Symantec
Symantec headquarters in Mountain View, California | |
Public | |
Traded as | NASDAQ: SYMC NASDAQ-100 Component S&P 500 Component |
Industry | Computer software |
Founded | March 1, 1982 Sunnyvale, California, U.S. |
Founder | Gary Hendrix |
Headquarters | Mountain View, California , U.S.[1] |
Area served | Worldwide |
Key people | Daniel Schulman (Chairman) Greg Clark (CEO) |
Products | Security software |
Revenue | US$ 4.019 billion (2017)[2] |
US$ -100 million (2017)[2] | |
US$ -106 million (2017)[2] | |
Total assets | US$ 18.174 billion (2017)[2] |
Total equity | US$ 3.487 billion (2017)[2] |
Number of employees | 12,518[3] (2017) |
Divisions | List of divisions |
Website | www |
Symantec Corporation (/sɪˈmænˌtɛk/; commonly known as Symantec) is an American software company headquartered in Mountain View, California, United States. The company provides cybersecurity software and services. Symantec is a Fortune 500 company and a member of the S&P 500 stock-market index. The company also has development centers in Pune, Chennai and Bengaluru (India).
On October 9, 2014, Symantec declared it would split into two independent publicly traded companies by the end of 2015. One company would focus on security, the other on information management. On January 29, 2016, Symantec sold its information-management subsidiary, named Veritas Technologies (which Symantec had acquired in 2004)[4] to The Carlyle Group.[5]
The name "Symantec" is a portmanteau of the words "syntax" and "semantics" with "technology".[6]
Contents
- 1 History
- 2 Norton products
- 3 Mergers and acquisitions
- 3.1 ACT!
- 3.2 Veritas
- 3.3 Sygate
- 3.4 Altiris
- 3.5 Vontu
- 3.6 Application Performance Management business
- 3.7 PC Tools
- 3.8 AppStream
- 3.9 MessageLabs
- 3.10 PGP and GuardianEdge
- 3.11 Verisign authentication
- 3.12 Rulespace
- 3.13 Clearwell Systems
- 3.14 LiveOffice
- 3.15 Odyssey Software
- 3.16 Nukona Inc.
- 3.17 NitroDesk Inc.
- 3.18 Blue Coat Systems
- 4 Security concerns and controversies
- 4.1 Restatement
- 4.2 Endpoint bug
- 4.3 Scan evasion vulnerability
- 4.4 Denial-of-service attack vulnerabilities
- 4.5 Scareware lawsuit
- 4.6 Source code theft
- 4.7 Verisign data breach
- 4.8 pcAnywhere exploit
- 4.9 Hacking of The New York Times network
- 4.10 Intellectual Ventures suit
- 4.11 Sustaining digital certificate security
- 4.12 Google and Symantec clash on website security checks
- 5 See also
- 6 References
- 7 External links
History
1982 to 1989
Founded in 1982 by Gary Hendrix with a National Science Foundation grant, Symantec was originally focused on artificial intelligence-related projects, including a database program.[7] Hendrix hired several Stanford University natural language processing researchers as the company's first employees, among them Barry Greenstein (professional poker player and developer of the word processor component within Q&A).[7] Hendrix also hired Jerry Kaplan (entrepreneur and author) as a consultant to build the in-RAM database for Q&A.[8]
In 1984, it became clear that the advanced natural language and database system that Symantec had developed could not be ported from DEC minicomputers to the PC.[9] This left Symantec without a product, but with expertise in natural language database query systems and technology.[10] As a result, later in 1984 Symantec was acquired by another, smaller software startup company, C&E Software, founded by Denis Coleman and Gordon Eubanks and headed by Eubanks.[10] C&E Software developed a combined file management and word processing program called Q&A for "question and answer."[10]
The merged company retained the name Symantec.[10] Eubanks became its chairman, Vern Raburn, the former President of the original Symantec, remained as President of the combined company.[11] The new Symantec combined the file management and word processing functionality that C&E had planned, and added an advanced Natural Language query system (designed by Gary Hendrix and engineered by Dan Gordon) that set new standards for ease of database query and report generation. The natural language system was named "The Intelligent Assistant". Turner chose the name of Q&A for Symantec's flagship product, in large part because the name lent itself to use in a short, easily merchandised logo. Brett Walter designed the user interface of Q&A (Brett Walter, Director of Product Management). Q&A was released in November 1985.
During 1986, Vern Raburn and Gordon Eubanks swapped roles, and Eubanks became CEO and president of Symantec, while Raburn became its chairman.[12] Subsequent to this change, Raburn had little involvement with Symantec, and in a few years time, Eubanks added the Chairmanship to his other roles.[citation needed] After a slow start for sales of Q&A in the fall of 1985 and spring of 1986, Turner signed up a new advertising agency called Elliott/Dickens, embarked on an aggressive new advertising campaign, and came up with the "Six Pack Program" in which all Symantec employees, regardless of role, went on the road, training and selling dealer sales staff nationwide in the United States. Turner named it Six Pack because employees were to work six days a week, see six dealerships per day, train six sales representatives per store and stay with friends free or at Motel 6.[13] Simultaneously, a promotion was run jointly with SofSell (which was Symantec's exclusive wholesale distributor in the United States for the first year that Q&A was on the market). This promotion was very successful in encouraging dealers to try Q&A.
During this time, Symantec was advised by Jim Lally and John Doerr — both were board members of Symantec at that stage — (Kleiner Perkins Caufield & Byers) that if Symantec would cut its expenses and grow revenues enough to achieve cash flow break-even, then KPCB would back the company in raising more venture capital. To accomplish this, the management team worked out a salary reduction schedule where the chairman and the CEO would take zero pay, all vice presidents would take a 50% pay cut, and all other employees' pay was cut by 15%. Two employees were laid off. Eubanks also negotiated a sizable rent reduction on the office space the company had leased in the days of the original Symantec. These expense reductions, combined with strong international sales of Q&A, enabled the company to attain break-even.
