FYI: Security Problems Plague XP SP2 via Symantec/McAfee

[Dan]

Yahoo's tech Tuesday has some interesting stuff and here it is:

http://news.yahoo.com/techtuesday/

http://story.news.yahoo.com/news?tm...cworld/119666&cid=1093&ncid=1730&sid=96089681

Microsoft Window users need to apply latest patches due to hackers taking
advantage of released information in above article.

http://story.news.yahoo.com/news?tm...tc_techtues_pcworld/119627&cid=1740&ncid=1729

Microsoft Window users need to be aware that McAfee and Symantec (aka Norton)
products can disable advanced security features of XP SP2. I advise users to
rid their operating systems of these terrible products and use other means to
protect themselves in the on-line world.

 

[Guest]

Dan! Thank you, thank you, thank you! ! !

I was experiencing so many problems I was about to trash my machine and load
a disk-shaped hand grenade into the CD slot! Figured out it was Symantec's
stuff causing it all! Unloaded all their stuff and now everything runs great!

Thanks for the tip!

 

[Dan]

You are most welcome. Please feel free to share the stories with others and
warn them of the dangers of McAfee, Symantec, AOL and other programs that
disregard Windows by installing a bunch of unneeded junk to the computers as
well as trashing the registry. As I have tried to show here, it is not
always Microsoft who is responsible. Sometimes it is the fault of other
companies. Have a great night!

: Dan! Thank you, thank you, thank you! ! !
:
: I was experiencing so many problems I was about to trash my machine and
load
: a disk-shaped hand grenade into the CD slot! Figured out it was Symantec's
: stuff causing it all! Unloaded all their stuff and now everything runs
great!
:
: Thanks for the tip!
:
: "Dan" wrote:
:
: > Yahoo's tech Tuesday has some interesting stuff and here it is:
: >
: > http://news.yahoo.com/techtuesday/
: >
: >
http://story.news.yahoo.com/news?tm...cworld/119666&cid=1093&ncid=1730&sid=96089681
: >
: > Microsoft Window users need to apply latest patches due to hackers taking
: > advantage of released information in above article.
: >
: >
http://story.news.yahoo.com/news?tm...tc_techtues_pcworld/119627&cid=1740&ncid=1729
: >
: > Microsoft Window users need to be aware that McAfee and Symantec (aka
Norton)
: > products can disable advanced security features of XP SP2. I advise
users to
: > rid their operating systems of these terrible products and use other
means to
: > protect themselves in the on-line world.
: >
: >
: >

 

[jane]

Microsoft Window users need to be aware that McAfee and Symantec (aka Norton)
products can disable advanced security features of XP SP2. I advise users to
rid their operating systems of these terrible products and use other means to
protect themselves in the on-line world.

Hi Dan,
Is it only XP users that are affected?
I see you posted this in a 98 group so I have to ask.

regards Jane

 

[Daniel Royer]

" Microsoft Window users need to be aware that McAfee and Symantec (aka
Norton)
products can disable advanced security features of XP SP2"

Could you elaborate a little more on that?


______________________________
Daniel Royer, University of Geneva
daniel at royer dot ch

 

[Gary S. Terhune]

No, Jane. This particular issue, regarding Norton and McAfee
installations "fooling" the Windows Security Center" doesn't affect
anyone not running Windows XP with Service Pack 2 installed. See my
reply to Daniel Royer, below.

 

[Gary S. Terhune]

http://story.news.yahoo.com/news?tm...tc_techtues_pcworld/119627&cid=1740&ncid=1729

If the above link doesn't work for you, try this:
http://tinyurl.com/7ybuc

That is the "more" you're asking for. More than this, Dan doesn't know,
I'm sure. My take on the subject is a bit different. While acknowledging
that I am not a fan of either product, and I've not hesitated to say so
on innumerable occasions, what is described by the article isn't a real
security risk, per se.

The way I read the article is this:

One of the new features in Windows XP Service Pack 2 is the "Windows
Security Center". It keeps track of what, if any, antivirus and firewall
apps are installed, and whether they are up to date. If you are lacking
in a firewall or antivirus, or if they are simply not running, the WSC
advises you of the situation. However, as anyone who pays attention will
know, when you first install such applications, they are *never* up to
date and should be updated immediately. One result of this combination
of affairs is that while installing such apps, the new Windows Security
Center may warn, repeatedly, that the programs are not up to date.
Symantec and McAfee consider this detrimental to the "user
experience"--and in a way, I can't blame them. It *is* disconcerting to
get repeated warnings that you aren't protected while you are in the
very act of installing protection.

