Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: Symantec held info about a big cyberthreat for hours after spotting it ....

  1. #11
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    It reasons like this that I've been praising Panda AV for the last almost year. Not only do they share their info with all their customers, but they had virus definitions already availble to be downloaded for all of the latest big ones, before they hit. (including slammer, SoBig, Blaster, etc)...
    I don't quite undertand... how can they have a def out before the virus is out?

    It a conspiracy! The AV corps pay people to code, then turn over to AV company to make def. then release to public. Anyone who does'nt pay, gets hit... sometimes softly, sometimes with a cannonball to the stomach. Doesn't the mob use those buiness practices?

    I think it is silly of all of you to expect a company to share data that they are spending a lot of money to gather. Running the collection nodes and paying the analysts that are the backbone of the deepsight system is not a cheap thing to do.
    Hey... we pay too. So... if they tell their deepsight customers first (say 4-6 hrs) then they should tell their suscribers next (2-4hrs) and then finally the public? LoL That makes no sense at all... they should just tell everyone so everyone can scramble to try to minimize the effects of said virus/worm.

    Then again... they should be scrambling to path their systems when the patch is released and tested. Not when a virus/worm hits that can exploit the security hole.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #12
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    get on a good mailing list and you won't be left out of stuff like this. We are a premier customer of Symantec and did learn about it through them, but it was about four hours AFTER I heard about it on one of my mailing lists.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  3. #13
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Lv4: What mailing lists do you suggest? I'm already on a couple... such as bugtraq, incidents and a couple of misc lists.

    EDIT: Offtopic:

    This post made me 1337!!!!!

    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #14
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    You read my mind phishphreek...I was gonna ask the same thing.. has anybody posted a list here before of mailing lists for the newer members? (myself included).

  5. #15
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    Wow, thats really lame they only let the people with the $$ know about it ahead of time...
    That is like saying "it sure is lame that the Jaguar dealership only gives new cars to people with $$$."

    Symantec is a business- not a non-profit organization. They are under no obligation per se whatsoever to share the information with ANYONE who isn't paying them- much less before their paying customers.

    If you want a service like that then you essentially need the government to step up to the plate and fund an organization to set up a cyber-surveillance and alerting system similar to Symantec and other security providers and put it on the taxpayer's tab- then they can disseminate the information publicly in virtual realtime.

    As for a mailing list you can get info from I recommend AVIEN / EWS. It is a non-vendor supported / related organization. It is nice because its grassroots. The members are the ones who report incidents as they occur to them so you get knowledge quickly- not hours after the fact. I have the alert lists set to email to my text pager so I get notified immediately of new suspicious / malicious traffic.

    As mentioned earlier- vendors don't generally publicize problems until AFTER they have created the solution. With an organization like AVIEN you get the info as it happens so you can prepare or mitigate prior to the vendors getting their ducks in a row.

    Here is a link: AVIEN

  6. #16
    Senior Member OverdueSpy's Avatar
    Join Date
    Nov 2002
    Posts
    556
    If you want a service like that then you essentially need the government to step up to the plate and fund an organization to set up a cyber-surveillance and alerting system similar to Symantec and other security providers and put it on the taxpayer's tab- then they can disseminate the information publicly in virtual realtime.
    OMG That is a scarry thought! Force the taxpayers to provide more money to support the lameos that refuse to pay for viral/vulnerability alert services. Shame on you Tonybradley for even suggesting such a thought!

    Seriously though if you take on the responsibility for owning a computer, then you need to be ready to pony up the dough to support it.
    The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!

  7. #17
    That is like saying "it sure is lame that the Jaguar dealership only gives new cars to people with $$$."
    No - what I was talking about wouldn't cost them anything but a few seconds time - not giving away something that cost thousands and thousands of dollars... (While I see your point, its still not really an accurate analogy)

    Symantec is a business- not a non-profit organization. They are under no obligation per se whatsoever to share the information with ANYONE who isn't paying them- much less before their paying customers.
    I wasn't saying they should give it out to the public before their paying customers - I agree their customers should come first...

