Thread: FYI: Security Problems Plague XP SP2 via Symantec/McAfee
View Single Post
  #8  
Old February 15th 05, 11:59 AM
Paul
external usenet poster
  
Posts: n/a
Default Security Problems Plague XP SP2 via Symantec/McAfee
http://www.symantec.com/techsupp/sp2/faq.html#9

Q: Why does the Windows Security Center say that the status of my Norton
security product is "unknown."

A: Your Norton security products contain tamper protection features that
prevent malicious code from determining their status. This tamper protection
also prevents the Windows Security Center from determining the status of your
Norton security products.

Symantec has released an update which adds compatibility to the Windows
Security Center so that it may report the status of your Symantec security
software. This update is included in Norton 2005 Security Products and is
available by LiveUpdate for Norton 2002/2003/2004 Security Products. The
update will install on Windows XP, but will not take effect unless you have
the Windows Security Center installed.



"Gary S. Terhune" wrote:

http://story.news.yahoo.com/news?tmp...1740&ncid=1729

If the above link doesn't work for you, try this:
http://tinyurl.com/7ybuc

That is the "more" you're asking for. More than this, Dan doesn't know,
I'm sure. My take on the subject is a bit different. While acknowledging
that I am not a fan of either product, and I've not hesitated to say so
on innumerable occasions, what is described by the article isn't a real
security risk, per se.

The way I read the article is this:

One of the new features in Windows XP Service Pack 2 is the "Windows
Security Center". It keeps track of what, if any, antivirus and firewall
apps are installed, and whether they are up to date. If you are lacking
in a firewall or antivirus, or if they are simply not running, the WSC
advises you of the situation. However, as anyone who pays attention will
know, when you first install such applications, they are *never* up to
date and should be updated immediately. One result of this combination
of affairs is that while installing such apps, the new Windows Security
Center may warn, repeatedly, that the programs are not up to date.
Symantec and McAfee consider this detrimental to the "user
experience"--and in a way, I can't blame them. It *is* disconcerting to
get repeated warnings that you aren't protected while you are in the
very act of installing protection.

Norton solves this by deliberately disabling Windows Security Center
during installation (which makes one wonder about the architecture of
Windows Security Center, doesn't it?) McAfee changes the dates of
certain files to "now" as they are copied into the system. This
convinces Windows Security Center that there is now up-to-date
protection installed and it keeps quiet. However, apparently, the
antivirus app now thinks it's up to date, also, and may not initiate an
update, leaving the user with a very out of date antivirus until
sufficient time has passed and it then updates. Or perhaps it still
initiates an update during the normal course of installation, but in
many cases this isn't feasible due to the system not being able to
connect to the internet. I don't know the particulars.

For myself, the most alarming thing about this whole affair is that the
Windows Security Center *can* be disabled by any means other than user
intervention. Makes it rather useless, don't you think? Plus, McAfee's
methods would tend to leave a user with a false sense of security
between the time of installation and the first actual update. Judging by
the usual amount of time that such apps consider reasonable between
updates (a horribly long time in my opinion), a person could be running
several days without real antivirus protection and not realize it.

Of course, this has always been the case--automatic updaters are famous
for failing in their duties, especially where the systems aren't
connected to an always-on internet connection, or are used sporadically
for relatively short periods of time, or simply being inadvertently
disabled. This is why Windows Security Center was developed. And this is
why I always admonish users to *check* that AV and Firewall is running
when they startup and periodically throughout the day, and that they run
the updater(s) manually, on an at *least* daily basis. These are habits
that should be as deeply ingrained as checking your rear-view mirrors
regularly while driving.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Daniel Royer" wrote in message
...

" Microsoft Window users need to be aware that McAfee and Symantec
(aka
Norton)
products can disable advanced security features of XP SP2"

Could you elaborate a little more on that?


______________________________
Daniel Royer, University of Geneva
daniel at royer dot ch
Ads