Why you should never buy Symantec / Norton products

[Mike T.]

Interesting how no one posts any of the viruses missed by NAV . . .

-g

Well I didn't think to write any of them down at the time. But one of them
I remember was WIN32:CTX. Norton knows this one by a different name, but
somehow let it get (and stay) on the hard drive anyway. There were many
other viruses and trojans that Avast! and AVG found, that Norton Internet
Security 2006 had either not found, or ignored. But they all had such
strange names that the only way I would have remembered them was to write
them down.

But while Avast! was scanning, all I had time to do was hit the '1' key
repeatedly. I eventually got tired of constantly banging on the '1' key and
hit '2' instead (delete all). Even then, I had to constantly click OK,
because it would warn me that the file infected was in a system folder.

I only remember win32:CTX as it was one of the first viruses that was
caught, and it has a relatively short name, easier to remember.

If I think of it later (I'm not home now), I'll try to find log files in AVG
and Avast! and post the list (it's a long one) of the shit that Norton
Internet Security 2006 missed. -Dave

 

[Mike T.]

Excellent point. They won't post a list of what Symantec missed
because Symantec didn't miss anything.

Sy

Wrong!!! I didn't post the list, as I didn't think to write them down, at
the time. As I wrote earlier, when I get home, I'll see if I can find the
logs of Avast! and AVG, and post the *long* list of shit that Norton
Internet Security 2006 missed/ignored/never found. -Dave

 

[M Berger]

I think he was referring to Packard Bell, the electronics
manufacturer from the 1940's and 50's, which made very high
quality products.

 

[M Berger]

We ran into this situation -- the Norton software SAID
it was updating regularly but the updates apparently
never took effect.

 

[Mike T.]

We ran into this situation -- the Norton software SAID
it was updating regularly but the updates apparently
never took effect.

Norton obviously has other problems, though, even if it's kept up to date.
I was reading the description of one of the viruses that norton missed, and
according to the virus database information, it was first identified years
before Norton Internet Security 2006 was released. So obviously an update
wouldn't have helped Norton find that one. -Dave

 

[Davy]

How secure is Symantec then...

The tool used to update the virus definitions in Symantec'

antivirus products has a security hole that can allow hostile code t
be downloaded to PCs, according to the German hacking grou
Phenoelit

LiveUpdate, the software used by Symantec's antivirus software t

automatically update virus protections when updates become available
has flaws in both the 1.4 and 1.6 versions that allow for the attacks
Phenoelit says. When LiveUpdate 1.4 looks for updates, it attempts t
connect to a specific server at Symantec, the group said. Tha
connection, however, can be hijacked using a number of Domain Nam
Server attacks and rerouted to the server of the attacker's choic

For full details see-
http://www.pcworld.com/news/article/0,aid,65744,tk,dn101101X,00.as

and..... http://isc.sans.org/diary.php?storyid=72

iDEFENSE Labs has notified Symantec about a remotely exploitabl

buffer overflow vulnerability in the Symantec AntiVirus Scan Engin
that can allow remote attackers to execute arbitrary code. Th
iDEFENSE Advisory says "A remote attacker can send a speciall
crafted HTTP request to the administrative Scan Engine Web Wervice o
port 8004 to crash the service or execute arbitrary code.

Guess what NIS2006 still 'has' flaws... so why hasn't they bee
fixed..

I ditched NIS2005 8 months after purchase after corrupt downloa
files.... I repaired, repaired and re-formatted 3 times, yes I use
previous Nortons with fair success...

Suppose to be a security suite isn't it...?? Never been the sam
since Symantec took over from Peter Norton

Dav

 

[David Maynard]

That is the main beef I have with Norton/Symantec. Their suites just hog too
many resources.

I tend to agree, even though I use it.

If you uninstalled NIS with the uninstaller, I doubt you
uninstalled all the registry entries left behind unless you did them
manually or ran Symclean. Even Symclean leaves some behind but removes most.

That's true of most programs. They almost all leave registry entries.

In some cases it may be from entries added during the course of operation
that the installer doesn't know about. In others it might be considered a
'feature' to save settings so they're there when you 'change your mind
again' (who knows?). In that case of NAV I suspect at least one motive is
to reduce the chance of "my 1 year subscription expired so remove and
reinstall... poof, neato, 1 year again."

 

[Guest]

Like my VA records......

As I understand it, the Veterans Adminstration records incident
didn't involve any "hacking," but was, rather, a physical theft
of a laptop. The perp probably didn't have any idea that the
data was more valuable than the hardware.

 

[Don Freeman]

As I understand it, the Veterans Adminstration records incident
didn't involve any "hacking," but was, rather, a physical theft
of a laptop.

..
Most of the recent ID thefts have been through stolen laptops and not some
"evil genius hacker" yet there is no public outcry over the stupidity of
putting sensitive public data on an easily transportable machine. Yet let
one teenage whiz break into any computer and the media riles up the public
with tales of hackers stealing our lives from us.