    But part of them maintaining a customer base is "GOOD" public relations. Which sending out information they already had, a few hours earlier wouldn't of cost them any more then it did to send it out after the fact. Only doing it they way they did it was "BAD" for public relations - and therefore would be bad for business...

    I don't quite undertand... how can they have a def out before the virus is out?
    Sorry, I should of been more specific about that... I was referring for us American customers - as they have offices throughout Europe and Asia - they were able to identify the virus when it was origannly released overseas and had definitions out for them before they even hit the Americas... (And yes they came out that quickly, as I know they were spread in mere hours for the faster ones, and in about a day/day and a half for the slowest of those newer big ones)...

    RRP

  8. #18
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Sorry, I should of been more specific about that... I was referring for us American customers - as they have offices throughout Europe and Asia - they were able to identify the virus when it was origannly released overseas and had definitions out for them before they even hit the Americas... (And yes they came out that quickly, as I know they were spread in mere hours for the faster ones, and in about a day/day and a half for the slowest of those newer big ones)...
    Ah, Ok. I understand what you were saying now. I never really thought too much about how they gather data and samples to analyze and dissect to come up with defs. for the viruses and worms. I know why they do it... but never paid much attention to how they do it.

    Similar to a whole bunch of honeynets around the world.

    Thanks for clearing that up.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #19
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Originally posted here by bpiedlow


    No - what I was talking about wouldn't cost them anything but a few seconds time - not giving away something that cost thousands and thousands of dollars... (While I see your point, its still not really an accurate analogy)



    I wasn't saying they should give it out to the public before their paying customers - I agree their customers should come first...

    But part of them maintaining a customer base is "GOOD" public relations. Which sending out information they already had, a few hours earlier wouldn't of cost them any more then it did to send it out after the fact. Only doing it they way they did it was "BAD" for public relations - and therefore would be bad for business...



    Sorry, I should of been more specific about that... I was referring for us American customers - as they have offices throughout Europe and Asia - they were able to identify the virus when it was origannly released overseas and had definitions out for them before they even hit the Americas... (And yes they came out that quickly, as I know they were spread in mere hours for the faster ones, and in about a day/day and a half for the slowest of those newer big ones)...

    RRP
    You are making assumptions that it would only cost Symantec a couple of seconds. This is not at all the case. They didn't find out about this as quickly as they did because they have offices in foreign countries. They found out about it quickly because they offer a service where they monitor thousands of different areas of the internet looking for patterns in the traffic that resemble attacks and other malicious activity. When they find these patterns they have a highly paid analyst dig into the issue further. Once the analysts have determined exactly what the issue is, they give the information to the customers who have paid to support the service. Along with telling them about the "attack" symantec also gives recommendations on how to deal with the issue.

    Tony's analogy is dead on. The service that symantec is providing costs thousands, if not hundreds of thousands of dollars to maintain. Why is it that you think you should be privy to this information, for free, that cost symantec so much money to gather?

    If symantec were just to give this information away, they would not be able to continue gathering that data to begin with for much longer, mainly because it would be a situation where they would lose mass quantities of money.

  10. #20
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    What a Lame thread!

    Come on childeren.. You are doing the same crap again.. Flogging a company because of business practice.. ok Its not fair.. Grow up nothing in life is bloody fair..

    NOTE: SLAMMER Worm ONLY attacked vulnerable SQL servers.. Hello PPL.. Other than Sysadmins.. So how many of your were vulnerable.. So Who would be most affected .. Bloody big business you twits.. The ppl who do pay the money..

    If you are going Slam the companies.. how about ALL of them.. What is the time between discovery of a threat and the release of the Def's? Corporate only hours.. Domestic.. ???? AVG updates about every 14days.. fark.. Norton 7 days... mcafee ???.. (except when there is a major threat... well that is dependent on your perspective isn't it)

    Some of you guys have had your heads up your academic arse to bloody long to see the busness world with a real perspective.. Your talking about companies with Millions of customers not bloody mom and dad corner store business's.. put the facts into perspective..

    OK .. End of minor Dummy Spit..

    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •