Slashdot Mirror
Microsoft Anti-Spyware Removes Norton Anti-Virus
An anonymous reader writes "According to a story over at Washingtonpost.com, the latest definitions file for Microsoft's Anti-Spyware beta flags Symantec's Norton Antivirus products as a password-stealing trojan and prompts users to delete portions of the program. Users who follow the instructions hose their installation of Norton, requiring delicate Windows registry edits and a complete removal/reinstall of Norton. Microsoft's support forum is quickly filling up with complaints about this problem, many from businesses that have been pretty hard hit. This should be a cautionary tale about deploying beta products in production environments."
Probably the best thing any user can have happen. The removal or norton anti-virus.
"Go into the hall of mirrors and have a bloody hard look at yourself" - HG Nelson
Norton could be described as spyware. Norton assumes your system is there to do nothing but run Norton.
Wait... Is not spyware? It's definitely malware.
MS Antispyware isn't useless after all!
Join the Empire! http://www.empirereborn.net/
Here's a link to the actual discussion. Looks like this has been corrected with the latest definitions.
Hmmm.
They also want a fully supported environment where the corporate hardware and software they use are easy to get, support and continue using.
Does most of the buiness apps in the office today run on Solaris or BSD? ESPECIALLY BSD? Hell no.
Seriously. Considering how good NAV is at sucking up memory and CPU cycles, the only way anyone probably noticed was when their computer suddenly seemed much smoother and more responsive.
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
Microsoft knows something we don't?
Norton/Symantec hasn't always been nice (are they now?) - remember when Norton Utilities couldn't be removed on DOS installations? The only option was to totally format the drive and start over. I know people who won't even try Norton/Symantec products after all of those years because of these types of problems.
This should be a cautionary tale about deploying beta products in production environments.
Why even use Anti-Spyware when Norton Anti-Virus (corporate edition at least) can detect and remove spyware in real time?
Get your Unix fortune now!
Who ever rolled out a beta product in a business environment deserves be publically flogged, shamed, tarred and feathered. And then they should lose their jobs and never be able to do anything more then service a commodore 64.
"Go into the hall of mirrors and have a bloody hard look at yourself" - HG Nelson
First off, good call on "don't use beta in production!" I am sure many of us have had to make the call on using a beta product before. I know I used XP SP2 when it was beta because it had so many things that I needed at the time. However, I paid for it in many ways. I would still make the call again but I at least did it with eyes open.
Second, what kind of moron installs that software, sees it tell you that your Norton software has to go, and then follow through with it when you are in a business environment? I just find that to be amazing.
Third, this strikes at one of the main reasons I have thought Microsoft's move into the anti-malware industry was a bad one. Considering how protective they are of their IP and their EULAs, it suprises the hell out of me they would violate other company's EULAs (adware companies) among other things.
Fourth and finally, there are going to be some lawsuits which really means more money for findlaw.com.
The ultimate network admin tool needs HELP!
I havn't RTFM since it won't load here at work, but how in the world does something like that happen accidentally?
"To face death, that's nothing much. But to feel really stupid when you die, well, that would be insufferable."
Shouldn't it be the other way round?
"This should be a cautionary tale about deploying beta products in production environments."
Then how are we supposed to use Microsoft products? I thougt all Microsofts products was more or less beta.
HTTP/1.1 400
install DOJ's Anti-Trust© to remove the offending product. Of course, it has been a little buggy since the Jan 2001 release.
Arrogance is Confidence which lacks integrity. -- me
I agree. I am a computer services provider for mostly home users and I often find NAV and internet tools to be single greatest contributor to draining system resources. I usually recommend disabling NAV, using safe internet practices, and scanning weekly or if there appears to be a problem.
Like this comment? I accept Bitcoin! - 153sc8UUBXyp12ofQqfAWDmJrzyiKCYC1x
This has nothing to do with using beta products in production or not. This has to do with the failure of big organizations to recognize that /any/ update applied to all computers within the organization should /always/ be tested, however short. I have fought hard with a previous client, as in the past one of the datfiles updates for McAfee managed to render most PC's useles becuase of a bug in the engine that was triggered by this particular datfile.
Really, in a big organization, any update going to all PC's must always be tested.
what does it do? you mean beside hosing computers?
i work for an isp, and the checklist the tech monkeys use now has "do you have any norton products installed?" at the top of it. it's the single biggest cause of connection and email troubles we get. it randomly blocks outgoing and incoming connection to the email server. also does the same for web, but it's much rarer.
