Video Screencast Help
New Company Name and Logo Announced. Learn More.

Symantec dropping antivirus ?

Created: 14 May 2014 | 16 comments

I was just informed by a fellow employee here at work that she was in a major meeting where it was announced by the high-muckie-muck that Symantec is getting out of the "antivirus business" and that agencies needed to find other protection and products to keep a-v coverage.

Symantec drop SEP? OK, I know I know it's no longer "viruses" so much as malware and attacks - the world has changed and people need to get their heads into the 2010s and out of the 1990s like too many, including management here, is stuck in.

Is this a matter of "semantics" and just a battle of words - or is SEP going away as it exists today?

Enquiring minds want to know - ifit's right I really need to know - and if that's all wrong, where did the BS come from?

When was the last "virus" you found - say an infected file or a boot sector, etc.? Be careful - I mean VIRUS - an infection, not a file or app that doesn't belong. An infection impacts EXISTING files or boot areas, malware, Trojan Horses, etc. are different, they aren't viruses, malware isn't a virus. So when was the last VIRUS you had?

Operating Systems:

Comments 16 CommentsJump to latest comment

Brɨan's picture

Umm no...I've seen the 12.1 roadmap and it's full steam ahead.

Symantec Antivirus is End of Life and no longer supported. Perhaps that's what she meant.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

ShadowsPapa's picture

I wasn't at the meeting, so I can't say EXACTLY what the ISO's office said - but if they indeed said "Symantec is dropping antivirus" and didn't clarify or expand on it any with detail as to the meaning of that statement, then they are in more sorry shape than I believed. I have known for years they live in the 1990s, but that would really top it.

On the other hand, maybe all that was HEARD were key words "Symantec", "Drop", "antivirus protection" and it was ASSUMED. So that's possible as well since you mention and REMINDED me that they won't support SAV.

See for me, SAV in its various forms has been "dead" for years. It wasn't capable, wasn't broad enough, SEP is more of a Swiss Army Knife on steroids with ultra-sharp blades where SAV was a large pocket knife with a couple extremely sharp blades.

I do have to wonder if either what was said was a horrible mistake or misinformation based on ASSUMPTIONS, or what was heard was the mistake..........

Thanks!

John Dixon's picture

What is the status regarding the future of Norton badged products?  I use norton 360 on all my personal machines and am under the assumption that Norton products are actually the consumer division of Symantec.

ShadowsPapa's picture

I've only listened to a part of this but if I understood correctly, that segment will grow or expand.
http://www.symantec.com/connect/videos/vision-2013-las-vegas-day-1-keynote

he explains it better in the video than I can.

I also run 360 on my home devices = 2 desktops and a notebook.

CQ's picture

This rumor probably started because of the recent statements made by Brian Dye in a Wall St Journal article.

Antivirus "is dead," says Brian Dye, Symantec's senior vice president for information security. "We don't think of antivirus as a moneymaker in any way."

Antivirus products aim to prevent hackers from getting into a computer. But hackers often get in anyway these days. So Mr. Dye is leading a reinvention effort at Symantec that reflects a broader shift in the $70 billion a year cybersecurity industry.

Rather than fighting to keep the bad guys out, new technologies from an array of companies assume hackers get in so aim to spot them and minimize the damage.

Products like SEP 12.1 are already moving in this direction but if you read the entire article Mr. Dye clearly suggests Symantec is behind other companies ans has to move rapidly in this direction.

ShadowsPapa's picture

I disagree with parts of that - as one in the field who every minute of every day see where folks go, what they do, and what tries to get to us, it's just the target that's changed. AV needs to point at "malware" and "adware" which can still be fought with the same tools, just revised and re-aimed. Vendors are missing huge boats - I for one would love to see vendors target the sneak-in-ware that is packaged with software, the fake AV, the toolbars, and the browser helpers that pretend to be helpers but are really spys. I have to manually set up SEP to catch that garbage. It should already have those defined and allow me to turn that feature on - YES, block ALL IE and other toolbars, block ALL BHOs unless I whitelist them, and block ALL adware and spyware. Stop anything and everything from hijacking our browsers. But these vendors are simply ignoring our largest annoyance today. I spend most of my time fighting adware and spyware and add-ins that are snuck in than I do any real viruses. I've not seen a virus in a very long time. But I fight "crap-ware" every single day. Click here for a free...." click this to make your browser easier, that sort of garbage, or things piggy-backed into install packages, sneak-in-ware, spyware, adware, browser tools - if a product would block that sort of crap my life would be a whole lot easier, a whole lot.

I also disagree that "they will get in anyway". Not here, no they won't. But they will when the guard dogs like Symantec give up and shrug, ok, they'lll get past us so let's minimize the damage. I'm shocked at that attitude. I work in the trenches and I challange them to come visit ME and watch me for a day, if you have a great product and know HOW to use it and how to configure it, no, they won't get in. Not past our firewalls, IPS, SEP and other products they won't. Maybe in other state agencies, yes, ok, they will - but that's because they don't have ME! (and I'm not joking or showing off-  it's something that some have actually admitted to. This agency passes muster and rates highly each year because I force us to, along with SEP and common sense!)

If you know how to use the security settings of the OS, if you don't tamper with them, if you assume the OS has holes and are diligent at watching for them, patching, and not putting all your eggs in one basket, there's no reason for you to be hacked or compromised.

So they'll get in, aim to spot them and minimize the damage. That's a bit defeatist, isn't it? Minimize? ANY damage is too much damage! How can you know how much or how little? How can you know that they got 1 piece of your info or 1 million? Why not prevent? If the bad guys can find ways to get in - then can't people also find ways to prevent them getting in?

