[mikeromo]

Thanks for your encouraging feedback--it means a lot. It's tough--for Norton AntiVirus, at least, it's kind of like insurance...yes there is no big threat today, but, you know, give it a few hours, right? So, our goal is to make security software that, if you choose to run it, has as little impact on your day to day usage as possible, which is why I get so freaked out when I read about even the possibility of us slowing someone's machine down (literally--I woke up this morning and the first thing I did was check this board to see if there was more information). Symantec, lately, has been really, really focused on improving performance (the Windows products have been getting really good reviews based on this) and we're doing the best that we can with the intricacies of the Mac platform (seriously, it's a lot harder to do this stuff than I thought when I first worked here!).



That being said, we do have other products out there (we had the first and only phishing protection for Safari until Apple added it a few weeks ago) and I think I can say that you will be seeing more products in the near and not so near future. Antivirus really is just one kind of product, viruses and malware are just one "threat vector" that we protect against. This week received a lot of calls and press inquiries about Apple's recent KB posting and subsequent renewal--my view is that yes, Symantec believes people should bolster their built-in security of whatever their OS is running but the newer, and arguably more dangerous, threats are much more platform agnostic--ID scams, phishing sites...they don't care what kind of computer you are running.

The best thing that I can do is be honest with you, fix things if we are broken, and offer the best product on the market for your consideration. The hope is that if users do choose to install antivirus and are not satisfied with ClamAV or the other free products out there and DO choose to pay for the protection, that we give them something that works and that will not get in their way. Like I said, I've been a Mac user for a very long time, I remember when viruses actually DID happen on OS 9 (Remember the Hong Kong virus? I actually got that in my office after one of my users actually visted Hong Kong!), so I totally (totally) get the skepticism and understand the ferocity of some of the users out there. But it's not going to stop me from doing my best.

ANYWAY, thanks for letting me join in. Not all boards are as patient when I try to speak up.

I'll keep checking in and let you know when the Mac board at the Norton Forums ( http://community.norton.com/norton/ ) goes live. It's a pretty good forum, and if you have questions about the Windows products (I know, I know, but some of you might run Windows once in awhile or have friends who do), this is a great place to start. I will also post a more definitive take on the archive posting as soon as my development architect gets back from lunch (slacker).

Thanks,

mike

mike_romo@symantec.com

[ddanckaert]

Mike, back in the day I relied upon NAV until it became ridiculous bloatware that just negatively affected my computer's performance. Now I use Intego on the Mac and Kaspersky on the PC. (just the antivirus, not the "suite" packages)

Since I see you're watching this thread, I have a suggestion. Come up with different pre-defined "run profiles" that are offered at the point of installation that are very well described. For example: (a) Very Secure, (b) Moderately Secure, © Basic Security, etc.

Provide easy to select options such as (a) monitor applications (can be selected), (b) don't monitor file types, etc. So if I'm running Handbrake, I don't have antivirus trying to scan the files or monitor the processes. Or perhaps only apply real-time scanning against the system disk (not against other partitions or external or network drives, etc.).

Also, the Mac really needs a good parental controls program. The Mac one sucks. Intego's is problematic. I would like to do this via a hardware-based device placed between my devices and modem like the Dlink DSD-150, but I've yet to see this done well. It could also be done using proxy controlled Internet service--again, I use OpenDNS, but I'd like to see a more robust approach.

[bastion]

mikeromo said:

Depends on how large the archive is, right?

No, it doesn't.

There's no possible way that "extract the contents from the archive, scan the contents, delete the extracted data" will take as much time as "expand the archive, scan the contents, delete the archive, create a new archive from the extracted data, delete the extracted data."

Quote

Adding a copy to this process, then opening the archive, then scanning the contents, then deleting the contents, then deleting the copied archive..it sounds like more of a hassle than it's worth. I will talk to the architect to see if I can get more granularity for this.

My question is: Why was the original archive (apparently) being recreated in the first place. There's no inherent aspect of archive extraction that says the archive is destroyed or modified in any way. So there should be no need to copy it up front, nor any need to recreate it after the fact. That's just wasting cycles and converting electricity into heat.

[bastion]

mikeromo said:

I guess I wasn't clear. Here's what we do:

No, you were clear.

Quote

2 - When we see a .zip file on the user's machine, or a .tar or whatever, we UNZIP the file, examine the contents for virues, then REZIP the file, since the user had it as a zip file in the first place. I don't think anyone would appreciate it if we opened up all the archived files and just left them open. So, in a way, we are keeping the archive around.

