Symantec AntiVirus Software at UIC

Got a virus? Worried that you'll get one? (No? You should be!) Want to know what viruses are going around now? Are there any security alerts that apply to your operating system? Your Internet browser? See the references in the new section below, Information on Viruses and Security Alerts.

Symantec antivirus software uses three antivirus technologies and scanning methods to provide comprehensive network file scanning. Scans look for known viruses by comparing files with known virus strings. These strings are contained in a virus definitions file that reside on each computer. To protect yourself from new viruses, you can configure regular virus definitions file updates. Symantec antivirus software contains everything you need to detect viruses, repair files and help prevent virus infection.

Symantec AntiVirus and Symantec Endpoint Protection can protect your computer in three ways; when using version 10 or higher, all scan for expanded threats:

• Auto-Protect, which monitors files on your computer in realtime, as they are opened, modified, or executed.
  
  
• Signature-based scanning, which searches for virus signatures in infected files. Signatures are specific binary strings that are characteristic of a specific virus. You download signature files, then run manual on-demand, on startup, or scheduled scans of your computer to look for threats based on the signatures in the downloaded signature file. These scans will search for viruses and worms and other threats such as adware and spyware, if Expanded Threat protection is on.
  
  
• Advanced Heuristics, which guesses that certain files are viruses or worms based on the file's structure, behavior, and other qualities. This searches HTML, VBScript, and JavaScript files. Advanced Heuristics can catch worms and macro viruses before they have been added to the virus definitions.

For any type of virus software to be effective, it has to be updated periodically to provide a significant level of defense against these new viruses. To update Symantec AntiVirus or Endpoint Protection, run LiveUpdate, which comes with all Symantec packages. LiveUpdate offers a fast, easy way to keep all protection definitions up to date. It ensures that your workstations are always protected against the latest virus threats.

• Run your first LiveUpdate session as part of installation and and can schedule future sessions of LiveUpdate.
• You need to be connected to the Internet to run LiveUpdate.
• For more information on how to run LiveUpdate visit the following Web site: http://service1.symantec.com/SUPPORT/sharedtech.nsf/pfdocs/1999121613163206

The new features in Version 10 include:

• Auto-Protect replaces Realtime File Protection. Symantec says that Auto-Protect is faster and it can be loaded on startup and unloaded on shutdown, giving you a wider window of protection from viruses.
• Smart Scan, which is turned on by default: finds and searches files whose file extensions have been changed, presumably by viruses.
• Tamper Protection, which is also turned on by default and remains on, even when you turn off File System Auto-Protect. This protects the SAV program files from being changed by viruses and worms; it would be a useful thing for a virus or worm to disable your antivirus program.
• "Expanded threat detection," which scans for spyware, adware, dialers, joke programs, remote access programs, hack tools, trackware, and other security risks. This is a great feature and the ability to quarantine, delete, and remove or repair the side effects of these types of or security risks, and inclusion of detection of security risks in all types of scans.
• Install over previous versions rather than having to uninstall. (Yay!)

Note if your are using SAV with Windows XP: In a few cases, people have had their Registry trashed if they installed Windows XP SP3 while SAV is running. Be sure to turn SAV off temporarily while updating your XP. It might be a good idea to go to Windows Update and install Windows SP3 yourself, rather than waiting until it's installed automatically. I do not know whether upgrading to SEP fixes the problem. The documentation about the problem is vague; it says that you should turn antivirus programs off while installing XP3, not specifying which ones.

• Proactive Threat Scanning: Behavioral-based protection that protects against zero-day threats and threats not seen before. Unlike other heuristic-based technologies, Proactive Threat Scan scores both the good and bad behavior of unknown applications, providing a more accurate malware detection.
  • Accurately detects malware without the need to set up rule-based configurations.
  • Helps lower the number of false positives.
• Advanced Rootkit Detection and Removal Provides superior rootkit detection and removal using VxMS (Veritas Mapping Service, from Veritas), thereby providing access below the operating system to allow thorough analysis and repair.
  • Detects and removes the most difficult rootkits.
  • Saves time and money and productivity losses associated with re-imaging infected machines.
• Easier to install and set up from the client point of view.
• Plus many new features for network administrators and client management.

Got a virus? Worried that you'll get one? Want to know what viruses are going around now? Should you upgrade your OS? Your Internet browser? Here are some general references.

Symantec AntiVirus Center, http://www.symantec.com/avcenter/

Symantec is the company that distributes Symantec AntiVirus these days. It has a lot of good (and somewhat technical) info on latest virus threats, current security advisories (so you'll know whether it's time to update your IE again, for example), and a reference area with links to a lot of other info, including info on virus hoaxes.

McAfee Security Virus Information Library, http://vil.nai.com/vil/default.asp

McAfee is the other major AntiVirus company; their AntiVirus info Web site has info on viruses and hoaxes.

Symantec Security Response's Virus Hoaxes

You got an email message warning you about a new virus that's going around. Before you panic -- or send the message to all your friends -- check here to see whether it really is a virus.

Carnegie Mellon Software Engineering Institute CERT Coordination Center, http://www.cert.org/

The US government funded research and development center for computer security incidents, publish security alerts, viruses, and general security for networked systems. (Like your personal computer.)

Virus-L's Virus FAQ and the Computer Virus FAQ for New Users

The Virus FAQ answers some Frequently Asked Questions (FAQs) about computer viruses. Its "using" section recommends that "if you are seeking help after discovering what you suspect is a virus on your computer, read the Preface Section, skim through Sections A and B for the essential jargon, then concentrate on Section C."

Also see the Symantec's home page:

http://www.sarc.com

For free support from Symantec visit the Symantec Tech Support page; we have Enterprise SAV Corporate Edition 10.0:

http://www.symantec.com/techsupp/index.html