Yes we still provide the non-customized software. The contents of the
SCS administrator CD are available as a download from software-central.
This download contains installers for all the non-customized Symantec
software (both SAV and SCS) that does not communicate with the central
manager. For Vista clients, the SAV 10.2 administrator CD is available
for download as well.
We're working on cleaning up the presentation and documentation on
software-central so this is clearer. In the meantime please see this kb
article on the Symantec management service:
https://kb.berkeley.edu/kb1525. Since kb.berkeley.edu appears to be
offline right now I am pasting the text below:
****
[1525] About the managed client version of Symantec Client Security
What is the "managed" version of Symantec Client Security?
Symantec Client Security offers a management interface for centralized
management of client software and client log collection. System and
Network Security (SNS) has implemented a Symantec management server for
the purpose of gathering logs and useful statistics from Symantec
clients on the campus network. Installing the "managed" version of the
Symantec client will allow SNS to collect logs and statistics from your
Symantec client.
How does the managed client work?
At regular intervals, the client software checks in with the management
server using certificate based authentication. The client checks for
configuration changes and forwards logs to the management server. The
communication takes place over port 2967.
Will SNS reconfigure my Symantec software if I install the managed client?
No. SNS is using the management server only for the purpose of
collecting logs and statistics and will not make any configuration
changes to your client software.
What information will be sent to SNS from my Symantec software?
The following Symantec Anti-Virus events will be forwarded to the
management server: Scanning and infection events, Virus definition
events. The following Symantec Client Firewall events will be forwarded
to the management server: Connection rejected events, Connection dropped
events, Possible attack events, Host Intrusion Prevention events. In
addition the following information is sent to the management server for
all clients: Windows network (NetBIOS) name, User login name (if user is
logged in at time of check-in), Current Symantec status, OS Type, IP
address, Last check-in.
Why does SNS want this information?
SNS would like a better view into the attacks on the campus network by
collecting information directly from the hosts subject to the attacks.
While our network sensors at the campus border can detect attacks from
the outside, host based logs will allow us to detect a campus host
behaving aggressively toward other campus hosts. In addition, SNS may
wish to notify security contacts for IP addresses running outdated
Symantec software/virus definitions, especially in response to a serious
security issue.
Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu
Jonathan Felder wrote:
> Hmm. I just looked at this and there is no longer an option to download
> a non-custom version. I don't like this development either.
>
> Is there a method to install this now without using the UC managed server?
>
> Bruce Satow wrote:
>> Why doesn't the Berkeley software distribution website specifically
>> state that the "Symantec Anti-virus 10.1.7 UCB Custom" application
>> connects to megalon.security.berkeley.edu for information gathering and
>> reporting? I am assuming that the capabilities of the "Symantec Client
>> Security 3.1.6 MR6 UCB Custom" application pack has even more
>> information gathering features.
>>
>> These products basically have administrative access to the operating
>> system since they can even scan protected memory areas. Theoretically
>> then, access to the entire machine is possible.
>>
>> If this is to collect information, e.g. anti-virus logs, firewall
>> security logs, IPS logs, from endpoint users, shouldn't students,
>> faculty, and staff users be made aware of this on the software
>> distribution website? Why wasn't this information disclosed?
>>
>> I understand the benefits of such management, but without notifying the
>> endpoint user that the 'custom' versions has the ability to gather
>> information directly from your computer and is gathered and reported to
>> the campus SNS manager seems a bit like big brother to me.
>>
>> Doesn't the endpoint user have a right to know what the software does?
>>
>
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Received on Wed Dec 12 2007 - 11:58:04 PST
This archive was generated by hypermail 2.2.0 : Wed Dec 12 2007 - 11:58:08 PST