I'm not suggesting you leave the extracted archive contents lying around consuming extra space. I'm asking why you're spending time/cycles/electricity recreating the archive when you had a perfectly good archive file to start with. Does Symantec's archive-scanning code have the side-effect of destroying an archive in the process of extracting its data? Any user who actually backs up their data will then get slammed a second time when the recreated archive gets gratuitously copied to the backup media.

[mikeromo]

Awesome feedback--and well timed.

I like the idea of profiles a lot...urgh, I can't talk about what I want to talk about, but I will check in soon--but regardless, these are great ideas and I will definitely add them to the mix for NAV 12 when we go through requirements. Very good idea. For the time being, I would suggest, say, when you do handbrake, to have NAV NOT be scanning the folder you are writing to. You can do this in the AutoProtect options. But, to be honest, I have used Handbrake with Auto-Protect turned on and haven't noticed any issues. Same with when I used the WoW downloadeder to download the 4GB of patches I needed to start playing again! We actually played around with "Very Secure/More/Less" but when we did
user testing, we got people going, "Why would I ever want to be LESS
SECURE?" I had to laugh--I never thought of that. But still--thanks.

Parental Controls. We hear you. Definitely. Really. that's all I can for the moment.

mike

mike_romo@symantec.com

[mikeromo]

You know what, you guys were right. I wasn't thinking about it clearly at all.

IF there is a problem, we do the rearchive. Like, if you had a bunch of Word documents in a .zip file, and one of them had a virus, THEN we would re-archive the file.

If this is NOT a problem, we do NOT re-archive, we just leave the archive alone. So, yes, you are right--I was thinking about problematic files and trying not to spill my cereal I guess.

Sorry about the confusion. I fear Nick, my QA lead, now thinks I am an utter idiot.

thanks!

mike

mike_romo@symantec.com

[nuchida]

Hey There,

I work with Mike at Symantec on the Mac Engineering team and he asked me to help him out on these forums a bit.

Mike's wording is a little confusing - we do not rearchive anything if no problems are found. We do extract the original archive to scan its contents, and if nothing is found we'll just delete our "temp. unarchived contents." If we do find something wrong (a virus, trojan, etc. etc.) we'll remove/repair the bad file and rearchive the clean set of files, then delete the original archive.

Hope that clears things up a bit. Let me know if you have any more questions!

Cheers,
-nick

[mikeromo]

sigh...thanks Nick. I owe you a beverage.



-mike

[bastion]

mikeromo said:

You know what, you guys were right. I wasn't thinking about it clearly at all.


IF there is a problem, we do the rearchive. Like, if you had a bunch of Word documents in a .zip file, and one of them had a virus, THEN we would re-archive the file.

Ah. That's sane. I appreciate the correction. And, as others have said, I appreciate that you're taking the time to be here at all. As a developer myself I know it can be kind of minefield sometimes. After all, there's people like me out here. ;)

[mikeromo]

hey guys--



Hope you are having a nice Friday. As I mentioned earlier, the Norton Mac forum is up:



http://community.nor...d.id=norton_mac



While I'll pop by here to see if there are any lingering concerns, it sounds like things have died down a bit. If you have any questions, concerns, etc, you can go to the forums above or you can send me an email at mike_romo@symantec.com

Take care, have a great holiday!

-mike

[alucas]

Norton AntiVirus and Symantec AntiVirus for any platform is a waste of money. Why is that? Because after a year or less, they force you to pay more money if you want to continue to get anti-virus definition updates. Norton is not the company it used to be. They don't seem to care about the safety of your computer, just the amount of money they can get from "protecting" your computer. I remember when Symantec used to give us these definition updates for free (I think it was SAM 3 or 4, but I can't remember... It was the early 90's when the updates were free). With every year, Symantec makes its way down my list of non-user friendly companies that just seems to care about making money over helping their customers. The stupidest move Symantec made was to eliminate their only saving grace for the Macintosh, Norton Utilities. At this point Symantec is one step above Microsoft in my opinion (Microsoft pretty much being at the bottom of the barrel).

Also, up until recently, buying any antivirus software was a waste of money for the Macintosh since there were virtually NO viruses for the Mac. The only ones that did pop up a few years back were the Word Macro viruses, and even now, those don't work on a Mac if you have Office 2008 (since the idiots at Micro$oft eliminated visual basic scripting and came up with the most pathetic excuses for the reason why they did not port it). Even if your Mac did get a Word macro virus the solution was free and did not require buying an anti-virus program. All you had to do was delete the Normal.dot file for word and then let word recreate it and then LOCK the file so no other virus could infect it. It was not until recently that Mac has finally gotten the attention of virus creators out there because of the Mac's gaining popularity.

