You are right, you should not run multiple antivirus products simultaniously. The reason is that real-time virus scanning occurs at a very fundimental level of the operating system - running as a Vxd or kernal mode device driver and grabbing every file access to scan for viruses. Running 2 av products will lead to performance degradation and possible instability. This setting and feature of OfficeScan was requested by quite a number of our customers. Till recently, many organizations did not try to centrally manage desktop virus protection. Once they did, they found that uninstalling existing products was quite difficult - for example, one leading vendor's products had no uninstall routine, another's left files and registry settings on the system. In fact, to some users, the cost and complexity of uninstalling existing product was a major barrier to standardizing on a new product. OfficeScan is a product designed to be used in environments where a decision has been made to have one standard, centrally managed antivirus solution. Among OfficeScan customers, the choice, configuration and maintenance of antivirus products typically has not been left up to end users - hense no end user prompt. Trend is aware of the the security issues that have been raised on this forum. We are working on a new build that will address them. Because OfficeScan runs in heterogenious environments, there is quite a bit of testing to be done before we can release the new build. I will post when the new solution is available. Dan Schrader Trend Micro -----Original Message----- From: Ben Greenbaum [mailto:bgreenbaumat_private] Sent: Friday, March 03, 2000 11:21 AM To: BUGTRAQat_private Subject: Re: OfficeScan; additional observation While doing some testing on the recently-revealed OfficeScan problems, I noticed one other, unrelated thing: The installation process of OfficeScan (even the trial version) completely uninstalls other vendor's AV solutions. This was seen with both Norton and NAI/McAfee products. There is no part of the process that asks if you want this to be done, no warning prompt, just a window that says "Uninstalling (X)" and a progress bar. While it is a known fact that different AV products often don't play nice together on the same system, it seems that better ways around this could have been used. For example an alert box telling the user to uninstall or disable other AV products, or a prompt asking the user for permission before blowing other paid-for software away would be more reasonable. My 2 cents, Ben Greenbaum Director of Site Content Security Focus http://www.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:08 PDT