Microsoft Anti-Spyware Removes Norton Anti-Virus

An anonymous reader writes "According to a story over at Washingtonpost.com, the latest definitions file for Microsoft's Anti-Spyware beta flags Symantec's Norton Antivirus products as a password-stealing trojan and prompts users to delete portions of the program. Users who follow the instructions hose their installation of Norton, requiring delicate Windows registry edits and a complete removal/reinstall of Norton. Microsoft's support forum is quickly filling up with complaints about this problem, many from businesses that have been pretty hard hit. This should be a cautionary tale about deploying beta products in production environments."

Discussion Link

[Mz6]

Here's a link to the actual discussion. Looks like this has been corrected with the latest definitions.

But what if

[ImaLamer]

Microsoft knows something we don't?

Norton/Symantec hasn't always been nice (are they now?) - remember when Norton Utilities couldn't be removed on DOS installations? The only option was to totally format the drive and start over. I know people who won't even try Norton/Symantec products after all of those years because of these types of problems.

This should be a cautionary tale about deploying beta products in production environments.

Why even use Anti-Spyware when Norton Anti-Virus (corporate edition at least) can detect and remove spyware in real time?

Re:But what if

[miffo.swe]

Frankly i dont remember having any troubles uninstalling Norton Utilities on dos. If you had used the drive compress feature you had to revert the disk back to its old uncompressed state before you uninstalled that feature but other than that it wasnt any problems uninstalling it.

Re:What problem?

[dynamo52]

Seriously. Considering how good NAV is at sucking up memory and CPU cycles, the only way anyone probably noticed was when their computer suddenly seemed much smoother and more responsive.

I agree. I am a computer services provider for mostly home users and I often find NAV and internet tools to be single greatest contributor to draining system resources. I usually recommend disabling NAV, using safe internet practices, and scanning weekly or if there appears to be a problem.

Have you actually verified this is true? Anyone?

[mschuyler]

I run both on XP Pro. They (and XP) are both completely updated. They both still "work." Microsoft did not flag NAV or any of its parts. NAV still "works." Yet another excuse to dump on MS. Doesn't matter if it's true or not. And the CIA invented and spread AIDS, too.

Norton isn't as bad as McAfee...

[michaeltoe]

... but a lot of older systems get hit hard by virus protection overhead. Machines with less than 256mb of RAM are pretty much dead in the water. I personally use a free version of AVG, and only run it once a month or so. I'm not running a business out of my home, and viruses don't usually cause me any trouble.

Re:What do you really expect it to do?

[Baricom]

I would wager that if you took two identical PC's, installed Norton Internet Security on one, and AVG Free Edition, Sygate Personal Firewall (R.I.P.), and Ad-Aware on the other, you'd find that the latter computer is just as protected and runs substantially faster than the Norton-infected one.

The first step I take when I'm working on somebody's computer is to remove Norton and install these replacements. Most people are shocked that their computer runs as fast as it does, especially considering that many of these people have always had Norton installed because it came with their computer.

Just because these products must use continuous system resources doesn't mean they need all of them. That would kind of defeat the purpose of having a computer.

Faster way to clean up Norton

[TheGSRGuy]

If MS Antispyware wipes out your Norton install, the fastest and easiest way to clean out Norton to prepare for a reinstall is with Symantec's Norton Removal Tool, aka SymNRT. It's available for free from their website and is designed for situations like this where the install gets corrupted and you can't remove it.

The tool removes every trace of Norton from your system. It does a better job than the normal uninstaller.

Re:What do you really expect it to do?

[Baricom]

The first problem I see with your experiment is that you're comparing software that offers vastly different capabilities. Some do more than others, for instance. Like I said, some include email scanning, while others don't. Some include firewall capabilities, while others don't.

I'm sorry that I wasn't clear. I meant that running all of those products in memory simultaneously is better for performance than running Norton in memory.

Second, you're trying to give a quantitative value to something that is qualitative. What metric do you use to measure the vulnerability of a particular PC? Sure, you can throw a certain amount of malicious software at it, but that's not a realistic test.

