Symantec at Cornell


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Symantec at Cornell

  1. 1. Symantec at Cornell Lee Brink CIT Systems and Operations [email_address] 255-1834
  2. 2. Agenda <ul><li>History </li></ul><ul><li>SAV versions </li></ul><ul><li>Cornell Customizations </li></ul><ul><li>Common Problems </li></ul><ul><li>Recommended Upgrade Procedure </li></ul><ul><li>Technical Support </li></ul><ul><li>The Future of Symantec at Cornell </li></ul>
  3. 3. Common Abbreviations/Terms <ul><li>SAV – Symantec Antivirus </li></ul><ul><li>SCF – Symantec Client Firewall </li></ul><ul><li>SCS – Symantec Client Security </li></ul><ul><ul><li>Combination of first two products </li></ul></ul><ul><li>Platinum Support – Symantec provided support for all licensed products </li></ul>
  4. 4. History of Symantec at Cornell <ul><li>Prior to 1997: Disinfectant for Mac and F-Prot for DOS </li></ul><ul><li>1997 – Keith Boncek arranges volume purchase of Symantec Licenses </li></ul><ul><li>1998 – CIT Software Acquisition Program takes over management of bulk purchase </li></ul><ul><li>1999 – Campus Store takes over management of bulk purchase </li></ul>
  5. 5. History of Symantec at Cornell <ul><li>2000 – CIT funds campus wide license. 10,000 staff & faculty licenses with student usage free </li></ul><ul><ul><li>One year license given to us with purchase of one year maintenance agreement </li></ul></ul><ul><ul><li>Additional year paid for in advance </li></ul></ul><ul><li>2003 – CIT negotiates 3 year license and includes SCF (Now known as SCS) </li></ul><ul><li>2007 – License up for renewal </li></ul>
  6. 6. Symantec Licensing Terms <ul><li>Staff, and faculty may install the SCS client on any office or home machine </li></ul><ul><li>Students may install the SCS client on their personal machine </li></ul><ul><li>Students and employees leaving Cornell must uninstall software </li></ul>
  7. 7. Symantec Licensing Terms <ul><li>Departments may install the Symantec server/Administrative tools on as many machines as they like </li></ul><ul><li>Standalone client for Windows Server OS not covered in current license </li></ul>
  8. 8. The Symantec “Mindset” <ul><li>Symantec develops SAV/SCS for the Corporate (AKA Managed) environment </li></ul><ul><li>LiveUpdate only updates definitions and rule sets </li></ul><ul><ul><li>Labor intensive to update standalone clients </li></ul></ul><ul><li>Difficult to customize client for standalone operation </li></ul>
  9. 9. SAV/SCS Current Version <ul><li>10.1/3.1 MR5 </li></ul><ul><ul><li>Point Patch 1 released 11/07/2006 </li></ul></ul><ul><ul><li>Maintenance Patch 1 released sometime after </li></ul></ul><ul><li>Patches focus on managed client issues </li></ul><ul><li>Install patches in order of release </li></ul><ul><li>Supported OS: Windows XP, Windows Vista, Mac OS 10.3+ </li></ul>
  10. 10. 64 bit SAV <ul><li>Used for 64 bit Windows XP installations </li></ul><ul><li>No firewall </li></ul><ul><li>Included in departmental distribution </li></ul><ul><li>Standalone installer not published to avoid user confusion </li></ul><ul><li>64 bit Vista client recently released </li></ul>
  11. 11. Vista Support <ul><li>32 bit version of SAV available for download </li></ul><ul><li>No firewall currently available </li></ul><ul><li>Current rumor is full Vista support with 10.2, at the end of June </li></ul>
  12. 12. SAV for the Macintosh <ul><li>Current Version: 10.1.1 </li></ul><ul><li>Works on 10.3 and later, Intel/Mac also </li></ul><ul><li>Quick Menu & AutoProtect control not installed </li></ul><ul><ul><li>Moved to separate installer </li></ul></ul><ul><ul><li>Available at CIT Antivirus Page </li></ul></ul>
  13. 13. Where is SAV/SCS Available? <ul><li>Standalone clients available via: </li></ul><ul><ul><li>Bear Access </li></ul></ul><ul><ul><li>CIT Antivirus page </li></ul></ul><ul><li>Full distribution </li></ul><ul><ul><li>Distribution page linked off above page </li></ul></ul><ul><ul><li>Note: Must be in appropriate permit to download </li></ul></ul><ul><ul><li>Updated on regular basis </li></ul></ul><ul><ul><li>Current version only </li></ul></ul>
  14. 14. Bear Access Changes to SAV/SCS <ul><li>SAV config changes </li></ul><ul><ul><li>LiveUpdate runs from 10am-12pm every day </li></ul></ul><ul><ul><li>Eudora .mbx files are excluded </li></ul></ul><ul><li>Firewall modifications </li></ul><ul><ul><li>P-Rules added for most common applications used on Cornell campus (Eg: CUTV) </li></ul></ul>
