Symantec is worse than many viruses

mott555

I know most antivirus suites are WTF, but Symantec is a mega-WTF. I got to work this morning, booted up my computer, and as soon as I logged in Symantec decided it was time to do a virus scan (aka conjure evil spirits into my PC and sacrifice virgins while chanting Satanic verses). My hard drive sounded like the road crews were tearing it up with jackhammers so they could repave it and my mouse was about as fast as a DeLorean with only three spark plugs trying to drive over the Rocky Mountains.

So I opened up Task Manager and found the virus scan process--Rtvscan. It was using 100% of my CPU (I use a 3.0 GHz quad-core Pentium 4 Xeon, I know, P4's are TRWTF) and its disk I/O numbers were approaching UInt64.MaxValue. I tried to change its priority to Low but apparently Symantec blocks that because it told me in explicit detail to go do something that isn't anatomically possible. So I just terminated the process. My hard drive fell silent, my mouse cursor actually could move, and angels in heaven sang the "Hallelujah" chorus.

For about ten seconds. It seems Symantec detected that its virus scan had "failed" and it started Rtvscan up again. So I terminated it again. And it started again.

They say the definition of insanity is doing the same thing over and over again but expecting different results. The difference between insanity and me is that I gave up after ten tries. So I just had to wait the scan out.

During this time I thought I'd check my email, read my webcomics, and get my local source copy updated from Subversion. Outlook took ten minutes to start and another five to actually connect to Exchange and realize it had no new emails. Firefox took five minutes to start, another five to check for updates and open my home page, and at least two or three more to execute Yahoo!'s metric boatload of JavaScript. Once I got past that it was responsive (enough) for me to cruise some of my favorite forums while waiting for the scan to finish. Visual Studio launched but hid behind its splash screen like a red-headed stepchild until Symantec was finished.

I would almost rather have dozens of ED drug advertisements and gay dating site popups that steal my keystrokes while telling me to pay $39.95 to upgrade "Super-Awesome Antivirus Defender Pro 2011" and threatening to kill kittens by beating them upside the head with an Oracle database unless I launder money to Nigerian refugees than have a virus scanner I don't really need (never got a virus since I started using NoScript) that makes my system unusable and doesn't allow me to adjust the scan schedule or priority or cancel a scan in progress. I'm not even sure if Symantec works. Both my current and my last company used Symantec and any time I had to help a coworker with a virus I'd have to go digging through the registry to find suspicious values, delete them, and delete the executables while hoping they weren't actually anything important because Symantec would scan for a full three or four hours and then happily tell us the system was clean, even while "Super-Awesome Antivirus Defender Pro 2011" was blocking Task Manager, Control Panel, System Properties, Internet Explorer, and Spider Solitaire while telling us there was a virus.

It seems fake antivirus suites works better than Symantec. At least fake antivirus suites tell you there's a virus.

Bonus WTF: Noticed later that Windows Updates was automatically downloading and installing updates during the scan. Usually my computer is pretty sluggish for thirty minutes to an hour during automatic updates. (I know, Lyle's computer is unusable for two hours!)

Extra-bonus WTF: I spent a good chunk of time trying to make this funny by using up the rest of my supply of hyperbole for the year, but my mouse was designed by a mentally handicapped orangutan so it has one of those thumb buttons mapped to the browser's "Back" button, which I of course bumped and lost this whole post.

OzPeter

Symantec is even more evil/vile than you can imagine. When you buy the product online they set a renewal purchase that is set to trigger on your credit card when your subscription runs out ("for your convenience of course") so you are never without their service. At a previous job I had NAV installed on my work laptop (but paid through my credit card and expensed to work). I left that job and two years later a charge for NAV pops on my CC - long after I had quit using NAV. Because I couldn't remember the email account I used for the Symantec account (it was from that old job) I couldn't log into their website to cancel it. In the end I had to call Symantec and spent time on the phone tying to identify the account so I could cancel the charge - they couldn't do it through the CC number -wtf???

To their credit, when I called the CS number and said "I don't use NAV but there's this charge on my CC", the rep said straight away "So you want to cancel your subscription and get a get a refund on the charge?" . I'd guess that calls like mine were pretty standard to Symantec and the reps all knew the drill.

dtobias

So one of the real WTFs is that this site is implemented in a manner that causes form contents to be lost when you use the back button and then go forward again, something you have to work hard at to defeat the normal browser behavior of preserving this info.

db2

@mott555 said:

It was using 100% of my CPU (I use a 3.0 GHz quad-core Pentium 4 Xeon, I know, P4's are TRWTF) and its disk I/O numbers were approaching UInt64.MaxValue.