The significantly increased traction for Q&A from this re-launch grew Symantec's revenues substantially, along with early success for Q&A in international markets (uniquely a German version was shipped three weeks after the United States version, and it was the first software in the world that supported German Natural Language) following Turner's having placed emphasis on establishing international sales distribution and multiple language versions of Q&A from initial shipment.
In 1985, Rod Turner negotiated the publishing agreement with David Whitney for Symantec's second product, which Turner named NoteIt (an annotation utility for Lotus 1-2-3). It was evident to Turner that NoteIt would confuse the dealer channel if it was launched under the Symantec name, because Symantec had built up interest by that stage in Q&A (but not yet shipped it), and because the low price for the utility would not be initially attractive to the dealer channel until demand had been built up. Turner felt that the product should be marketed under a unique brand name.
Turner and Gordon E. Eubanks, Jr., then chairman of Symantec Corporation, agreed to form a new division of Symantec, and Eubanks delegated the choice of name to Turner. Turner chose the name Turner Hall Publishing, to be a new division of Symantec devoted to publishing third-party software and hardware. The objective of the division was to diversify revenues and accelerate the growth of Symantec. Turner chose the name Turner Hall Publishing, using his last name and that of Dottie Hall (Director of Marketing Communications) in order to convey the sense of a stable, long established, company.[14][15] Turner Hall Publishing's first offering was Note-It, a notation utility add-in for Lotus 1-2-3, which was developed by David Whitney, and licensed to Symantec.[16][17] Its second product was the Turner Hall Card, which was a 256k RAM, half slot memory card, initially made to inexpensively increase the available memory for Symantec's flagship product, Q&A. The Turner Hall division also marketed the card as a standalone product. Turner Hall's third product, also a 1-2-3 add-in was SQZ! a Lotus 1-2-3 spreadsheet compression utility developed by Chris Graham Synex Systems.[18] In the summer of 1986 Eubanks and Turner recruited Tom Byers from Digital Research, to expand the Turner Hall Publishing product family and lead the Turner Hall effort.
By the winter of 1986–87, the Turner Hall Publishing division had achieved success with NoteIt, the Turner Hall Card and SQZ!. The popularity of these products, while contributing a relatively small portion of revenues to Symantec, conveyed the impression that Symantec was already a diversified company, and indeed, many industry participants were under the impression that Symantec had acquired Turner Hall Publishing. In 1987, Byers recruited Ted Schlein into the Turner Hall Product Group to assist in building the product family and in marketing.
Revenues from Q&A, and from Symantec's early launch into the international marketplace, combined with Turner Hall Publishing, generated the market presence and scale that enabled Symantec to make its first merger/acquisition, in February 1987, that of Breakthrough Software, maker of the TimeLine project management software for DOS. Because this was the first time that Symantec had acquired a business that had revenues, inventory and customers, Eubanks chose to change nothing at BreakThrough Software for six months, and the actual merger logistics started in the summer of 1987, with Turner being appointed by Eubanks as general manager of the TimeLine business unit, Turner was made responsible for the successful integration of the company into Symantec and ongoing growth of the business, with P&L. There was a heavy emphasis placed on making the minimum disruption by Eubanks and Turner.
Soon after the acquisition of TimeLine/Breakthrough Software, Eubanks reorganized Symantec, structuring the company around product-centric groups, each having its own development, quality assurance, technical support and product marketing functions, and a General Manager with profit and loss responsibility. Sales, finance and operations were centralized functions that were shared. This structure lent itself well to Symantec's further growth through mergers and acquisitions. Eubanks made Turner general manager of the new TimeLine Product Group, and simultaneously of the Q&A Product Group, and made Tom Byers general manager of the Turner Hall Product Group. Turner continued to build and lead the company's international business and marketing for the whole company.
At the TimeLine Product Group, Turner drove strong marketing, promotion and sales programs in order to accelerate momentum. By 1989 this merger was very successful—product group morale was high, TimeLine development continued apace, and the increased sales and marketing efforts applied built the TimeLine into the clear market lead in PC project management software on DOS. Both the Q&A and TimeLine product groups were healthily profitable. The profit stream and merger success set the stage for subsequent merger and acquisition activity by the company, and indeed funded the losses of some of the product groups that were subsequently acquired.[14] In 1989, Eubanks hired John Laing as VP worldwide sales, and Turner transferred the international division to Laing. Eubanks also recruited Bob Dykes to be Executive Vice President for Operations and Finance, in anticipation of the upcoming IPO. In July 1989 Symantec had its IPO.
1990 to 1999
In May 1990, Symantec announced its intent to merge with and acquire Peter Norton Computing, a developer of various utilities for DOS. Turner was appointed as product group manager for the Norton business, and made responsible for the merger, with P&L responsibility. Ted Schlein was made product group manager for the Q&A business.
The Peter Norton group merger logistical effort began immediately while the companies sought approval for the merger, and in August 1990, Symantec concluded the purchase—by this time the combination of the companies was already complete. Symantec's consumer antivirus and data management utilities are still marketed under the Norton name. At the time of the merger, Symantec had built upon its Turner Hall Publishing presence in the utility market, by introducing Symantec Antivirus for the Macintosh (SAM), and Symantec Utilities for the Macintosh (SUM). These two products were already market leaders on the Mac, and this success made the Norton merger more strategic. Symantec had already begun development of a DOS-based antivirus program one year before the merger with Norton. The management team had decided to enter the antivirus market in part because it was felt that the antivirus market entailed a great deal of ongoing work to stay ahead of new viruses. The team felt that Microsoft would be unlikely to find this effort attractive, which would lengthen the viability of the market for Symantec. Turner decided to use the Norton name for obvious reasons, on what became the Norton Antivirus, which Turner and the Norton team launched in 1991. At the time of the merger, Norton revenues were approximately 20 to 25% of the combined entity. By 1993, while being led by Turner, Norton product group revenues had grown to be approximately 82% of Symantec's total.
