Symantec has bad FP

"A routine update from Symantec Security Response wreaked havoc on a California company's clientele this week when it inadvertently tagged a program produced by Solid Oak Software as a virus and cut off the Internet access of Solid Oak customers.

Symantec on Monday released a virus definition update that incorrectly identified Solid Oak's CyberSitter filtering program as a virus. Depending on the version of Symantec's Norton Antivirus product that Solid Oak customers were running, CyberSitter files were either deleted or banned from use by Norton, according to Solid Oak.

Customers, which include schools, libraries and personal accounts, were not provided with a recovery mechanism and subsequently lost Internet access. Solid Oak did not have an exact number of those affected, but it likely numbers in the tens of thousands, according to a spokeswoman.

Customers have had to re-install entire operating systems and software, she said. "

What's almost worse is that Symantec had to be prodded into setting up a hotline for help which they promptly abandoned the next day. Plus, this is not the first time Symantec has alerted falsely on Solid Oak software.

Time was when Symantec enjoyed, along with NOD32, the reputation of having the least FP's of all AV. Not anymore.

http://www.pcmag.com/article2/0,1759,2229576,00.asp

 

The Symantec FP usually makes to the headlines, wonder why? Because it's one of the biggest Security solution vendor in the world!!! And it's update interval is much longer than other smaller products such as Kaspersky, Avira, Bitdefender, Dr.web etc. One of these AV flags a normal file to be FP and it usually gets fixed by the next update which is within minutes/hours. I have seen multiple FP with Kaspersky flagging Winrar's file and notepad.exe of windows to be trojan, but it's resolved promptly. Someone must be in their hot seat in the Virus Definition QA deparment of Symantec.

 

Well then, that does change my outlook or knowledge of things. A FP can be as deadly as a virus, maybe even deadlier from a cost stand point. So AV vendors with low or none, as Eset, do have something to cheer about. Even one, as this one, wrecked havoc. But I dont have to worry about that either.

 

... Doesn't Norton's have a Backup/Quarantine folder?

Yes, Norton gets burnt for its FPs because so many individuals and businesses/organizations use it.. smaller AVs get away with it and don't hit the headlines because less people use it, so it'll do less damage as a whole... and they tend to issue updates more frequently, so the FP gets fixed quickly and often goes unnoticed by users.

 

but over the whole year Norton get's fewer FP than the others, it's that simple...

 

but have also been in the news due to this one and the one in China.

 

why is it so easy to beat a Norton?, too popular. The other month when it rated out tops in detection it was the flavor of the month. Now it's back to beating Norton & that's unfair. AV venders not only put in FP but miss real trojans etc (Nod32) but their not as big so don't get news reports. Norton does not get a fair shake as a very good product that does protect peoples machines. Don't toss stones unless what you use is perfect...

 

I agree totally with what you are saying. The bigger you are, the more chances you have of something going wrong. The price I guess of prosperity. So you are right about Norton and it is very good. I was just trying to point out the fact of FPs being bad for any vendor.

And what I use is pretty close to perfect.

 

Norton does have a Quarantine folder. All one needs to do is to restore the file(s) and report the FP to Symantec. This can be done all from the same window (in '08 anyway).

The rest of your post echos my thoughts as well.

 

Thought it will... looks like PCmag's report took stuff well over the top then... either that or the admin's aren't too intelligent and just reinstalled the entire operating systems!

And I wouldn't call this "worse than any virus" (as title in PCmag says)... that's simply rubbish, its simple to rectify the problem this FP caused rather than rectifying the problems viruses cause!

 

of course its taken over-the-top, simply because its Norton.

whats the point of quarentine?...... exactly!

plus, Norton is (by far...) the lowest FP-detector.

so, take it as you will.

 

Dawgg, here is a post I did back in September showing Quarantine and it's options (in this case I definitely did not want to restore this file, lol).

This seems to be more about people who doesn't know how to operate their security software than anything else.

 

It would seem that this is a particularly unfortunate piece of code to falsely trigger a quarrantine/removal. It sounds like a Parental Control software was removed, rendering the system unable to connect to the Internet (although I'm not sure that such would automatically be the case it's what the article implies).

So you'll end up with panicky end users, some of whom no doubt conclude that their machine has been rendered mute by a virus attack or similar. And if they are also shut out from using their Internet connection to research or try and remedy the problem it's all going to turn into a big stick real fast.

Remember that lots of folks are unlike most of us. They can't use one of the four or more other unaffected computers on two or three alternative Internet links that they have access to for various reasons. They might be sitting there staring at their one and only computer on their sole Internet access point and unable to imagine anything to do other than dial the phone for help.

 

Brent, those are good points. It is hard to remember that a lot of people has no understandings about working with a computer.

In the case of the Chinese FP, however, Quarantine wouldn't help because XP would not boot up without the .dll files that Symantec had deleted.

 

more info from: http://news.yahoo.com/s/zd/20071206/tc_zd/221141;_ylt=A0WTcVSHAllHK0YAFyAjtBAF
"On December 5, Symantec moved the detection of an application called CYBERsitter from trackware into a new category called parental controls. Both categories are considered security risks, and Symantec provides its customers with the option of allowing the technology to function as intended or blocking it. During the category switch, behavioral technology in Symantec products detected CYBERsitter as Bloodhound.unknown and restricted Internet access."

 

yehh, chinese one was bad, this is minuscule.. totally blown out of proportion

 

but it is the old shoot yourself in the foot syndrome. We all here know Norton is a very good product. But everyone effected by this will sour on it and tell all their friends. So it doesnt matter that it is 1 FP, what matters is the perception these folks will have from that day forward of Norton.

 

Interesting IBK, I wondered why "Parental Controls" was showing up in the list including dialers, jokeware, etc in the settings.

Symantec seems to be always in those "damned if you do and damned if you don't" situations.

 

I Think Symantec's Norton AV is the best Product of all products in the market. The FP caused was not so bad that you need to reimage the whole machine. Network admins should be smart enough for such goofups
I have been using Norton for 3-4 years now and did not have a single virus on my PC. Thumbs up to Norton

 

Careful, it appears that there is an obvious bias when it comes to threads regarding FP's.

https://www.wilderssecurity.com/showthread.php?t=195324

 

I noticed that too, easy to kick Norton but not Kaspersky?, same rules needs to be applied to all AV companies...

 

Just so this thread is not taken any further off topic with wrong assumptions concerning the thread closure referenced, it was closed not because the FP report but for the approach taken in presenting the thread. The approach taken was removed.... "~Comment removed. - Ron~" and the thread was closed.

Let's now continue with this threads discussion and despense with incorrect uses of words like "bias" or off topic open forum comments concerning thread closures Please.

Thanks,
Bubba

 

As far as I am concerned I believe I would rather be "safe than sorry".

 

I think it was a bit surprising to see two bad FP's from Symantec in the last six months because before that Symantec was the AV everyone pointed to as the AV with the LEAST number of FP's and it was partly for this reason that the corporate edition has been so popular.

I certainly am not "picking on" Symantec and ignoring other vendors who have FP's. I use Avira and I have been particularly harsh on them for all their FP's. However, to see the leader in the fewest number of FP's fail rather spectacularly twice recently is perturbing news.

 

if i was sooo worried with FP's, who would i choose?

even with these 2, i would still (without any doubt) go and purchase a NIS licence.

it should be noted though, that these 2 were very quickly fixed.

fact of the matter is, anything happens with symantec and people just love to jump on the bandwagon, same with all big companys,sports teams etc.

people love to hate the winners, its a fact of life.