Lyle can hit Double.MaxValue.

derula

@mott555 said:

Outlook took ten minutes to start and another five to actually connect to Exchange and realize it had no new emails. Firefox took five minutes to start

What, Outlook takes even longer to start than Firefox? ... good thing I don't use that.

Other than that, I don't really know why anyone bothers with anything else than Avira AntiVir. Granted, it's "only" free for personal use, but I've never seen an online scanner of comparable quality. Admittedly, I've only seen a few others, but none of those I've seen managed to detect viruses in executables the second any process tries to load their program icons, as AntiVir Guard does. I've never had any viruses; the only thing I fell for once was a trojan 0900 dialer. And I was about 13 back then, maybe 14.

Also, Linux; or don't log in as admin and avoid suspicious downloads.

Tacroy

You think that's bad? The version of Symantec we have at work has two major problems:

While scanning, it occasionally flips the fuck out and starts quarantining files in the quarantine folder without deleting the original quarantined file. It looks at <hex string>.tmp in the quarantine folder, says "hey that's a virus!", copies it to <hex string+1>.tmp, and doesn't delete <hex string>.tmp. Eventually, you run out of space and Outlook doesn't work any more which is probably the first indication that anything's going on, unless you've got OCD and check your disk space usage every day. Bonus points because 90% of the time the original quarantined file wasn't anything more threatening than a tracking cookie or some (non-viral) cached web junk, and all that's happened is the antivirus's shitty heuristics think it's bad.
It's possible for a normal, non-administrator user to crash the network stack, thanks to Symantec's horrible firewall. Certain programs (like say the Windows version of wget, or that one program Accounting uses every day, or that program HR uses for payroll, or almost any installer but only when run from a network share) will cause the firewall to crash when run by any user, and when it does it takes the network stack with it. The computer gets slow and really unresponsive, you lose your network connection, and there's basically nothing to do but pull the plug (or you can wait about 20 minutes until Windows manages to unscrew itself enough to shut down). Someday I might run that thing through a debugger or something, just to see if there's an actual vulnerability in it (after all, it's crashing the firewall, and occasionally looks like it's due to incoming packets - so maybe if you send an appropriately crafted packet to an open port... well, if nothing else it could probably lead to local privilege escalation)

Smitty

We're also saddled with Symantec on our already-shitty Dell laptops. It routinely kicks off a full scan in the middle of the day when I'm trying to write code and brings my system to a halt. As an added bonus, trying to kill the process via Task Manager doesn't work; it just throws up an 'access denied' dialog. Luckily, a couple of us found that Process Explorer will kill it and it stays dead until the next reboot.

Jaime

@OzPeter said:

...they couldn't do it through the CC number -wtf???...

If you can search through a database for a credit card number, you are either doing it wrong, or you are spending a lot of money keeping the Customer Service system PCI compliant. It's much easier and cheaper to put surrogate numbers in the Customer Service system and put the real card numbers in some dark hole in the datacenter (or outsource this service).

wrack

@derula said:

Other than that, I don't really know why anyone bothers with anything else than Avira AntiVir. Granted, it's "only" free for personal use, but I've never seen an online scanner of comparable quality. Admittedly, I've only seen a few others, but none of those I've seen managed to detect viruses in executables the second any process tries to load their program icons, as AntiVir Guard does.

Yeah, it seems awesome, until you realize that Avira has a tendency to generate LOTS of false alarms, blocking perfectly innocent apps.

And the current v10 series don't have a "Detected! Repair/Delete/Whatever/Ignore" window, no... it has a cute little toaster-popup with "Help" and "Details", where clicking Details actually triggers a partial system scan (not sure, I think it's either RAM + this single file or just the file, but it spends about a minute* on "Initializing engine..." step) before allowing you to give the "Ignore" answer.

Which, btw, is not remembered across reboots. The permanent, manual whitelist is... which has a beatiful length limit of 6000 bytes total.

I wonder why each consecutive new version of all ~~antivirus~~ software sucks more and more.

Anyway the DB load times (on boot, on start of scan, after every update) stall my puny single core desktop for a long time* each.