 

[Ken Knecht]

.
Most of the recent ID thefts have been through stolen laptops and not
some "evil genius hacker" yet there is no public outcry over the
stupidity of putting sensitive public data on an easily transportable
machine. Yet let one teenage whiz break into any computer and the
media riles up the public with tales of hackers stealing our lives
from us.

What I will never understand is why companies do not make it a rule that
all sensitive information be encrypted, especially on servers connected
to the internet and laptops. They seem to never learn. When's the last
time you heard that stolen info was well encrypted? The VA info evidently
was not encrypted either. Every week a new data loss.


--
Untie the two knots to email me

A politician thinks of the next election;
a statesman, the next generation.

James Freeman Clarke

 

[Guest]

What I will never understand is why companies do not make it a rule that
all sensitive information be encrypted, especially on servers connected
to the internet and laptops.

For the same reason that consumers would never agree to encrypting their
purchased music CD's so that the event of theft of the CD, the thief can't
fileshare the music and open it up to piracy by millions. They don't give a
shit about the rights of owner of the data on the CD, only their own
convenience. And in the VA case, you don't even own the data.

In any case, the real solution is for the credit and banking industry to
stop using SSN's as ****ing passwords. 100% elimination of data compromises
is not going to happen - there are a gazillion points of failure. The only
solution is to make that data worthless.

 

[ameijers]

(snip)

What I will never understand is why companies do not make it a rule that
all sensitive information be encrypted, especially on servers connected
to the internet and laptops. They seem to never learn. When's the last
time you heard that stolen info was well encrypted? The VA info evidently
was not encrypted either. Every week a new data loss.

Well, actually, in Federal World where I work, that <is> the policy. I'm not
gonna claim the policy is enforced, however. The geek term, 'data at rest'
is supposed to be encrypted or access-locked via PKI hardware key, if
privacy act info is involved. (Much less classified, of course, where the
policies are enforced in an Alice-in-Wonderland sort of way.) And just as a
point of information, storing stuff encrypted <is> a major and expensive
PITA, especially using PKI keys with a shelf-life. Once the key dies, unless
you did the housekeeping in time, you can't get to the data. The recent
embarrassments could have been minimized if they had enforced basic
housekeeping concepts like 'least privilege' and keeping sensitive data
inside the perimeter. If teleworkers need to touch sensitive data from home,
you leave the data inside the perimeter, and they work on it over a VPN.
That way, even if the company laptop gets compromised or stolen, the volume
of sensitive data at risk is kept to a minimum. VA canned the employee
involved- big suprise- but IMHO they should also have canned a few people in
the IA shop there for allowing such sloppy procedures.

aem sends...

 

[nobody]

Packard Bell, the computer brand, was never great, they were always
about the bottom of the barrel, but at least they were cheap. But no,
they don't exist any more. They were bought up in the early-to-mid '90s
but NEC, which then itself went mostly out of the PC business.

YMMV on that. PB's 808x's, 286's and early 386's weren't bad at all.
Their late 386's started the trend to crappiness that was fully and
totally crapola by the time of 486's. PB was supposedly the company
responsible for Intel 486SX cpus.

 

[nobody]

On a anti-virus program "most" does not cut it. Especially when there are
FREE (read, FREE) programs that do a better job. Why am going to pay 50
dollars a year for Norton when someone gives me something that works better
for free, and I CAN UNINSTALL IT.

Sounds like AVG or Avast! to me. (I'm happy with both.)

 

[nobody]

Yeah. It's crazy. If you managed to uninstall Norton, you're doing
better than I could. The last system I looked at, I basically told
the person, I can't get this off, and it is the problem, so the only
solution I know is to back up your data so I can purge your drive and
start over. She decided to muddle through.

Charlie

http://service1.symantec.com/SUPPOR...88256b81007b7487?OpenDocument&src=bar_sch_nam

(or http://makeashorterlink.com/?N20F12B5D )

Somewhere on Symantec's site is an uninstall utilty that's *supposed* to
do all of this.

 

[coolsti]

And how much did the helpful "mom's boyfriend" spend on that worthless
Norton software? I don't want to know. -Dave

Several comments pop into my head:

1) Any software that becomes widely used will be more prone to being
cracked and hacked by malicious people. Norton is very popular, like
Windows, and so there are sure to be attempts to hack it.

2) Norton or any anti-virus can only recognize malicious software once
that software is known to the anti-virus application, e.g. through daily
online updates. Clearly someone who figures out how to hack Norton to
ignore future trojans and viruses can do this in the short window of time
before Norton&Co. discover it and make a patch to fix it.

3) Norton is a fine product for computer security, and I use the
anti-virus on one of my computers at home. But I hate any application that
tends to take over the operating system and make it nearly impossible for
you to interfere with it, e.g. shut it off so online updates do not
interfer with your online gaming battles. And I hate any application that
does not allow itself to be removed from your system cleanly (one of my
worst nightmares was Roxio CD burner software version 7 - never never
again!).

I don't think one should avoid Norton, but Norton should be used with
care. And alternatives exist. Less irritating ones at that. Norton&Co.
(Symantec) should also be aware that their applications are "guests" on
the hosting computer, and do not "own" the computer, and should behave
accordingly.

