ISS Advisor Forum Index ISS Advisor
This enthusiast site is run by people who protect their networks with RealSecure Protection platform.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Symantec Admits Failure
Goto page 1, 2  Next
 
Post new topic   Reply to topic    ISS Advisor Forum Index -> Antivirus
View previous topic :: View next topic  
Author Message
joey



Joined: 01 Feb 2003
Posts: 17
Location: California

PostPosted: Fri Feb 07, 2003 1:26 am    Post subject: Symantec Admits Failure Reply with quote

[b]Symantec Admits Failure - Oops![/b] They do not want you to see this.

SQL Slammer was one of the worst most recent worms. It crashed huge networks, including over 10,000 bank ATM's.

Despite the big perception that anti-virus software catches worms, [u]the reality is it does not[/u]. Worms can completely by-pass antivirus and the public is not being informed. They are being misled. :evil:

[b]Symantec's[/b] mega marketing machine actually acknowledged [b]a major failure in their main anti-virus product[/b].

[img]http://www.issadvisor.com/images/articles/symslam.png[/img]

[i]The first paragraph shows that anti-virus is flawed against worms. [/i]

They have since [color=red]removed any facts[/color] from their [url=http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html]SQL Worm Advisory [/url]on their Symantec website and try to hide the fact that their Traditional Anti-Virus can't detect or stop this worm.

Both [b]Network Associates [/b]and [b]Symantec[/b] are burying the [color=green]TRUTH[/color] that [color=darkred]TRADITIONAL ANTI-VIRUS IS NOT ENOUGH.[/color]

With [color=blue]vulnerability scanners[/color], administrators could determine whether and where their MS SQL databases were vulnerable. By finding the vulnerable MS SQL DB, they could apply patches. With [color=blue]Intrusion Detection Systems[/color]/[color=blue]Intrusion Prevention [/color](IDS/IPS), they could detect and stop the worm and any varient that uses that vulnerability. At last resort, the firewalls could block the vulnerable database ports completely, as long as the database was not needed.

Anti-Virus offers no protection against these worms! Over time, worm writers will continue to exploit this opportunity while the public continues to have a false sense of security.
Back to top
View user's profile Send private message
bish_of_oneiros



Joined: 07 Feb 2003
Posts: 2

PostPosted: Fri Feb 07, 2003 11:14 am    Post subject: The truth Reply with quote

Hi all,

First off I am an NAI employee, there I said it.

Second off, NAI did not bury the truth at all about this or any other worm, if we detect it we say we do, if traditional virus scanners can't detect it, then we say that too, just check out the vil.
We do have products that can detect the vulnerability (ThreatScan) detect and block the worm (Sniffer & Desktop Firewall), and a FREE download that can detect and clean this threat (Stinger).

It's all in vil.nai.com, facts.
Back to top
View user's profile Send private message
joey



Joined: 01 Feb 2003
Posts: 17
Location: California

PostPosted: Fri Feb 07, 2003 11:58 am    Post subject: Anti-Virus claiming that their anti-virus can't stop it. Reply with quote

Ok, It sounded like you said that on [url=http://vil.mcafee.com/dispVirus.asp?virus_k=99992]NAI's SQL Wormer advisory[/url], it lets you know that NAI's McAffee's main anti-virus program did NOT detect and stop it.

I doublechecked. It has no such information. As most users, if I read it, I would assume that my NAI Anti-Virus would detect the SQL Worm, since it's not clear it can not. It does tell you that you must buy Sniffer, ThreatScanner, and download a totally seperate "antivirus" program Stinger, in order to detect and remove it. It basically tells you have to do everything, EXCEPT it forgets to mention a really big problem: [b] McAffee's main Antivirus program does not work. [/b]

Symantec atleast actually said that traditional anti-virus products do not work on the SQL Worm for a short period of time. Obviously, someone figured out that anti-virus sales would not be as big if that stayed on their web site.

You probably will not see this big vulnerability in anti-virus products posted on Symantec's Bugtraq mailing list anytime soon either. Despite that, hopefully the word will get out, that anti-virus fails against worms.

Please share a link to this page with others in the security community to not rely just on anti-virus, if they have the wrong assumption.
Back to top
View user's profile Send private message
bish_of_oneiros



Joined: 07 Feb 2003
Posts: 2

PostPosted: Fri Feb 07, 2003 12:06 pm    Post subject: Reply with quote

Are you saying that the line saying

"DAT required: Stinger"

and the removal instructions which do not mention VirusScan at all are not enough to tell you that VirusScan does not currently detect this worm?

Surely the removal instructions on vil.nai.com only agree with your statement "Traditional Anti Virus is not enough". As the threat evolves so does the protection and vice-versa.

That is why NAI make a range of products designed to detect, block or neutralise threats on many different levels.

To say the truth is being 'hidden' is all a little X-Files isn't it?

Please remember that although I work for NAI, the views I express here are entirely my own and I do not speak for the company in any way.
Back to top
View user's profile Send private message
joey



Joined: 01 Feb 2003
Posts: 17
Location: California

PostPosted: Fri Feb 07, 2003 12:19 pm    Post subject: Traditional AntiVirus is Broken Reply with quote

Bish, No, I do not think that "DAT required: Stinger" would tell the general public that their traditional antivirus that they expect to fix their virus and worms problems DOES NOT WORK.

If you are assuming that non-virus experts can decrypt your advisory and Symantec's advisory, it is a bad assumption. It should say upfront, "for those that rely on traditional anti-virus, this does not fix the current worms affecting the Internet. " That is very clear and easy to understand. Symantec obviously had initially said it upfront, but somehow and for some reason, they removed it. I WONDER WHY... They are not disclosing this MAJOR PROBLEM to their anti-virus customers.

Anyone else agree that this information should be made more clear to potential users of anti-virus?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    ISS Advisor Forum Index -> Antivirus All times are GMT - 5 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group