John Bartow
john at winhaven.net
Mon Apr 16 15:22:33 CDT 2012
Lol - thinking along the same lines -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Rocky Smolin Sent: Monday, April 16, 2012 2:36 PM To: 'Access Developers discussion and problem solving' Subject: Re: [AccessD] Latest Outrage from Symantec Sounds like the Tech Support Full Employment Act of 2012. R -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Jim Dettman Sent: Monday, April 16, 2012 11:58 AM To: 'Access Developers discussion and problem solving' Subject: Re: [AccessD] Latest Outrage from Symantec Not 100% sure. If was mal-ware that came through a web site or spam e-mail (the VP is worried about missing valid e-mail's, so all spam e-mail is let through and simply tagged with "SPAM" in the subject line). The DLL involved was Consrv.dll After that, it started throwing up a bunch of "Critical - your hard disk has failed. Click here to repair" and despite *MANY* repeated warnings not to click on anything like that, he clicked on it :( That installed a root kit and two different virus. TDSKiller and Combofix were the only things that would clean it out, but combofix's repair then prevented Windows from booting. The virus had hooked into one of the core .DLL's used by Windows and there were just too many registry entries involved to figure out what needed to be fixed. Finally gave up and re-formatted the drive and re-installed everything. Nastiest piece of business I've run over in a while. In fact it's the first where I was forced to wipe the drive. Their getting better and better all the time. Jim. -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Rocky Smolin Sent: Monday, April 16, 2012 11:50 AM To: 'Access Developers discussion and problem solving' Subject: Re: [AccessD] Latest Outrage from Symantec Do you know how they got the virus? R -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Jim Dettman Sent: Monday, April 16, 2012 8:43 AM To: 'Access Developers discussion and problem solving' Subject: Re: [AccessD] Latest Outrage from Symantec Problem is, the entire industry is heading towards reputation based screening. You can't keep up otherwise. I happen to clean-up a virus incident at one of my clients last week and as part of that ran Spybot Search and Destroy; it's now up to 812,000 items it checks for and the scan took almost an hour for the entire system. Jim. -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Benson, William (GE Global Research, consultant) Sent: Monday, April 16, 2012 11:35 AM To: Access Developers discussion and problem solving Subject: Re: [AccessD] Latest Outrage from Symantec The key to your unhappiness: "I'm not about to spend 4 minutes of my precious time on this earth trying to please" Sorry to say it. I'd spend the 4 minutes, or the 40 - and bill my client, saying that it was done for their convenience. And if they didn't like it they should switch to a non-Norton's product. -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Rocky Smolin Sent: Monday, April 16, 2012 10:45 AM To: 'Access Developers discussion and problem solving' Cc: 'Off Topic' Subject: [AccessD] Latest Outrage from Symantec So I uploaded the installable exe of my MRP system to a folder on my website for a new customer to download - my standard procedure which has been working well for many years. He called a couple minutes ago saying Symantec had detected a virus. Not possible, of course. I asked him what Symantec said and he said WS.Reputation.1. I looked it up. You won't believe this: http://www.symantec.com/security_response/writeup.jsp?docid=2010-051308-1854 -99 Apparently, my 'reputation' with Symantec isn't good enough to pass their gatekeeper. The gatekeeper " uses "the wisdom of crowds" (Symantec's tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques." "Symantec's reputation technology system tracks the attributes of software files (applications, drivers and DLLs) from multiple sources, including: * Anonymous data contributed by tens of millions of Norton <http://www.symantec.com/about/profile/policies/ncwprivacy.jsp> Community Watch members * Anonymous data contributed by enterprise customers in a data collection program tailored to large enterprises * Data provided by software publishers" "The reputation-based system uses "the wisdom of crowds" (Symantec's tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques. The system considers many aspects of a file, including file age, file download source, digital signature, and file prevalence. These attributes are combined using a proprietary algorithm to determine a file's safety reputation. The system maintains a rating for all files rather than just malicious files. Each software file is given a GOOD, BAD or SUSPICIOUS rating. Symantec's reputation-based security engine continuously monitors all files and over time a file's reputation may change." Of course, since each exe file I send has the user's company name as part of the file name, it will never have enough users to gain a 'reputation'. Of course there are detailed (not) instructions on the site for software developers on which hoops to jump through in order to appease the Symantec gatekeepers. I'm not about to spend 4 minutes of my precious time on this earth trying to please these blockheads. In a stunning breakthrough defying all the laws of physics, Symantec has devised a system that both sucks and blows at the same time. Rocky Smolin Beach Access Software 858-259-4334 www.bchacc.com <http://www.bchacc.com/> www.e-z-mrp.com <http://www.e-z-mrp.com/> Skype: rocky.smolin -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com