At one time Symantec was also known for its development tools, particularly the THINK Pascal, THINK C, Symantec C++, Enterprise Developer and Visual Cafe packages that were popular on the Macintosh and IBM PC compatible platforms. These product lines resulted from acquisitions made by the company in the late 1980s and early 1990s. These businesses and the Living Videotext acquisition were consistently unprofitable for Symantec, and these losses diverted expenditures away from both the Q&A for Windows and the TimeLine for Windows development efforts during the critical period from 1988 through 1992. Symantec exited this business in the late-1990s as competitors such as Metrowerks, Microsoft and Borland gained significant market share.
In 1996, Symantec Corporation was alleged of misleading financial statements in violation of GAAP.[19]
2000 to present
From 1999 to April 2009 Symantec was led by CEO John W. Thompson, a former VP at IBM. At the time, Thompson was the only African-American leading a major US technology company. He was succeeded in April 2009 by the company's long-time Symantec executive Enrique Salem.[20] Under Salem, Symantec completed the acquisition of Verisign's Certificate Authority business, dramatically increasing their share of that market.
Salem was abruptly fired in 2012 for disappointing earnings performance and replaced by Steve Bennett, a former CEO of Intuit and GE executive.[21] In January 2013, Bennett announced a major corporate reorganization, with a goal of reducing costs and improving Symantec's product line. He said that sales and marketing "had been high costs but did not provide quality outcomes". He concluded that "Our system is just broken".[22]
Robert Enderle of CIO.com reviewed the reorganization and noted that Bennett was following the General Electric model of being product-focused instead of customer-focused. He concluded "Eliminating middle management removes a large number of highly paid employees. This will tactically improve Symantec's bottom line but reduce skills needed to ensure high-quality products in the long term."[23]
In March 2014, Symantec fired Steve Bennett from his CEO position and named Michael Brown as interim president and chief executive. Including the interim CEO, Symantec has had 3 CEOs in less than two years.[24][25] On September 25, 2014 Symantec announced the appointment of Michael A. Brown as its President and Chief Executive Officer.[26] Brown had served as the company's interim President and Chief Executive Officer since March 20, 2014.[27] Mr. Brown has served as a member of the Company's Board of Directors since July 2005 following the acquisition of VERITAS Software Corporation. Mr. Brown had served on the VERITAS board of directors since 2003.[28]
In July 2016, Symantec introduced a solution to help carmarkers protect connected vehicles against zero-day attacks. The Symantec Anomaly Detection for Automotive is an IoT solution for manufacturers and uses machine learning to provide in-vehicle security analytics.[29] Greg Clark assumed the position of CEO in August 2016.[30]
In November 2016, Symantec announced its intent to acquire identity theft protection company LifeLock for $2.3 billion.[31]
In August 2017, Symantec announced that it had agreed to sell its business unit that verifies the identity of websites to Thoma Bravo. With this acquisition, Thoma Bravo plans to merge the Symantec business unit with its own web certification company, DigiCert.[32]
On January 4, 2018, Symantec and BT announced their partnership that provides new endpoint security protection.[33]
In May 2018, Symantec initiated an internal audit to address concerns raised by a former employee,[34][35] causing it to delay its annual earnings report.[36]
In August 2018, Symantec announced that the hedge fund Starboard Value had put forward five nominees to stand for election to the Symantec Board of Directors at Symantec's 2018 Annual Meeting of Stockholders.[37] This followed a Schedule 13D filing by Starboard showing that it had accumulated a 5.8% stake in Symantec.[38] In September 2018, Symantec announced that three nominees of Starboard were joining the Symantec board, two with immediate effect (including Starboard Managing Member Peter Feld) and one following the 2018 Annual Meeting of Stockholders.[39]
Demerger
On October 9, 2014, Symantec declared that the company would separate into two independent publicly traded companies by the end of 2015.[40] Symantec will continue to focus on security, while a new company will be established focusing on information management. Symantec confirmed on January 28, 2015 that the information management business would be called Veritas Technologies Corporation, marking a return of the Veritas name.[41] In August 2015, Symantec agreed to sell Veritas to a private equity group led by The Carlyle Group for $8 billion. The sale was completed by February 2016 that turned Veritas into a privately owned company.[42]
Norton products
As of 2015, Symantec's Norton product line includes Norton Security, Norton Small Business, Norton Family, Norton Mobile Security, Norton Online Backup, Norton360, Norton Utilities and Norton Computer Tune Up.[citation needed]
In 2012, PCTools iAntiVirus was rebranded as a Norton product under the name iAntivirus, and released to the Mac App Store. Also in 2012, the Norton Partner Portal was relaunched to support sales to consumers throughout the EMEA technologies.[citation needed]
Mergers and acquisitions
ACT!
