Silicon Shecky

Infosec Practitioner

Connect

Here we go again with virus hunting

By Leave a Comment

Viruses are everywhere in this day. They slip past the defenses we put up, mess with our system, and even steal our information. Its a billion dollar black market for some, a set of hi-jinx for others.

For me, its a thorn in my side. 75 to 90 percent of the SMB calls I go on are for removing a virus/trojan from a PC or Laptop. Every time I get asked the same questions. How can we stop this, why did it get through, etc. Unfortunately, I don’t have a good answer for them.

I explain that tis a war. That virus writers are always a step ahead. Antivirus companies have to see the virus so they can stop it, and even that doesn’t always work.

The only way to be safe completely is to not use computers, cell phones, paper, ipads, and anything else that can hold a record. That isn’t going to happen. So I tell them to make sure updates are applied when they come out, and to be on the cautious side concerning web sites. Then a month or two later, I am back out to them removing another virus.

Goodbye One Care, Hello Microsoft Morro

By Leave a Comment

Back in March, Microsoft announced that Live One Care, a suite of security products, was going the way of the dinosaurs. Vendors such as Symantec and McAffe rejoiced that they didn’t have to go up against the 900 pound gorilla, and everything seemed to be fine with the world. Everything was back in its proper place.

That’s what you thought at least. In reality it has been leaked that Microsoft has been working on an AntiVirus program that will be free, and will be officially announced soon. Morro, as it is being called, is supposed to offer protection from viruses, spyware, trojans, and rootkits. It is also going to be free. Now it will supposedly only compete with software such as the low end offerings from the Major AV vendors, plus items such as the AVG free software out there. The real question is, how will this affect the AV companies, and is this going to be bundled with Windows 7.

Why bundle it with Windows 7? Well, the rumor is that it will be out of beta and on the market near the end of 2009. This puts it in the same time frame as the release of Windows 7 (Oct. 22, 2009). I figure it will come out as a High Priority Update a month after Windows 7 is launched, to try and circumvent the antitrust issues bundling Morro with Windows 7 would cause.

Try as the might though, if Microsoft ties Morro in anyway into Windows there will be antitrust allegations. Honestly, we have seen this sort of behaviour from Microsoft in the past, when it went head to head with Netscape back in the 90’s. Just look at all the lawsuits from that. The difference is that the AV/Security companies do have a lot more resources available to fight Microsoft in the courts.

My big question is this, why must a company such as Microsoft try to be everything? Can’t they learn to focus on the OS and other current offerings without getting into another software area? Add on that you can bet Morro will be heavily targeted by the underworld on the Internet, just because it is Microsoft.

This is something to keep your eyes on.

Symantec SMB solution

By Leave a Comment

It is being reported that Symantec is coming out with a new SMB version of Endpoint Protection. Pardon me if I don’t start jumping for joy.

I do install a lot of Symantec for clients, and I have dealt with their current Endpoint SMB solution. It does work, but at a very high cost. The management system in it is anything but intuitive, adding desktops to the management console and managing them through the console is not simple. The database for the Management system continuously grows to the point where I have had to make sure it is installed only on a data drive, and not to install the Endpoint Manager on an OS partition.

Other odd things I’ve run across is the way it comes out of the box, you need to go in and tell it not to scan your backup drive, especially if it is an SSD drive. I’ve had many issues with Symantec’s own BackupExec because the drive is in use due to Endpoint scanning it all. Then there is the firewall and the way on a server it starts blocking ports that you tell it to leave open. Some software packages do use special ports for legitimate communication purposes. As far as support goes, don’t get me started on the poor support resources Symantec has for all of its products.

Since Endpoint now does allow back reving to the older 10.2 AV solution, I tend to put 10.2 on because it causes less problems.  Less overhead, easier to manage, and it just works.

I know I’ll wind up having to deal with the new version, I just hope that the upcoming beta testing is open so I can place it on my test box and see whether it is worth it, or should I start recommending a different SMB solution. I know that my clients need the protection one way or another.