This also brings up some interesting possibilities. Is it possible to craft a virus to deliberately have similar signatures to a commercial product? An anti-virus company that doesn't have quite all commercial applications on hand to test against could be caught by that. Maybe not, but I'm sure someone will try now.
I'm glad I run Linux, and when things like this happen, I wish everyone did.
Bruce
Bruce Perens.
and make their anti-spyware utility remove Windows.
perception is reality
I run both on XP Pro. They (and XP) are both completely updated. They both still "work." Microsoft did not flag NAV or any of its parts. NAV still "works." Yet another excuse to dump on MS. Doesn't matter if it's true or not. And the CIA invented and spread AIDS, too.
How about a moderation of -1 pedantic.
... but a lot of older systems get hit hard by virus protection overhead. Machines with less than 256mb of RAM are pretty much dead in the water. I personally use a free version of AVG, and only run it once a month or so. I'm not running a business out of my home, and viruses don't usually cause me any trouble.
I would wager that if you took two identical PC's, installed Norton Internet Security on one, and AVG Free Edition, Sygate Personal Firewall (R.I.P.), and Ad-Aware on the other, you'd find that the latter computer is just as protected and runs substantially faster than the Norton-infected one.
The first step I take when I'm working on somebody's computer is to remove Norton and install these replacements. Most people are shocked that their computer runs as fast as it does, especially considering that many of these people have always had Norton installed because it came with their computer.
Just because these products must use continuous system resources doesn't mean they need all of them. That would kind of defeat the purpose of having a computer.
This should be a cautionary tale about deploying Microsoft products in production environments.
The tool removes every trace of Norton from your system. It does a better job than the normal uninstaller.
Excuse me? NAV is a steaming heap of complete crap.
AVG does the job better, faster, and with far less resource consumption. Every time I have been called on to disinfect a machine which was running NAV, I recommned the owners switch to AVG. Without exception, they comment on how much more responsive their system is. I have little trouble convincing them to support Grisoft by getting the not-for-free version.
The machine I am on right now is running (probably unnecessarily) a full AVG install. It checks my email, it checks my downloads, it checks all of the crud running on the system, and it does this while burning some fraction of 1% of the CPU and a tiny bit of memory.
If you are currently running NAV, disable it (if you can) and try running AVG for a couple of days. I think you'll notice the difference.
Does MS Anti-Spyware still not detect Gator^H^H^H^H^HClaria crap as malware?
The first problem I see with your experiment is that you're comparing software that offers vastly different capabilities. Some do more than others, for instance. Like I said, some include email scanning, while others don't. Some include firewall capabilities, while others don't.
I'm sorry that I wasn't clear. I meant that running all of those products in memory simultaneously is better for performance than running Norton in memory.
Second, you're trying to give a quantitative value to something that is qualitative. What metric do you use to measure the vulnerability of a particular PC? Sure, you can throw a certain amount of malicious software at it, but that's not a realistic test.
The measure is simple - which computer protected with its respective packages and attached directly to the network will be infected by a worm or hacked by a malicious user first? If you re-read my comment, you'll find that I said that both computers will be "just as protected." If both computers will be equally difficult to penetrate, why waste the extra memory and CPU on Norton?
If alternatives become more common then Windows, then expect the same sorts of attacks.
Sure, in theory the system level is more secure, but if something blows away user data, its still just as effective.
And dont kid yourself, unix has holes too.. Just no one digs deep enough.
---- Booth was a patriot ----
Any administrator would do their best to incorporate technology which has a proven track record at being secure. Unfortunately, Windows does not offer such a record. Between this and the numerous other well-known issues involving Windows, it has been nothing but trouble for many, many users.
Thus, any administrator worth his or her weight in salt knows to use systems that are designed to be secure. Systems like Solaris and OpenBSD fit such a criteria. Much effort has been put into making them solid, reliable systems that are far more secure than their counterparts.
While it's naive to think they're perfect, an administrator of such systems can rest assured that they have picked quality systems. One just can't do that with a Windows system. Issues like this crop up, even on beta or development systems, far too often. A development or test server going down for a day because of Microsoft's anti-spyware program removing other essential software can be a massive burden. Halted development and testing can often be nearly as detrimental and financially harmful as a downed production server.
Cyric Zndovzny at your service.
Maybe it's just me, but one of the key components of ensuring availability of computer systems for end users involves NEVER running beta or pre-production code on production systems. I can understand using a release product in a controlled environment for testing of a new product in your production environment, but anyone who uses pure beta software in the work environment is asking to face these kinds of trouble and shows they have absolutely no idea what they're doing when it comes to providing IT services and technologies. Beta code, by it's very nature, is going to have and cause problems.