In 1993, Symantec acquired ACT! from Contact Software International. Symantec sold ACT! to SalesLogix in 1999. At the time it was the world's most popular CRM application for Windows and Macintosh.[43]
Veritas
On December 16, 2004, Veritas Software and Symantec announced their plans for a merger. With Veritas valued at $13.5 billion, it was the largest software industry merger to date.[44] Symantec's shareholders voted to approve the merger on June 24, 2005; the deal closed successfully on July 2, 2005.[45] July 5, 2005, was the first day of business for the U.S. offices of the new, combined software company. As a result of this merger, Symantec includes storage- and availability-related products in its portfolio, namely Veritas File System (VxFS), Veritas Volume Manager (VxVM), Veritas Volume Replicator (VVR), Veritas Cluster Server (VCS), NetBackup (NBU), Backup Exec (BE) and Enterprise Vault (EV).[citation needed]
On January 29, 2016, Symantec sold Veritas Technologies to The Carlyle Group.[4]
Sygate
On August 16, 2005, Symantec acquired Sygate,[46] a security software firm based in Fremont, California, with about 200 staff.[47] As of November 30, 2005, all Sygate personal firewall products were discontinued.[48]
Altiris
On January 29, 2007, Symantec announced plans to acquire Altiris,[49] and on April 6, 2007, the acquisition was completed.[50] Altiris specializes in service-oriented management software that allows organizations to manage IT assets.[49] It also provides software for web services, security and systems management products. Established in 1998, Altiris is headquartered in Lindon, Utah.[51]
Vontu
On November 5, 2007, Symantec announced its acquisition of Vontu, the leader in Data Loss Prevention (DLP) solutions, for $350 million.[52]
Application Performance Management business
On January 17, 2008, Symantec announced[53] that it was spinning off its Application Performance Management (APM) business and the i3 product line to Vector Capital.[54] Precise Software Solutions took over development, product management, marketing and sales for the APM business, launching as an independent company on September 17, 2008.[55]
PC Tools
On August 18, 2008, Symantec announced the signing of an agreement to acquire PC Tools. Under the agreement, PC Tools would maintain separate operations. The financial terms of the acquisition were not disclosed. In May 2013, Symantec announced they were discontinuing the PC Tools line of internet security software.[56]
In December 2013, Symantec announced they were discontinuing and retiring the entire PC Tools brand and offering a non expiring license to PC Tools Performance Toolkit, PC Tools Registry Mechanic, PC Tools File Recover and PC Tools Privacy Guardian users with an active subscription as of December 4, 2013.[57]
AppStream
On April 18, 2008, Symantec completed the acquisition of AppStream, Inc. (“AppStream”), a nonpublic Palo Alto, California-based provider of endpoint virtualization software. AppStream was acquired to complement Symantec's endpoint management and virtualization portfolio and strategy.[58]
MessageLabs
On October 9, 2008, Symantec announced its intent to acquire Gloucester-based MessageLabs (spun off from Star Internet in 2007) to boost its Software-as-a-Service (SaaS) business. Symantec purchased the online messaging and Web security provider for about $695 million in cash.[59] The acquisition closed on November 17, 2008.[60]
PGP and GuardianEdge
On April 29, 2010, Symantec announced its intent to acquire PGP Corporation and GuardianEdge.[61] The acquisitions closed on June 4, 2010, and provided access to established encryption, key management and technologies to Symantec's customers.[citation needed]
Verisign authentication
On May 19, 2010, Symantec signed a definitive agreement to acquire Verisign's authentication business unit, which included the Secure Sockets Layer (SSL) Certificate, Public Key Infrastructure (PKI), Verisign Trust and Verisign Identity Protection (VIP) authentication services.[62] The acquisition closed on August 9, 2010. In August 2012, Symantec completed its rebranding of the Verisign SSL Certificate Service by renaming the Verisign Trust Seal the Norton Secured Seal.[63]
Rulespace
Acquired in October 10, 2010, RuleSpace is a web categorisation product first developed in 1996.[64] The categorisation is, automated using what Symantec refers to as the Automated Categorization System (ACS). It is used as the base for content filtering by many UK ISP.[citation needed]
Clearwell Systems
On May 19, 2011, Symantec announced the acquisition of Clearwell Systems for approximately $390 million.[65]
LiveOffice
On January 17, 2012, Symantec announced the acquisition of cloud email-archiving company LiveOffice. The acquisition price was $115 million.[66] Last year,[ambiguous] Symantec joined the cloud storage and backup sector with its Enterprise Vault.cloud and Cloud Storage for Enterprise Vault solutions, in addition to a cloud messaging solution, Symantec Instant Messaging Security cloud (IMS.cloud).[citation needed] Symantec stated that the acquisition would add to its information governance products,[66][67] allowing customers to store information on-premises, in Symantec's data centers, or both.
Odyssey Software
On March 2, 2012, Symantec completed the acquisition of Odyssey Software. Odyssey Software's main product was Athena, which was device management software that extended Microsoft System Center solutions, adding the ability to manage, support and control mobile and embedded devices, such as smartphones and ruggedized handhelds.[46][68]
Nukona Inc.
Symantec completed its acquisition of Nukona, a provider of mobile application management (MAM), on April 2, 2012.[69] The acquisition agreement between Symantec and Nukona was announced on March 20, 2012.[70]
NitroDesk Inc.