Norton solves this by deliberately disabling Windows Security Center
during installation (which makes one wonder about the architecture of
Windows Security Center, doesn't it?) McAfee changes the dates of
certain files to "now" as they are copied into the system. This
convinces Windows Security Center that there is now up-to-date
protection installed and it keeps quiet. However, apparently, the
antivirus app now thinks it's up to date, also, and may not initiate an
update, leaving the user with a very out of date antivirus until
sufficient time has passed and it then updates. Or perhaps it still
initiates an update during the normal course of installation, but in
many cases this isn't feasible due to the system not being able to
connect to the internet. I don't know the particulars.

For myself, the most alarming thing about this whole affair is that the
Windows Security Center *can* be disabled by any means other than user
intervention. Makes it rather useless, don't you think? Plus, McAfee's
methods would tend to leave a user with a false sense of security
between the time of installation and the first actual update. Judging by
the usual amount of time that such apps consider reasonable between
updates (a horribly long time in my opinion), a person could be running
several days without real antivirus protection and not realize it.

Of course, this has always been the case--automatic updaters are famous
for failing in their duties, especially where the systems aren't
connected to an always-on internet connection, or are used sporadically
for relatively short periods of time, or simply being inadvertently
disabled. This is why Windows Security Center was developed. And this is
why I always admonish users to *check* that AV and Firewall is running
when they startup and periodically throughout the day, and that they run
the updater(s) manually, on an at *least* daily basis. These are habits
that should be as deeply ingrained as checking your rear-view mirrors
regularly while driving.

 

[Guest]

http://www.symantec.com/techsupp/sp2/faq.html#9

Q: Why does the Windows Security Center say that the status of my Norton
security product is "unknown."

A: Your Norton security products contain tamper protection features that
prevent malicious code from determining their status. This tamper protection
also prevents the Windows Security Center from determining the status of your
Norton security products.

Symantec has released an update which adds compatibility to the Windows
Security Center so that it may report the status of your Symantec security
software. This update is included in Norton 2005 Security Products and is
available by LiveUpdate for Norton 2002/2003/2004 Security Products. The
update will install on Windows XP, but will not take effect unless you have
the Windows Security Center installed.

 

[Gary S. Terhune]

http://www.symantec.com/techsupp/sp2/faq.html#9

Q: Why does the Windows Security Center say that the status of my Norton
security product is "unknown."

A: Your Norton security products contain tamper protection features that
prevent malicious code from determining their status. This tamper protection
also prevents the Windows Security Center from determining the status of your
Norton security products.

I'm interested in knowing how the update status of antivirus or other
security apps could possibly be of use to malicious code. In any case,
as I read it, this is not the issue being discussed in the article

Symantec has released an update which adds compatibility to the Windows
Security Center so that it may report the status of your Symantec security
software. This update is included in Norton 2005 Security Products and is
available by LiveUpdate for Norton 2002/2003/2004 Security Products. The
update will install on Windows XP, but will not take effect unless you have
the Windows Security Center installed.

Which doesn't in the least explain why it needs to disable Windows
Security Center in order to install (if, in fact, it does so. I only
have the article to go by.)

 

[kurttrail]

http://story.news.yahoo.com/news?tm...tc_techtues_pcworld/119627&cid=1740&ncid=1729

If the above link doesn't work for you, try this:
http://tinyurl.com/7ybuc

That is the "more" you're asking for. More than this, Dan doesn't
know, I'm sure. My take on the subject is a bit different. While
acknowledging that I am not a fan of either product, and I've not
hesitated to say so on innumerable occasions, what is described by
the article isn't a real security risk, per se.

The way I read the article is this:

One of the new features in Windows XP Service Pack 2 is the "Windows
Security Center". It keeps track of what, if any, antivirus and
firewall apps are installed, and whether they are up to date. If you
are lacking in a firewall or antivirus, or if they are simply not
running, the WSC advises you of the situation. However, as anyone who
pays attention will know, when you first install such applications,
they are *never* up to date and should be updated immediately. One
result of this combination of affairs is that while installing such
apps, the new Windows Security Center may warn, repeatedly, that the
programs are not up to date. Symantec and McAfee consider this
detrimental to the "user experience"--and in a way, I can't blame
them. It *is* disconcerting to get repeated warnings that you aren't
protected while you are in the very act of installing protection.

Norton solves this by deliberately disabling Windows Security Center
during installation (which makes one wonder about the architecture of
Windows Security Center, doesn't it?) McAfee changes the dates of
certain files to "now" as they are copied into the system. This
convinces Windows Security Center that there is now up-to-date
protection installed and it keeps quiet. However, apparently, the
antivirus app now thinks it's up to date, also, and may not initiate
an update, leaving the user with a very out of date antivirus until
sufficient time has passed and it then updates. Or perhaps it still
initiates an update during the normal course of installation, but in
many cases this isn't feasible due to the system not being able to
connect to the internet. I don't know the particulars.