Remember the Alamo, and God Bless Texas...
need any more examples for your serious users of business applications?
Excel.
Project.
Visual Studio.
Photoshop.
Acrobat.
Final Cut Pro.
[big expensive accounting package].
[all sorts of in-house custom software].
I could go on and on. The truth is that while you might be able to move to *nix, *BSD, whatever on your desktop without much pain it is near impossible for most businesses who depend on a very long list of programs that run *only* on Windows or even OSX.
The whole "any business could/should migrate away from Windows" routine is getting kinda old. Sure they could, but they'd like to still be in business when they're done.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
I switched to Symantec AntiVirus a while ago and it seems to be much better. My school also runs this. I remember that Norton was a slow piece. This one labeled as just Symantec AntiVirus seems to only take up less 2MB of RAM at the most. Anyone else have an opinion on this version? Getting definitions is exactly the same as Norton, but without a yearly subscription.
Hmmm..must go stop everyone using most of Google's stuff then.
AT&ROFLMAO
That is most likely the Corperate version of Symantec AV, which is *far* better than the desktop version that most people usually purchase. The corp version just sits in the tray until something comes along that might need some attention.
EveryDNS. Use it. It works.
AC's need not reply
Installing a software firewall on the machine it's meant to protect is like wearing a bullet-proof vest on the inside.
From the Slashdot story: "This should be a cautionary tale about deploying beta products in production environments."
That's not what happens in the case of Microsoft's virtual monopoly. Many people, when they find their computer has become slow, buy a new computer. Then Microsoft sells another copy of Windows, which, of course, still has huge security risks.
The incredible CPU-sucking of Norton software also helps Microsoft sell more copies of Windows, also.
Somehow Microsoft has arranged that owners of Microsoft Windows XP must pay again when they get a new computer.
It's miserable to have billionaires who care only about money riding on your back. That's why open source is necessary.
AVG is by far the best Ive found, and its free. At least the version I install on windows machines. Glad I knew enough when I got my Mac I didnt buy that worthless software.
It's the OS stupid.
This should be a cautionary tale about deploying any M$ products in production environments.
In Capitalist West Anti-Spyware software delete competing product.
In Communist Russia Anti-Spyware software delete your family.
Domestic spying is now "Benign Information Gathering"
This was a full product called Giant Anti-spyware that MS acquired.
"Beta" is their term.
75% of my private client calls involve removing malware, and the MS product
is a champ at this task.
MS antispyware gives you a summary screen that breaks down each item it found,
assigns it a perceived threat rating, and gives you the choice to "Remove, Ignore, Quarantine."
So, anyone watching with any degree of care should notice that Norton was one of the choices
and simply select the "ignore" option.
Personally, I haven't seen this happen myself.
I agree with many other posters that Norton isn't that great of a product.
I've noticed their firewall suddenly,without provocation, start blocking
all websites.
I've also noticed their antivirus turn itself off for no reason, never
to be turned on again. Reinstalling is often interesting, since even the
least little trace of the product prevents an install/reinstall, but it
almost never uninstalls cleanly.
From the parent comment: "This isn't really a beta issue..."
I agree completely, and for a different reason, also. Microsoft bought their anti-spyware software because it was successful commercial software. There was a lot of publicity that ignored the "beta" designation, including articles in the mainstream media.
This is a case of Microsoft having it both ways: Getting credit for clearing spyware, and avoiding responsibility.
Anyhow, as the parent poster said, this is NOT a failure in the anti-spyware software. It is a failure in the definitions that Microsoft provided. It's amazing to me, but Microsoft didn't test the definitions on a computer with Norton Anti-virus! Microsoft is amazingly sloppy, but this carries Microsoft's habitual sloppiness to a new level.
If you don't need a yearly subscription, you probably have the corporate edition, which, for some reason, is far leaner and more polished than the home version.
We all know what to do, but we don't know how to get re-elected once we have done it
Well that's not surprising considering NAV runs at least 14 processes. I think it might be 15 including that glorified advertisement they call Norton Protection Center.
We're still selling it at the shop that I work at. I'm not sure why... We recommend AVG Free for most people, but for business users we sell NAV.
I have found NOD32 to be a far superior product to Norton and Mcafee (not that it's hard to be a superior product)... extremely low system utilization, I don't even notice it's there, until a virus warning pops up (such as the few email viruses that get past the filters on my mail server).
It also proactively stopped all the common WMF exploits.
Hunt your preferred prey at Aliens vs Predator MUD. Join the war at avpmud.com port 4000
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
OS X has built in antivirus?