On May 2014 Symantec acquired NitroDesk, provider of TouchDown, the market-leading third-party EAS mobile application.[71]
Blue Coat Systems
On June 13, 2016 it was announced that Symantec has acquired Blue Coat for $4.65 billion.[72]
Security concerns and controversies
Restatement
On August 9, 2004, the company announced that it discovered an error in its calculation of deferred revenue, which represented an accumulated adjustment of $20 million.[73][74]
Endpoint bug
The arrival of the year 2010 triggered a bug in Symantec Endpoint. Symantec reported that malware and intrusion protection updates with "a date greater than December 31, 2009 11:59pm [were] considered to be 'out of date.'" The company created and distributed a workaround for the issue.[75]
Scan evasion vulnerability
In March 2010, it was reported that Symantec AntiVirus and Symantec Client Security were prone to a vulnerability that might allow an attacker to bypass on-demand virus scanning, and permit malicious files to escape detection.[76][77][citation needed]
Denial-of-service attack vulnerabilities
In January 2011, multiple vulnerabilities in Symantec products that could be exploited by a denial-of-service attack, and thereby compromise a system, were reported. The products involved were Symantec AntiVirus Corporate Edition Server and Symantec System Center.[78]
The November 12, 2012 Vulnerability Bulletin of the United States Computer Emergency Readiness Team (US-CERT) reported the following vulnerability for older versions of Symantec's Antivirus system: "The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file."[79]
The problem relates to older versions of the systems and a patch is available. US-CERT rated the seriousness of this vulnerability as a 9.7 on a 10-point scale. The "decomposer engine" is a component of the scanning system that opens containers, such as compressed files, so that the scanner can evaluate the files within.[citation needed]
Scareware lawsuit
In January 2012, James Gross filed a lawsuit against Symantec for distributing fake scareware scanners that purportedly alerted users of issues with their computers. Gross claimed that after the scan, only some of the errors and problems were corrected, and he was prompted by the scanner to purchase a Symantec app to remove the rest. Gross claimed that he bought the app, but it did not speed up his computer or remove the detected viruses. He hired a digital forensics expert to back up this claim. Symantec denied the allegations and said that it would contest the case.[80] Symantec settled a $11 million fund (up to $9 to more than 1 million eligible customers representing the overpaid amount for the app) and the case was dismissed in court.[81][82]
Source code theft
On January 17, 2012, Symantec disclosed that its network had been hacked. A hacker known as "Yama Tough" had obtained the source code for some Symantec software by hacking an Indian government server.[83] Yama Tough released parts of the code, and threatened to release more. According to Chris Paden, a Symantec spokesman, the source code that was taken was for Enterprise products that were between five and six years old.[83]
On September 25, 2012, an affiliate of the hacker group Anonymous published source code from Norton Utilities.[84] Symantec confirmed that it was part of the code that had been stolen earlier, and that the leak included code for 2006 versions of Norton Utilities, pcAnywhere and Norton Antivirus.[84]
Verisign data breach
In February 2012, it was reported that Verisign's network and data had been hacked repeatedly in 2010, but that the breaches had not been disclosed publicly until they were noted in an SEC filing in October 2011.[85] Verisign did not provide information about whether the breach included its certificate authority business, which was acquired by Symantec in late 2010.[85] Oliver Lavery, Director of Security and Research for nCircle, asked rhetorically, "Can we trust any site using Verisign SSL certificates? Without more clarity, the logical answer is no."[86][87]
pcAnywhere exploit
On February 17, 2012, details of an exploit of pcAnywhere were posted. The exploit would allow attackers to crash pcAnywhere on computers running Windows.[88] Symantec released a hotfix for the issue twelve days later.[89]
Hacking of The New York Times network
According to Mandiant, Symantec security products used by The New York Times detected only one of 45 pieces of malware that were installed by Chinese hackers on the newspaper's network during a three-month period in late 2012.[90] Symantec responded:
"Advanced attacks like the ones the New York Times described in the following article, <http://nyti.ms/TZtr5z>, underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our [E]ndpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of [E]ndpoint solutions alone [is] not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough".[91]
Intellectual Ventures suit
In February 2015, Symantec was found guilty of two counts of patent infringement in a suit by Intellectual Ventures Inc and ordered to pay $17 million in compensation and damages,[92] In September 2016, this decision was reversed on appeal by the Federal Circuit.[93][94]
Sustaining digital certificate security
On September 18, 2015, Google notified Symantec that the latter issued 23 test certificates for five organizations, including Google and Opera, without the domain owners' knowledge.[95] Symantec performed another audit and announced that an additional 164 test certificates were mis-issued for 76 domains and 2,458 test certificates were mis-issued for domains that had never been registered. Google requested that Symantec update the public incident report with proven analysis explaining the details on each of the failures.[96]
The company was asked to report all the certificates issued to the Certificate Transparency log henceforth.[97][98] Symantec has since reported implementing Certificate Transparency for all its SSL Certificates. Above all, Google has insisted that Symantec execute a security audit by a third party and to maintain tamper-proof security audit logs.[97]
Google and Symantec clash on website security checks
On March 24, 2017, Google stated that it had lost confidence in Symantec, after the latest incident of improper certificate issuance.[99][100] Google says millions of existing Symantec certificates will become untrusted in Google Chrome over the next 12 months. According to Google, Symantec partners issued at least 30,000 certificates of questionable validity over several years, but Symantec disputes that number.[101] Google said Symantec failed to comply with industry standards and could not provide audits showing the necessary documentation.[102][103]
Google's Ryan Sleevi said that Symantec partnered with other CAs (CrossCert (Korea Electronic Certificate Authority), Certisign Certificatadora Digital, Certsuperior S. de R. L. de C.V., and Certisur S.A.) who did not follow proper verification procedures leading to the misissuance of certificates.[104]
Following discussions in which Google had required that Symantec migrate Symantec-branded certificate issuance operations a non-Symantec-operated “Managed Partner Infrastructure”,[105] a deal was announced whereby DigiCert acquired Symantec's website security business.[106] In September 2017, Google announced that starting with Chrome 66, "Chrome will remove trust in Symantec-issued certificates issued prior to June 1, 2016".[107] Google further stated that "by December 1, 2017, Symantec will transition issuance and operation of publicly-trusted certificates to DigiCert infrastructure, and certificates issued from the old Symantec infrastructure after this date will not be trusted in Chrome."[107] Google predicted that toward the end of October, 2018, with the release of Chrome 70, the browser would omit all trust in Symantec's old infrastructure and all of the certificates it had issued, affecting most certificates chaining to Symantec roots.[107] Mozilla Firefox planned to distrust Symantec-issued certificates in Firefox 63 (released on October 23, 2018),[108] but delivered the change in Firefox 64 (released on December 11, 2018).[109] Apple also has plan to distrust Symantec root certificates.[110][111]
See also
- Comparison of antivirus software
- Comparison of computer viruses
- Huawei Symantec, a joint venture between Huawei and Symantec
- List of mergers and acquisitions by Symantec
- Web blocking in the United Kingdom - Technologies
- Symantec behavior analysis technologies SONAR and AntiBot
References
- ^ "Contact Us - Symantec Corp". Symantec.com. Retrieved 2012-02-10.
- ^ a b c d e "Financial Tables". Symantec Investor Relations. Retrieved July 12, 2017.
- ^ "2017 Corporate Responsibility Report" (PDF). Symantec. Retrieved May 9, 2018.
