[SecurityRatty] tag: symantecs

Symantec's vision...

Fri, 10 Oct 2008 07:24:00 +0000

And so it begins...

Symantec bought out MessageLabs and is (in their own words) "combining MessageLabs’ deep expertise in the SaaS market with Symantec’s rich portfolio of technologies".

The interesting thing is that Symantec does not really lead in the anti-virus market (in terms of quality, not market share. All antivirus products are about the same) or antispam (MessageLabs is excellent here).

So, what could they possibly bring to the party that MessageLabs doesn't already have?

DLP.

MessageLabs has DLP but it is very simple and not really worth very much. The framework is certainly there though. Add some good DLP and voila - you have a product that is worth something.

Symantec's Network-Based NAC

Sun, 29 Jun 2008 23:33:00 +0000

Yes, you read it right- Symantec (as in the software vendor) has a network-based (as in the hardware) NAC. Once you get over the title, keep reading.

If you read my blog, or know me, you probably know I do NOT like software (and it usually doesn’t like me). So, I’d be the first to jump on the ‘anti-software-peer-based-NAC’ train, but I think we have to be informed before we jump to conclusions and hop on any trains.

Mirage’s recent blog post on Symantec’s ‘Silly SNAC’ was certainly a result of a mis- (or un-) informed person. Tim did a much better job on his mention of SNAC in the NWW blog, but all the dots still aren’t connected. It proves the point that sometimes we (as bloggers) tend to write based on a feeling and sometimes don’t dig for the fact.

So, in an effort to make sure I understood this new peer-based NAC, I reached out to Patrick Wheeler, Symantec’s Senior Product Manager for Network and Endpoint Security. Based on my conversations with him, and a pretty detailed investigation into the options and configurations of their NAC products, I have some slightly more informed opinion to share with you now.

Symantec has a variety of NAC enforcement components and options. I’m going to keep all the software-type-stuff out of this conversation for the time being. They have (among other things) the NAC Enforcer, an appliance similar to the other NAC controllers we see from traditional hardware vendors. Just like it’s counterparts, Symantec’s NAC Enforcer can be configured for DHCP, inline or 802.1X based enforcement.

The piece that’s different is the integration of the NAC Enforcer with Symantec’s Endpoint Protection Manager server that hosts the policies for the NAC. It’s similar to the management-enforcement configuration we see from other vendors, only the management piece is housed on a server instead of another appliance.

And, just as other vendors offer some type of endpoint integrity agent, the Symantec agent comes in the form of the Symantec NAC Client, which can be used by itself, or integrated with the Symantec Endpoint Protection Client for an even more robust feature-set. (The Endpoint Protection Client offers some additional host-based firewall features that the NAC can leverage).

So, what about the Peer-Based NAC? Ah, well that’s just the first iteration of a ‘vision’ to address mobile corporate users. If employees have laptops in an ad-hoc situation outside of the enterprise infrastructure (and therefore, outside of enterprise enforcement), then the peer-based NAC can port the enforcement rules set at the ‘mothership’ and enforce them individually. The peer-based NAC can protect mobile assets in their most vulnerable situation, outside the security of the corporate network. But, the rules are still set centrally and the peer-based NAC was designed to be just one step towards an added layer of protection, not as a replacement for network-based NAC.

For now, I’ll stay off the hate train, since the peer-based NAC is more of a supplement to a more robust traditional NAC solution. If they move to a fully-host-enforced product, I’ll buy my tickets…

Image shown is copyright of Symantec Corporation.

# # #

Is the doctor in?

Sun, 20 Apr 2008 10:54:33 +0000

The Virus has grown beyond our ability to remove it safely sir. You computer is toast!
Now turn your head and cough!

clipped from online-radioamateur.org

History of Antivirus software

Peter Tippett made a number of contributions to the budding field of virus detection.[citation needed] He was an emergency room doctor who also ran a computer software company. He had read an article about the Lehigh virus and questioned whether they would have similar characteristics to biological viruses that attack organisms. From an epidemiological viewpoint, he was able to determine how these viruses were affecting systems within the computer (the boot-sector was affected by the Brain virus, the .com files were affected by the Lehigh virus, and both .com and .exe files were affected by the Jerusalem virus). Tippett’s company Certus International Corp. then began to create anti-virus software programs. The company was sold in 1992 to Symantec Corp, and Tippett went to work for them, incorporating the software he had developed into Symantec’s product, Norton AntiVirus.[citation needed]

Learn from the latest Internet Security Threat Report update

Thu, 17 Apr 2008 09:00:00 +0000

(Source: Symantec) LIVE WEBCAST
Join Symantec for a free webcast to learn the findings of Symantecs Internet Security Threat Report Volume XIII. This newly released issue covers the six-month period from July 1 to December 31, 2007.

