General discussion

Locked

What should I expect from security software?

By Blackcurrant ·
I use Symantec Client Security 3 (SCS3)

Over the last few months I have been keeping tabs on the pros and cons of two well known software security suites: Symantec and McAfee. There has recently been a discussion on Techrepublic about the 'preferred' suite and judging from the first 50 answers it was quite clear that McAfee was preferred over Symantec.

One of the things I have learnt over the last few years is that you cannot always rely on user reviews to give a balanced opinion on any product. For example, their PC may not meet the minimum spec, or the reviewer may not understand how the software interacts with the OS etc. But, I have noticed a consistent trend for self-confessed PC 'gurus' and others to say that Symantec is not performing as well as it used to.

It seems to me that unless Symantec decide to completely overhaul their software and re-design it from the bottom up instead of providing an endless supply of so-called upgrades, they will quickly be left behind in the security market.

I digress.

What I am really interested in is this:

Yesterday and today two instances of download.trojan http://www.symantec.com/avcenter/venc/data/download.trojan.html were 'missed' by SCS3. My company is classed as a SMB - we have about 60 staff (half of whom work out of the office), 30 PC's, and one server. We use a router which incorporates a firewall. Therefore, we have two firewalls in place (router and SCS3), plus realtime file scanning (SCS3) and also email scanning (SCS3). Our email arrives through a POP3 box and the email scanner scans all data that arrives through (POP3) port 110.

The two infected files had been sent to a 'dummy' account, and both arrived as .scr files. I submitted them to Symantec and was informed that they were malicious. I rang Symantec Technical Support today and was informed that I should expect a certain amount of malicious code to pass through the scanner.

The Tech Support rep said that SCS3 was primarily a AV file scanner, and that the email scanner was effectively a 'plug-in' and should not be relied upon to give protection against all threats that arrived in our inbox.

What I want to know is this:

Am I being unrealistic when I purchase SMB software and expect it to protect me agianst threats via email?

Email is THE commonest delivery method for viruses. If such software cannot protect my company against these files (which were first discovered in 2001), then what use is it?

What do you think? Should software that is designed for use by SMB's be low quality and open them to threats?

I have a message for Symantec: There is absolutely no way that I shall ever purchase your software again.

What do you think? Am I being unreasonable?

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

I'd be really disappointed in my set up

by Tony Hopkinson In reply to What should I expect from ...

if an scr got through. I would n't bother scanning them though I'd be blocking them as a matter of course.

Collapse -

agreed

by jefftucker In reply to I'd be really disappointe ...

any of the security software out there has the ability to allow certain new threats through their scanners. reason is because the updates are usually done at some point where there is a gray area of good protection. the key to stop most threats is to have a content scanner on web access and to block files in email that can be bad files. if you need to allow certain files through that are legitimate for some software you run (autocad uses SCR files for example) then have the scanner mark the mail as harmful and pass it to the user. in any other case block them.

Back to Malware Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums