Slashdot Mirror
Symantec Users, Start Your Keyloggers
An anonymous reader writes "Script kiddies have been taking advantage of intrusion prevention features of Symantec's Norton Firewall and Norton Internet Security Suites to knock users offline in IRC channels, according to an amusing post at Washingtonpost.com. From the article: 'Turns out that if someone types "startkeylogger" or "stopkeylogger" in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning. These are commands typically issued by the Spybot worm, which spreads over IRC and peer-to-peer file-swapping networks, installing a program that records and transmits everything the victim types (known as a keylogger).' Makes you wonder what other magic keywords produce unexpected results with Symantec's software."
People just don't learn very well from past mistakes...
.sig: file not found
Does startkeylogger work with other programs, or does startkeylogger only work with IRC? Any startkeyloggering program can trigger it, can't it?
503 Sig Unavailable
The Signature could not be accessed. Please try again later or contact the administrator
This is a very elegant trick; using the victim's anti-virus software as the tool to kick them off the net. Not only that, but you can do this to any number of people who happen to be on that channel and use the affected product. Now, if we could only get the skript kiddies to put their minds to something productive...
Good, inexpensive web hosting
startkeylogger -- phonex has quit (Read error: Connection reset by peer) -- TomA has quit (Read error: Connection reset by peer) -- something3280 has quit (Read error: Connection reset by peer
Arrrrrrr
thats a really scary concept, that the very programs we rely on to protect our computers are so incredibly insecure that a couple keystrokes can completely disable our protection. you would think that if we are expected to pay a company to protect us, that they would do their best. this day in age, that is NOT the best they can do. Not a chance.
If I am dueling with a leet player on WoW, will this work to kick him off the game? Would I be able to gank him before the server times him out?
Edith Keeler Must Die
While yes a bug, most of my experience on IRC would point towards a benefit if anyone could boot anyone else. The benefit is to those booted, to be clear.
That "deletesectorzero" may do something exciting.
Anyone who uses Symantec software with the expectation that it will actually protect them from anything deserves whatever they get.
I deal with hundredes of machines monthly, and it's always the NIS/Norton Antivirus machines that have been completely compromised without Norton making a peep.
US companies suck at malware detection. I've found the eastern European companies to be among the best.
I keep trying to rtfa, but for some reason Firefox keeps closing. I better run my Norton system check.
does this mean that I have to change my nick to "startkeylogger"
[sVen]
Connection reset by peer.
"Mod, mod, mod...and another troll bites the dust."
I hate Norton products. They are incredibly bloated, offer no technical documentation, and literally take over a system once installed. Have you ever tried to uninstall a Norton product? They are as bad as the viruses, worms, and trojans they claim to protect against.
I have Symantec's Norton Firewall and when I type startkeylogge
Not sure how I feel about this one. On the one hand anyone still using NAV should probably NOT be hanging out in IRC channels. On the other hand, what the heck is IRC? Isn't that kinda like rotary phones? Who still uses IRC besides warez groups and pron seekers?
Now, if we could only get the skript kiddies to put their minds to something productive...
Since IRC is mostly a time-killer, wouldn't something that knocks people off of it be considered productive?
Reminds me of a bash.org quote (can't find it atm) that looked like someone was disconnected by an obsene language filter every time someone in the channel swore. ..." ..."
"Wait so everytime someone says **** he gets disconnected?"
"Quit
"Join
etc...
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
It doesn't have to be spoken text. If an incoming packet is caught by norton firewall with a keyword in it, the connection is closed reguardless of where it is.
Which means you can change your nick to one of the words.
Or even more devlishly, put it in your ident where noone will notice it. Your speech will be so powerful it will knock people off the internet. Or is it your breath...
PS: Another keyword that works is "stopspy", which is more useful for idents. I don't normally take advantage of stuff like this but it's too good to pass up.
To redeem myself, I will mention that you can work around this by turning off some filter called "Spybot keylogger" or something under advanced options.
This happened to me the night it was "revealed." Appearently I had gotten kicked out of freenode about 20 or so times (because my client is set to rejoin), and I found myself banned in about half of the channels. It's all cleaned up now, though. Needless to say, it was the final nail in the coffin for me.
"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
...I don't care who you are!
Heheh, seriously, it would be interesting to search for other "key" words that trigger a response from antivirus programs. Anyone else heard of or found other such triggers?
"First they ignore you, then they laugh at you, then they fight you, then you win."
-Gandhi
I leave IRC on almost all the time. I have Norton AntiVirus Corporate Edition. I have never been kicked off when I've seen this.
This morning: [07:03:20] startkeylogger
Nothing.
There are NO filters on DALnet or EFnet. This is just a hoax; the ircops are banning people individually for flooding popular channels.
