Status
Not open for further replies.

itadakimasu

Distinguished
Jul 16, 2008
102
0
18,630
I've run into yet another instance of symantec doing what it does best... and that is suck.

When one of my users emails me saying they have a virus... I hope for the best, maybe it's just a spoof IE pop up or something harmless. We spend $2000 per year on our symantec endpoint security renewal so... hell, it should work right?

WRONG. I spent 30 minutes messing with this girls computer and had to grab a spare computer to put her on because it's going to take a good amount of time to get her system back up and running without this Personal Anti virus BU#$@*U( which has disabled task manager and regedit from running.


When I have a virus, my first course of action shouldn't be to install another anti virus product if i already have one that cost $2000. Symantec sucks... that is the point of this thread. Your product is meaningless if it can't do it's job.

End Solution?

I'm switching to VIPRE by sunbelt software for $10 per seat for 50 seats. So instead of $2000 it's going to be $500 and it's actually going to work as opposed to this crap symantec is selling.
 

aford10

Distinguished
You can't pin it all on the AV. Nothing is going to catch everything. Users have to show some intelligence and discretion when on the net. Norton internet security 2009 is one of the best IMO. I've used Norton 360 for 2 years and haven't had any issues.

You can switch. That's your choice. That doesn't mean it'll be better.
 

itadakimasu

Distinguished
Jul 16, 2008
102
0
18,630
I installed Vipre and it found :

5 rogue security applications : fraudtool.win32 and advancedvirusremover
1 backdoor bot
2 trojans
33 traces of virtumonde adware/malware

We use opendns which helps some w\ people browsing to random internet sites.

Anyhow. Full scan w\ vipre antivirus+antispyware, reboot and everything is fine.

Symantec = "quarantine" reboot, infection still rampant.. popups all over the place, need to download another program to remove the infections !

This was the same thing w\ my moms computer last month... i think she was using norton 2007 or something and had a similar fake antivirus virus take over her system... loaded up vipre and bam... all better.
 

aford10

Distinguished
PC Magazine just did a review on Symantic. They scored very well in comparison to some of their competition.
http://www.pcmag.com/article2/0,2817,2343088,00.asp

"Symantec's antivirus engine gets very high marks from all the independent testing labs. Both West Coast Labs and ICSA Labs certify it for virus detection and cleaning; West Coast Labs adds checkmark certification for Trojan detection. Symantec has passed all of the last 10 Windows-based VB100% tests from Virus Bulletin—in fact, the last time it failed was in 1999. BitDefender, Kaspersky, and McAfee all failed to achieve VB100% in at least one of the last 10 tests; Trend Micro Internet Security Pro v2 no longer participates in this test.

Austrian test lab AV-Comparatives gave Symantec an ADVANCED+ rating (the highest) in its most recent eval of on-demand virus scanning. In the lab's proactive non-signature-based test, Symantec rated ADVANCED, with few false positives. Kaspersky matched those results while ESET flipped them—it got ADVANCED+ for proactive detection and ADVANCED for signature-based detection.

Magdeburg-based AV-Test rated Symantec Very Good (the highest rating) in four categories: detection of malware, low false positives, fast scanning, and fast response to new malware. It also rated Symantec Good for detection of adware/spyware and proactive detection of new, unknown threats. All of the other vendors I've reviewed scored Satisfactory or lower in at least one category. These independent labs results indicate that Norton 360's antivirus component is top-notch."
 

aford10

Distinguished
Kaspersky is good, but it's pricey, and there is better.
http://www.pcmag.com/article2/0,2817,2351578,00.asp

"Kaspersky detected 88 percent of the malware samples. That's decent, but the beta version of Norton Internet Security 2010 detected 97 percent. Kaspersky left behind many EXE files and tons of nonexecutable malware traces, scoring 6.7 of 10 possible points—a hair below average.

In a parallel test using commercial keyloggers, Kaspersky scored 1.6 points, even lower than the 1.8 attained by the beta of Microsoft Security Essentials. Fortunately for Kaspersky, I give much less weight to this test.

