Symantec has bad FP

Discussion in 'other anti-virus software' started by Mele20, Dec 7, 2007.

Thread Status:
Not open for further replies.
  1. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    "A routine update from Symantec Security Response wreaked havoc on a California company's clientele this week when it inadvertently tagged a program produced by Solid Oak Software as a virus and cut off the Internet access of Solid Oak customers.

    Symantec on Monday released a virus definition update that incorrectly identified Solid Oak's CyberSitter filtering program as a virus. Depending on the version of Symantec's Norton Antivirus product that Solid Oak customers were running, CyberSitter files were either deleted or banned from use by Norton, according to Solid Oak.

    Customers, which include schools, libraries and personal accounts, were not provided with a recovery mechanism and subsequently lost Internet access. Solid Oak did not have an exact number of those affected, but it likely numbers in the tens of thousands, according to a spokeswoman.

    Customers have had to re-install entire operating systems and software, she said. "

    What's almost worse is that Symantec had to be prodded into setting up a hotline for help which they promptly abandoned the next day. Plus, this is not the first time Symantec has alerted falsely on Solid Oak software.

    Time was when Symantec enjoyed, along with NOD32, the reputation of having the least FP's of all AV. Not anymore.

    http://www.pcmag.com/article2/0,1759,2229576,00.asp
     
  2. R8y

    R8y Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    33
    Location:
    South Africa
    The Symantec FP usually makes to the headlines, wonder why? Because it's one of the biggest Security solution vendor in the world!!! And it's update interval is much longer than other smaller products such as Kaspersky, Avira, Bitdefender, Dr.web etc. One of these AV flags a normal file to be FP and it usually gets fixed by the next update which is within minutes/hours. I have seen multiple FP with Kaspersky flagging Winrar's file and notepad.exe of windows to be trojan, but it's resolved promptly. Someone must be in their hot seat in the Virus Definition QA deparment of Symantec.
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Well then, that does change my outlook or knowledge of things. A FP can be as deadly as a virus, maybe even deadlier from a cost stand point. So AV vendors with low or none, as Eset, do have something to cheer about. Even one, as this one, wrecked havoc. But I dont have to worry about that either.;)
     
  4. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    ... Doesn't Norton's have a Backup/Quarantine folder?

    Yes, Norton gets burnt for its FPs because so many individuals and businesses/organizations use it.. smaller AVs get away with it and don't hit the headlines because less people use it, so it'll do less damage as a whole... and they tend to issue updates more frequently, so the FP gets fixed quickly and often goes unnoticed by users.
     
  5. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    but over the whole year Norton get's fewer FP than the others, it's that simple...
     
  6. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    but have also been in the news due to this one and the one in China.
     
  7. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    why is it so easy to beat a Norton?, too popular. The other month when it rated out tops in detection it was the flavor of the month. Now it's back to beating Norton & that's unfair. AV venders not only put in FP but miss real trojans etc (Nod32) but their not as big so don't get news reports. Norton does not get a fair shake as a very good product that does protect peoples machines. Don't toss stones unless what you use is perfect...
     
  8. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I agree totally with what you are saying. The bigger you are, the more chances you have of something going wrong. The price I guess of prosperity. So you are right about Norton and it is very good. I was just trying to point out the fact of FPs being bad for any vendor.

    And what I use is pretty close to perfect.;)
     
  9. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Norton does have a Quarantine folder. All one needs to do is to restore the file(s) and report the FP to Symantec. This can be done all from the same window (in '08 anyway).

    The rest of your post echos my thoughts as well.
     
  10. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Thought it will... looks like PCmag's report took stuff well over the top then... either that or the admin's aren't too intelligent and just reinstalled the entire operating systems!

    And I wouldn't call this "worse than any virus" (as title in PCmag says)... that's simply rubbish, its simple to rectify the problem this FP caused rather than rectifying the problems viruses cause!
     
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    of course its taken over-the-top, simply because its Norton.

    whats the point of quarentine?...... exactly!

    plus, Norton is (by far...) the lowest FP-detector.

    so, take it as you will. :blink:
     
  12. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Dawgg, here is a post I did back in September showing Quarantine and it's options (in this case I definitely did not want to restore this file, lol).

