This brings up a question in my mind. How do we know if we are
running the managed version? Personally, I would just as soon have
SNS monitoring the security of my computer. The prospect of
rebuilding is not a pleasant one. OK, I lied, its downright repulsive.
On a different note (I was reminded of this while trying to ascertain
whether mine was managed), under Ad Blocking/Advanced I discovered a
bunch of permitted sites. I don't know how they got there and I was
wondering if they came by default. In other words, do vendors have a
deal with Symantec that gets them on the "Permitted" list? Or is it
something I have done that has gotten them added to the list?
Thanks,
Larry
At 09:20 AM 12/13/2007, you wrote:
>To the Micronet community,
>
>The software-central website has now been updated to clearly state the
>log collecting nature of the "UCB Custom" client and the available
>alternatives for opting out. The kb article linked on the download pages
>provides additional details on what we are collecting and how we use the
>information: https://kb.berkeley.edu/kb1525.
>
>I thought it might also be helpful to offer some history behind this
>project for those who are interested in learning why we are offering
>this service:
>
>Back in May 2006 a serious vulnerability in Symantec AntiVirus was
>announced that would allow an attacker to execute code on a remote
>machine listening on the port Symantec uses to communicate with a
>management server. When SNS became aware of the vulnerability, we sent
>several notices out through the standard channels. Several months later
>exploits to this vulnerability appeared on campus, and once again we
>notified administrators of the seriousness of the threat. Despite these
>efforts, hundreds of machines across the campus were compromised over
>the course of many weeks. Due to the nature of the exploits each
>compromise required a complete rebuild, and in several cases the rebuild
>included the vulnerable Symantec software, resulting in another
>compromise. This experience showed us that keeping track of Symantec
>installations and making sure they are secured against current threats
>is a challenge on this campus.
>
>We discussed the situation with our Symantec reps and were told of some
>of the solutions the company has planned, and were given advice on best
>practices. One of those best practices was running a central management
>console where we can keep track of version and virus definition levels.
>After further discussion we began piloting a central Symantec management
>and reporting service. The service would allow us to 1) get a better
>view into the current threats to campus systems and 2) notify security
>contacts of problems with Symantec, such as out-of-date software and
>virus definitions. This pilot was announced to Micronet, UCB-security,
>and iNews along with the kb article for additional details.
>
>The pilot as been running for several months now, and we have
>approximately 1000 clients reporting to the reporting server. Despite
>the name "management service" we do not manage the Symantec software,
>other than to distribute it with a set of default settings. We collect
>log and client status information. We recently implemented a
>notification system where security contacts are notified if a Symantec
>client reports to the manager with out-of-date virus definitions or with
>a virus that Symantec was unable to clean.
>
>I hope that administrators will find this service useful, and that if
>another serious vulnerability in the Symantec software is announced, we
>will be able to use the service to help you identify your vulnerable
>clients before they are compromised. While the pilot period is now
>completed and the service is full production, I would still like to hear
>comments from administrators on how the service works for your client
>systems.
>
>Please let me know if you have any additional questions about Symantec
>services,
>
>--
>Allison Henry
>System and Network Security
>University of California, Berkeley
>http://security.berkeley.edu
>
>
>-------------------------------------------------------------------------
>The following was automatically added to this message by the list server:
>
>To learn more about Micronet, including how to subscribe to or
>unsubscribe from its mailing list and how to find out about upcoming
>meetings, please visit the Micronet Web site:
>
>http://micronet.berkeley.edu
>
>Messages you send to this mailing list are public and
>world-viewable, and the list's archives can be browsed and searched
>on the Internet. This means these messages can be viewed by (among
>others) your bosses, prospective employers, and people who have
>known you in the past.
"There is wisdom in turning as often as possible from the familiar to
the unfamiliar: it keeps the mind nimble, it kills prejudice, and it
fosters humor." -George Santayana, philosopher (1863-1952)
$ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $
Larry M. Jones, HR Analyst
School of Optometry, UC Berkeley
360 Minor Hall, Berkeley, CA 94720-2020
Phone 510/642-8664, Fax 510/643-5109
mailto:ljones_at_berkeley.edu
$ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Received on Thu Dec 13 2007 - 10:30:33 PST
This archive was generated by hypermail 2.2.0 : Thu Dec 13 2007 - 10:30:33 PST