Symantec's Genesis to Usher in a New Age of Trust? 275
eldavojohn writes "Symantec has announced that they will be creating a massive security package called Genesis. Semantec has set their goal to 'Security 2.0' which is proposed to be
'a new age of trust on the Internet.' From the article: 'Symantec plans a one-stop software service tying together anti-virus, anti-spam, firewall and a host of other PC optimization technologies...' This is certainly something the common computer user could buy instead of having to fork over cash for every component. I don't think I'll be purchasing it though."
with vista (Score:2, Interesting)
Optimization Technologies? (Score:5, Interesting)
So when did anti-virus, anti-spam, and a firewall become optimization technologies? My computer seems to run slower with these things installed.
bloatware (Score:5, Interesting)
I stopped using Symantec for AV a while ago. But home users will still buy this for the same reason they buy a dishwasher with 19 different settings when all they ever use is the pots and pans setting.
Age of trust???? (Score:5, Interesting)
Personally, after seeing Symantec corp take 2 weeks to release the definitions for a keylogger a customers network had...All symantec products I have out there are going to go away.
My choices are getting narrowed down quickly. McAfee lost out a few years back with the Nimda virus and failing to return phone calls....at all, not just late by a few hours or even a few days, a week later I heard from them. By that time I had already moved on since more than half my customer base was infected the DAY of the outbreak, not a week later.
But then, both of those 2 are really good at annoying the ever loving crap out of a user, which inturn causes the user to ignore all those little popups. I've even been guilty of it because I see them like 80 times a day. JUST DO YOUR JOB! You don't have to tell us what a wonderful job you are doing, just tell us when you need us to do something.
well, it's nice to see (Score:4, Interesting)
all they need are the sharks with frickin' laser beams and some wagnerian operas playing in the background and symantec's domination of teh intarweb is complete
grandiose schemes like this should signal to someone that they need some medication
it's one thing to think big, it's another thing to think RIDICULOUSLY DRAMATICALLY HUGE! (cue gong)
Re:Genesis? (Score:5, Interesting)
I havn't been fond of thier products since thier 2003 versions. I asked thier tech support several times (after having to reinstal one of thier products and reactivating it because of an upgrade or it just stoped working) why all the systems I install thier AV or internet securities sweet on run so slow and they told me it was because "it is a complicated program","thats how you know it is working" and get this "microsoft slows it down because microsoft is coming out with an antivirus soon".
Some nerve! (Score:5, Interesting)
If the guys at Symantec/Norton think I'm EVER going to install/recommend ANY of their products EVER again, they're still smoking the same stuff that they were smoking when they thought that root-kitting all their customers was a good idea in the first place.
Hey Symantec - PUT THE CRACK PIPE DOWN AND BACK AWAY SLOWLY!!!!
2 cents,
Queen B
Re:Genesis? (Score:2, Interesting)
I think there's a real need for extending the Windows ACL system even further than it already is to encompass programs as well as users - that way the built-in security subsystem could be utilized instead of ever-more hacks. I want to be able to bring up a property sheet and say:
- process x can't write to directory tree y, even if the running user z has write access there (so only, say, MS Word can write to
- process x can't be controlled via automated means (so that if only Explorer.exe has the ability to delete your files, it can't be scripted to do so by a shell script, SendInput() API calls, etc.)
- default setting of processes being unable to access the networking subsystem, or processes having access to TCP ports on a per-port basis (ACL subsystem becomes a firewall)
- only process x can alter ACL information
- etc.
The issue I have with assigning rights on a per-user granularity is that once you're running under a user's credentials, you can do *anything* they can surreptitiously. Running as an unprivileged user, an exploit in Firefox will still let it hose your profile, start up trojans under the user's login and anything else. If the Firefox process itself is prevented from spawning read/write/delete/execute actions anywhere but a set of temporary and incoming directories, it's almost bullet-proof.
Are there any operating systems out there with per-user AND per-process ACLs? If not why not? Are there glaring issues I'm missing? I don't want to have to make a "firefoxuser" login that has everything disabled apart from read-only access to Firefox.exe and write-only to a temp directory somewhere, then do something similar for EVERY other program, I want to be able to constrain a program itself regardless of the user running it.
Single Point of Failure (Score:3, Interesting)
This is Symantec's big push... in the wrong direction.
Re:Genesis? (Score:3, Interesting)
I completely agree that all systems have flaws, but some have a lot more than others and also have an architecture and development process that make it much harder to find and eliminate these flaws.
So they'll stop selling their own stuff... (Score:2, Interesting)
...and sell Trend Micro Internet Security [trendmicro.com] instead?
I've been using Trend Micro for the last couple of years. It's already got the full meal deal Symantec is promising, and it's actually updated in near-real-time (every three hours).
Funny... (Score:2, Interesting)
It is absolutely *astounding* the percentage of techsupport calls coming in at an ISP helpdesk are the direct result of a malfunctioning Symantec application. Especially Norton Antivirus -- after a while, you almost start to suspect that Symantec released that program as a practical joke.
McAfee is a distant second, while AVG and Avast rarely cause any problems. It's amazing how many problems, lock-ups and corrupted email problems magically disappear simply by uninstalling Norton Antivirus and installing the free version of AVG instead.
Somehow, I am rather sceptical that things will get better by them slapping their entire product line in a single box, and trying to cram in a pony on top of it. Jack of all trades, master of none.
Re:Genesis? (Score:1, Interesting)
I believe the OS should automatically treat every process as a privilege-less user (that is, can access and do nothing). a standard for delimiting access rights should be stored as a manifest for the program for easy setup from trusted distributors, such that you'd get say iexplore.exe, right-click iexplore.acl, "Assign Rights", and you'd have a browser configured that can only do those actions set out in iexplore.acl. Such as, read only access to itself and its own directory, write access to an incoming files directory, read/write to its own registry key and the temp folder, outgoing network access to tcp port 80, and that's it. It shouldn't be allowed to spawn child processes, read system information like hostname, username, usergroup, OS version, and it can't because all those permissions were absent from iexplore.acl (but can of course be assigned).
I just can't stand the idea of a process having all the abilities of its running user with no way to limit them. The only workaround is creating more users and groups, numbering in the hundreds for any usable installation.
Re:Internet Security (Score:2, Interesting)
To actually require virus protection is really a damming indictment of the Operating System and yet Business actually spend billions of dollars a year on this rather than look at other OS's and yes I do know the excuses and they IMHO are very short sighted (rather like lemmings).
Excellent site for Business doublespeak. http://www.bullshitbingo.net/cards/bullshit/ [bullshitbingo.net]
Re:Genesis? (Score:2, Interesting)
Yup. I quit using Norton after it randomly deactivated itself repeatedly and then told my activation count was used up and I'd have to talk to tech support--and this was after I installed the patch that was supposed to fix it. AVG free all the way now, and cross off one hitherto faithful and satisfied customer.
The only solution is to use best-of-breed (Score:3, Interesting)
Over the years, I've developed best-of-breed for myself. You probably have others you like:
1) Firewall - Sygate. Doesn't try to do too much which is good because its small, fast, and it's easy to reconfigure to do pretty much anything. Oh, it's free, too. I can see why Symantec bought it and killed it.
2) Anti-Virus - AVG is the only virus protection I've used that doesn't bog down the computer. And it's cheaper than Symantec too. I think the only reason it doesn't get rated higher by magazines is they like suites that throw in the kitchen sink. I like small utilities that work well.
3) Anti-spyware - Webroot Spysweeper. It has worked consistently well for 2-3 years now.