In related news, there are NO other words that do this to kick people off. This is just a heuristic detection which only features those two words ("startkeylogger" and "stopkeylogger"), and would only require a single update to take it out. Also, you won't find any of those strings in the executable.
When I try to login to a irc server I'm getting
"Due to abnormally high throughput, our site is currently offline."
or
"Server Full"
Would I be wrong if I said half of slashdot maybe connecting to irc
server and trying to test this out like me
By mimicking the activities of spyware software, you trigger an anti-spyware response from a piece of security software.
...and this is news? Must be a slow news day.
Stupid slashdot! Great, now its public. I've had so much fun the last 2 weeks joining channels like 'teenlink69' and 'cyberz' on big networks and using the command.
Its good times watching 10-15 people drop at a time in the huge channels.
But now the fun will quickly disapear, thanks to slashdot. DOH!
According to the story, it happens with Symantec's Norton Firewall and Norton Internet Security Suites. That's different than Norton Anti-virus.
I saw this happening on #wikipedia a day or three ago. Someone with user/hostname like startkeylogger@....gnauk.co.uk showed up, and bang, a Norton user dropped off line.
I really couldn't believe any people would implement this sort of silliness in firewall/antivirus in this day and age. This was a "feature" of some censorware packages a few years back, I really hoped the folks would have wisened up. It's silly if you try to censor stuff, it's twice as silly if it goes under the guise of computer security.
When the affected machine receives the command, the Norton product starts the protection: disconnecting from the channel so that the worm issuing the command can't do its damage.
Not distinguishing between a person typing the keyword and a worm issuing it as a command is rather unfortunate (would such a distinction be possible?) and maybe Symantec should try out another methodology, but it's certainly not "incredibly insecure" or "really scary" as you suggest. If you're going to spread that kind of FUD, get your facts straight.
Why is this news? The software is doing exactly what it's supposed to. If you don't like that feature, turn it off. Be exposed to the risks.
In my humble opinion, the fault here lies with the script kiddies, not Symantec's software.
-- Your mother uses Emacs.
I get "Message blocked: Exploiting Norton bug" on my favorite channel if I type in either command
Try to join #2600 on irc.2600.net before reading this article. Shit, probably too late.
It mods the user -1, Redundant on Slashdot.
I quit using symantec products back in the win98 days. I kind of feel sorry for Peter Norton for still having his name attached to a POS program like their suite. I tried to remove NAV from a computer for a friend of mine do to problems it created. I like to never got it removed.
Reminds me of another one of Symantec's annoying habits. If the echoj string is anywhere in a file trying to be access Norton considers that file "infected". Symantec doesn't seem to have very good detection algorithms, they search for string literals and that's it? Hmm..
I never thought I would intentionally go into a room full of Windows users on IRC, but I'm soooo all over this
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
I've found some, but not on the Norton firewall level. Not many ISPs do, but some certain ISPs make use of network filtering devices. They can monitor packets in real time and filter out certain things. All you have to do is find one of the filters they're using on port 6667 and make a message look like that.
I've even found some that are only exploitable if the IRC server sends it directly to the user. However, most filters wont check for the newline before the IRC message, so simply sending someone a message containing something that looks like an irc client exploit can work and they drop offline.
I wont give any examples though. I've left that as an exercise for the reader.
For a company that purports to "improve" your computer's security, Symantec clearly doesn't have much by way of policy on what actions can be taken based on untrusted data.
This is not the first "personal firewall" product to be attackable, either. BlackICE has had its time up on Slashdot, as well as other packages.
"Personal firewalls" do little to improve computer security, and do add overhead, complexity, and their own collection of security problems.
The real fix is to not start servers that you don't trust to be solid listening for traffic from your computer. Microsoft does (irritatingly) have a collection of servers running by default (unless SP2 disabled or blocked access to them -- dunno).
Worrying about personal firewalls, trying to treat NAT as a "security enhancer", etc...it's all crazy. Just don't open the holes in the computer in the first place and you don't have to worry about it.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
Glad to see Slashdot's up on the latest news.
Ugh, I had to turn off my Norton firewall & antivirus to be able to read Slashdot...
Some mean editor decided to place the trigger words in the article text!!!
( lol )
Obligatory Deus Ex...
(kernelpanicked) startkeylogger
[quux(n=bryan@pdpc/supporter/sustaining/quuxo)] please don't do it again
(kernelpanicked) no problem, startkeylogger
*tear* It's like christmas for UNIX geeks has come early
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
*** (G) Banned from AustNet: This address has been used for deliberately try to disconnect others. (CET0603030304).
Frak.
In summary, be careful with this.