    This seems to be more about people who doesn't know how to operate their security software than anything else.
     
  13. Brent Hutto

    Brent Hutto Registered Member

    Joined:
    Dec 1, 2007
    Posts:
    72
    Location:
    South Carolina
    It would seem that this is a particularly unfortunate piece of code to falsely trigger a quarrantine/removal. It sounds like a Parental Control software was removed, rendering the system unable to connect to the Internet (although I'm not sure that such would automatically be the case it's what the article implies).

    So you'll end up with panicky end users, some of whom no doubt conclude that their machine has been rendered mute by a virus attack or similar. And if they are also shut out from using their Internet connection to research or try and remedy the problem it's all going to turn into a big stick real fast.

    Remember that lots of folks are unlike most of us. They can't use one of the four or more other unaffected computers on two or three alternative Internet links that they have access to for various reasons. They might be sitting there staring at their one and only computer on their sole Internet access point and unable to imagine anything to do other than dial the phone for help.
     
  14. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Brent, those are good points. It is hard to remember that a lot of people has no understandings about working with a computer.

    In the case of the Chinese FP, however, Quarantine wouldn't help because XP would not boot up without the .dll files that Symantec had deleted.
     
  15. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    more info from: http://news.yahoo.com/s/zd/20071206/tc_zd/221141;_ylt=A0WTcVSHAllHK0YAFyAjtBAF
    "On December 5, Symantec moved the detection of an application called CYBERsitter from trackware into a new category called parental controls. Both categories are considered security risks, and Symantec provides its customers with the option of allowing the technology to function as intended or blocking it. During the category switch, behavioral technology in Symantec products detected CYBERsitter as Bloodhound.unknown and restricted Internet access."
     
  16. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    yehh, chinese one was bad, this is minuscule.. totally blown out of proportion
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    but it is the old shoot yourself in the foot syndrome. We all here know Norton is a very good product. But everyone effected by this will sour on it and tell all their friends. So it doesnt matter that it is 1 FP, what matters is the perception these folks will have from that day forward of Norton.
     
  18. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Interesting IBK, I wondered why "Parental Controls" was showing up in the list including dialers, jokeware, etc in the settings.

    Symantec seems to be always in those "damned if you do and damned if you don't" situations.
     
  19. SYMReporter

    SYMReporter Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    1
    I Think Symantec's Norton AV is the best Product of all products in the market. The FP caused was not so bad that you need to reimage the whole machine. Network admins should be smart enough for such goofups:D
    I have been using Norton for 3-4 years now and did not have a single virus on my PC. Thumbs up to Norton :thumb:
     
  20. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
  21. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126

    I noticed that too, easy to kick Norton but not Kaspersky?, same rules needs to be applied to all AV companies...
     
  22. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Just so this thread is not taken any further off topic with wrong assumptions concerning the thread closure referenced, it was closed not because the FP report but for the approach taken in presenting the thread. The approach taken was removed.... "~Comment removed. - Ron~" and the thread was closed.

    Let's now continue with this threads discussion and despense with incorrect uses of words like "bias" or off topic open forum comments concerning thread closures Please.

    Thanks,
    Bubba
     
  23. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    421
    Location:
    Terre Haute, IN
    As far as I am concerned I believe I would rather be "safe than sorry".
     
  24. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I think it was a bit surprising to see two bad FP's from Symantec in the last six months because before that Symantec was the AV everyone pointed to as the AV with the LEAST number of FP's and it was partly for this reason that the corporate edition has been so popular.

    I certainly am not "picking on" Symantec and ignoring other vendors who have FP's. I use Avira and I have been particularly harsh on them for all their FP's. However, to see the leader in the fewest number of FP's fail rather spectacularly twice recently is perturbing news.
     
  25. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    if i was sooo worried with FP's, who would i choose?

    even with these 2, i would still (without any doubt) go and purchase a NIS licence.

    it should be noted though, that these 2 were very quickly fixed.

    fact of the matter is, anything happens with symantec and people just love to jump on the bandwagon, same with all big companys,sports teams etc.

    people love to hate the winners, its a fact of life.
     
Loading...
Thread Status:
Not open for further replies.