Discovering Myself

Ok, I’ve currently tried to roll out this product at my company.  We have around 15K endpoints that need this software package on them.  I will outline all of the problems that we’ve had.  Apparently they want the consumer to diagnose and debug the problems for them.  My response was, we’ll pull your product if you don’t get it fixed.

I’m curious as to how many clients they’ve lost because of this product.  I’m sure it’s quite a few.  The thing is that they get a company into a contract agreement and then they are stuck with a crappy product for the duration of the contract.  Well, I’m here to say, there are other companies that have better products who will buy out your contracts.

Issues (This is all with the latest version of the product.):

• Scans tax the CPU and hard drive so much that they either overheat or make the device unusable for the duration of the scan.
• If the computer does not have network access a liveupdate process will run out of control and eventually grind the system to a halt.
• Outlook attachments randomly blocked.  They said most of their clients were seeing this problem and they asked us to ship them an example laptop.  I said, fuck you, these are my laptop, you ship me a tech to look at it.
• Application and Device Control blocks share viewing and printer viewing on remote sites.  I couldn’t even figure out why this was even looking at this traffic let alone blocking it.
• Cannot configure scans to scan one hard drive, only approved Symantec Locations.  Go ahead, try to configure a scheduled scan to scan only drive C or something specific.  You can’t, it just isn’t an option.  What brain dead sloth designed this shit?
• These are just a few of the issues we’ve recieved during a small pilot, we’ve stopped the pilot and deployment.

These issues make me look bad as a Security Engineer.  I’m ready to switch to a different product to get the promised functionality.  The concept is great, the execution is horrible.  How the fuck did Gartner rate this highly?  It’s undeployable!

I’m calling Sophos right now, McAfee kind of sucks.  Maybe CA or TrendMicro have good enterprise solutions as well?

Well, I thought I would list my expertise here since I’m bored while waiting on a call at 9pm and a download to finish.

First off, I want to state that I started off as a software engineer, sooooo keeping that in mind, there are the technologies and programming language I know or have known in the past.

• Programming Languages:
  ASP, ASP.NET, BASIC, C#, C, C++, COBOL(VERY Rusty), PHP, Ruby, Python, Perl, Pascal, Delphi, Java
• Programming Tools:
  Eclipse, MS Visual Studio, Delphi, Borland Development Suite
• Application Administration:
  IBM Websphere 5.x/6.x, Hitachi P-Synch, Microsoft Server 2003, Microsoft SQL 2000/2005, Symantec Endpoint Protection 11.x, Microsoft Internet Security and Acceleration Server 2006, Checkpoint Firewall, BIG-IP F5, Linux (RHEL 4/5-SUSE 10.x), VMWare Server ESX 3.0

I think that covers the things in my head right now, I’m sure I missed quite a bit.

I’ve seen this all over!

In large organizations you can’t always “lock down” workstations due to productivity loss and irritating employees that could and will go elsewhere.  It’s surprising how hard it is to implement solutions that will protect corporate and personal data just because they can’t install their little widget that makes little pictures fly across their screen.

Well Symantec decided to reclassify My Web Search Bar as a Downloader which totally screwed my reporting the other day.  We showed like a bazillion infections.

I researched this and found the file to be innocuous.  Symantec’s solution?  To tell me the file was innocuous and to ignore it.

Well anyway, I have to deal with this and other malware in ASIA due to keygens and other shananigans that people don’t realize are on their USB storage or what not. Oh well, at least it keeps me in a job.

I’m currently working on getting the Symantec Endpoint Protection tested and implemented globally.  That’s a huge endeavor on 13,000+ workstations and servers.  I’m a little leary of installing on servers at this point because I don’t know the impact on applications yet.  It does some new funky things and i don’t want anyone yelling at me.

I personally like the product, they’ve fixed many things in the MR2 release.  We’ll see how this whole project pans out.