Re: Custom UCB Symantec Anti-virus? - the meaning of 'custom'?

Hi Allison,

Thank you for your reply.

The webpage states that Symantec Antivirus 10.2 non-custom administrator
version is for Vista only.

Does the Symantec Antivirus 10.2 non-custom administrator version also
support XP, 2000, 2000 server and 2003 server?

If not, will the non-customized Symantec anti-virus 10.1.7 Admin CD be
available for download as well?

How about the Symantec Client Security 3.1.7 Administrators CD (non-custom)?

Thanks,
Bruce

Allison Henry wrote:
> Yes we still provide the non-customized software. The contents of the
> SCS administrator CD are available as a download from software-central.
> This download contains installers for all the non-customized Symantec
> software (both SAV and SCS) that does not communicate with the central
> manager. For Vista clients, the SAV 10.2 administrator CD is available
> for download as well.
>
> We're working on cleaning up the presentation and documentation on
> software-central so this is clearer. In the meantime please see this kb
> article on the Symantec management service:
> https://kb.berkeley.edu/kb1525. Since kb.berkeley.edu appears to be
> offline right now I am pasting the text below:
>
> ****
> [1525] About the managed client version of Symantec Client Security
>
> What is the "managed" version of Symantec Client Security?
> Symantec Client Security offers a management interface for centralized
> management of client software and client log collection. System and
> Network Security (SNS) has implemented a Symantec management server for
> the purpose of gathering logs and useful statistics from Symantec
> clients on the campus network. Installing the "managed" version of the
> Symantec client will allow SNS to collect logs and statistics from your
> Symantec client.
>
> How does the managed client work?
> At regular intervals, the client software checks in with the management
> server using certificate based authentication. The client checks for
> configuration changes and forwards logs to the management server. The
> communication takes place over port 2967.
>
> Will SNS reconfigure my Symantec software if I install the managed client?
> No. SNS is using the management server only for the purpose of
> collecting logs and statistics and will not make any configuration
> changes to your client software.
>
> What information will be sent to SNS from my Symantec software?
> The following Symantec Anti-Virus events will be forwarded to the
> management server: Scanning and infection events, Virus definition
> events. The following Symantec Client Firewall events will be forwarded
> to the management server: Connection rejected events, Connection dropped
> events, Possible attack events, Host Intrusion Prevention events. In
> addition the following information is sent to the management server for
> all clients: Windows network (NetBIOS) name, User login name (if user is
> logged in at time of check-in), Current Symantec status, OS Type, IP
> address, Last check-in.
>
> Why does SNS want this information?
> SNS would like a better view into the attacks on the campus network by
> collecting information directly from the hosts subject to the attacks.
> While our network sensors at the campus border can detect attacks from
> the outside, host based logs will allow us to detect a campus host
> behaving aggressively toward other campus hosts. In addition, SNS may
> wish to notify security contacts for IP addresses running outdated
> Symantec software/virus definitions, especially in response to a serious
> security issue.
>
> Allison Henry
> System and Network Security
> University of California, Berkeley
> http://security.berkeley.edu
>
> Jonathan Felder wrote:
>
>> Hmm. I just looked at this and there is no longer an option to download
>> a non-custom version. I don't like this development either.
>>
>> Is there a method to install this now without using the UC managed server?
>>
>> Bruce Satow wrote:
>>
>>> Why doesn't the Berkeley software distribution website specifically
>>> state that the "Symantec Anti-virus 10.1.7 UCB Custom" application
>>> connects to megalon.security.berkeley.edu for information gathering and
>>> reporting? I am assuming that the capabilities of the "Symantec Client
>>> Security 3.1.6 MR6 UCB Custom" application pack has even more
>>> information gathering features.
>>>
>>> These products basically have administrative access to the operating
>>> system since they can even scan protected memory areas. Theoretically
>>> then, access to the entire machine is possible.
>>>
>>> If this is to collect information, e.g. anti-virus logs, firewall
>>> security logs, IPS logs, from endpoint users, shouldn't students,
>>> faculty, and staff users be made aware of this on the software
>>> distribution website? Why wasn't this information disclosed?
>>>
>>> I understand the benefits of such management, but without notifying the
>>> endpoint user that the 'custom' versions has the ability to gather
>>> information directly from your computer and is gathered and reported to
>>> the campus SNS manager seems a bit like big brother to me.
>>>
>>> Doesn't the endpoint user have a right to know what the software does?
>>>
>>>

-- 
Bruce Satow
Space Physics Research Group
Space Sciences Laboratory
University of California
Berkeley, California 94720-7450
(510) 643-2348
 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
http://micronet.berkeley.edu
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.