When one of my customers wants a paid antivirus with all bells, whistles, and renewal fees, I usually tell them to get ESET's NOD32. It's good, it's fast, and well, it's not the cheapest out there... but I did not heard about any crap sneaking past it yet.

Xyro

I'd just like to say that I really enjoyed your story, mott; you have a great writing style.

OzPeter

@Jaime said:

@OzPeter said:
...they couldn't do it through the CC number -wtf???...
If you can search through a database for a credit card number, you are either doing it wrong, or you are spending a lot of money keeping the Customer Service system PCI compliant.

I know nothing of the details of PCI compliance, but surely the problem is no harder than correct password management where by you are storing hashes and not clear text?

SteamBoat

@mott555 said:

During this time I thought I'd check my email, read my webcomics, and get my local source copy updated from Subversion.

d e a d . w i n t e r

MArk B.

Obi_Wan

@derula said:

Other than that, I don't really know why anyone bothers with anything else than Avira AntiVir. Granted, it's "only" free for personal use, but I've never seen an online scanner of comparable quality.

I used Avira for awhile, but it puts a popup on the screen asking me to buy the non-free version. For some reason that seemed to always popup while I was playing a full screen game. So I got rid of it. I use avast, and have had no viruses and no popups other than the update notification that avira put up too.

hallo_amt

@Obi-Wan said:

I used Avira for awhile, but it puts a popup on the screen asking me to buy the non-free version. For some reason that seemed to always popup while I was playing a full screen game. So I got rid of it. I use avast, and have had no viruses and no popups other than the update notification that avira put up too.

You can tell Windows not to execute avnotify.exe or something like that. No popups anymore. Only thing is that you loose the icon on the systray too.

PeriSoft

@Xyro said:

I'd just like to say that I really enjoyed your story, mott; you have a great writing style.

+1.

The only Symantec app I still use is Ghost, which is the polar opposite of everything else they produce - fast, flexible, non-condescending, does what it says on the tin.

Back in the day, I ran Norton Commander on my 286/12. It rocked. I remember loading Norton Commander from within Norton Commander - I was able to recursively run 20 copies before it hit the 640k DOS limit. I'm guessing they had different people in charge back then.

blakeyrat

@SteamBoat said:

@mott555 said:
During this time I thought I'd check my email, read my webcomics, and get my local source copy updated from Subversion.

d e a d . w i n t e r

MArk B.

Ask Your Travel Agent

OzPeter

@PeriSoft said:

I'm guessing they had different people in charge back then.

You mean back in the days when Peter Norton wasn't just a pretty picture on the front of a book?

@derula said:

I don't really know why anyone bothers with anything else than Avira AntiVir

In my case it is mostly because I've never heard of it before.

I protect myself by using AVG. And then rebooting to Linux.@Xyro said:

I'd just like to say that I really enjoyed your story, mott; you have a great writing style.

Seconded. Or thirded, I guess. Come back again.

Jaime

@OzPeter said:

@Jaime said:
@OzPeter said:
...they couldn't do it through the CC number -wtf???...
If you can search through a database for a credit card number, you are either doing it wrong, or you are spending a lot of money keeping the Customer Service system PCI compliant.
I know nothing of the details of PCI compliance, but surely the problem is no harder than correct password management where by you are storing hashes and not clear text?

First, if you store hashes, you can't use them. You couldn't search and you couldn't retreive the card number to send to the payment processor, you would have to use standard reversible encryption.

Second, All of the clients and servers would not only need to be reasonably secured, but they would have to have rigorously documented change control procedures (yes, the workstations too) and regular external audits. Any custom software would also need an independent security code review for each release. It would generally make life suck for IT.

Cad_Delworth

@bannedfromcoding said:

I usually tell them to get ESET's NOD32.

+1 for that: it IS good.

For home use, though, avast! is fine. Apart from precisely ONE cock-up (they released a duff update exactly ONCE in the five years I've used them), it works great and doesn't give any FPs. And it's also free, and you can set it to NOT scan the entire machine when it boots up. :)

sprained

@Jaime said:

First, if you store hashes, you can't use them. You couldn't search and you couldn't retreive the card number to send to the payment processor, you would have to use standard reversible encryption.

Of course you could search. You hash the search input and then search for it against the stored hash.

That said, I'm not sure what the point would be of storing them other than for search purposes.

OzPeter

@sprained said:

That said, I'm not sure what the point would be of storing them other than for search purposes.

