Symantec has taken the unusual step of commenting on a story about a customer, issuing a robust statement denying its anti-virus products were to blame for sophisticated targeted attack on the New York Times.
The killer paragraph for Symantec, however, was the following, which could be interpreted as the NYT attempting to shift blame for the breach onto its security provider.
“Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant”.
It’s just the way it is. Sure everyone is blaming hackers as well but if you trust in something for protection (esp when you pay money for it and not a techy user) and such product don’t protect you… You tend to blame the protection first and going to use another.
but as u can read, it seems that they dont use the full proactive protection of Symantecs software, even symantec encourage this customers to use combined approach. If they not listen symantec and dont use the full protection, then its their own problem, not symantecs. Its the same if i would use comodo only with the AV component without proactive modules and after infection i would say “Comodo offers a 100% protection, but i am infected. Shame on you Comodo” - that is embarrassing!
…and like Dch48 said it already, its embarrassing too that you try to blame Symantec now. I think you are smart enough to understand that in this case it was a user problem, not a company (symantec) problem.
I agree with M.Richter. It can be inferred that New York times was only relying on the signatures of the product and had turned off the proactive part of the product. But Symantec on the other hand did not mention if they did give these capabilities to NYT. So it is possible new york times did not have these services.
Me? I try? LOL! Are smart? What this has to do with anything don’t mock me. In that case it’s a user problem everywhere! Not the company! Symantec should make sure that it’s customers know how to set up the protection on the first place!
Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security.
Anti-virus software alone is not enough."
What the hell does that mean? Be more specific and sure they would say that now anyway.
Because a lot of these ‘aggressive settings’ break things in a corporate environment. If you manage 2000+ machines and have all kinds of ‘old’ applications running you’ll get a hell of a lot of overhead to clean that all out. It’s not always that easy to just flip the switch and make them all ‘paranoid’ if you brick e.g. 500 employees systems by it.
Sure if you can start fresh, make sure to enable all possible switches in these products, but real-life isn’t always that simple.
And not all managers can be convinced to put a lot of ‘IT’ hours in reaching these goals, so it keeps happening :-\
Symantec comes with the features they mentioned by default in it’s consumer product so you can be sure they are included in the Enterprise version. If they weren’t turned on, that is not Symantec’s fault. Some of those features require cloud lookup and reputation checking which maybe some businesses will disable for “phoning home”. The fact is however that in today’s world such things are necessary to provide stronger zero day protection which is much more important in the enterprise sector than for home users.
The days of depending on signatures alone are well behind us.
“Symantec obviously falls short of clarifying whether the New York Times had these extra capabilities, and if it did whether they were “switched on”, although the careful wording of the statement would indicate not.”
It’s under a big Q. Also who to say for sure that it was on or off? You trust what Symantec will tell you? How do they know some features were switched off? They can check? Where is the evidence? Symantec need to stop running away from it’s responsibilities. It’s just wrong to fire back at NYT instead they should apologized but no! Also who to say that extra Symantec features would still stop the custom malware? We don’t know what it was. It’s a pure speculation here. I agree on your last point.
Those features are turned on by default in every Symantec product. It takes going into the settings menus and turning them off for them not to be used. Of course we don’t know if they were on or off in this case but just from the scenario presented I think it’s very likely that NYT was using the AV signatures alone. Having said that, Symantec has always been among the fastest in getting new signatures delivered and they have had “pulse updates” in place for a few years now that push out small emergency updates in between the regular updating schedule. We don’t know if NYT had that in use or if they even had the auto-updating feature running. Many businesses even turn that off.
As to Symantec apologizing, they have no reason to and shouldn’t.
We speculating here again. If that was the case than I agree. But we don’t know! Still it’s not good for Symantec to attack back their own customers like that in the public view. Disgraceful even. They lost NYT. Who else now? But at the end of the day hackers are the ones who are to blame here. True.
You really think they have not do this with his business-costumers?
As they already said, they encourage their customers to use combined approach (signature and proactive)!
The default settings using this combined approach! In business sector Symantec offers a really good support, so if the costumers want not use that, then its their own problem.
So question again, why u blame Symantec and speak bad about them? Btw, is it not wasting your time? Who u will help with that? is the Comodo Forum the right place to speak bad about others? I think its better to support Comodo here, even with critically words, for being better and better and not speak bad about others without a true base!
right! I see it same like u Melih.
But its a costumer decision. If they not use the software how the software should be used, then its all useless, even with default deny and automatic sandbox. Cause, if the costumer stop this proactive modules (automatic sandbox, HIPS and so on) for their “blind” usability, then the protection is not guarantied anymore.