I guess the major vendors have cried uncle? So now we have to ride along with them and assume since the vendors will no longer prevent, we have to keep documents ready to send out telling people "we've been hacked and your info MAY be out there" but have no clue as to if they got a lot or a little.
People get in because things are broken or were never good to begin with - so why not fix what's broken?
OK, so I should give up locking my doors at home, assume I'll be broken in to, and just take more effort to hide things and set up cameras so when I get home and find things gone or trashed, I can tell what's gone? And in the meantime suffer the damage and consequences of lost stuff-  in this case DATA, customer or client PII?
So we have to tell clients - sorry, we no longer prevent access to your PII - we now concentrate on making sure that only you and 1 or 2 others suffer.

I'm so glad I only have 4 or 5 years left till retirement - I won't be able to handle such a "we give up" attitude.
And frankly, if businesses are "losing the battle", I propose it's the PEOPLE, not the product. I've witnessed it in this very state - same product as we use, and yet other agencies have problems. Why have we not had the problems? I've checked into it - again, it's because it wasn't properly configured, they didn't keep things patched, they weren't keeping up with knowledge and staying informed, diligent. They didn't have me - or the right person setting things up and suggesting policies. They failed or lost their battles not becuase of product failure, but because of people failure. One agency says "5 or 6 infections a day is pretty typical". I'd freak out if we had that many a year. Typical? Why accept that? Configure the software. Stay ahead in the game. I do it.
300 users/computers. 3 plus years no infections, no machines have had to be re-imaged or rebuilt. And our people surf and click like there's no tomorrow.

Symantec needs to get me on the team designing strategies for the endpoint protection.
I've a proven track record.  ;-)
But I warn you - I speak my mind (it's a medical thing, honestly)

MichaelD50's picture

http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/

Basically, it takes more than signature based AV software in today's threat environment!

MJD

ShadowsPapa's picture

That's old news really - I knew that a few years back so anyone relying fully or even "mostly" on signatures has been behind the curve for quite a while.  I let SEP do what it does with definitions and bloodhound, but I work to keep things OUT, then I don't have to minimize damage as there won't be any. I customize the heck out of the product and use every piece of it that I'm able to - hoping to fully utilize the SNAC parts soon. I block the abilities of things to get in, set up traps, and watch logs to find patterns that computers can't see. I'm very very good at "pattern recognition" and problem solving so I can read logs and pretty well figure out what's going on, or trying to go on, and I've stopped things before they had a chance to get a foot-hold in here. Adware/malware, etc - extremely rare here. NO viruses at all in over 3 years, actually it may be closer to 4 years now I've lost track. We've not had to do clean-up on a computer here in so long we've almost forgotten how. SEP and I - a team.

As far as Kreb's comments - I have articles that were saying that, and actually, so was I, several years ago so that one's a bit late. Those who get in and do bad stuff aren't the script-kiddies of the past, they aren't the weekend windshield breakers out with a ball-bat to see what damage they can impose, or how long something they send out takes to get back to them, nor are they embedding nasty messages to a girlfriend named Corrine. It's money, business, profit that's driven the bad guys for the last few years. And the targets are now different and refined. Different foe means different tactics, but we knew that, eh?  ;-)

Jeshrel's picture

Hi ShadowsPapa,

It's really an technicial miracle to know that your environment is free from malwares for more than 3 years.. hats off.yes

I try to do the same in my environment but i find it hard reall hard.

Would you be able to write an article and share your knowlegde and experience on how you had managed to keep it that a way for nurishing administrators, to keep our environment safe and clean from intruders and malwares, and also if your willing another one on "pattern recognition" as well. 

It's just a suggestion.laugh

Brɨan's picture

Which has been well known for years now...good articles though, I forgot all about this statement by Symantec.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mick2009's picture

Don't worry, SEP's not going anywhere.  &: )

Good defense of endpoints remains a crucial component of a complete security picture.

Symantec Endpoint Protection – Best Practices
http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

With thanks and best regards,

Mick

John Dixon's picture

BUT WHAT ABOUT THE NORTON LINE OF PRODUCTS FOR THE CONSUMER MARKET?  NAMELY NORTON360?  IS IT STILL A GOOD SOLUTION FOR THE HOME USER???????????????????????????????????????????????

Clint M. Sand's picture

Yes. Stick with Norton. see here: https://www.youtube.com/watch?v=R_QjX9r1nx0

&a

Mick2009's picture

Further reading....

No, anti-virus software isn't dead (yet)
http://tech.fortune.cnn.com/2014/05/15/no-anti-virus-software-isnt-dead-yet/

With thanks and best regards,

Mick

ecguy's picture

The Wall Street Journal article that was written about Symantec and AV (antivirus) was slightly twisted to grab headlines.

Symantec knows that AV alone is not enought to stop the majority of attacks out their.  That is why their current products include, AV, IPS, their behaviour based Sonar technology, Insight (hash look ups), etc.

The problem is that these products in their current state stop the majority of attacks; however, advanced persistant threats from Nation States, ie., China can not be stopped by simply using an antivirus suite.

Thus, Symantec wants to get into the appliance field to compete with companies like Fireye, who have proven that that their advanced cloud sandboxing and Intrusion Detection System greatly helps where these products are currently not succeeding.

That being said, Antivirus and antivirus suites are a must for any business and home user and Symantec has no intention to abandon these products.  They may not be the new inovative "money makers" that Symantec wants but, Symantec has absolutely no intention of dropping these technolgies.

If anything, Symantec will be integrating more of this tech into their newest endpoints over time.