I broke out separate scores for removing rootkits (both malware and keyloggers) and scareware. The average in both cases is 5.6 points; Kaspersky came in below that with 5.1 points against rootkits and 3.0 points against scareware."
 
look at this
ico Online Armor Personal Firewall 3.5.0.14 99% 10+ Excellent GET IT NOW! pdf
ico PC Tools Firewall Plus 6.0.0.69FREE 99% 10+ Excellent GET IT NOW! pdf
ico Comodo Internet Security 3.11.108364.552FREE 97% 10+ Excellent GET IT NOW! pdf
ico Kaspersky Internet Security 2010 9.0.0.459 96% 10+ Excellent GET IT NOW! pdf
ico Outpost Firewall Free 2009 6.5.2724.381.0687.328FREE 93% 10+ Excellent GET IT NOW! pdf
ico Outpost Security Suite Pro 2009 6.5.4.2525.381.0687 92% 9 Excellent GET IT NOW! pdf
ico Online Armor Personal Firewall 3.5.0.14 FreeFREE 92% 10+ Excellent GET IT NOW! pdf
ico Jetico Personal Firewall 2.0.2.8.2327 89% 10+ Very good N/A pdf
ico Malware Defender 2.2.2 89% 10+ Very good GET IT NOW! pdf
ico Privatefirewall 6.0.20.14 88% 10+ Very good N/A pdf
ico Netchina S3 2008 3.5.5.1FREE 85% 9 Very good N/A pdf
ico ZoneAlarm Pro 8.0.059.000 72% 9 Good Not recommended pdf
ico Lavasoft Personal Firewall 3.0.2293.8822 67% 8 Good Not recommended pdf
ico Norton Internet Security 2009 16.2.0.7 66% 8 Good Not recommended pdf
 

itadakimasu

Distinguished
Jul 16, 2008
102
0
18,630
So, the system in question that prompted this thread was cleaned on thursday w\ Vipre. after rebooting and rescanning, nothing was found and all seemed well. I gave this poor girl her computer back mid way through thursday and I had friday off.

So, on friday somehow this girls computer is infected again... I don't know what happened because my co worker pulled it offline, and re-installed the old version of symantec we have because I guess she didn't remember where our new install is? idk... anyhow. I ran vipre and it came up w\ the Virtumonde again, and a new fake av program, or maybe it morphed... idk.

I didn't clean w\ vipre because I wanted a comparison w\ symatec. I did a full scan w\ symantec which today I see ran 411 minutes, almost 7 hours and found less than the 5 minute vipre quick scan. but anyhow, symantec said it had cleaned by deletion a few items and so I reboot only to find that the system is as infected, or maybe worse. Upon hitting ctrl alt del, the wallpaper is a poorly worded warning that the computer is infected " Your're computer is infected!" your're, really?

booting into safe mode at this point yields a blue screen of death! nice. After a couple reboots I managed to get task mgr opened fast enough and open msconfig to stop all startup programs and rebooted again and that's where I'm at now. Vipre is running a full scan and has found :

Virtumonde - 25 traces
Trojan-Spy.Win32.Zbot.gen -1
PersonalGuard2009 - 3

I'm going to let vipre do its thing AGAIN... and see where we're at. This system has already passed it's antivirus life cycle w\ me though... if I spend any more time messing w\ viruses on it I may as well just reinstall windows as it will be quicker and I can be pretty sure everything is working fine.
 

itadakimasu

Distinguished
Jul 16, 2008
102
0
18,630
so... finally got to talk to my co-worker and she was saying that she tried to do "clean all" but "it" told her it was not licensed....

so now I'm left assuming that she was trying to use the fake av program LOL jesus....
 

itadakimasu

Distinguished
Jul 16, 2008
102
0
18,630
I agree. But I needed to rant at the time I created this thread. I just think that for the amount of money we paid for the symantec endpoint, that it should be more effective. I shouldn't have to download free ware or other AV programs if I've got one that I paid $2000 for.

I just got a new quote from vipre today. $1095 for 3 years (50 licenses) + 50 licenses for home users so employees can also put it on their home computers.... compared to $2000 per year for symantec this is just phenomenal.
 

aford10

Distinguished
Not a bad deal....