For myself, the most alarming thing about this whole affair is that
the Windows Security Center *can* be disabled by any means other than
user intervention. Makes it rather useless, don't you think? Plus,
McAfee's methods would tend to leave a user with a false sense of
security between the time of installation and the first actual
update. Judging by the usual amount of time that such apps consider
reasonable between updates (a horribly long time in my opinion), a
person could be running several days without real antivirus
protection and not realize it.

Of course, this has always been the case--automatic updaters are
famous for failing in their duties, especially where the systems
aren't connected to an always-on internet connection, or are used
sporadically for relatively short periods of time, or simply being
inadvertently disabled. This is why Windows Security Center was
developed. And this is why I always admonish users to *check* that AV
and Firewall is running when they startup and periodically throughout
the day, and that they run the updater(s) manually, on an at *least*
daily basis. These are habits that should be as deeply ingrained as
checking your rear-view mirrors regularly while driving.

Great Post Gary!


The best computer security is like safe sex, only you can protect
yourself and your computer through your own vigilance.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Ken Gardner]

One result of this combination
of affairs is that while installing such apps, the new Windows Security
Center may warn, repeatedly, that the programs are not up to date.
Symantec and McAfee consider this detrimental to the "user
experience"--and in a way, I can't blame them. It *is* disconcerting to
get repeated warnings that you aren't protected while you are in the
very act of installing protection.

Norton solves this by deliberately disabling Windows Security Center
during installation (which makes one wonder about the architecture of
Windows Security Center, doesn't it?)

Symantec's explanation, as I remember it, seems to be that it is a
security risk for its products to report their status to windows
Security Center. But you make a good point anyway.

Ken

 

[Gary S. Terhune]

If you look at the Q&A posted by Paul, you'll see that it's rather the
opposite: They don't report their status to WSC until you apply the
update that provides for the exception of WSC form the general rule. The
general rule is to obscure its status from malicious code. I'm still at
a loss to understand how that could be a problem. What, the code is
going to see that Norton is up to date, tuck its tail between its legs
and run the other way?

 

[Ken Gardner]

If you look at the Q&A posted by Paul, you'll see that it's rather the
opposite: They don't report their status to WSC until you apply the
update that provides for the exception of WSC form the general rule. The
general rule is to obscure its status from malicious code. I'm still at
a loss to understand how that could be a problem. What, the code is
going to see that Norton is up to date, tuck its tail between its legs
and run the other way?

I'm not a Symantec basher, but if I was, I might respond to the effect
of "well, this system already has Symantec installed -- what can be
more malicious than that?"

Ken

 

[Gary S. Terhune]

I have to admit that I *am* a Symantec basher, and while I agree with
the sentiments, but I can't say things like that too often--people might
take me less seriously, <g>.

 

[Haggis]

I have to admit that I *am* a Symantec basher, and while I agree with
the sentiments, but I can't say things like that too often--people might
take me less seriously, <g>.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

I can easily say that I don't like any of the retail
products(symantec/norton) ....BUT I run SAV corp edition which updates
itself and pushes definitions to clients...all set to by my schedule. I've
disabled security center on XP because it was annoying and I think I can
handle my own security without Windows help :>.

 

[Charles C. Drew]

This is the main reason I use the following products on my machine.

1) Symantec Anti-Virus 2002 (doesn't have any of the described fatware that was added to the newer versions. Works great with low CPU utilization.).
2) BlackICE PC Protection v3.6 (Intrusion detection software. Very easy to install, configure and use. It automatically detects hacker attacks and blocks all traffic from them. Again, no problems and low CPU utilization).
3) AdSubtract Proxy server v3.0 (Special software that can block pop-ups, banner adds, contextual ads, ad-server and profiling cookies, windows messenger pop-ups, animations, background sounds, flash, and external JavaScript. It also seems to thwart some html basked viruses and spyware as a result).
4) A hardware firewall (the more protection the better, I say).

There are also some corrections to be made to the comments thus far.

Microsoft's SP2 security features are designed for 3rd party applications like anti-virus, firewall, etc. software to be able to turn off and on. That is a Microsoft feature. Unfortunately it also allows viruses and spyware to do the same thing. This is the main reason I wouldn't recommend relying on Microsoft's SP2 security feature to protect you.

One other note: I don't personally believe that firewall software that monitors programs running on your machine and prompt you if they should be accessing the internet are very secure or reliable. The problem with them is that they rely on the user to make this decision, "should this program or that be allowed to access the internet?" The problem with this is most users cannot answer that question if they are unfamiliar with the program in question. Worst yet, most users would just answer yes thinking that must be a part of the program I'm currently using.

In order for these firewall programs to be reliable, they really need to have a list of programs that should be blocked and that list needs to be constantly updated, just like virus lists for anti-virus programs.

