Norton Blows up my application!

[gregory_may]

I am developing an application that I would like to distribute on CD.

Norton blows it up very badly. Is there some API I can talk to let Norton
know I am ok?

 

[Cor Ligthert [MVP]]

Gregory,

Can you tell us what Norton product is blowing up your application.

Or is it even that classic motorcycle.

Cor

 

[Herfried K. Wagner [MVP]]

I am developing an application that I would like to distribute on CD.

Norton blows it up very badly. Is there some API I can talk to let Norton
know I am ok?

What doesn't work?

Maybe turning off buffer overflow protection will solve the problem.

 

[gregory_may]

I have built a Computer Management Application. I have a service that needs
to interact with the desktop.

When I install, it appears that Norton AntiVirus prevents my service from
"interacting with the desktop". After the install has occurred, I can
manually enable "Interact with Desktop", but if I enable Norton, my service
stops working with the desktop.

It may be that the "Blade Runner" component of Norton is the offending piece
(I am still looking into it).

I was hoping for some kind of AntiVirus API (Like with the Microsoft
Firewall) or developer assistance forum from Symantec?

Any help is appreciated!

 

[C-Services Holland b.v.]

It may be that the "Blade Runner" component of Norton is the offending piece
(I am still looking into it).

I was hoping for some kind of AntiVirus API (Like with the Microsoft
Firewall) or developer assistance forum from Symantec?

Any help is appreciated!

You're looking for an API to tell Norton not to check you or block you?
In essence you want to tell Norton to ignore your program completely and
let it do it's job.

I can tell you right now there is no such API. Think about it. If there
were such an API, that would give virii writers an excellent opening to
bypass and effectively take out Norton without a hitch.

Hmm are you saying there is an API to talk to the MS firewall to open up
ports? That would render it useless since it would defeat the whole
purpose of a firewall.

 

[Andrew Morton]

C-Services Holland b.v. wrote:
....

I can tell you right now there is no such API. Think about it. If
there were such an API, that would give virii writers an excellent
opening to bypass and effectively take out Norton without a hitch.

Hmm are you saying there is an API to talk to the MS firewall to open
up ports?

For a start, at a command prompt, enter netsh firewall

There appears to be lots of info in the WS2003 Platform SDK.

That would render it useless since it would defeat the whole purpose of a
firewall.

Well, it has to be configurable from somewhere...

Andrew

 

[gregory_may]

Adding my app to an exception list seems reasonable ... as long as a clear
dialog pops up that requires user intervention.

Here is the URL for the windows firewall:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ics/ics/using_windows_firewall.asp

 

[gregory_may]

Norton may be doing its job, but its doing the wrong job. Its a shame I
must disable parts of Norton to let my application work properly.

Which is the lesser evil? Ask the user to make an exception for my program
or disable parts of their virus protection?

 

[C-Services Holland b.v.]

C-Services Holland b.v. wrote:

For a start, at a command prompt, enter netsh firewall

There appears to be lots of info in the WS2003 Platform SDK.

I see. Looks like you can add programs on the command line.

Well, it has to be configurable from somewhere...

Andrew

Well I would hope that it could only be done by the firewall software
itself (Norton in this case). Think of a trojan that infects your
computer, detects norton and just adds itself to the allowed lists.
That's what I had the firewall for in the first place.
If any program can just grant itself rights that would constitute a
serious security flaw IMO.

This is btw one of the major reasons I am in favor of a seperate
firewall (i.e. not one that is running on the computer I'm using). Then
no program on my PC can alter the firewall settings.

 

[Cor Ligthert [MVP]]

Rinze,

In my opinion is given any answer in this thread wrong.

Discussions how a viruschecker can be ignored can be read by people who want
wrong in future by searching on Google or whatever.

Just my opinion

Cor

 

[m.posseth]

Well i am currently in a simular "Norton" situation as my current project is
a remoting project and needs to comunicate on several ports

i will just detect that no comunication was possible ( because of the
settings in Norton ) explain this to the user , in a nice dialog and help
them with instructions to give my app the apropriate rights
in this way the user is involved in the process and he / she must explicitly
grant my program the apropriate rights , i believe that this is the only
good way .... however it would be verry easy to just kill the Norton parts
that are bugging me ( i could just kill the processes ) however with this
method i could set the users system potentially open for atacks from outside
.....


As i said write a good manuall on how to grant your proggy the apropriate
rights


example on how you might do something like this ( this is something i made
for popup blockers on a website )
set your popup blocker on and try to access this website ( text is swedish
sorry
http://www.bildelskatalogen.se/

something like this should be made in your winforms program ,

regards

Michel Posseth [MCP]

Norton may be doing its job, but its doing the wrong job. Its a shame I
must disable parts of Norton to let my application work properly.

Which is the lesser evil? Ask the user to make an exception for my
program or disable parts of their virus protection?

 

[Jim Underwood]

On my system at home I have norton installed and whenever a new application
tries to access the internet Norton prompts me whether or not to allow the
application access. It seems to me that there must be some sort of
interface that allows the application to describe itself to Norton (and
other security tools) so that the user can get an informative prompt rather
than the app mysteriously failing for no reason.

I think the question should be, is there a way to explicitly request
permission from Norton so that Norton gets the user involved up front?
Maybe it depends on how you sign your code?

Programatically bypassing Norton would not be an option for obvious security
reasons, but providing some sort of user friendly communication would make
sense.

Does anyone have any idea how to accomplish this?

Well i am currently in a simular "Norton" situation as my current project is
a remoting project and needs to comunicate on several ports

i will just detect that no comunication was possible ( because of the
settings in Norton ) explain this to the user , in a nice dialog and help
them with instructions to give my app the apropriate rights
in this way the user is involved in the process and he / she must explicitly
grant my program the apropriate rights , i believe that this is the only
good way .... however it would be verry easy to just kill the Norton parts
that are bugging me ( i could just kill the processes ) however with this
method i could set the users system potentially open for atacks from outside
....


As i said write a good manuall on how to grant your proggy the apropriate
rights


example on how you might do something like this ( this is something i made
for popup blockers on a website )
set your popup blocker on and try to access this website ( text is swedish
sorry
http://www.bildelskatalogen.se/

something like this should be made in your winforms program ,

regards

Michel Posseth [MCP]

 

[C-Services Holland b.v.]

Rinze,

In my opinion is given any answer in this thread wrong.

Err what?

Discussions how a viruschecker can be ignored can be read by people who want
wrong in future by searching on Google or whatever.

Just my opinion

Cor

No, let's all just hush it up so Symantec won't see any reason to fix
this (if it is indeed a seurity flaw, haven't actually tried to do it
since I refuse to use Norton). It's not like someone is telling someone
which file to hack or what process to kill. No, we're talking about
BUILT IN features. No hacks, no cracks, no reverse engineering or
whatever illegal activity.

IMO there is no reason not to talk about serious flaws like this. If
anything it can make people aware of the dangers of the software they're
using and look into their security. This may lead them to update their
software of even change vendors.

And that's just my opinion

 

[Cor Ligthert [MVP]]

Rinze

My idea is that hackers use flaws like this and we it better be discussed by
email and not in an open searchable newsgroup. (There can come advices that
people have set certain filters off).

However feel free what you want to do, it was only meant as a warning for
that.

What is of course just *my* opinion



Cor