And thats the question I wanted answered " .. you charged my CC, now pull up the transaction and tell me why!"

dhromed

@Cad Delworth said:

and you can set it to NOT scan the entire machine when it boots up. :)

It DOESN'T scan on boot unless you TELL it to do it ONCE.

It's an awesome feature. Good for rootkits, and I hear its rootkit scanner is related to GMER, which is a good thing.

It scanned, found things that AVG did not, told me I was clean, and then I formatted anyway because I didn't trust the system anymore.

stratos

Now symantec might actually handle payments themselves, i dont know or care. But unless youlike handling a metric ton of paperwork and compliance and security requirements, you use a payment provider.

Payment providers will of course give you the option of using recurring CC charges. Which of course works via tokens and not CC nummbers, because if you want to store CC nummbers you have to comply with the metric ton of paperwork and that was why you went with the payment provider in the first place.

Secondly, if I see a charge on my CC I don't like. I call my CC company to block and retract it. THEN I call the company in question why I did this.
But that may be a difference between EU/US CC rules. AFAIK in the EU, CC's by default have a lot more protection for consumers because we are so goddamn slow with adopting CC's; This because our banking system didn't suck, and we are not required to build up credit rating, we have that in reverse where you lose "points" for taking loans*. So they figured they should give as much or more protection then banks do.

* at least where i live, but I think it's like that in most EU countries.

fyjham

@sprained said:

Of course you could search. You hash the search input and then search for it against the stored hash.
That said, I'm not sure what the point would be of storing them other than for search purposes.

Only if you didn't salt the hashes, which would be fairly insecure and open to attack with rainbow tables pretty trivially.

Otherwise you'd have to loop over every single record, get it's salt, hash your input against that salt and then compare it. Which assuming you have a lot of data (Symantec probably has a lot of customers in their system) and a hashing algorithm which is processor-intensive (Which it needs to be to be a good hashing algorithm) then that should take an incredibly long time to run that search.

OzPeter

@stratos said:

if I see a charge on my CC I don't like. I call my CC company to block and retract it. THEN I call the company in question why I did this.

I did call the CC company first. They asked if I had called Symantec first and helpfully gave me a direct line to a human CS rep at symantec.

Thinman

.@Smitty said:

Luckily, a couple of us found that Process Explorer will kill it and it stays dead until the next reboot.

I find that if I just restart the Windows service, not only does it abort the scan gracefully, but I'm not running without an antivirus system for the rest of the day.

Of course if the scan actually completed in 4 hours or less this wouldn't be a problem

@fyjham said:

... a hashing algorithm which is processor-intensive (Which it needs to be to be a good hashing algorithm) ...

That's not entirely correct. Mostly because the definition of "good" can differ widely from application to application.

A hashing algorithm does not necessarily need to burn thousands of CPU cycles to be good (in fact, in a speed-critical application, that's the *last* thing you want).

A fast hashing algorithm is just not very desireable in a cryptographical context, but then, you can always stretch your keys...

Master_Chief

I haven't even used a separate firewall for any of my Vista, and now 7, machines since 2007. No viruses. I just block advertisements on sites I don't trust, and in general, stay away from the sewers of the internet.

blakeyrat

@Master Chief said:

I haven't even used a separate firewall for any of my Vista, and now 7, machines since 2007. No viruses. I just block advertisements on sites I don't trust, and in general, stay away from the sewers of the internet.

Just don't run Flash, Adobe Reader or Java and you're fine. Microsoft's stuff is rock-solid compared to the crap Adobe and Sun plops out.

dhromed

@blakeyrat said:

Microsoft's stuff is rock-solid compared to the crap Adobe and ~~Sun~~ Oracle plops out.

Didn't you hear?

Oracle bought Sun.

blakeyrat

@dhromed said:

@blakeyrat said:
Microsoft's stuff is rock-solid compared to the crap Adobe and ~~Sun~~ Oracle plops out.

Didn't you hear?
Oracle bought Sun.

Oh yeah. I would have remembered if it was in a text file on a Linux computer. Or... something.

Has Oracle succeeded in killing off MySQL yet? I am looking forward to that!

Xyro

@blakeyrat said:

Just don't run Flash, Adobe Reader or Java and you're fine. Microsoft's stuff is rock-solid compared to the crap Adobe and Sun plops out.

Are you including IE and ActiveX in that comparison, or just Silverlight and friends?

@blakeyrat said:

Has Oracle succeeded in killing off MySQL yet? I am looking forward to that!

