Symantec's Genesis to Usher in a New Age of Trust?

eldavojohn writes "Symantec has announced that they will be creating a massive security package called Genesis. Semantec has set their goal to 'Security 2.0' which is proposed to be 'a new age of trust on the Internet.' From the article: 'Symantec plans a one-stop software service tying together anti-virus, anti-spam, firewall and a host of other PC optimization technologies...' This is certainly something the common computer user could buy instead of having to fork over cash for every component. I don't think I'll be purchasing it though."

with vista

[Evilhomer2300]

They may try and bring this in along with vista. The new age of windows OS is supposed to be better, faster, stronger, and more secure. With Microsofts deep pockets, do you think they may help syman. try and make things even more secure? Or maybe try to make it seem like it, give people a better hope of security. just an idea

Optimization Technologies?

[rminsk]

and a host of other PC optimization technologies...

So when did anti-virus, anti-spam, and a firewall become optimization technologies? My computer seems to run slower with these things installed.

bloatware

[Jjeff1]

If it's similar at all to any of the Symantec home all in one AV type packages it will be an enormous mess. The last time I worked on this, a 256MB machine used 270 MB of memory with nothing but Windows XP home and the Norton package running. Worse, when I disabled things they didn't need, like the firewall or spam scanner, it didn't actually unload them from memory.

I stopped using Symantec for AV a while ago. But home users will still buy this for the same reason they buy a dishwasher with 19 different settings when all they ever use is the pots and pans setting.

Age of trust????

[scronline]

Shouldn't we be able to trust them now? Oh wait, since it took them 2 weeks to get the definitions out for a keylogging virus...I guess the answer to that is no.

Personally, after seeing Symantec corp take 2 weeks to release the definitions for a keylogger a customers network had...All symantec products I have out there are going to go away.

My choices are getting narrowed down quickly. McAfee lost out a few years back with the Nimda virus and failing to return phone calls....at all, not just late by a few hours or even a few days, a week later I heard from them. By that time I had already moved on since more than half my customer base was infected the DAY of the outbreak, not a week later.

But then, both of those 2 are really good at annoying the ever loving crap out of a user, which inturn causes the user to ignore all those little popups. I've even been guilty of it because I see them like 80 times a day. JUST DO YOUR JOB! You don't have to tell us what a wonderful job you are doing, just tell us when you need us to do something.

well, it's nice to see

[circletimessquare]

that megalomania is still alive and well in the corporate boardroom

all they need are the sharks with frickin' laser beams and some wagnerian operas playing in the background and symantec's domination of teh intarweb is complete ...in their own mind

grandiose schemes like this should signal to someone that they need some medication

it's one thing to think big, it's another thing to think RIDICULOUSLY DRAMATICALLY HUGE! (cue gong)

Re:Genesis?

[sumdumass]

I'm wondering if all these layers will slow my computer down even more then thier existing software does. It is pretty bad when i upgrade from a athlon XP 2200 to an 3200 processor and after installing nortan AV 2005 it apears to run slower then the XP2200 did.

I havn't been fond of thier products since thier 2003 versions. I asked thier tech support several times (after having to reinstal one of thier products and reactivating it because of an upgrade or it just stoped working) why all the systems I install thier AV or internet securities sweet on run so slow and they told me it was because "it is a complicated program","thats how you know it is working" and get this "microsoft slows it down because microsoft is coming out with an antivirus soon".

Some nerve!

[queenb**ch]

I wonder if this is going to have another spyware-ridden root kit in it too!

If the guys at Symantec/Norton think I'm EVER going to install/recommend ANY of their products EVER again, they're still smoking the same stuff that they were smoking when they thought that root-kitting all their customers was a good idea in the first place.

Hey Symantec - PUT THE CRACK PIPE DOWN AND BACK AWAY SLOWLY!!!!

2 cents,

Queen B

Re:Genesis?

[lifeisgreat]

Indeed - from the sounds of things, all the API hooks and extra levels they've had to add for such security systems sound like a proto-operating system in itself.

I think there's a real need for extending the Windows ACL system even further than it already is to encompass programs as well as users - that way the built-in security subsystem could be utilized instead of ever-more hacks. I want to be able to bring up a property sheet and say:

- process x can't write to directory tree y, even if the running user z has write access there (so only, say, MS Word can write to /My Documents/Word Stuff/)
- process x can't be controlled via automated means (so that if only Explorer.exe has the ability to delete your files, it can't be scripted to do so by a shell script, SendInput() API calls, etc.)
- default setting of processes being unable to access the networking subsystem, or processes having access to TCP ports on a per-port basis (ACL subsystem becomes a firewall)
- only process x can alter ACL information
- etc.

The issue I have with assigning rights on a per-user granularity is that once you're running under a user's credentials, you can do *anything* they can surreptitiously. Running as an unprivileged user, an exploit in Firefox will still let it hose your profile, start up trojans under the user's login and anything else. If the Firefox process itself is prevented from spawning read/write/delete/execute actions anywhere but a set of temporary and incoming directories, it's almost bullet-proof.

Are there any operating systems out there with per-user AND per-process ACLs? If not why not? Are there glaring issues I'm missing? I don't want to have to make a "firefoxuser" login that has everything disabled apart from read-only access to Firefox.exe and write-only to a temp directory somewhere, then do something similar for EVERY other program, I want to be able to constrain a program itself regardless of the user running it.

