Norton Antivirus Corporate Edition (NAVCE) & Its Dependence Upon a Reliable Network

On 03.09.10, In Applications, Computer Viruses, By dancalloway

by DAN CALLOWAY
Published 9 March 2010

WEAVERVILLE, NC – The following article is a discussion of Norton Antivirus Corporate Edition (NAVCE) and its dependence upon a reliable and fully-functional network to perform its functionality.

Discussion

The network application this author has chosen to discuss as one with which he has worked closely in the past and that is dependent upon a reliable network to function properly is Norton Antivirus Corporate Edition (NAVCE). Norton Antivirus Corporate Edition, also known as Symantec Antivirus Enterprise Edition, is an antivirus software application developed by Symantec Corporation whose network component provides 24/7-365 solid protection against incoming viruses and spyware to corporate enterprise networks and servers and whose client component provides the same level of antivirus and anti-spyware protection to host computers connected to the network (“Enterprise Antivirus Software – Threat Prevention | Symantec AntiVirus Corporate Edition,” 2010).

Symantec Corporation has acquired several small antivirus companies and security vendors over the years, but its prominence and recognition as a leader in the antivirus and anti-spyware business came about when it purchased IBM’s and Intel’s antivirus business in the latter 1990s (Hunter, Khan, & Shimonski, 2003). The development of NAVCE was built upon decades of solid know-how and support that came from Norton’s support of desktop clients in the 1980s and early 1990s, protecting desktop operating systems and email systems from malicious code since the first trojan worms and email viruses appeared in those early days and the technologies acquired from IBM and Intel in the area of enterprise antivirus software management and automated virus handling, respectively.

Application Description

Norton Antivirus Corporate Edition is a network-based antivirus and anti-spyware application that provides advanced enterprise-wide virus protection and management from a single web-based console. It incorporates an integrated web-based graphical reporting capability for network administrators. NAVCE also supports the Symantec Antivirus client for Windows Vista and Microsoft Windows Server 2008 (“Enterprise Antivirus Software – Threat Prevention | Symantec AntiVirus Corporate Edition,” 2010). The key benefits of this application are: (1) Provides effective enterprise-wide antivirus and anti-spyware protection; (2) Incorporates Symantec tamper protection guard, which prevents unauthorized antivirus access and attacks on the network through attempts from viruses to disable network security; and (3) The application is backed by the Symantec Security Response Team, which is the world’s leading Internet virus research and support group. NAVCE offers antivirus and anti-spyware support for the Symantec System Center, Symantec Antivirus Server for Windows, Symantec Antivirus Server for Netware, AMS Server, Reporting Server, Reporting Console, Quarantine Console, Central Quarantine Server, 32- and 64-bit Windows clients (including Vista), and Linux clients (including Red Hat Enterprise Linux 3.x, 4.x, 5.x; SUSE Linux Enterprise Server/Desktop 9.x and 10.x; Novell Open Enterprise Server; and VMware EX 2.5x and 3.x) (“Enterprise Antivirus Software – Threat Prevention | Symantec AntiVirus Corporate Edition,” 2010).

In January, 2010, Symantec Corporation announced that it would stop support for NAVCE in the near future and recommended to its customers to begin looking at its successor applications: Symantec Endpoint Protection or Symantec Endpoint Protection Small Business, which is the Next-Generation antivirus/anti-spyware application that protects the endpoints of the network using simple management capabilities, fast deployment, and pre-configured settings.

Network Dependence and its Impact on NAVCE

Although NAVCE has a client component as well as a network component in its application package, its dependence on a reliable, and fully-functional network is crucial to its overall functionality. If the network upon which it is installed and configured fails to provide adequate connectivity between network servers (Quarantine, System Center, Reporting Server, Reporting Console, and WUS) and host computers attached to the network, and between the LAN and the Internet that provides access to the web-based administrator console for remote management purposes and the virus/anti-spyware definition and engine updates essential to maintain the application’s viability as a product that will protect the network against the latest viruses and malware (supported by WUS), then NAVCE will cease to be an application that will fully support the network or its hosts from external and internal viral and spyware invasions.