When Microsoft Anti-Spyware users remove the flagged Norton file as prompted, Symantec's product gets corrupted and no longer protects the user's machine.
And besides, what kind of antivirus system lets some random program delete it's files, causing it to stop protecting the user's machine?
Yes it's called not forcing people to use your products even though they resent them because they have to in order to be able to do business. Apple, like most other companies isn't compelled to do harm to their own customers by locking them into their own products at every turn.
Unsurprisingly companies who don't treat their stakeholders the way Microsoft has don't have armies of disgruntled users forced into using their product every day, and don't have armies of people creating malicious software for that platform.
If it sucks up all the system resources, it does guarantee that viruses have no CPU cycles, so it is technically anti-virus...
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I use it and like it, but 2MB of RAM is a joke. RTVscan uses 22.5MB, DefWatch uses 1.2MB, VPTray uses 3.8MB, and the update program uses 5MB, at least on mine.
Just because these products must use continuous system resources doesn't mean they need all of them. That would kind of defeat the purpose of having a computer.
But the purpose of having a computer is to run anti virus software, spy ware detectors, and firewalls. Between running those tools and updating the system there is not much time or resources for anything else.
I agree. I am a computer services provider for mostly home users and I often find NAV and internet tools to be single greatest contributor to draining system resources. I usually recommend disabling NAV, using safe internet practices, and scanning weekly or if there appears to be a problem.
Oh yeah, but I've yet to find any antivirus software which doesn't do this.
I have also found that attempting to educate users about safe Internet practices is futile at best. I do, quite literally, have my father as the perfect example; despite many government-sponsored training courses, he still doesn't actually know the difference between two windows. "Dad, a window is an area on the screen which belongs to a program. The idea of a window is that it lets you do several things at once. Choose a window by pointing at its title bar - right there - and clicking on it. You can have several windows open at once, allowing you to choose your task as quickly as you can reach for the mouse."
So, what do I get from other, more advanced, users?
"Use FireFox instead of IE." - "You're just being alarmist, Internet Explorer can't be that bad."
"Don't open executables, especially if they're from strangers." - "My friend sent me trojan.scr, so I opened it."
"Don't open Word, Excel or PowerPoint files which didn't originate on your computer." - "All of my spreadsheets stopped working and one of them tried to dial a 1-900 number!"
Microsoft's support forum is quickly filling up with complaints about this problem, ma...Having had to use and support enough Microsoft crap over the years, I consider it to be suspicious that there's a "problem" appearing after Microsoft introduces a competing product.
Although I am sure that Microsoft's anti-virus/anti-spyware uses less CPU and memory, what with all the undocumented Windows features which were mysteriously used in their software.
Bastards. I hope Bill Gates, Steve Ballmer, all employees and all shareholders of that company contract inoperable colorectal cancer.
Fire and Meat. Yummy.
Norton Antivirus has been the most annoying damn bit of software I've ever had to remove ever. It's "helpfully" preinstalled on many machines, but after the 'free' subscription expires after a year or whatever, it manages to screw with windows at random.
... and many more ... ... then unplug the machine and take off NAV/Spybot/umpteen other 'helpful' software, and install avg, adaware, m$anti spyware; reconnect to the internet after an initial scan... then update everything, and try to kill off any remaining spyware
Yup the firewall prevents internet access, and other oddities. Of course with an expired subscription the user still thinks they're still proof against malware and that they're firewalled.
Parents machine; Norton removal hoses networking completely, and I need to reinstall the network adaptor to get networking to work!
Customers machine; Random 'internet access' and 'cd writing' problems
Customers machine; Doesn't uninstall properly, interferes with Vodafone and Orange Data card installation, use a combination of regedits, the symantec removal tool and add/remove programs to get the machine into a state I can reinstall the corp edition
First thing I do is download firefox, avg free, m$ anti spyware and adaware
The only thing I cant seem to get rid of is a certain young ladies "VX2 / Nail / Aurora" spyware nonsense, any help on that front is appriciated, as the only thing I can think of doing is a reinstall!
So while AVG alone might run quicker than NAV, it doesn't offer the firewall capabilities. Soon enough you've installed ZoneAlarm or Kerio or some other firewall. And you may very well find your system performing worse than using only NAV for similar functionality, with a greater amount of memory consumption.
Speaking as a person that has just installed AVG7 Network Edition on multiple computers in a school (yes, they paid for their licenses, before you ask), I'd have to correct you here. AVG 7, indeed, has a firewall built in.
AVG has several other features built in (email scanning, etc). FAR less resource hogging than ANYTHING I could put on from Symantec.