Single Point of Failure

[kafka47]

I just shake my head when I see this stuff. If they are angling this as Security's answer to "Web 2.0", then perhaps they should start by examining what Web 2.0 is supposedly about. Stuff like web services and aggregation, arguably important pieces of this mythical beast, make *everyone* a content provider on the Internet. And Symantec is intending on having us run a service that gates that content?

This is Symantec's big push... in the wrong direction.

/K

Re:Genesis?

[ForumTroll]

I'm well aware that other operating systems also have security flaws and I concede that there is no operating system that is completely safe. However, the architecture and coding practices of the other operating systems I mentioned make it much easier to avoid flaws altogether and also make it much easier to locate the flaws and correct them. Being required to run Windows as administrator for many applications to work is just one simple example of extreme neglect for security. And yes this is partially the fault of Windows developers, however it's also largely Microsoft's fault for not teaching or enforcing developers using their platform to use sane security practices since day one.

I completely agree that all systems have flaws, but some have a lot more than others and also have an architecture and development process that make it much harder to find and eliminate these flaws.

So they'll stop selling their own stuff...

[geobeck]

...and sell Trend Micro Internet Security [trendmicro.com] instead?

I've been using Trend Micro for the last couple of years. It's already got the full meal deal Symantec is promising, and it's actually updated in near-real-time (every three hours).

Funny...

[xlsior]

In my experience over the past couple of years, there are few PC 'optimizations' as effective as uninstalling Symantec antivirus, firewall, spamfilter and associated applications..

It is absolutely *astounding* the percentage of techsupport calls coming in at an ISP helpdesk are the direct result of a malfunctioning Symantec application. Especially Norton Antivirus -- after a while, you almost start to suspect that Symantec released that program as a practical joke.

McAfee is a distant second, while AVG and Avast rarely cause any problems. It's amazing how many problems, lock-ups and corrupted email problems magically disappear simply by uninstalling Norton Antivirus and installing the free version of AVG instead.

Somehow, I am rather sceptical that things will get better by them slapping their entire product line in a single box, and trying to cram in a pony on top of it. Jack of all trades, master of none.

Re:Genesis?

[lifeisgreat]

You can hack it in by making a user for every program, but I don't think that should be necessary. Besides, who'd want to do that? And also, there's still a lot of privileges that existing security models don't support - i.e. what if I don't want program P to be able to access the network apart from port 80? Then I need an additional tool to the existing OS security subsystem, whereas there's no reason that the networking stack shouldn't be considered an object with an ACL, like a registry key or a directory.

I believe the OS should automatically treat every process as a privilege-less user (that is, can access and do nothing). a standard for delimiting access rights should be stored as a manifest for the program for easy setup from trusted distributors, such that you'd get say iexplore.exe, right-click iexplore.acl, "Assign Rights", and you'd have a browser configured that can only do those actions set out in iexplore.acl. Such as, read only access to itself and its own directory, write access to an incoming files directory, read/write to its own registry key and the temp folder, outgoing network access to tcp port 80, and that's it. It shouldn't be allowed to spawn child processes, read system information like hostname, username, usergroup, OS version, and it can't because all those permissions were absent from iexplore.acl (but can of course be assigned).

I just can't stand the idea of a process having all the abilities of its running user with no way to limit them. The only workaround is creating more users and groups, numbering in the hundreds for any usable installation.

Re:Internet Security

[donaldm]

It never ceases to amaze me that people buy an Operating System (you really do one way or another) and then have to buy software to keep malware and other nasties out. At least with Unix/Linux OS's you can get security updates for the OS and in may cases, unless you have a subscription (good value for large corporations and even some small business) it can be free.

To actually require virus protection is really a damming indictment of the Operating System and yet Business actually spend billions of dollars a year on this rather than look at other OS's and yes I do know the excuses and they IMHO are very short sighted (rather like lemmings).

Excellent site for Business doublespeak. http://www.bullshitbingo.net/cards/bullshit/ [bullshitbingo.net]

Re:Genesis?

[Jedi_Knyghte]

I asked thier tech support several times (after having to reinstal one of thier products and reactivating it because of an upgrade or it just stoped working)

Yup. I quit using Norton after it randomly deactivated itself repeatedly and then told my activation count was used up and I'd have to talk to tech support--and this was after I installed the patch that was supposed to fix it. AVG free all the way now, and cross off one hitherto faithful and satisfied customer.

The only solution is to use best-of-breed

[tkrotchko]

Norton stuff seems to be king of the "We'll change your computer all around just for our software and it will run slower" manufacturers.

Over the years, I've developed best-of-breed for myself. You probably have others you like:

1) Firewall - Sygate. Doesn't try to do too much which is good because its small, fast, and it's easy to reconfigure to do pretty much anything. Oh, it's free, too. I can see why Symantec bought it and killed it.

2) Anti-Virus - AVG is the only virus protection I've used that doesn't bog down the computer. And it's cheaper than Symantec too. I think the only reason it doesn't get rated higher by magazines is they like suites that throw in the kitchen sink. I like small utilities that work well.

3) Anti-spyware - Webroot Spysweeper. It has worked consistently well for 2-3 years now.