Re: Custom UCB Symantec Anti-virus? - the meaning of 'custom'?

Hi Michael,

Thank you for the reply. I agree that it would be more convenient for a
systems administrator to utilize centrally managed Symantec software for
the majority of campus computers, and yes it would be more convenient
for the user who doesn't wish to bother with such things. As I have
mentioned before, I am not against the distribution and utilization of
the "custom" Symantec software.

However, to make things clear, the unmanaged version of the SAV is
easily configured to automatically update software from Symantec
directly. Automatic updates and downloads can be set on a daily basis
and at whatever time of day the user wishes.

Extracting SAV from the SCS Admin CD is easily done. It is not a lot of
work However downloading the entire CD from campus is time consuming.

Regardless of whether one encourages departments and individuals to use
the 'Custom' version or not, this should not mean that the download
availability of either one should be made more difficult than another.

In other words, when encouraging everyone to use "ver. b", the
availability and distribution of "ver. a" should not be made more
difficult. If such distribution bias does occur, then it does raise
the question of intent - why are you forcing me to use "ver. b" by
making it more difficult to utilize "ver. a"?

Defense in depth would not allow a single point of failure due to
software bugs and vulnerabilities. If everyone were forced to use the
same managed version in May 2006, there would be much more damage and
on the wider scale.
Even with the upgrade warning, I bet that many people made the
assumption that since their Symantec software was being externally
managed, everything will be taken care of automatically.

Michael Green wrote:
> Bruce Satow wrote:
>> No one is criticizing the role of SNS or lack of professionalism.
>> There is no worry or stress, just questioning the rational behind the
>> lack of disclosure.
>>
>> It is important for SNS to make sure that the endpoint user knows
>> exactly what the installed software does - both risks and benefits.
>> If this information is not supplied, then it does seem like SNS is
>> trying to act as 'big brother'.
>> There are many people on campus who may be interested in having their
>> installation of Symantec software centrally managed, but it should be
>> an option for the endpoint user NOT to have it managed.
>> I believe that the systems that were compromised in May 2006 were
>> installed with the "managed" option of Symantec AntiVirus and NOT
>> those installed with the "unmanaged" standalone option. Please
>> correct me if I am wrong.
>> The "custom" version is a managed version. Symantec states that the
>> new versions of the software have been corrected, but as an option,
>> it should still be up to the endpoint user to choose which version to
>> install.
>>
>>
> Bruce,
>
> Well, rationale implies that we were clever enough to come up with
> reasons for concealing our true intent. You give us too much credit;
> we just ended up not supplying all of the information that we intended
> to on the download page.
>
> I agree that if we don't provide reasons for our actions that our
> intent can not possibly be clear. We have an oversight committee, the
> CISPC, composed of members from various campus departments. You can
> find the charter, governance, and current membership list here:
> https://security.berkeley.edu/cispc/. That website also has notes
> from past meetings. Until recently, Greg Paschall was the member that
> represented SSL. The CISPC provides oversight for campus information
> security, which includes acting as a steering committee for SNS. We
> make every effort to discuss all systems that we implement and the use
> of any information the we collect with the CISPC so that the campus
> community has a chance to comment and provide us with guidance.
>
> You are correct that the last big vulnerability with the Symantec
> software was with the managed version. If I recall correctly, we
> advised folks to upgrade well before there was an exploit.
>
> I strongly encourage departments to use the UCB Custom installer for
> Symantec software. You are correct to point out that the Symantec
> security software can have bugs. This is one of the reasons for
> defense in depth. On the whole, I think that folks are better off
> with software that helps us notify security administrators when the
> Symantec software on machines under their management are not being
> updated.
>
> If I correctly understand Allison's earlier email, there is a somewhat
> reasonable way to extract and install the unmanaged version of
> Symantec's software. I agree that it is more work to do this, and
> that it would be more convenient to install the unmanaged standalone
> version if it were available as a pre-configured option. From my
> somewhat biased point of view, the campus gets a better security
> service from the managed version and I would like to keep that as the
> easier to use option.
>
> Michael
>

-- 
Bruce Satow
Space Physics Research Group
Space Sciences Laboratory
University of California
Berkeley, California 94720-7450
(510) 643-2348
 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
http://micronet.berkeley.edu
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.