Implication of Network Infrastructure Developments on NAVCE

Obviously, as network infrastructure and network developments change in the coming years, Symantec Antivirus Corporate Edition will not be directly impacted since support for this application will end in the months following January, 2010. However, for its successor applications, such as Symantec Endpoint Protection and Symantec Endpoint Small Business, their interface with upgraded network and client desktop operating systems, requirements for updated microprocessors, enhanced RAM at the server and desktop level, file system changes at the software and hardware level (512 KB/sector to 4KB/sector ATA hard drive changes) (“bit-tech.net | All new hard drives will be “4k advanced format”,” 2010) will require application changes to remain in lock-step so that the applications can be implemented on the network hardware and software and so that the minimum requirements to run the applications will be met on the corporate networks themselves (“Enterprise Antivirus Software – Threat Prevention | Symantec AntiVirus Corporate Edition,” 2010). Symantec Corporation, as an antivirus and anti-spyware vendor that wishes to remain in business in the foreseeable future, will have to ensure that its future products are compatible with the latest technologies, such as more advanced mail clients, FTP clients, and the like, or its inability to provide continuing support in protecting future LANs will result in its inability to remain competitive in the marketplace.

———————–

References

bit-tech.net | All new hard drives will be “4k advanced format”. (2010, February 2). bit-tech.net | All new hard drives will be “4k advanced format”. Retrieved March 9, 2010, from http://www.bit-tech.net/news/hardware/2010/02/02/all-new-hard-drives-will-be-4k-advanced-for/1.

Enterprise Antivirus Software – Threat Prevention | Symantec AntiVirus Corporate Edition. (2010). Enterprise Antivirus Software – Threat Prevention | Symantec Antivirus Corporate Edition. Retrieved March 9, 2010, from http://www.symantec.com/business/antivirus-corporate-edition.

Hunter, L., Khan, A., & Shimonski, R. (2003). Configuring Symantec Antivirus Enterprise Edition. Syngress. Retrieved March 9, 2010, from http://books.google.com/books?id=nHPzTZ27a5UC&dq=symantec+antivirus+corporate+edition&lr=lang_en&source=gbs_navlinks_s.

Wikio
Wikio
Tagged with:
 
3 Comments
Please Leave A Response

Malicious Software Infects Computers

On 02.20.10, In Computer Viruses, By dancalloway

By JOHN MARKOFF, The New York Times
Published February 18, 2010

A malicious software program has infected the computers of more than 2,500 corporations around the world, according to NetWitness, a computer network security firm.

The malicious program, or botnet, can commandeer the operating systems of both residential and corporate computing systems via the Internet. Such botnets are used by computer criminals for a range of illicit activities, including sending e-mail spam and stealing digital documents and passwords from infected computers. In many cases they install so-called keystroke loggers to capture personal information.

The current infection is modest compared with some of the largest known botnets. For example, a system known as Conficker, created in late 2008, infected as many as 15 million computers at its peak and continues to contaminate more than seven million systems globally.

Botnet attacks are not unusual. Currently Shadowserver, an organization that tracks botnet activity, is monitoring 5,900 separate botnets.

Several computer security specialists also disputed the company’s assertion that the botnet was a novel discovery. This type of infection is well known to the computer security research community and is routinely tracked by a monitoring system that has identified more than 1,300 botnets of this design.

NetWitness said in a release that it had discovered the program last month while the company was installing monitoring systems. The company named it the Kneber botnet based on a username that linked the infected systems.

The purpose appears to be to gather login credentials to online financial systems, social networking sites and e-mail systems, and then to transmit that information to the system’s controllers, the company said.

The company’s investigation determined that the botnet had been able to compromise both commercial and government systems, including 68,000 corporate login credentials. It has also gained access to e-mail systems, online banking accounts, Facebook, Yahoo, Hotmail and other social network credentials, along with more than 2,000 digital security certificates and a significant cache of personal identity information.

“These large-scale compromises of enterprise networks have reached epidemic levels,” said Amit Yoran, chief executive of NetWitness and former director of the National Cyber Security Division of the Department of Homeland Security.

“Cyber criminal elements, like the Kneber crew, quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

The company, which is based in Herndon, Va., noted that the new botnet made sophisticated use of a well-known Trojan Horse — a backdoor entryway to attack — that the computer security community had previously identified as ZeuS.

“Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information,” said Alex Cox, the principal analyst at NetWitness responsible for uncovering the Kneber botnet.

“But that viewpoint is naïve. When we began to detect the correlation among both the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on advanced threats such as ZeuS.”

Half of the machines infected with the Kneber botnet were also infected by an earlier botnet known as Waledec, the company noted.

The existence of the botnet was first reported by The Wall Street Journal, shortly before the company issued its news release.

Wikio
Wikio
Tagged with:
 
1 Comments
Please Leave A Response

The Age of Cyber Warfare is “Dawning”

On 11.21.09, In Computer Viruses, computers, Crime, Internet, By dancalloway

by DAN CALLOWAY
Published 21 November 2009 @ 20:30 UCT

BBC News | Technology newsdesk

cyberwarfareWEAVERVILLE, NC - Compiled by security firm McAfee, it bases its conclusion on analysis of recent net-based attacks.

Analysis of the motives of the actors behind many attacks carried out via the internet showed that many were mounted with a explicitly political aim.

It said that many nations were now arming to defend themselves in a cyber war and readying forces to conduct their own attacks.

While definitions of what constitutes cyber war are not shared, it was clear that many nations were preparing for a future in which conflict was partly conducted via the net.

“There are at least five countries known to be arming themselves for this kind of conflict,” said Greg Day, primary analyst for security at McAfee Europe.

The UK, Germany, France, China and North Korea are known to be developing their own capabilities.

The US is known to have an operating manual governing the rules and procedures of how it can use cyber warfare tactics. It is known to have used hack attacks alongside ground operations during the Iraq war and has continued to use this cyber capability while policing the nation.

Mr. Day said there was evidence of a growing number of attacks that could be classed as “reconaissance” in advance of a future conflict. The ease with which the tools of such attacks can be gathered and used was worrying, said Mr Day.

“To go to physical war requires billions of dollars,” he said. “To go to cyber war most people can easily find the resources that could be used in these kind of attacks.”

The targets of such future conflicts were likely to be a nation’s infrastructure, said Mr Day, because networks of all kinds were now so embedded in peoples’ lives.

In response, he said, many nations now have an agency overseeing critical national infrastructure and ensuring that it is adequately hardened against net-borne attacks.

Chris Wysopal, chief technology officer at Veracode which advises many governments on security, said cyber war presented its own problems when it came to deciding motive and finding the perpetrators.

“In physical warfare it’s pretty clear who has which weapon and how they are using them,” he said. “In the networked world that attribution is incredibly difficult.”

The same is true for cyber crime, he said, where following a trail of money can lead investigators back to a band of thieves.

“If it is someone stealing information or planting logic bombs, it’s far more difficult to find them,” he said.

Mr Wysopal said many governments had woken up to the threat and were starting to put in place systems and agencies that could help protect them.

However, he said, they still had some weaknesses.

“The thing about governments doing this is that they have a time horizon of many years,” he said. “But the criminals are doing it in a matter of months.”

Wikio
Wikio
Tagged with:
 
0 Comments
Please Leave A Response

WordPress Users Warned of Active Hacking Worm

On 09.06.09, In blogging, Computer Viruses, Internet, News, By Dan Calloway

by DAN CALLOWAY
Published September 6, 2009; The Chronicler’s Web

WEAVERVILLE, NC – Erik, of Slashdot.com, writes “WordPress, the popular open-source Content Management System (CMS) for many thousands of bloggers worldwide, is under attack from a ‘clever’ worm that automatically compromises unpatched versions of the WordPress system. The particularly nasty bug crawls the web for vulnerable WordPress installations, installing malware, deleting content, and generally wreaking havoc wherever it can. Today, WordPress founder Matt Mullenweg eloquently implored WordPress bloggers to update more frequently. Originally, updating the WordPress system was a rather laborious process; however, newer versions offer fast and simple one-click upgrades. The two most recent versions of WordPress (2.8.3 and 2.8.4) cannot be attacked by the worm discovered this week, and blogs hosted at WordPress.com are also apparently immune.”

Wikio
Wikio
Tagged with:
 
1 Comments
Please Leave A Response

Go To Top »
Get Adobe Flash player

SEO Powered by Platinum SEO from Techblissonline