Just trust me, don't waste your money with Symantec products any more because it seems all they care about is money and not helping the user. If they truely cared about the user, then they would not force their customers to pay every 6 months to get virus definition updates. I understand having to buy a new version every 3 or 4 versions or so, but having to pay every 6 months is stupid.

[mikeromo]

Yikes--
So, first things first, we don't charge every six months, we charge every 12. And we tend to "skip" OS releases--so, instead of paying to get a new version of NAV that will work with 10.6, for example, we're updating the product to work with 10.6 for free, despite the fact that 90% of the time, the changes in Mac OS X require MAJOR work to get us to work again. We've been doing that for awhile now, so that's also part of the annual subscription price.

There are a lot of expenses that go into writing defs and signatures (not to mention testing for them both)--so that's where the annual charge comes from.

I get that you are angry, but honestly--what you say is just wrong; we think about our customers every move we make and, if it was just about making money...well, suffice to say, it's not. If we didn't care about our customers--our fellow Mac users--we wouldn't have added features that our users asked for (better control in AutoProtect (safezones, etc), squashed compatilbity bugs, improved our scanning, and address the few viruses that do come out within hours of their being found), and we certainly wouldn't be jumping into the forums to see how we could help.

Anyway, sorry you are so angry at Norton--no one's forcing you or anyone to buy the product. But you should remember everyone has the choice to run AV or not (many businesses and schools have to run antivirus as part of their security policy), so we're just working hard to make sure that if you do have to run antivirus, we've got a solid product available. And yes, there are free products out there and yes, we encourage people to check them out--software like ClamAV and Mac users like yourself just make us work harder to make a better product.

(I miss Norton Utilities as well, actually.)

thanks,

mike

mike_romo@symantec.com

[pdxkevin]

For Mac users, why are you even running AV on your machine? It really is not necessary. I used to work for Symantec, and I know it's imperative to run AV on a PC. NAV for PCs is actually a good product and, at least when I worked there, had the highest virus detection rates in the industry. When bought my first Mac almost 6 years ago, I did install NAV for Mac and had problems with it. After doing research and becoming quite proficient with Mac OS X, I uninstalled NAV and decided that it wasn't necessary to have on my machine. What WAS necessary was to ensure my firewall was on and operating efficiently as well as using a utility that would let me know if my Mac was trying to contact the internet (such as Little Snitch).
I have 2 Macs now, use NO antivirus software, and have never had a problem. I learned the hard way that it's much more important to practice a regular maintenance regimen (repairing permissions, dumping cache files, checking preference files, running periodic tasks, etc. I've been using TinkerTool System for years now). My Airport network is closed, and can only be accessed if a computers MAC address is listed in the access control list. If I receive an unfamiliar email that contains a link, I DO NOT click on it and promptly delete the email. Anytime I conduct any financial transaction through Safari, I always ensure that it's a secure/encrypted connection. My firewall is always on stealth mode.
An unauthorized intrusion into my computer is much more of a threat than a virus. I've been antivirus-free for six years and have no regrets.

[nuchida]

"An unauthorized intrusion into my computer is much more of a threat than a virus. I've been antivirus-free for six years and have no regrets."

pdxkevin,

We also agree that the threat landscape is trending more towards network based attacks than your traditional "virus." In fact, one of the best new features of NAV 11 is Intrusion Prevention technology. Much like we do for viruses, we'll scan for "signatures" coming down off your network and block them before they can exploit security vulnerabilities. (some examples on Mac OS X: QuickTime RTSP buffer overflow, Mac OS X mDNSResponder, Mac OS X Help remote code execution, etc. etc.)

Also, to quickly touch on your earlier comments...

It sounds like you practice good safety precautions! I wish I could say the same thing for my Mom, or some of my less computer-savvy friends. :)

I totally agree that backup and a regular maintenance program are both good habits. That being said, I still think there is a market for security on Mac OS X. Anti-virus, network intrusion prevention, firewalls (with more functionality than the built-in Mac OS X firewall), anti-phishing... these are the types of solutions we provide, not just NAV. We're not a one trick pony anymore. Even if you practice due diligence, you still could be affected by an exploit. If some hacker finds a hole in iTunes, it may be weeks before Apple can release a patch to users. In minutes, we could publish a signature for Intrusion Prevention that would detect and block someone trying to hit your unpatched iTunes.

Anyway, just wanted to offer some other considerations to your points.:)

If you have any specific feedback on our Mac Products, I encourage you to post on our official forums:

http://community.nor...d.id=norton_mac

Cheers,
-nick