  15. 15. SAV/SCS Limitations <ul><li>OS and applications must be up to date for best effectiveness </li></ul><ul><li>Good at detecting known viruses; no protection on suspected bad behavior </li></ul><ul><li>Works well in a layered security model </li></ul><ul><li>Current trojans and viruses will disable SAV silently </li></ul>
  16. 16. Common Problems <ul><li>Subscription Expired </li></ul><ul><ul><li>Mixed Corporate Edition with Personal Edition </li></ul></ul><ul><ul><li>Must uninstall & delete anything remotely Symantec </li></ul></ul><ul><li>Managed client is not talking to server </li></ul><ul><ul><li>Insure that firewall has rule allowing server to initiate connection </li></ul></ul><ul><ul><li>Windows file sharing is used to transfer “push” updates. Firewall has to be open port 445 </li></ul></ul>
  17. 17. Common Problems <ul><li>SAV/SCS not updating definitions or rules </li></ul><ul><ul><li>Machine infected? </li></ul></ul><ul><ul><li>Experience has shown multiple causes beyond above, all stubborn </li></ul></ul><ul><ul><li>Usually ends up being a uninstall, SAV registry cleaning, and reinstall </li></ul></ul><ul><li>SAV is deleting email </li></ul>
  18. 18. Symantec AV and Email <ul><li>Affects POP users only </li></ul><ul><li>Entire mailboxes get removed when a single email has a virus </li></ul><ul><li>Workaround for Eudora: Exclude .mbx files </li></ul><ul><li>Workaround for Thunderbird: Exclude profile in D&SApplication DataThunderbirdProfiles </li></ul>
  19. 19. “ Upgrading” SAV/SCS <ul><li>Experience has shown that relying on Symantec installer to upgrade is dangerous </li></ul><ul><li>Safest course for clients: </li></ul><ul><ul><li>Uninstall </li></ul></ul><ul><ul><li>Reboot </li></ul></ul><ul><ul><li>Delete all Symantec directories </li></ul></ul><ul><ul><li>Reinstall </li></ul></ul><ul><li>Note: Firewall rules will survive an uninstall </li></ul><ul><ul><li>Follow Symantec clean up doc for details </li></ul></ul>
  20. 20. “ Upgrading” SAV/SCS <ul><li>Safest course for upgrading server </li></ul><ul><ul><li>Install latest version on new machine </li></ul></ul><ul><ul><li>Join new install to group as a child server </li></ul></ul><ul><ul><li>Promote new install to parent </li></ul></ul><ul><ul><li>Remove old server from group </li></ul></ul><ul><ul><li>Uninstall, delete, reinstall new version on old server </li></ul></ul>
  21. 21. Virus Breaches SAV - Recourse? <ul><li>Current viruses excel at hiding against SAV & other antivirus/anti-spyware software </li></ul><ul><li>If malware gets past defenses, little recourse but to reformat & reinstall </li></ul><ul><ul><li>Removal sometimes cripples machine </li></ul></ul><ul><ul><li>Antivirus software poor at removing latest malware completely </li></ul></ul>
  22. 22. New Virus? Report Procedure <ul><li>IT Security Office handles contacting Symantec in reporting potential new viruses </li></ul><ul><li>Must meet following criteria: </li></ul><ul><ul><li>Significant impact on campus </li></ul></ul><ul><ul><li>Not covered in Symantec index of threats covered by current virus definitions </li></ul></ul><ul><ul><li>Other tools unable to identify malware as a known threat </li></ul></ul>
  23. 23. Technical Support for SAV/SCS <ul><li>Client Support </li></ul><ul><ul><li>Front line: CIT Contact Center </li></ul></ul><ul><ul><li>Referred to back-line when unable to answer </li></ul></ul><ul><ul><li>If problem can't be resolved over the phone, the user can bring in machine on case by case basis </li></ul></ul>
  24. 24. Technical Support for SAV/SCS <ul><li>Department Support </li></ul><ul><ul><li>Try net-admin mailing list </li></ul></ul><ul><ul><li>Emergency or above doesn't help, contact Lee Brink for Platinum Support </li></ul></ul><ul><ul><li>Before call is made to Symantec be sure that: </li></ul></ul><ul><ul><ul><li>A phone is near console of affected machine </li></ul></ul></ul><ul><ul><ul><li>You are at the current version and patch level </li></ul></ul></ul><ul><ul><li>Departments may also buy their own contract </li></ul></ul>
  25. 25. The Future of Symantec @ CU <ul><li>Cost of campus license has skyrockted </li></ul><ul><li>Switching vendors an option, but </li></ul><ul><ul><li>Large cost in switching campus </li></ul></ul><ul><ul><li>Benefits must outweigh current costs </li></ul></ul><ul><ul><li>Would require major effort at significant expense </li></ul></ul><ul><li>All options being weighed by IT Security Office </li></ul>
  26. 26. Your Thoughts <ul><li>Symantec not meeting your needs? </li></ul><ul><li>CIT distribution and support need change? </li></ul><ul><li>Time to consider switching to another vendor? </li></ul>