They've said a few times that they'll be supporting it... They're even sort of promoting it. So... I guess they're still figuring how out to kill it. Probably with their bloatzooka, I'm guessing. But I'm afraid MySQL and/or its forks will be around for a long time. :-\ (I blame PHP monkeys.)

derula

@Zecc said:

@derula said:
I don't really know why anyone bothers with anything else than Avira AntiVir
In my case it is mostly because I've never heard of it before.

Yeah I tried AVG too, bonus: no nagscreen. But at least the version I tested didn't have an online scanner as immediate as Avira's... at that time, I should probably add, after having heard about what version 10 does.

derula

@hallo.amt said:

@Obi-Wan said:
I used Avira for awhile, but it puts a popup on the screen asking me to buy the non-free version. For some reason that seemed to always popup while I was playing a full screen game. So I got rid of it. I use avast, and have had no viruses and no popups other than the update notification that avira put up too.
You can tell Windows not to execute avnotify.exe or something like that. No popups anymore. Only thing is that you loose the icon on the systray too.

That only worked temporarily for me; after an update, it stopped working. But I can't remember the popup ever appearing while I was playing a game, and I don't use Windows for anything else at home.

EJ_

Anybody else here use NOD32 for antivirus? It's one of the few pieces of software I am happy to pay for. I have had absolutely 0 problems with it. It's unobtrusive, but thorough. I use my thoroughly underpowered desktop for games, so I can tell when something is amiss fairly quickly as my meager framerate drops close to 0, but NOD32 has caused none of these issues. It's not free, but the price is reasonable. I don't really have a good way to judge their virus detection capabilities, but I've never had an otherwise-detectable virus since I've been using it (on 4 systems). I also use it on my netbook with no issues. Only one gripe is they don't have a "home" license for their linux version, only business, which costs significantly more.

wrack

@EJ_ said:

I have had absolutely 0 problems with it.

I've found exactly one problem in quite a few years. Upgrading a particular crappy-but-I-saw-crappier (Hey, at least they do use Postgres as a backend, instead dBase via BDE like the app it replaced...) medical package makes the ekrn.exe resident go nuts, eat full CPU, and slow down the upgrade process considerably. But considering it's a custom-made installer for a specialized software, I wouldn't be surprised if they'd be doing something smart like closing/reopening the target file after each X bytes written or something like that, triggering AV check each time.

Too bad I can't afford a license... not to even mention four I'd need.

@derula said:

@hallo.amt said:
You can tell Windows not to execute avnotify.exe or something like that. No popups anymore. Only thing is that you loose the icon on the systray too.

That only worked temporarily for me; after an update, it stopped working. But I can't remember the popup ever appearing while I was playing a game, and I don't use Windows for anything else at home.

Pre-v10 you could firewall-out avnotify.exe an it did not pop up. Nowadays, it's smart and downloads the current ad via main updater, BUT if you have an invasive firewall or something else that you can set up to prevent avnotify.exe from start (or kill it immediately after start), you still won't see them.

Jaime

@Anonymouse said:

@fyjham said:
... a hashing algorithm which is processor-intensive (Which it needs to be to be a good hashing algorithm) ...

That's not entirely correct. Mostly because the definition of "good" can differ widely from application to application.

A hashing algorithm does not necessarily need to burn thousands of CPU cycles to be good (in fact, in a speed-critical application, that's the *last* thing you want).

A fast hashing algorithm is just not very desireable in a cryptographical context, but then, you can always stretch your keys...

We have had this discussion many times on this board with passwords. At least with passwords, a discussion about how much effort you are willing to put into securing them makes sense. However, these are credit card numbers. They are intrisically valuable and usually warrant the highest level of security you can afford, possibly higher. If you enter into a relationship where you attest that you are PCI compliant, any violation of the rules on your part is a $50,000 fine for the first occurrance and they go up from there.

Brute forcing credit a hashed card number isn't that difficult. The last four digits are usually stored clear for customer support purposes. For the first four, there are a handful of very popular sets of digits. The card numbers have to satisfy a checksum, so a large part of the keyspace is immediately excluded. This leaves about 10^7 keys in the keyspace or the equivalent of a five character, all lower case alpha-only password. It would take salting and some serious key stretching to make it even sort-of secure. It would take 115 computers in a bot-net to crack one card number in one day if it took 1 second to test one guess against a hash. 1000 botted computers go for about $20 per day, so it would cost $2.30 per card to brute-force the database. This isn't secure enough to make in uneconomical, yet already reduces search performance to 1 second per record.

