Silicon Shecky

Infosec Practitioner

Connect

Goodbye One Care, Hello Microsoft Morro

By Leave a Comment

Back in March, Microsoft announced that Live One Care, a suite of security products, was going the way of the dinosaurs. Vendors such as Symantec and McAffe rejoiced that they didn’t have to go up against the 900 pound gorilla, and everything seemed to be fine with the world. Everything was back in its proper place.

That’s what you thought at least. In reality it has been leaked that Microsoft has been working on an AntiVirus program that will be free, and will be officially announced soon. Morro, as it is being called, is supposed to offer protection from viruses, spyware, trojans, and rootkits. It is also going to be free. Now it will supposedly only compete with software such as the low end offerings from the Major AV vendors, plus items such as the AVG free software out there. The real question is, how will this affect the AV companies, and is this going to be bundled with Windows 7.

Why bundle it with Windows 7? Well, the rumor is that it will be out of beta and on the market near the end of 2009. This puts it in the same time frame as the release of Windows 7 (Oct. 22, 2009). I figure it will come out as a High Priority Update a month after Windows 7 is launched, to try and circumvent the antitrust issues bundling Morro with Windows 7 would cause.

Try as the might though, if Microsoft ties Morro in anyway into Windows there will be antitrust allegations. Honestly, we have seen this sort of behaviour from Microsoft in the past, when it went head to head with Netscape back in the 90’s. Just look at all the lawsuits from that. The difference is that the AV/Security companies do have a lot more resources available to fight Microsoft in the courts.

My big question is this, why must a company such as Microsoft try to be everything? Can’t they learn to focus on the OS and other current offerings without getting into another software area? Add on that you can bet Morro will be heavily targeted by the underworld on the Internet, just because it is Microsoft.

This is something to keep your eyes on.

Symantec SMB solution

By Leave a Comment

It is being reported that Symantec is coming out with a new SMB version of Endpoint Protection. Pardon me if I don’t start jumping for joy.

I do install a lot of Symantec for clients, and I have dealt with their current Endpoint SMB solution. It does work, but at a very high cost. The management system in it is anything but intuitive, adding desktops to the management console and managing them through the console is not simple. The database for the Management system continuously grows to the point where I have had to make sure it is installed only on a data drive, and not to install the Endpoint Manager on an OS partition.

Other odd things I’ve run across is the way it comes out of the box, you need to go in and tell it not to scan your backup drive, especially if it is an SSD drive. I’ve had many issues with Symantec’s own BackupExec because the drive is in use due to Endpoint scanning it all. Then there is the firewall and the way on a server it starts blocking ports that you tell it to leave open. Some software packages do use special ports for legitimate communication purposes. As far as support goes, don’t get me started on the poor support resources Symantec has for all of its products.

Since Endpoint now does allow back reving to the older 10.2 AV solution, I tend to put 10.2 on because it causes less problems.  Less overhead, easier to manage, and it just works.

I know I’ll wind up having to deal with the new version, I just hope that the upcoming beta testing is open so I can place it on my test box and see whether it is worth it, or should I start recommending a different SMB solution. I know that my clients need the protection one way or another.

Security Conference news…

By Leave a Comment

This week the big RSA Security Conference is going on in San Francisco. For those that don’t know what it is I suggest taking a look a the conference website to get more info overall.

There have been some interesting Keynote addresses that I plan on checking out online when I have time, but in the spirit of time I came across an interesting announcement from Symantec.

Symantec has acquired Security Vendor MI5, and this could be both good and bad. MI5 makes appliances that do some of the things that say a Barracuda appliance does, Web Security and the like. Symantec on the other hand, was once one of the best AV companies out there. I say once, because I know a lot of people had gotten turned off by their more recent offerings.

Now I am not going to bash Symantec’s AV stuff, especially considering that with their new CEO, they seem to be working on making their product better. I’m hearing reports that the new versions of their AV and Endpoint products are less resource intense, and work much better. Plus they are bringing back the Norton Utility line to where it should have always been.

What has me worried about them acquiring MI5 and assimilating it, is what has happened with BackupExec. When Symantec bought Veritas and got its hands on BE, it seemed like it could be a good thing. Unfortunately, BE has basically stagnated under Symantec’s rule, the online support for the latest versions is almost non-existent, and they have yet to make it to handle removable SSD (solid state drives) in an easy fashion. I hope to god that they don’t do the same sort of thing with MI5.