Norton Antivirus

[Johnie]

Is there any difference between the latest versions of Norton Antivirus, and
older versions (I have NAV 2002) with all the updates downloaded and installed?
(Fully licenced for updates of course). The thing that makes me ask is the
latest "scare" on problems with NAV : -

http://news.com.com/Symantec+details+flaws+in+its+antivirus+software/2100-1002_3-5646871.html

 

[kurt wismer]

Is there any difference between the latest versions of Norton Antivirus, and
older versions (I have NAV 2002) with all the updates downloaded and installed?
(Fully licenced for updates of course).

yes, there's a big difference... older engines can't make effective use
of virus signatures written for newer engines... nav2002 can't protect
you from the same amount of viruses as a more recent version regardless
of what signature updates you've applied...

 

[Ian JP Kenefick]

yes, there's a big difference... older engines can't make effective use
of virus signatures written for newer engines... nav2002 can't protect
you from the same amount of viruses as a more recent version regardless
of what signature updates you've applied...

Does Norton not update the engine component via live update?

 

[kurt wismer]

yes, there's a big difference... older engines can't make effective use
of virus signatures written for newer engines... nav2002 can't protect
you from the same amount of viruses as a more recent version regardless
of what signature updates you've applied...

Does Norton not update the engine component via live update?[/QUOTE]

some engine updates may be distributed that way, but i don't know if
all are... also symantec ended support for nav2002 already
(http://www.symantec.com/techsupp/nav/discontinued.html) so is quite
probable that nav2002 *can't* be brought up to the current engine this
way...

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is there any difference between the latest versions of Norton Antivirus, and
older versions (I have NAV 2002) with all the updates downloaded and installed?
(Fully licenced for updates of course). The thing that makes me ask is the
latest "scare" on problems with NAV : -

http://news.com.com/Symantec+details+flaws+in+its+antivirus+software/2100-1002_3-5646871.html

I am using Norton Antivirus 2002 and am still receiving virus definition
updates.

I believe the newer versions also support removal and real-time protection
of spyware and diallers etc.

If you RTFA mentioned in the URL you posted, you will see that the
vulnerability is only said to affect versions 2004 and 2005.


Regards,


Adam Piggott,
Proprietor,
Proactive Services (Computing).

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCUBzl7uRVdtPsXDkRAunMAJ4oc44g26qyJHbufcp2iryXFcVUGACfd5ic
aNvPhWB8JrMGbRQYC30zGmI=
=BW/D
-----END PGP SIGNATURE-----

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

yes, there's a big difference... older engines can't make effective use
of virus signatures written for newer engines...

True if you go back as far as pre-200x versions of Norton Antivirus, I believe.

nav2002 can't protect you from the same amount of viruses as a more
recent version regardless of what signature updates you've applied...

Please provide proof of such a statement. If I compare my Norton Antivirus
2002 with several clients' later versions they all say they protect against
exactly the same number of viruses.


Yours,

Adam Piggott,
Proprietor,
Proactive Services (Computing).

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCUB3E7uRVdtPsXDkRAnW2AKCWVh0aaBfd0d8IEOaHMXxYVbQExACeK6LE
zIphgcgFRStuCY9tZG0Voo4=
=/CZc
-----END PGP SIGNATURE-----

 

[kurt wismer]

True if you go back as far as pre-200x versions of Norton Antivirus, I believe.

no, it's true for all versions... older engines cannot make use of
signatures written in such a way as to make use of the capabilities of
newer engines... the newer engines are backwards compatible so they can
use the old signatures, but you don't really expect the old engines to
be forwards compatible, do you?

Please provide proof of such a statement. If I compare my Norton Antivirus
2002 with several clients' later versions they all say they protect against
exactly the same number of viruses.

all that is showing is the number of viruses it has signatures for, not
the number it can actually use...

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

no, it's true for all versions... older engines cannot make use of
signatures written in such a way as to make use of the capabilities of
newer engines... the newer engines are backwards compatible so they can
use the old signatures, but you don't really expect the old engines to
be forwards compatible, do you?

Newer engines are backwards compatible with old virus definitions? What
would be the point of that?

I don't expect anything. I am telling you that Symantec's method of
supplying virus definitions support back to at least NAV 2000.

all that is showing is the number of viruses it has signatures for, not
the number it can actually use...

Then explain to me why LiveUpdate still seems to incessantly send me
updates which I cannot use, and how many viruses Norton Antivirus 2002 does
actually protect against. Also while you're at it, why they would bother
quoting such a number when it is incorrect, and why Symantec still offer me
subscription updates when the virus definitions are useless, according to
your statements.