The measure is simple - which computer protected with its respective packages and attached directly to the network will be infected by a worm or hacked by a malicious user first? If you re-read my comment, you'll find that I said that both computers will be "just as protected." If both computers will be equally difficult to penetrate, why waste the extra memory and CPU on Norton?

But it's not really a beta...

[vudufixit]

This was a full product called Giant Anti-spyware that MS acquired.
"Beta" is their term.

75% of my private client calls involve removing malware, and the MS product
is a champ at this task.

MS antispyware gives you a summary screen that breaks down each item it found,
assigns it a perceived threat rating, and gives you the choice to "Remove, Ignore, Quarantine."

So, anyone watching with any degree of care should notice that Norton was one of the choices
and simply select the "ignore" option.

Personally, I haven't seen this happen myself.

I agree with many other posters that Norton isn't that great of a product.
I've noticed their firewall suddenly,without provocation, start blocking
all websites.

I've also noticed their antivirus turn itself off for no reason, never
to be turned on again. Reinstalling is often interesting, since even the
least little trace of the product prevents an install/reinstall, but it
almost never uninstalls cleanly.

Re:But it's not really a beta...

[The_Systech]

I actually got called out to a client this afternoon specifically to deal with this issue. It actually is more difficult than you think to recognize. From what I saw on his PC it actually wasn't picking up any of the files. It was registry keys. Unless you are specifically aware of the fact that Symantec Corporate Edition uses the Intel LanDesk registry keys you wouldn't have recognized it. Additionally once you ran it once, it automatically removed a few of the registry keys without even prompting. My client had stopped at the screen where it was showing that it had detected it and was asking what to do with it. Symantec was already broken. The registry keys that were removed were involved with the licensing. I had to perform the manual uninstall-Reinstall proceedure in order to get Symnantec back up and working. Apparently this was only the Feb 10th, definitions. He only had the problem on one PC, it had Feb 10th definitions. He had another that had already updated to February 11th, and it didn't have this problem. Additionally after I had fixed the issue on the PC that was effected I forced the update to the Feb 11th defs, and reran the scan. It no longer detected the Registry keys as the virus.

MS Fixing Issues

This was only a problem with MS AntiSpyware update 8505. The next update 8507 fixed the issue.

Re:AVG

You should really check out Eset's Nod32 http://www.nod32.com/home/home.htm and their success rate on Virus Bulletin (the de-facto standard in AV testing) http://www.virusbtn.com/vb100/archive/results?vend or=VE14
login&passwd: lazyboy05 (from bugmenot.com)

for a quick summary of VB 100% results for "major" AV vendors:
Eset (nod32): 36 Success / 3 Failure / 5 No Entry
Symantec: 30 Success / 7 Failure / 7 No Entry
Trend Micro: 13 Success / 7 Failure / 24 No Entry
Kaspersky: 31 Success / 13 Failure / 0 No Entry
McAfee: 24 Success / 18 Failure / 2 No Entry
Panda: 1 Success / 3 Failure / 40 No Entry
Alwil(Awast): 16 Success / 19 Failure / 9 No Entry
Grisoft(AVG): 11 Success / 21 Failure / 12 No Entry
F-secure: 21 Success / 12 Failure / 11 No Entry
Sophos: 31 Success / 12 Failure / 1 No Entry

Nod32 not only has the best detection engine, its the fastest AV too! ..sorry if Im too exited about this particular product, but it just wipes the floor with "the best" you've found. ..and all the other competition :))

Re:What problem?

[spectre_240sx]

Well that's not surprising considering NAV runs at least 14 processes. I think it might be 15 including that glorified advertisement they call Norton Protection Center.

We're still selling it at the shop that I work at. I'm not sure why... We recommend AVG Free for most people, but for business users we sell NAV.

NOD32

[MaineCoon]

I have found NOD32 to be a far superior product to Norton and Mcafee (not that it's hard to be a superior product)... extremely low system utilization, I don't even notice it's there, until a virus warning pops up (such as the few email viruses that get past the filters on my mail server).

It also proactively stopped all the common WMF exploits.

