[MacTUG] Symantec LiveUpdate - configuring

Mike Patterson mpatterson at uwaterloo.ca
Tue Feb 8 09:42:36 EST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2011/02/08 9:06 AM, Donald Duff-McCracken wrote:
> Hi Mike, the issue was/is that when Symantec does an update, it requires admin username/password -- which obviously the lab users should not have ;-)

Ah, yes.

> So even if the updates were set frequently, there is not going to be any updates happen to the virus definitions, just frustrated users who have dialog boxes pop up that they cannot authenticate.  That is why that strategy was taken, as the updates were never going to happen anyhow.

It's like this: Symantec is signature-based. They, and other vendors,
will feed you a lot of stuff about how they use OMG THE LATEST ANOMALY
BASED HEURISTIC DETECTION ENGINE blah de blah, but really, they're all
signature-based.

I'm collecting stats - when I can get feedback from admins and help
desks - on how many times malware blows right through fully updated a/v.
It's not pretty.

If the Mac version is really mostly to save Windows users from you
passing on an infected file you got from another Windows user, you're
going to have the same issues with delayed signatures that we see on the
Windows side with SEP - that is, it might be blocking some stuff, but
I'll guarantee you it's missing more.

So, given this:

> Symantec is really not a great package on the mac, it is a terrible resource hog, and hard to administer

and infrequent signature updates (taking into account what I wrote
above), I'd say - and keep in mind I'm a security guy! - that you might
actually be better off without a/v installed.

And yep, in my past life I had to save more than one Mac from SAV going
sideways - a couple of "your OS is screwed, sorry, reinstall time"
incidents and several "remove SAV, fight, fight, reinstall SAV, fight"
incidents.

My suggestion is to track the time you spend fighting Symantec (or any
other package) vs how much work it actually saves you (in blocking
malware) and see if it seems worthwhile. I'd be happy to lend a hand
with this - it's quite literally my job.  ;)

> When that license comes up, I think we should request having a bit of input on Mac experiences with Symantec.

I hope so.

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1RVlwACgkQrqw9H9F0mCSrNwCaAvVwLqwiSJ9TvwJEvNDFLk4E
w2QAn20Gw9okGAj2pyuyToZsIRxTbKrD
=gXQf
-----END PGP SIGNATURE-----

More information about the MacTUG mailing list