- ^ a b Bray, Chad (August 11, 2015). "Carlyle Group and Other Investors to Acquire Veritas Technologies for $8 Billion". nytimes.com. The New York Times Company.
- ^ Kuranda, Sarah (January 29, 2016). "Partners Cheer the Official Closing Date of Symantec Split". CRN. Retrieved February 21, 2016.
- ^ "Symantec at 25: A short history" (PDF). symantec.com. Symantec Corporation. Retrieved 2016-09-27.
- ^ a b Slaughter, S.A. (2014). A Profile of the Software Industry: Emergence, Ascendance, Risks, and Rewards. 2014 digital library. Business Expert Press. p. 69. ISBN 978-1-60649-655-8. Retrieved March 24, 2017.
- ^ Spicer, Dag (November 19, 2004). "Oral History of Gary Hendrix" (PDF). Computer History Museum. CHM Ref: X3008.2005: 24. Archived from the original (PDF) on March 23, 2014. Retrieved March 23, 2014.
- ^ Springer, P.J. (2015). Cyber Warfare: A Reference Handbook: A Reference Handbook. Contemporary World Issues. ABC-CLIO. p. 193. ISBN 978-1-61069-444-5. Retrieved March 24, 2017.
- ^ a b c d Jones, C. (2014). The Technical and Social History of Software Engineering. Addison-Wesley. p. 198. ISBN 978-0-321-90342-6. Retrieved March 24, 2017.
- ^ "From the News Desk". InfoWorld. September 14, 1984. p. 9.
- ^ AI Trends. DM Data, Incorporated. 1985. Retrieved March 24, 2017.
- ^ Jones, C. (2014). The Technical and Social History of Software Engineering. Addison-Wesley. p. 199. ISBN 978-0-321-90342-6. Retrieved March 24, 2017.
- ^ a b "Gordon Eubanks Oral History, Computerworld Honors Program, Daniel S. Morrow, November 8, 2000". Google. Retrieved November 9, 2010.
- ^ "RasterOps-Truevison adds two industry leaders to board of directors; company names Walter W., Tuesday, March 21, 1995". Business Wire. Archived from the original on March 28, 2009. Retrieved November 9, 2010.
- ^ U.S. "Symantec". Answers.com. Retrieved November 9, 2010.
- ^ "Company Histories: Symantec Corporation, Funding Universe". Fundinguniverse.com. Retrieved November 9, 2010.
- ^ "Hendren and Associates". Hendrenet.com. Archived from the original on July 11, 2011. Retrieved November 9, 2010.
- ^ "Class action suit filed against Symantec Corporation and its officers and directors alleging misrepresentations, false financial statements and insider trading". Business Wire. August 14, 1996. Retrieved Jul 12, 2013.
- ^ "Enrique Salem". 2012. Archived from the original on December 20, 2012. Retrieved 2013-06-11.
- ^ Finkle, Jim (July 25, 2012). "Symantec fires CEO, successor begins turnaround effort". Reuters. Retrieved 2013-07-11.
- ^ Ellen Messmer (January 24, 2013). "Symantec CEO on reorg: 'our system is just broken'". Computerworld. Retrieved June 7, 2015.
- ^ Rob Enderle (January 25, 2013). "Symantec Reorganization Offers a Lesson on Knowing When to Leave". CIO. Retrieved June 7, 2015.
- ^ Schwartz, Mathew (March 21, 2004). "Symantec Fires CEO In Surprise Move". Dark Reading. Retrieved June 7, 2015.
- ^ Yadron, Danny (March 20, 2014). "Symantec Fires CEO Steve Bennett". WSJ. Retrieved April 16, 2017.
- ^ Stynes, Tess (September 25, 2014). "Symantec Appoints Brown as CEO". WSJ. Retrieved May 29, 2017.
- ^ Editorial, Reuters (March 20, 2014). "UPDATE 2-Symantec fires CEO Bennett". Reuters. Retrieved May 29, 2017.
- ^ "Symantec Appoints Michael A. Brown CEO". Symantec Press Release. Retrieved June 7, 2015.
- ^ News18.com. “Symantec Launches New System to Protect Connected Vehicles From Hack Attacks.” July 14, 2016. July 14, 2016.
- ^ Henderson, James (June 13, 2016). "Aussie takes charge as Symantec closes in on $4.6 billion Blue Coat buyout". ARN. Retrieved 2017-04-04.
- ^ Molina, Brett. "Symantec to acquire LifeLock for $2.3B". USA Today (2016-11–21). Retrieved 2016-11-21.
- ^ Reuters. “Symantec Plans to Sell This Business for Nearly $1 Billion.” August 2, 2017. August 29, 2017.
- ^ VanillaPlus. "BT and Symantec partner to provide best-in-class endpoint security protection." Jan 04, 2018. Retrieved Jan 5, 2018.
- ^ Salinas, Sara (2018-05-11). "Symantec suffers worst day in 17 years after news of internal audit". CNBC. Retrieved 2018-09-13.
- ^ Reisinger, Don (May 11, 2018). "Symantec Is Conducting an Mysterious Internal Investigation as shares take a tumble". Fortune. Retrieved September 13, 2018.
- ^ "Symantec says annual report may be delayed due to investigation". Reuters. May 10, 2018. Retrieved September 13, 2018.
- ^ Symantec Confirms Receipt of Director Nominations; http://investor.symantec.com/About/Investors/press-releases/press-release-details/2018/Symantec-Confirms-Receipt-of-Director-Nominations/default.aspx
- ^ Balu, Nivedita and Panchadar, Arjun; Starboard eyes Symantec board seats after taking stake; Reuters Technology News; August 16, 2018; https://www.reuters.com/article/us-symantec-starboard-stake/starboard-eyes-symantec-board-seats-after-taking-stake-idUSKBN1L10EN
- ^ RaiBalu, Sonam; Symantec names three Starboard nominees to board; Business News; September 17, 2018; https://www.reuters.com/article/us-symantec-starboard/symantec-appoints-starboards-peter-feld-to-its-board-idUSKCN1LX2EW
- ^ "Symantec latest company to split in two". BBC News. October 10, 2014. Retrieved February 17, 2015.
