Re: OfficeScan; additional observation

From: Dan Schrader (Dan_Schraderat_private)
Date: Tue Mar 07 2000 - 10:36:54 PST

Next message: Olaf Kirch: "Re: Caldera OpenLinux 2.3 rpm_query"

Previous message: Bram Kerkhof: "NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You are right, you should not run multiple antivirus products
simultaniously.  The reason is that real-time virus scanning occurs at a
very fundimental level of the operating system - running as a Vxd or kernal
mode device driver and grabbing every file access to scan for viruses.
Running 2 av products will lead to performance degradation and possible
instability.

This setting and feature of OfficeScan was requested by quite a number of
our customers.  Till recently, many organizations did not try to centrally
manage desktop virus protection.  Once they did, they found that
uninstalling existing products was quite difficult - for example, one
leading vendor's products had no uninstall routine, another's left files and
registry settings on the system.  In fact, to some users, the cost and
complexity of uninstalling existing product was a major barrier to
standardizing on a new product.

OfficeScan is a product designed to be used in environments where a decision
has been made to have one standard, centrally managed antivirus solution.
Among OfficeScan customers, the choice, configuration and maintenance of
antivirus products typically has not been left up to end users - hense no
end user prompt.

Trend is aware of the the security issues that have been raised on this
forum.  We are working on a new build that will address them.  Because
OfficeScan runs in heterogenious environments, there is quite a bit of
testing to be done before we can release the new build.  I will post when
the new solution is available.

Dan Schrader
Trend Micro

-----Original Message-----
From: Ben Greenbaum [mailto:bgreenbaumat_private]
Sent: Friday, March 03, 2000 11:21 AM
To: BUGTRAQat_private
Subject: Re: OfficeScan; additional observation


While doing some testing on the recently-revealed OfficeScan problems, I
noticed one other, unrelated thing: The installation process of OfficeScan
(even the trial version) completely uninstalls other vendor's AV
solutions. This was seen with both Norton and NAI/McAfee products. There
is no part of the process that asks if you want this to be done, no
warning prompt, just a window that says "Uninstalling (X)" and a progress
bar.

While it is a known fact that different AV products often don't play nice
together on the same system, it seems that better ways around this could
have been used. For example an alert box telling the user to uninstall or
disable other AV products, or a prompt asking the user for permission
before blowing other paid-for software away would be more reasonable.

My 2 cents,

Ben Greenbaum
Director of Site Content
Security Focus
http://www.securityfocus.com

Next message: Olaf Kirch: "Re: Caldera OpenLinux 2.3 rpm_query"
Previous message: Bram Kerkhof: "NAI/McAfee Viruscan Engine does not scan .VBS files by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:08 PDT