Why are you defending NAV/NIS so much? They are utter pieces of shit and deserve a slow and painful death.
bork bork bork!
Compare Microsoft Windows XP with OpenBSD, which is equally complicated.
This is offtopic, but I wouldn't resist. I very much doubt that OpenBSD and Windows XP are equally complicated. Far from it. As far as I know, OpenBSD is a consistent and beautifully engineered piece of software. Windows XP on the other hand is full of hundreds of different subsystems, compatibility patches, work arounds, etc. WOW16, DirectX, DCOM, MTS, MSMQ, .NET - need I say more ?
BTW, I am not saying that most Windows XP components, or even the ones listed above, are bad. A lof of what is in Windows is unavoidable. Simply that there are too many of them, with too many complicated dependancies.
OpenBSD is so secure and stable, precisely because by comparison it is a lot less complicated.
We recommend AVG Free for most people, but for business users we sell NAV.
AVG is an excellent product. I have been using it for a couple of weeks now with zero problems, minimal performance/CPU/RAM impact, etc. I am so impressed with it that I am actually going to pay for it, despite the free version working "good enough" for me.
At work, NAV sucks my computer dry. Sure, it works well enough, but the cure is worse than the disease. Too bad my employer is in bed with MS and Norton, no room for AVG...
24 beers in a case, 24 hours in a day. Coincidence? I think not!
"Thanks for visiting, come again."
Okay, I will, moron.
First of all, I've seen a Windows XP system go down the tubes within 24 hours of unpacking the Dell box, simply by uninstalling McAfee. After that, it was unable to communicate to a Linksys router - three tech "geniuses" - me, SBC and Geek Squad - couldn't solve the problem. Why? Because there was nothing to look at - everything was buried in the fucking Registry. Reloading the system fixed the problem. Windows score: 0.
"Smart about what you install?" Oh, right, don't install anything - that will work. You work for Microsoft, by any chance? I install what I NEED to install, just like everybody else. I don't install crap just to be installing stuff. I don't install spyware, crappy calendars, sports games, or other drivel.
Text files vs Registry. Look, stupid, when I talk about not updating a text file except by hand, I'm talking about not having a half dozen different programs updating the same configuration - which is what the Registry does. And in fact, I HAVE had problems with Mandriva doing exactly that - their goddamn menu editor is a disaster (and that's not just my opinion.) The more Linux emulates Windows by making the configuration of subsystems more complex, the more problems Linux will have. A GUI that updates a single text file is no problem - all it does it act as your "hand".
As for the Registry being easy to copy, export and update, gimme a break. Most users can't even fucking FIND the thing (not that finding Linux text files is any easier.) There's no difference between Windows and Linux in ease of copying, exporting or updating anything - except Linux doesn't allow any Tom, Dick and Harry program to update its system files.
The rest of your post is meaningless ranting - especially your claim that you use Linux every day. Billshit (I didn't mispell "bullshit", BTW) - you're a Windows shill running off at the mouth.
"No way you can beat me. Give it up. Give...it...up."
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
From first hand experience, after convincing my father recently to retract the advice of my brother to use Microsoft Anti-Virus, which downloaded 174 Viruses, Spywares, even a third party program that downloaded more baddies in exchange for any personal information. MAV even allowed one of these programs to modify the registry letting in a Trojan Horse virus which changed the wallpaper to something that disabled most of the control settings. It wasn't until I got Norton Internet Security that I discovered all this information.
Microsoft Anti-Virus only looks out for itself and does not protect your computer.
Do not use Microsoft Anti-Virus!
The Rapture is NOT an exit strategy.
My company will be happy to do that once Solaris or OpenBSD run Project, Visio, Minitab, Essbase, SKF Machine Analyst, OrgPlus, Goldmine, and Business Objects.
An administrator worth his or her weight in salt knows to use systems that can actually run the software the business needs, and secure those configurations as best as possible. Not being able to run essential business software for even a day can be a massive burden.
Insightful: 76, Off-Topic: 379, Flamebait: 24, Funny: 152, Interesting: 201, Underrated: 55, Troll: 9, Total: 896
"If you could run most apps in non admin and set up the file permissions properly, you'd eliminate a lot of viruses as a side effect."
This assumes that if an OS like OSX was relevant, virus writers would write viruses for it that assumed admin/root permissions. Malware doesn't *need* root/admin permissions to carry our their primary tasks.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
You use Norton at the office? It's corporate sibling, Symantec AntiVirus, runs far lighter and has much better deployment tools. While far from perfect (I have a list), it is much better than the home user oriented NAV.
You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
-- Colonel Adolphus Busch