- ^ Brown, Michael. "New Veritas Name Blends our History and Vision for Tomorrow's Data Challenges". Symantec. Retrieved January 28, 2015.
- ^ Corporate press release, Symantec and Veritas separation (PDF), retrieved 2016-02-15
- ^ Darrow, Barbara (December 7, 1999). "Symantec To Sell ACT To SalesLogix". CRN.com. Retrieved March 30, 2011.
- ^ Lee, Dan (August 18, 2014). "2004: Symantec to buy Veritas for $13.5 billion". The Mercury News. Retrieved March 25, 2017.
- ^ Flynn, Laurie J. (June 25, 2005). "Shareholders Approve Symantec-Veritas Software Merger". The New York Times. Retrieved March 25, 2017.
- ^ a b Das, Sejuti (June 15, 2016). "Symantec's on a roll: 15 merger and acquisition deals you need to know". ChannelWorld India. Retrieved March 25, 2017.
- ^ Roberts, Paul F. (August 16, 2005). "Symantec Acquires Endpoint-Security Company Sygate". eWEEK. Retrieved March 25, 2017.
- ^ Savvides, Lexy (November 29, 2005). "Symantec scraps Sygate consumer firewall". CNET. Retrieved March 25, 2017.
- ^ a b Editorial, Reuters (January 29, 2007). "Symantec to acquire Altiris in $830 mln deal". Reuters. Retrieved March 25, 2017.
- ^ "Symantec Completes Acquisition of Altiris". PC World (press release). April 10, 2007. Retrieved March 25, 2017.
- ^ Computerworld (in German). IDG Enterprise. p. 69. Retrieved May 29, 2017.
- ^ Editorial, Reuters (November 5, 2007). "UPDATE 1-Symantec says to acquire Vontu for $350 million". Reuters. Retrieved March 25, 2017.
- ^ "Symantec to Sell Application Performance Management Business to Vector Capital". Symantec.com. Retrieved November 9, 2010.
- ^ Dubie, Denise (January 18, 2008). "Symantec dumps application performance management business". Network World. Retrieved April 16, 2017.
- ^ "The new Precise to redefine application performance management". precise.com. Archived from the original on September 28, 2010. Retrieved April 7, 2011.
- ^ "Download PC Performance & Computer Registry Software | PC Tools by Symantec". Pctools.com. 2013-05-18. Retrieved 2013-07-11.
- ^ "Download PC Performance & Computer Registry Software | PC Tools by Symantec". Pctools.com. 2013-12-04. Retrieved 2014-01-15.
- ^ http://www.wikinvest.com/stock/Symantec_(SYMC)/Appstream_Purchase
- ^ Stafford, Philip (October 9, 2008). "MessageLabs sold to Symantec for £397m". Financial Times. Retrieved March 25, 2017.
- ^ "Symantec Acquires MessageLabs: Bolsters SaaS Messaging Security Offerings". Enterprise Management Associates (EMA), an IT analyst firm. November 17, 2008. Retrieved March 25, 2017.
- ^ Messmer, Ellen (April 29, 2010). "Symantec buying PGP Corp., GuardianEdge for $370 million". Network World. Retrieved March 25, 2017.
- ^ Termanini, R. (2016). The Cognitive Early Warning Predictive System Using the Smart Vaccine: The New Digital Immunity Paradigm for Smart Cities and Critical Infrastructure. CRC Press. p. 85. ISBN 978-1-4987-2653-5. Retrieved March 25, 2017.
- ^ "VeriSign Rebrands To Norton - Get Norton Secured Seal For Your Site". Trustico.com. 2012-04-15. Archived from the original on July 29, 2013. Retrieved 2013-07-11.
- ^ Kaplan, Dan (October 20, 2010). "Symantec buys RuleSpace for URL filtering technology". SC Magazine US. Retrieved March 25, 2017.
- ^ Editorial, Reuters (May 19, 2011). "Symantec buys data experts Clearwell for $390 million". Reuters. Retrieved March 25, 2017.
- ^ a b Dignan, Larry (January 17, 2012). "Symantec picks up LiveOffice for $115 million, bolsters cloud archiving". ZDNet. Retrieved March 25, 2017.
- ^ Kirk, Jeremy (January 16, 2012). "Symantec Acquires LiveOffice Cloud-Based Archiving Company". CIO. Retrieved April 16, 2017.
- ^ Howley, Daniel P. (July 17, 2012). "Symantec Beefs Up Enterprise Mobile Security Offerings". Laptop Mag. Retrieved April 16, 2017.
- ^ "Symantec Completes Acquisition of Nukona". Symantec. April 16, 2012. Retrieved March 25, 2017.
- ^ Messmer, Ellen (March 20, 2012). "Symantec to acquire Nukona to assist in BYOD strategy". Network World. Retrieved March 25, 2017.
- ^ Kirk, Jeremy (May 28, 2014). "Symantec acquires NitroDesk for email security on Android". PCWorld. Retrieved March 25, 2017.
- ^ McMillan, Robert; McMillan, Robert (June 12, 2016). "Symantec Set to Buy Blue Coat Systems in $4.65 Billion Deal". WSJ. Retrieved June 13, 2016.
- ^ "Technology Briefing - Software: Symantec Cuts Profit On Accounting Error". The New York Times. August 10, 2004. Retrieved April 16, 2017.
- ^ McMillan, Robert (August 10, 2004). "Symantec lowers earnings results after software glitch". Computerworld. Retrieved April 16, 2017.
- ^ Greene, Tim (January 6, 2010). "Is It Y2K All Over Again in 2010?". PCWorld. Retrieved April 16, 2017.
