[AccessD] Latest Outrage from Symantec

Rocky Smolin rockysmolin at bchacc.com
Mon Apr 16 14:36:02 CDT 2012


Sounds like the Tech Support Full Employment Act of 2012. 

R


-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Jim Dettman
Sent: Monday, April 16, 2012 11:58 AM
To: 'Access Developers discussion and problem solving'
Subject: Re: [AccessD] Latest Outrage from Symantec


 Not 100% sure.  If was mal-ware that came through a web site or spam e-mail
(the VP is worried about missing valid e-mail's, so all spam e-mail is let
through and simply tagged with "SPAM" in the subject line).  The DLL
involved was Consrv.dll

 After that, it started throwing up a bunch of "Critical - your hard disk
has failed.  Click here to repair" and despite *MANY* repeated warnings not
to click on anything like that, he clicked on it :(

 That installed a root kit and two different virus.  TDSKiller and Combofix
were the only things that would clean it out, but combofix's repair then
prevented Windows from booting.  The virus had hooked into one of the core
.DLL's used by Windows and there were just too many registry entries
involved to figure out what needed to be fixed. 

 Finally gave up and re-formatted the drive and re-installed everything.

 Nastiest piece of business I've run over in a while.  In fact it's the
first where I was forced to wipe the drive.

 Their getting better and better all the time.

Jim.

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Rocky Smolin
Sent: Monday, April 16, 2012 11:50 AM
To: 'Access Developers discussion and problem solving'
Subject: Re: [AccessD] Latest Outrage from Symantec

Do you know how they got the virus?

R 

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Jim Dettman
Sent: Monday, April 16, 2012 8:43 AM
To: 'Access Developers discussion and problem solving'
Subject: Re: [AccessD] Latest Outrage from Symantec


 Problem is, the entire industry is heading towards reputation based
screening.  You can't keep up otherwise.

 I happen to clean-up a virus incident at one of my clients last week and as
part of that ran Spybot Search and Destroy; it's now up to 812,000 items it
checks for and the scan took almost an hour for the entire system.

Jim. 

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Benson, William
(GE Global Research, consultant)
Sent: Monday, April 16, 2012 11:35 AM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Latest Outrage from Symantec

The key to your unhappiness:

"I'm not about to spend 4 minutes of my precious time on this earth trying
to please"


Sorry to say it. I'd spend the 4 minutes, or the 40 - and bill my client,
saying that it was done for their convenience. And if they didn't like it
they should switch to a non-Norton's product.



-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Rocky Smolin
Sent: Monday, April 16, 2012 10:45 AM
To: 'Access Developers discussion and problem solving'
Cc: 'Off Topic'
Subject: [AccessD] Latest Outrage from Symantec

So I uploaded the installable exe of my MRP system to a folder on my website
for a new customer to download - my standard procedure which has been
working well for many years.
 
He called a couple minutes ago saying Symantec had detected a virus.  Not
possible, of course.  I asked him what Symantec said and he said
WS.Reputation.1. 
 
I looked it up.  You won't believe this:
http://www.symantec.com/security_response/writeup.jsp?docid=2010-051308-1854
-99
 
Apparently, my 'reputation' with Symantec isn't good enough to pass their
gatekeeper.  The gatekeeper " uses "the wisdom of crowds" (Symantec's tens
of millions of end users) connected to cloud-based intelligence to compute a
reputation score for an application, and in the process identify malicious
software in an entirely new way beyond traditional signatures and
behavior-based detection techniques."
 
"Symantec's reputation technology system tracks the attributes of software
files (applications, drivers and DLLs) from multiple sources, including: 



*	Anonymous data contributed by tens of millions of Norton
<http://www.symantec.com/about/profile/policies/ncwprivacy.jsp> Community
Watch members
*	Anonymous data contributed by enterprise customers in a data
collection program tailored to large enterprises
*	Data provided by software publishers"

"The reputation-based system uses "the wisdom of crowds" (Symantec's tens of
millions of end users) connected to cloud-based intelligence to compute a
reputation score for an application, and in the process identify malicious
software in an entirely new way beyond traditional signatures and
behavior-based detection techniques. 

The system considers many aspects of a file, including file age, file
download source, digital signature, and file prevalence. These attributes
are combined using a proprietary algorithm to determine a file's safety
reputation. The system maintains a rating for all files rather than just
malicious files. Each software file is given a GOOD, BAD or SUSPICIOUS
rating. 

Symantec's reputation-based security engine continuously monitors all files
and over time a file's reputation may change."
 
Of course, since each exe file I send has the user's company name as part of
the file name, it will never have enough users to gain a 'reputation'.  
 
Of course there are detailed (not) instructions on the site for software
developers on which hoops to jump through in order to appease the Symantec
gatekeepers.  I'm not about to spend 4 minutes of my precious time on this
earth trying to please these blockheads.
 
In a stunning breakthrough defying all the laws of physics, Symantec has
devised a system that both sucks and blows at the same time.
 
Rocky Smolin
Beach Access Software
858-259-4334
www.bchacc.com <http://www.bchacc.com/> www.e-z-mrp.com
<http://www.e-z-mrp.com/>
Skype: rocky.smolin
 
 
 
--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com



More information about the AccessD mailing list