Oops, We Did It Again…
On occasion in the past, I've had the opportunity to work with CA's products. I've seen eTrust in all it's horridness... fail time and time again when attempting to clean a virus infested machine. As a little project at my former employers, I placed an unpatched XP Machine on a residence network... There were plenty of viruses and malware flying around and I wanted to see exactly what I'd catch.... This was to help find the best AV solution to recommend to the students.
While I can't say exactly how many infected files appeared on the system ( It was thrown into the wild, not a controlled environment). I can tell you that eTrust definately didn't have the best results.
| Solution Vendor | Product | Version | Definitions Version | # of Viruses in DB | Viruses Found |
| Sophos | Sophos Anti Virus | V 3.87.0, Engine 2.25.3 | V 3.87 | 95901 | 4 |
| Computer Associates | eTrust Antivirus | V 7.0.139 | InnoculateIT V23.67.7 | Unknown | 6 |
| ClamWin | ClamWin Antivirus | V 0.35.3 | Main: 27; daily: 549 | 25565 | 23 |
| Grisoft | AVG Professional | V 7.0.280 | 264.12.2 | Unknown | 14 |
| Symantec | Norton Antivirus 2004 | V 10.0.13.3 | Date: 10/23/2004 | Unknown | 3 + 38 Adware |
| Trend Mico | Housecall | Unknown | Unknown | Unknown | 7 |
| Computer Associates | Pest Patrol Online | Unkonwn | Unknown | Unknown | 64 |
While it wasn't the worst solution... it definately wasn't the best, far from it in my opinion... Now Pest Patrol Online looks good... however it was primarily registry keys and so forth...
Anyways... this was just some background into why it's "Oops, We Did It Again...". So we've established that in the past CA has had an awful AV solution... Now we see on ISC that CA released a signature the other day that detected lsass.exe as a virus and removed it... Where were the quality control implementations on that one... Users of the product are stuck without W2K3 Servers booting... This is a huge problem in my books. I wouldn't be happy with CA if they were my vendor right now.
Thankfully they have released fix instructions but for some companies the damage may have been done and this may be too little too late.
Peace,
HT
PS: Those of you interested in seeing the remainder of my research.... or getting access to the malicious binaries I pulled off the system for comparison scans with modern AV (this test was done in 2004) signatures... send me an email at ht [at] computerdefense.org.
“Now we see on ISC that CA released a signature the other day that detected lsass.exe as a virus and removed it…”
That is as stupid as it is funny!
I’m glad I dropped the free version of eTrust about three weeks ago (I paid for BitDefender 9 Standard instead – it looks like a solid AV, and most reviews of it give it top marks. It hasn’t failed me yet).
And HT, I’d love a copy of those binaries – please send them to me whenever you have the time
My email address is: linuxsecmail [SPLAT] googlemail [d0t] com