/Steve

 

[Bill]

1) Any software that becomes widely used will be more prone to being
cracked and hacked by malicious people. Norton is very popular, like
Windows, and so there are sure to be attempts to hack it.

Norton products are often available for free after rebates
(another topic), so it' svery possible that he didn't pay
anything for it other than sales tax (assuming the rebates show
up).

Also, Norton products have to be activated and come with an
activation key. I guess it's possibly (maybe even likely) that
there is a way to crack that, I think it's more likely to have
been purchased.

Bill

 

[Jure Sah]

coolsti pravi:

Several comments pop into my head:

1) Any software that becomes widely used will be more prone to being
cracked and hacked by malicious people. Norton is very popular, like
Windows, and so there are sure to be attempts to hack it.

There are many other programs which may not be sold as much, since they
are free, and are far more popular than Norton and they are not nearly
as exploited as Norton AV.

2) Norton or any anti-virus can only recognize malicious software once
that software is known to the anti-virus application, e.g. through daily
online updates. Clearly someone who figures out how to hack Norton to
ignore future trojans and viruses can do this in the short window of time
before Norton&Co. discover it and make a patch to fix it.

One word for you: Heuristics.

--
Primary function: Coprocessor
Secondary function: Cluster commander

http://www.thought-beacon.net

Pay once per lifetime webhosting:
http://farcomm-it.com/?ref=jsah

We are the paragon of humanity. You may worship us. From afar.

01010010 01100101 01110011 01101001 01100100 01100101 01101110 01110100
01000010 01000001 01010011 01001001 01000011

 

[Jure Sah]

I had a similar experience.

Once been fixing my halfsister's computer from viruses. It was in 2005
and she had the Norton AV/firewall 2005 suite thingy. Regularly updated
(some of the updates I monitored myself to ensure they progress without
a problem).

She only invited me to fix the computer once it was crawling with
trojans so hard it was impossible to use. Norton was in it's standard
configuration, with daily scanning and all, so no excuses on that part.

I have been going trough my usual procedure of removing the infestation
manually, which I do always when an antivirus that a client has
installed is not removing the problematic viruses (we have Sophos AV at
work, so I'm pretty much used to AVs that might as well not be installed
at all). At that point, the Norton Firewall thingy was blocking valid
programs like hell, the programs had to be added and re-added over and
over again. And I have used every technique I know of to block the
websites that trojans downloaded themselves from, including using
Norton's own features, but Norton just kept on removing whatever it was
I did and reinstating the settings provided by the trojans.

I figured I was fighting a loosing battle, so I tried removing Norton.
The Norton programs, atho from a single software package were all over
the Add/Remove Programs menus and kept complaining about which program
to uninstall first. Finnaly I figured out that the program I was
supposed to uninstall could not be removed because of some kind of error.

I FireFoxed a little bit around the web and downloaded the Norton
removal utility. It worked, I was only a reboot away from removing this
really helpful AV program. Upon reboot there was a substantial increase
in the computer's speed. Note that at this point I had not removed the
trojans yet, but the system was still much faster than with Norton. (In
other words, Norton uses up more resources than a swarm of tojans.)

I installed AntiVir, from that German red-umbrella company (a free
antivirus program) and Lavasoft's Ad-Aware and within a few scans and
reboots, the system was as clean as new, not to mention much faster than
with Norton. Kept on going without a firewall for the few months until
my sister brought a hardware firewall / router and never had any
problems since.

Call this anecdotal evidence or not, I very much know that if a suite
that was supposed to provide all-round protection gets compromised like
this so easily, it isn't worth shit. I have never ever seen an
anti-virus / firewall package help viruses propagate and prevent the
user from installing fixes like Norton does.

Saying the government uses it doesn't help the cause. I believe the
entire Italian government got porn-infested one pretty day when a
certain scriptkiddie decided to try out his latest kit. And the
government here all uses Sophos, which isn't worth much either as far as
I've seen (get about 5 computers to clean up per 1 alert of virus
detected in the network).

Saying Norton is at all a useful piece of software is a bit like saying
"Format C:" is a good remedy for hardware problems. It takes a fair
amount of ignorance to see that as a truth.

--
Primary function: Coprocessor
Secondary function: Cluster commander

http://www.thought-beacon.net

Pay once per lifetime webhosting:
http://farcomm-it.com/?ref=jsah

We are the paragon of humanity. You may worship us. From afar.

01010010 01100101 01110011 01101001 01100100 01100101 01101110 01110100
01000010 01000001 01010011 01001001 01000011

 

[Jure Sah]

itemyar pravi:

No, I'm here too, and I like Norton, especially Norton System Works!

"Norton System Works" is an oxymora.


--
Primary function: Coprocessor
Secondary function: Cluster commander

http://www.thought-beacon.net

Pay once per lifetime webhosting:
http://farcomm-it.com/?ref=jsah

We are the paragon of humanity. You may worship us. From afar.

01010010 01100101 01110011 01101001 01100100 01100101 01101110 01110100
01000010 01000001 01010011 01001001 01000011