So, since you can't search hashed card numbers, the only purpose for storing a hashed card number would be to prove that the card holder knows the card number. I can't think of a practical application of this.

sprained

Could someone please explain what key stretching is?

b_redeker1

Absolutely.

dhromed

@b_redeker said:

Absolutely.

I am particularly amazed that this site has been translated.

PeriSoft

So, I've been wondering: Does the subject of this thread mean that any one of a large percentage of existing viruses is better than Symantec software, or that Symantec software is worse than having a great number of various viruses at the same time?

fyjham

@Anonymouse said:

That's not entirely correct. Mostly because the definition of "good" can differ widely from application to application.
A hashing algorithm does not necessarily need to burn thousands of CPU cycles to be good (in fact, in a speed-critical application, that's the *last* thing you want).
A fast hashing algorithm is just not very desireable in a cryptographical context, but then, you can always stretch your keys...

Yeah, true, a hash can be used for many things, perhaps I should have said a good hashing algorithm for this task.

In context of what's being protected though you'd really need a slow hashing algorithm, or to use key stretching which has a net-result that your complete algorithm for generating your hash (Inclusive of stretching time) is a slow hashing algorithm despite using a slightly faster hashing algorithm at the core, to be secure enough for the task.

So yeah, you're right, but I think the core point still stands, just the statements don't necessarily apply in all contexts.

dr_spock

TBH, the newest versions of Norton Internet Security (beginning with 2009 I think) are very light on resources. I've been running the latest NIS for the past year or so, and haven't had a problem with it. Not sure if its the same with the corporate versions, or whether they are still crap like pre-2009 Norton AV.

Microsoft Security Essentials also does a reasonable job (and its free), and doesn't infest your web browser/IM etc with useless plugins/addons/toolbars.

McAfee on the other hand... now that is worse than many viruses (virii?).

Scarlet_Manuka

@PeriSoft said:

So, I've been wondering: Does the subject of this thread mean that any one of a large percentage of existing viruses is better than Symantec software, or that Symantec software is worse than having a great number of various viruses at the same time?

Why not both?

PJH

@PeriSoft said:

Does the subject of this thread mean that any one of a large percentage of existing viruses is better than Symantec software, or that Symantec software is worse than having a great number of various viruses at the same time?

Yes.

nexekho1

My stepmother swears by Norton. The college iMacs' Boot Camp partitions have this little worm that spreads on memory sticks. NOD32, Avast, AVG? Clear it with no problems.

Norton? Even though the worm doesn't affect Vista (the host OS here) it decides it could not stop the worm, reboots the computer, "cleans" the PC, reboots again, and then because it didn't remove the file from the memory stick, decides it is "infected" all over again, starting the process again!

BioSehnsucht

@Tacroy said:

You think that's bad? The version of Symantec we have at work has two major problems:
While scanning, it occasionally flips the fuck out and starts quarantining files in the quarantine folder without deleting the original quarantined file. It looks at <hex string>.tmp in the quarantine folder, says "hey that's a virus!", copies it to <hex string+1>.tmp, and doesn't delete <hex string>.tmp. Eventually, you run out of space and Outlook doesn't work any more which is probably the first indication that anything's going on, unless you've got OCD and check your disk space usage every day. Bonus points because 90% of the time the original quarantined file wasn't anything more threatening than a tracking cookie or some (non-viral) cached web junk, and all that's happened is the antivirus's shitty heuristics think it's bad.

That was an old bug, shouldn't happen in newer versions. You know you're having fun when you can't delete the directory in explorer because there's more files than it can stat.

I find both Symantec Corporate 10 and now 11 that I run to be quite nice. They haven't failed to block something yet, don't impact CPU like the horrible consumer symantec/norton BS does, and corporate gets (or did) more frequent definition updates. When it's scanning I don't feel any impact to performance, either.

Welbog

@BioSehnsucht said:

I find both Symantec Corporate 10 and now 11 that I run to be quite nice.

You resurrected this thread to give an advertisement for Symantec's products. How much do they pay you to annoy me?

blakeyrat

@Welbog said:

@BioSehnsucht said:
I find both Symantec Corporate 10 and now 11 that I run to be quite nice.
You resurrected this thread to give an advertisement for Symantec's products. How much do they pay you to annoy me?

Yeah, what is the going rate? I'd like to get in on this action.