I would caution tho, I've seen AV's throw up this list of malware that they've found and it was all BS. It just makes them look better if they find some pretend malware and clean it up.

Not saying Vipre is, just throwing that out there.
 

Tristor

Distinguished
Feb 5, 2010
1
0
18,510
I found this thread while looking for a comparison between the Trojan detection and removal abilities of SEP and competing products from other vendors. Unfortunately, I have to agree with the assessment, but upon further research I have found that the competitors are not much better and are in many cases worse.

We've been a Symantec shop for years (and are a rather large installation), and I've begun to see more and more infections occur which aren't caught by either SEP or SMSFE (if infected via mail) which are removed within 20 minutes by a quick scan using Malwarebytes Anti-Malware or other free tools.

This is pretty upsetting to me, but I'm at least assured after doing all this research today that Symantec has the best enterprise level product available. It doesn't make it suck any less when it fails to do its job... but I can't really see that I would get better results with McAfee, Kaspersky, or other vendors.

In the mean time I'm considering buying licenses for every system for MBAM to use it's resident monitoring, but first I'm going to set up a test desktop to make sure SEP and MBAM don't interfere.
 

btk1w1

Distinguished
Oct 13, 2008
173
0
18,660
The re-infection might be coming from the restore points (if they are enabled), Virtumonde / Vundo (and variants) can write themselves to and re-emerge from system restore.

This malware has beaten numerous AntiVirus programs (chances are probably them all) but there are a couple of freeware antispyware applications which have numerous Vundo signature files and are updated very frequently. SUPERAntiSpyware and Malwarebytes' Anti-Malware have had most success and do best when run in "Safe Mode" ( Malwarebytes' Anti-Malware should be installed in "Safe Mode with networking" and be allowed to update immediately). Malwarebytes' Anti-Malware is also able to scan and remove infection from the restore points.

The malware most commonly uses exploits to infect so after the system is cleansed it is best to flush all restore points (then re-enable "System Restore") and check if Java is up to date. If it isn't uninstall all old versions and intall the latest offering.
 

wolfy67

Distinguished
May 21, 2010
1
0
18,510
I agree Symantec & Norton Sucks!

However I know a shortcut that well lit u in to remove Symantec & have ur PC back in ur Control.
First try to uninstall norton through add & remove in the Control Panel. Afterward
Boot ur PC up in Safemode Then goto the Common Folder in Programs & Delete the Symantec folder. U can even use Restore from safe mode. It worked 4 me
 
G

Guest

Guest
I realize this is a rather old topic, but, having some experience in the testing and certification industry, I felt the need to chime in regarding the PC Magazine quote above.

When a testing body certifies a product for detection and cleaning, you have to realize a few things: Detection simply means that if a threat exists, that the AV product is required to acknowledge its presence. This *technically* means that even if a virus or piece of malware is logged quietly, and even if no action is taken, detection has been satisfied. The virus doesn't even really need to be accurately categorized, since there is a lot of controversy regarding the definition of words such as "trojan, virus, malware," etc. This would be worst case scenario, as typically when a threat is logged it is also dealt with effectively, though it's a relevant point for illustrative purposes.

Cleaning is another misleading term. Cleaning usually means that if an executable (such as notepad.exe) is infected with a piggy-back style (file infector) virus, that the virus is removed from that .exe, and nothing else. Historically, this also means that macro viruses are removed from spreadsheets while keeping the original data intact. Cleaning does not necessarily mean that all traces of malware (such as droppers, supporting libraries, or even registry entries) are removed from a compromised system (though some AV products perform these feats better than others).

Lastly, certification has nothing whatsoever to do with whether or not a product "sucks." Real world performance, relating to system resource consumption, time required to run scans, or even how well the UI is designed, is not factored at all in the testing process. There do exist testing organizations will provide this sort of service, though it should be noted that these tests are entirely unrelated to a scanner's ability to detect threats.

If you want my opinion, all virus scanners suck in one way or another. Want a real solution? Migrate to a Mac or Linux environment and sleep easy.
 
Status
Not open for further replies.