Symantec Claims to be Industry Leading — But Are They Really?
According to a federal ruling, Symantec Corporation will have to continue defending against class claims that its Norton and Enterprise products failed to protect its users against the latest online cyber threats.
Edward Chen of the U.S District Court ruled Symantec’s statement that its software is “industry-leading” may create consumer belief that the company is adhering to industry best practices. However, an investigation by Google’s cyber security team uncovered software vulnerabilities within the Antivirus Decomposer Engine held within Symantec software. Not only were there vulnerabilities noted, but Symantec allegedly failed to notify customers that it did not implement patches on particular third-party source code.
Montgomery Beyer, the individual who brought claims against Symantec, is alleging the defects within the Symantec software exposed his entire computer operating systems to multiple security vulnerabilities.
Surprised? You Shouldn’t Be…
Recently, PC Matic has been requesting public records on antivirus solutions used at the time of ransomware infections for public municipalities, school systems, and law enforcement agencies. Due to the time it takes to process each public record request, only a small percentage have been returned. However, of those which did respond disclosing which antivirus they were using, 34% reported a Symantec product. Those respondents include:
- Department of Mineral Resources in Bismarck, North Dakota
- City of Yuba City in California
- City of Farmington in New Mexico
- Monroe County School District in Key West, Florida
- Grant County Education Service District in John Day, Oregon
Moving Forward
The cyber security industry is going to be held accountable for their marketing language. Different terms like “exceptional” or “outstanding” are still permitted, without necessarily having to “back up” those terms. However, if a company is going to use language like “industry-leading” — they must have data to back that up.
This may include disclosing independent third-party testing and scoring really well, or various third-party awards, or making product enhancements to address the latest attack methods used by cyber criminals.
As a consumer, MSP, or reseller, it is important you understand the marketing language security solutions are using. They can’t make big claims, unless they have ways to back it up. If you ever question the legitimacy of the claim — contact the company and ask for evidence to support it.