[AccessD] Latest Outrage from Symantec

Jim Dettman jimdettman at verizon.net
Mon Apr 16 10:43:06 CDT 2012


 Problem is, the entire industry is heading towards reputation based
screening.  You can't keep up otherwise.

 I happen to clean-up a virus incident at one of my clients last week and as
part of that ran Spybot Search and Destroy; it's now up to 812,000 items it
checks for and the scan took almost an hour for the entire system.

Jim. 

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Benson, William
(GE Global Research, consultant)
Sent: Monday, April 16, 2012 11:35 AM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Latest Outrage from Symantec

The key to your unhappiness:

"I'm not about to spend 4 minutes of my precious time on this earth trying
to please"


Sorry to say it. I'd spend the 4 minutes, or the 40 - and bill my client,
saying that it was done for their convenience. And if they didn't like it
they should switch to a non-Norton's product.



-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Rocky Smolin
Sent: Monday, April 16, 2012 10:45 AM
To: 'Access Developers discussion and problem solving'
Cc: 'Off Topic'
Subject: [AccessD] Latest Outrage from Symantec

So I uploaded the installable exe of my MRP system to a folder on my website
for a new customer to download - my standard procedure which has been
working well for many years.
 
He called a couple minutes ago saying Symantec had detected a virus.  Not
possible, of course.  I asked him what Symantec said and he said
WS.Reputation.1. 
 
I looked it up.  You won't believe this:
http://www.symantec.com/security_response/writeup.jsp?docid=2010-051308-1854
-99
 
Apparently, my 'reputation' with Symantec isn't good enough to pass their
gatekeeper.  The gatekeeper " uses "the wisdom of crowds" (Symantec's tens
of millions of end users) connected to cloud-based intelligence to compute a
reputation score for an application, and in the process identify malicious
software in an entirely new way beyond traditional signatures and
behavior-based detection techniques."
 
"Symantec's reputation technology system tracks the attributes of software
files (applications, drivers and DLLs) from multiple sources, including: 



*	Anonymous data contributed by tens of millions of Norton
<http://www.symantec.com/about/profile/policies/ncwprivacy.jsp> Community
Watch members
*	Anonymous data contributed by enterprise customers in a data
collection program tailored to large enterprises
*	Data provided by software publishers"

"The reputation-based system uses "the wisdom of crowds" (Symantec's tens of
millions of end users) connected to cloud-based intelligence to compute a
reputation score for an application, and in the process identify malicious
software in an entirely new way beyond traditional signatures and
behavior-based detection techniques. 

The system considers many aspects of a file, including file age, file
download source, digital signature, and file prevalence. These attributes
are combined using a proprietary algorithm to determine a file's safety
reputation. The system maintains a rating for all files rather than just
malicious files. Each software file is given a GOOD, BAD or SUSPICIOUS
rating. 

Symantec's reputation-based security engine continuously monitors all files
and over time a file's reputation may change."
 
Of course, since each exe file I send has the user's company name as part of
the file name, it will never have enough users to gain a 'reputation'.  
 
Of course there are detailed (not) instructions on the site for software
developers on which hoops to jump through in order to appease the Symantec
gatekeepers.  I'm not about to spend 4 minutes of my precious time on this
earth trying to please these blockheads.
 
In a stunning breakthrough defying all the laws of physics, Symantec has
devised a system that both sucks and blows at the same time.
 
Rocky Smolin
Beach Access Software
858-259-4334
www.bchacc.com <http://www.bchacc.com/> www.e-z-mrp.com
<http://www.e-z-mrp.com/>
Skype: rocky.smolin
 
 
 
-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com



More information about the AccessD mailing list