I cannot see at:
http://securityresponse.symantec.com/avcenter/defs.download.html
(Symantec Security Response - Virus Definitions Download Page)
....any mention to version-specific definition files whatsoever.

I cannot find any mention, anywhere, of what version of the software each
virus definition release supports and does not. The reason for this is
because they are not version-specific.

Thank you for the discussion, but I'm not interested in commenting further
on this particular topic. I'm afraid you are incorrect.

Yours,


Adam.

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCUFx97uRVdtPsXDkRAsuuAKCKa8s81UM7GT4PPm+I7FJ4AjeYegCgnQ9u
M/uBMg7KtU/RrhwtWhNtg+A=
=xzAJ
-----END PGP SIGNATURE-----

 

[Roger Wilco]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Newer engines are backwards compatible with old virus definitions? What
would be the point of that?

I don't expect anything. I am telling you that Symantec's method of
supplying virus definitions support back to at least NAV 2000.



Then explain to me why LiveUpdate still seems to incessantly send me
updates which I cannot use, and how many viruses Norton Antivirus 2002 does
actually protect against. Also while you're at it, why they would bother
quoting such a number when it is incorrect, and why Symantec still offer me
subscription updates when the virus definitions are useless, according to
your statements.

I cannot see at:
http://securityresponse.symantec.com/avcenter/defs.download.html
(Symantec Security Response - Virus Definitions Download Page)
...any mention to version-specific definition files whatsoever.

I cannot find any mention, anywhere, of what version of the software each
virus definition release supports and does not. The reason for this is
because they are not version-specific.

Thank you for the discussion, but I'm not interested in commenting further
on this particular topic. I'm afraid you are incorrect.

Yours,


Adam.

I'm using NAV 5.0 and still get definitions. After updating I get a
message about how I have the most up to date protection against vuruses
or some such balderdash. It doesn't mean I believe them, and neither
should you. Consider a metamorphic virus that requires the scanner
engine to emulate an environment for more cycles (or more nearly
perfect) than any previous metamorphic virus - the definition data is
pretty much useless if the engine is incapable of emulating long enough
or with enough perfection. The emulation an AV uses is only as complete
as it needs to be to be able to function against what it expects to be
able to find - otherwise it would be providing as nearly perfect an
emulated encironment as is possible with the current 'state of the art'
level of emulation and would be much more costly and resource intensive.

....but I don't want to talk about it either. :OP

 

[kurt wismer]

Newer engines are backwards compatible with old virus definitions? What
would be the point of that?

to avoid having to rewrite 100,000 virus signatures every time the
engine is tweaked...

I don't expect anything. I am telling you that Symantec's method of
supplying virus definitions support back to at least NAV 2000.

and i'm telling you that you're misinterpreting what you've read... the
signature file format hasn't changed, but the engine has... the engine
has to be updated to keep up with new virus techniques... virus
signatures only tell the scanner what to look for, not how to look for
it... signatures written for the types of viruses that prompt the
engine upgrades, while readable by older engines, are not fully usable
by older engines - if they were there wouldn't be a need for an engine
upgrade...

Then explain to me why LiveUpdate still seems to incessantly send me
updates which I cannot use,

many of them you can use, just not all of them...

and how many viruses Norton Antivirus 2002 does
actually protect against.

i don't know or care what the actual number is...

Also while you're at it, why they would bother
quoting such a number when it is incorrect,

because when nav2002 was the current engine it *was* correct...

and why Symantec still offer me
subscription updates when the virus definitions are useless, according to
your statements.

i never said the updates were entirely worthless, i said signatures
written for newer engines can't be properly used by older engines...

I cannot see at:
http://securityresponse.symantec.com/avcenter/defs.download.html
(Symantec Security Response - Virus Definitions Download Page)
....any mention to version-specific definition files whatsoever.

because they expect their users to always use the latest version...

I cannot find any mention, anywhere, of what version of the software each
virus definition release supports and does not. The reason for this is
because they are not version-specific.

well, i think it's crystal clear from
http://www.symantec.com/techsupp/nav/discontinued.html that you can no
longer expect the virus definitions to support nav2002...

Thank you for the discussion, but I'm not interested in commenting further
on this particular topic. I'm afraid you are incorrect.

fine with me... if you can't recognize when something is axiomatically
true you can just go on using decrepit virus scanners and suffer the
consequences of your false sense of security...