Re:What problem?

[denebian+devil]

I use it and like it, but 2MB of RAM is a joke. RTVscan uses 22.5MB, DefWatch uses 1.2MB, VPTray uses 3.8MB, and the update program uses 5MB, at least on mine.

Damn Norton

[oPless]

Norton Antivirus has been the most annoying damn bit of software I've ever had to remove ever. It's "helpfully" preinstalled on many machines, but after the 'free' subscription expires after a year or whatever, it manages to screw with windows at random.

Yup the firewall prevents internet access, and other oddities. Of course with an expired subscription the user still thinks they're still proof against malware and that they're firewalled.

Parents machine; Norton removal hoses networking completely, and I need to reinstall the network adaptor to get networking to work!

Customers machine; Random 'internet access' and 'cd writing' problems

Customers machine; Doesn't uninstall properly, interferes with Vodafone and Orange Data card installation, use a combination of regedits, the symantec removal tool and add/remove programs to get the machine into a state I can reinstall the corp edition ... and many more ...
First thing I do is download firefox, avg free, m$ anti spyware and adaware ... then unplug the machine and take off NAV/Spybot/umpteen other 'helpful' software, and install avg, adaware, m$anti spyware; reconnect to the internet after an initial scan... then update everything, and try to kill off any remaining spyware

The only thing I cant seem to get rid of is a certain young ladies "VX2 / Nail / Aurora" spyware nonsense, any help on that front is appriciated, as the only thing I can think of doing is a reinstall!

Re:Damn Norton

[RazzleDazzle]

Start > Run > msconfig > Startup tab > uncheck any suspicious looking program name. Especially those with names similar to known legit windows process but with a typo. Example: "svchosts" = legit, while "svhosts" = malware.

Anywho, a re-install is probably the best, then install all of your standard programs and get all of the latest updates and service packs. Finally use something like Norton Ghost to create a pristine backup of the OS to restore when then inevitable 6 months marker roles around and they can't stop the popups for "meeting single women in your area" from constantly popping up.

Re:What do you really expect it to do?

[michrech]

So while AVG alone might run quicker than NAV, it doesn't offer the firewall capabilities. Soon enough you've installed ZoneAlarm or Kerio or some other firewall. And you may very well find your system performing worse than using only NAV for similar functionality, with a greater amount of memory consumption.

Speaking as a person that has just installed AVG7 Network Edition on multiple computers in a school (yes, they paid for their licenses, before you ask), I'd have to correct you here. AVG 7, indeed, has a firewall built in.

AVG has several other features built in (email scanning, etc). FAR less resource hogging than ANYTHING I could put on from Symantec.

Why are you defending NAV/NIS so much? They are utter pieces of shit and deserve a slow and painful death.

Re:What problem?

[The+Snowman]

We recommend AVG Free for most people, but for business users we sell NAV.

AVG is an excellent product. I have been using it for a couple of weeks now with zero problems, minimal performance/CPU/RAM impact, etc. I am so impressed with it that I am actually going to pay for it, despite the free version working "good enough" for me.

At work, NAV sucks my computer dry. Sure, it works well enough, but the cure is worse than the disease. Too bad my employer is in bed with MS and Norton, no room for AVG...

MAV weakens security, kills NAV, opens PandorasBox

[Bushido+Hacks]

From first hand experience, after convincing my father recently to retract the advice of my brother to use Microsoft Anti-Virus, which downloaded 174 Viruses, Spywares, even a third party program that downloaded more baddies in exchange for any personal information. MAV even allowed one of these programs to modify the registry letting in a Trojan Horse virus which changed the wallpaper to something that disabled most of the control settings. It wasn't until I got Norton Internet Security that I discovered all this information.

Microsoft Anti-Virus only looks out for itself and does not protect your computer.

Do not use Microsoft Anti-Virus!

Re:What problem?

[crawling_chaos]

You use Norton at the office? It's corporate sibling, Symantec AntiVirus, runs far lighter and has much better deployment tools. While far from perfect (I have a list), it is much better than the home user oriented NAV.