they should be able to .... but sometimes they do ... and right now ... I wouldn't trust a hodge podge of genuinely clever tools on my e-banking PC or enterprise machines. Symantec ... at present .... I would say have released their Misplaced Childhood / Joshua Tree / Dark Side of the Moon ... and it appears to hold true for their Data Loss (Vontu) acquisition and Enterprise Vault.

Clearly you are a genuine security guy ... if nothing else based on your views around Social Engineering .... frankly the biggest IA weakness that all organisations suffer is a lack of continuous roles based training and audit .... if that was in place ... there would be far less successful social engineering attacks and less data / information loss ... but ... it's not a sexy thing to talk about ...

Interestingly, most of my work is Business Consulting for Government and Criminal Justice and it appears that my suggestions around the latter are now being taken very seriously.

Regarding information loss ... I always maintain it's not a technology problem ... albeit technology will probably play a part in protecting against it ... let's face it ... what is stop you using your phone to take a picture of a screen full of spreadsheet ... or a pen and paper ...

[bydandie]

nae bother Paul, I think I've found you on the web and if so we live nearby, and if certainly like the opportunity to continue this discussion over a beer if possible. if you're interested drop me a PM.

regarding social engineering its the one thing that isn't picked up during risk assessments but should be. unfortunately groups such as the ISAF have no real interest in educating the masses and prefer to luge their own pockets.

its good to find another of the minority here and yes when you're typing on a smartphone I tend to be less expressive and have more typos.

hope to be able to meet up soon as if you are who I think you are it could prove beneficial.

[windows]

So as it looks like we have two experts on site..... on my main machne used for home banking etc I'm using Avast Pro at the moment, would you recommend buying Norton again or Kampersky or AN other of course?

[debonairone]

Wow... all of that security talk after hours of reading and methinks I may have burned holes in my skull where my eyes used to be...

I am using Symantec Corporate 10.2 on all of my machines... Well, with the small exception of the three that ran OneCare... But I have always found the protection adequate if not excellent... You don't know there's a problem, if you don't find evidence of it, hence my statement... I agree with you both on your respective views and defer to your decisions...

Please let us know the outcome of your beer meeting and discussion... I am sure it will prove invaluable for all of us here at 4WM...

Thnxs again...

[waveydavey]

I found Symantec 10.2 to be ok. It was much better than 9. Endpoint is toilet though. You need to have a Gig to run it or you're stuffed. I don't know about the supposed "footprint" of Symantec being one of the smallest either. Symantec has ALWAYS been a massive drain on resources from the days when it was Norton and Endpoint is the worst I've seen. We run Synatec here at work for both AV and Backup and I think both products are seriously flawed considering they are Enterprise class products. That said there are few other contenders and they aren't much better either.

[bydandie]

Quote:

Originally Posted by windows

So as it looks like we have two experts on site..... on my main machne used for home banking etc I'm using Avast Pro at the moment, would you recommend buying Norton again or Kampersky or AN other of course?

Kaspersky! :ducks:

[firstbuddha]

Windows - please, again, why are you moving NOW away from WLOC?