You are most welcome. Please feel free to share the stories with others and
warn them of the dangers of McAfee, Symantec, AOL and other programs that
disregard Windows by installing a bunch of unneeded junk to the computers as
well as trashing the registry. As I have tried to show here, it is not
always Microsoft who is responsible. Sometimes it is the fault of other
companies. Have a great night!

: Dan! Thank you, thank you, thank you! ! !
:
: I was experiencing so many problems I was about to trash my machine and
load
: a disk-shaped hand grenade into the CD slot! Figured out it was Symantec's
: stuff causing it all! Unloaded all their stuff and now everything runs
great!
:
: Thanks for the tip!
:
: "Dan" wrote:
:
: > Yahoo's tech Tuesday has some interesting stuff and here it is:
: >
: > http://news.yahoo.com/techtuesday/
: >
: >
http://story.news.yahoo.com/news?tm...cworld/119666&cid=1093&ncid=1730&sid=96089681
: >
: > Microsoft Window users need to apply latest patches due to hackers taking
: > advantage of released information in above article.
: >
: >
http://story.news.yahoo.com/news?tm...tc_techtues_pcworld/119627&cid=1740&ncid=1729
: >
: > Microsoft Window users need to be aware that McAfee and Symantec (aka
Norton)
: > products can disable advanced security features of XP SP2. I advise
users to
: > rid their operating systems of these terrible products and use other
means to
: > protect themselves in the on-line world.
: >
: >
: >

 

[Ken Gardner]

You are most welcome. Please feel free to share the stories with others and
warn them of the dangers of McAfee, Symantec, AOL and other programs that
disregard Windows by installing a bunch of unneeded junk to the computers as
well as trashing the registry. As I have tried to show here, it is not
always Microsoft who is responsible. Sometimes it is the fault of other
companies. Have a great night!

Words to live by.

Ken

 

[Rick Chauvin]

This is the main reason I use the following products on my machine.

1) Symantec Anti-Virus 2002 (doesn't have any of the described fatware that
was added to the newer versions. Works great with low CPU utilization.).

[...]
That's just not true, 2002 absolutely is the first version With all the added
anti theft extra modules fatware that is and has been included with every
version since and including 2002 that has plagued millions of users
penalizing them at every turn; just notice all the extra running processes.
Consider yourself lucky so far, you have no idea.

I will say that the Norton AV (stand-alone) 2001 version is their greatest
accomplishment, however it's too bad it will not work properly with WXP.
[...]

 

[Gary S. Terhune]

I've been attending this group since early 1999--and Norton AV has
*always* been problematic during that entire time. So has McAfee. So has
PCCillan. Problematic in the sense that they caused problems. Back when
Norton 2000, and then 2001, came out, people were saying the same things
about those versions compared with past solutions that you guys are
saying about newer versions now.

Whereas other solutions, like InoculateIt Personal Edition (which became
eTrust EZAV), AVG and AVAST may have had problems with automatic
updating or other minor issues, but they *never* interfere with the OS.

The only reason Norton and McAfee still exist in the "home" versions is
that they have long had deals with the major computer vendors such that
they come preinstalled.

 

[BBUNNY]

These blurbs about Norton/Symantic were appearing frequently as far
back as W98 Platform Preview Edition. I gave up on Norton when I
was using MSDOS 6.22.

Gary S. Terhune wrote:
| I've been attending this group since early 1999--and Norton AV has
| *always* been problematic during that entire time. So has McAfee. So
| has PCCillan. Problematic in the sense that they caused problems.
| Back when Norton 2000, and then 2001, came out, people were saying
| the same things about those versions compared with past solutions
| that you guys are saying about newer versions now.
|
| Whereas other solutions, like InoculateIt Personal Edition (which
| became eTrust EZAV), AVG and AVAST may have had problems with
| automatic updating or other minor issues, but they *never* interfere
| with the OS.
|
| The only reason Norton and McAfee still exist in the "home" versions
| is that they have long had deals with the major computer vendors such
| that they come preinstalled.
|
|
| ||
|| ||
|| This is the main reason I use the following products on my machine.
||
|| 1) Symantec Anti-Virus 2002 (doesn't have any of the described
|| fatware that was added to the newer versions. Works great with low
|| CPU utilization.).
||
|| [...]
|| That's just not true, 2002 absolutely is the first version With all
|| the added anti theft extra modules fatware that is and has been
|| included with every version since and including 2002 that has
|| plagued millions of users penalizing them at every turn; just notice
|| all the extra running processes. Consider yourself lucky so far, you
|| have no idea.
||
|| I will say that the Norton AV (stand-alone) 2001 version is their
|| greatest accomplishment, however it's too bad it will not work
|| properly with WXP. [...]