- ^ "Symantec AntiVirus Scan Evasion Vulnerability". Retrieved June 7, 2015.
- ^ "Security Advisories Relating to Symantec Products - Symantec Event Manipulation Potential Scan Bypass". Retrieved June 7, 2015.
- ^ "Multiple vulnerabilities in Symantec products". HelpNet Security. January 27, 2011. Retrieved June 7, 2015.
- ^ "Vulnerability Summary for the Week of November 12, 2012 - US-CERT". United States Computer Emergency Readiness Team. Retrieved June 7, 2015.
- ^ Yin, Sara (2012-01-12). "Symantec Sued for Scareware Tactics". PC Magazine. Ziff Davis. Retrieved 2012-02-10.
- ^ McLernon, Sean (2013-03-18). "Symantec Inks $11M Deal Ending Claims It Used Scare Tactics". Law360. Portfolio Media.
- ^ Breyer, Charles R. (2012-07-31). "Filing 49: Order by Judge Charles R. Breyer granting 38 Motion to Dismiss". Gross v. Symantec Corporation – via Justia Dockets & Filings.
- ^ a b Gregg Keizer (2012-01-17). "Symantec backtracks, admits own network hacked". Computerworld. Retrieved 2012-02-10.
- ^ a b Constantin, Lucian (September 25, 2012). "Symantec: Leaked Norton Utilities 2006 source code already published months ago". PCWorld. Retrieved April 16, 2017.
- ^ a b Menn, Joseph (February 2, 2012). "Key Internet operator VeriSign hit by hackers". Reuters. Retrieved April 16, 2017.
- ^ Bradley, Tony (February 2, 2012). "VeriSign Hacked: What We Don't Know Might Hurt Us". PCWorld. Retrieved June 7, 2015.
- ^ Albanesius, Chloe. "VeriSign Hacked Multiple Times in 2010". PC Magazine.
- ^ Keizer, Gregg (February 23, 2012). "pcAnywhere exploit hackers could hijack 200,000 Windows PCs". ComputerworldUK. Retrieved April 16, 2017.
- ^ "Claims by Anonymous about Symantec Source Code". Symantec.
- ^ Perlroth, Nicole (January 31, 2013). "Hackers in China Attacked The Times for Last 4 Months". The New York Times. Retrieved June 10, 2013.
- ^ "Symantec Statement Regarding New York Times Cyber Attack". Symantec Official blog.
- ^ Robinson, Teri. "Symantec to pay $17M in damages for patent violations". SC Magazine. Retrieved June 7, 2015.
- ^ Jeff John Roberts (October 3, 2016). "Here's Why Software Patents Are in Peril After the Intellectual Ventures Ruling". Fortune Magazine. Retrieved 5 October 2016.
- ^ Dennis Crouch (October 2, 2016). "First Amendment Finally Reaches Patent Law". PatentlyO. Retrieved 5 October 2016.
- ^ Goodin, Dan (October 29, 2015). "Still fuming over HTTPS mishap, Google makes Symantec an offer it can't refuse". Ars Technica. Retrieved April 16, 2017.
- ^ "Google threatens action against Symantec-issued SSL certificates following botched investigation". PCWorld. Retrieved 2017-10-03.
- ^ a b Constantin, Lucian (October 29, 2015). "Google threatens action against Symantec-issued SSL certificates following botched investigation". PCWorld. Retrieved April 16, 2017.
- ^ "Google slams Symantec over Certificate Transparency trouble". SearchSecurity. April 16, 2017. Retrieved April 16, 2017.
- ^ Constantin, Lucian. "To punish Symantec, Google may distrust a third of the web's SSL certificates". PC World. Retrieved March 24, 2017.
- ^ Fariñas, Rafael (March 26, 2017). "Symantec loses Google's trust over fishy SSL Certificates". The USB Port. Retrieved March 26, 2017.
- ^ "To punish Symantec, Google may distrust a third of the web's SSL certificates". PC World. Retrieved April 16, 2017.
- ^ Goodin, Dan (March 24, 2017). "Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs". Ars Technica. Retrieved March 24, 2017.
- ^ Cimpanu, Catalin. "Google Reducing Trust in Symantec Certificates Following Numerous Slip-Ups". Bleeping Computer. Retrieved March 24, 2017.
- ^ Conger, Kate (March 27, 2017). "Google is fighting with Symantec over encrypting the internet". TechCrunch. Retrieved March 24, 2017.
- ^ Fisher, Darin (July 27, 2017). "Re: [blink-dev] Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates". blink-dev@chromium.org Google Group.
- ^ Merrill, John (August 2, 2017). "DigiCert to Acquire Symantec's Website Security Business". DigiCert.
- ^ a b c O’Brien, Devon; Sleevi, Ryan; Whalley, Andrew (September 11, 2017). "Chrome's Plan to Distrust Symantec Certificates". Google Security Blog.
- ^ Thayer, Wayne (July 30, 2018). "Update on the Distrust of Symantec TLS Certificates". Mozilla Security Blog. Retrieved August 15, 2018.
- ^ "Firefox 64 for developers". MDN Web Docs. Retrieved 2018-12-11.
- ^ "Information for website operators about distrusting Symantec certificate authorities". Apple Support. August 1, 2018.
- ^ Lynch, Vincent (June 7, 2018). "Our Latest Symantec Distrust Guidance". DigiCert Blog.
External links
- Official website
- Business data for Symantec: Google Finance
- Yahoo! Finance
- Reuters
- SEC filings
- Companies in the NASDAQ-100 Index
- Companies listed on NASDAQ
- Symantec
- Computer security companies
- Computer security software companies
- Content-control software
- Computer companies of the United States
- Former certificate authorities
- International information technology consulting firms
- Software companies based in the San Francisco Bay Area
- Companies based in Mountain View, California
- Computer companies established in 1982
- Software companies established in 1982
- 1982 establishments in California
- Software companies of the United States
- Silver Lake Partners companies