This webcast summary of the Internet Security Threat Report will:
Provide a six month update of worldwide Internet threat activity, including analysis of network-based attacks, a review of known vulnerabilities, and highlights of malicious code
Assess trends in phishing and spam activity
Alert attendees to current trends and impending threats
Offer recommendations for protection against and mitigation of these concerns.

Attend this webcast to learn what stealth tactics attackers are using to prey on end users, how these trends are determined and why these devices should be of concern to your organization.

This webcast summary will provide you with insight from Symantecs Global Intelligence Network which has some of the most comprehensive sources of Internet threat data in the world. It includes more than 40,000 sensors monitoring networks in more than 180 countries, malicious code reports from more than 120 million client, server, and gateway systems and one of the world's most comprehensive vulnerability databases, consisting of more than 25,000 recorded vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors.

Leverage this vast wealth of data and learn how to protect your organization from the latest internet threats. Register today.

Airing on Friday, May 2nd, at 10 am PDT/1 pm EDT.

If NAC is an Easter egg hunt, is Cisco the bunny?

Thu, 21 Feb 2008 19:10:54 +0000

Good article by Neil Roiter from Information Security Magazine on NAC moving ahead as the hype subsides. For a change from other articles we have read recently, Neil gives a true to life, no holds barred assessment of where NAC is in the market. I think some of the comments from Lawrence Orans over at Gartner are right on. However, one he misses is in talking about the Cisco-Microsoft NAC partnership. I think the TCG-Microsoft partnership has replaced that one and Cisco is going to join that party through the NEA.

For me though the quote of the article was this one by Brendan O'Connell, Cisco's product line manager for NAC, "NAC is an Easter egg hunt. Policy lives in a lot of different places .." So does that make Cisco the NAC Easter Bunny? Seriously, policy does live in a lot of different places. I think eventually the answer lies in marrying network based admission control policies with endpoint based configuration policies. This is an area that is ripe for interaction and integration. I also think that Symantec talking about customers want a NAC solution, but not another console or another agent was a bit ironic. Just because you lump your agents together doesn't mean you have not added yet more overhead to the equation. Anyone who has used Symantecs new Endpoint Security with all of the mods turned on can talk to you about overhead and resource use. Whether the agent is separate or not, it is what the overhead is that counts.

In any event, though Neil did not mention StillSecure (tsk, tsk) I thought this article was right on, that despite the naysayers and the inflated hype, NAC is being adopted in the market. It is maturing and most of all it is providing value to customers.

If NAC is an Easter egg hunt, is Cisco the bunny?

Thu, 21 Feb 2008 18:34:17 +0000

Adware Spyware Remover from Trend Micro systems

Wed, 01 Aug 2007 15:22:00 +0000

Adware Spyware Remover from Trend Micro systems

Computers are composed of two things namely the hardware and the software. Should something infect the software such as a virus or spyware, the person will soon lose sensitive information or at worse have to spend a lot of money to have it repaired.

As more companies and households are using computers for almost everything, people should be vigilant more than ever when it comes to Internet security. This can be done by making sure that there are backup files stored in a safe place as well as setting up certain defense mechanisms from viruses and other threats.

One such system is called an adware spyware remover and those who only want the best should get it from Symantec.

Symantec is one of the leading service providers of products of business solutions to small, medium and large enterprises. The customer can choose a program to handle a specific or multiple threats such as viruses, Trojan, spyware and worms.

What makes spyware so dangerous is that it records certain information from a user, which can be read by the programmer later on. This individual can then use the credit card to make unauthorized purchases or steal money from the account.

Symantec’s adware spyware remover system is designed to look for existing bugs in the system and then destroy it. The package it offers can be used by those at home or when working in the office.

Since new spyware and adware pop up everyday, customers who choose to purchase the system can be rest assured that the computer is always secure because the company always launches product updates that can be done either manually or automatically

The person can download the adware spyware removal system from the company website. Those who are unsure whether to buy it can try it for 30 days free but pay before the expiration in order to continue the services.

Symantec unlike other programs does not have to be activated in order to do a systems check on the computer. This is because it will automatically do this once the user has logged on.

The only thing the individual will have to do is make sure the program is compatible with the existing operating system as well as check if there is enough memory in the hard drive to download it. Those who are unable to run it should probably do an upgrade.

When the spyware or adware has been removed, the best way to make sure it does not return is by creating a firewall. The person should also be careful when opening email from strangers, accessing certain websites and pop up ads because this is the reason why these things end up in the computer.

Symantec continues to be one of the most trusted names in the computer industry. It has received good reviews from critics and PC magazines for the standard of excellence it has provided in all of its products.

As software companies try to make the computers people use safe everyday, so too are the hackers and programmers who want to do the same for personal gain. The individual can choose to be with the best or get something else but it is always better to be safe than sorry when it comes to protecting the information stored in the computer.