Symantec products are garbaaaaahhhhge. You have to say it with the proper accent. Just saying garbage does not express the problem with the proper emphasis.
An IPS is subject to a denial of service attack? This has been considered a disadvantage of IPSs in general since the earliest days they were available.
"What kind of music do pirates listen to?" -Paul Maud'dib
"Yeeeaaarrrrr n' Bee!!" -Stilgar, Leader of Sietch Tabr
Oops, my bad.
Anyway, welcome to our side. As a convert, you will be appointed to the Jannisary guard of Slashdot, and equipped with a +5 Wand of Windows Bashing (Special powers: Reloads upon posting comment).
There's a Starman, waiting in the sky / He'd like to come and meet us, but he hasn't got the time.
...My university blocks all IRC.
Specifically, it's caught by the Intrusion Detection System, a part of Norton Internet Ssecurity.
"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
A couple of things of note I haven't seen addressed:
Why not just remove the text from incoming packets, leaving the rest intact?
If the purpose of your software is to keep malware off the computer, why the **** do you need this feature in the first place?
Programming may be tough to learn, but common sense appears to be impossible.
Type "start" and "key" and "logger" together and something funny happens!
<n00b>startkeylogger
* n00b has Quit IRC (G-Lined - Banned from AustNet: This address has been used for deliberately try to disconnect others)
<user1>ROFLMAO!
<user2>Dude, stop doing that
<user1>Don't worry, he won't do it again
<user2>LOL!
73746172746b65796c6f67676572
How about if you put one of the keywords in the channel name, how would affected machines behave on getting a listing or joining the channel?
When I was bored on IRC sometimes I used to visit a random, well populated channel I would simply type
"Press ALT-F4 now to gain instant access to my ratio free, unlimited download porn fserve"
And then sit back and watch the amount of nicks reduce by less than half.
Preeeemo stopkeylogger * #isohunt :Message blocked: Norton Bug
Good karma sticks to me like velcro on a piece of plexiglass.
Move along, citizen.
Why?
Because you have to run Norton as the administrator, if you want updates. You *used* to be able to get around this, by installing Norton as an admin, then setting up a cron (scheduled tasks
Lame? Yes, it is. Their techincal support staff find nothing odd about this, and their sales staff try to sell you an inordinately expensive "professional" product which does allow you to run as a normal user, and have updates occur without logging in as admin every 5 minutes. This is just sad. Every XP user should be running as a non-admin. Norton should be *encouraging* that.
I thought these people were trying to *help* security? The last thing I want anyone to do, is run as administrator on an XP box. Sure, you don't get the same level of security that you do under Linux, when one runs as a normal user, but it's still *very preferable* to run as a non-admin user for your day to day tasks, under XP.
There are so many "business" class products that don't understand such a simple concept. I've seen income tax software that must be run as the admin user under XP. Anti-virus software though??! That's just absurd.
I keep trying to reply to this comment and I get disconnected, what gives?
Since, in order to fight the malware, they have to operate at the same ring level it does.
Best Slashdot Co
Back in the day, one of the worms was causing my ISP's Wireless network no end of trouble. While our wirless at the time had plenty of download bandwidth, upload bandwidth is always at a premium. Our solution was to simply immediately terminate the active connection whenever the text string was seen in a packet. It worked smashing, we had a log of whomever was infected, their upload bandwidth was curtailed, and in general it kept our network running yet another day.
The catch, of course, was it worked TOO well. It stopped the worm emails from coming in or out, but it also made it impossible to get the rest of your mail (as you could never get past that particular email, our server would kill the connection instantly), couldn't read any news websites (as they invariably had the text string on them as well), couldn't talk about the worm, etc.
I forget which worm it was (the I Love You one or Sasser, I think) but it was rather humourous. Worked great, though
Remember the old Bitcom for DOS? if you were reading messages on a BBS, and if in one of those messages you encountered the phrase "NO CARRIER", Bitcom would helpfully hang up the modem!
~REZ~ #43301. Who'd fake being me anyway?
Naturally, I had to try this. So, I went on #eztv on efnet. I figured on a channel with roughly 800 people, someone had to get kicked. So, I typed startkeylogger, hoping someone would get kicked. Turns out it was me. Kickbanned. By a BOT!!! GD people must have done this so much before. Just a warning.
I blame geof's speakers.
And these are the same people who are insisting that my Mac isn't safe unless I'm using their products? Oh, you can't write jokes like that!
Memo to Symantec: I think I'd rather keep taking my chances with nothing, but thanks for playing.
!echo startkeylogger
Scott Swezey
The sad thing about this is Norton users will blame everything but their software. In reality, it's Norton's software that sucks, and has sucked since the dawn of Win95. The last product that still commands respect in my nostalgia is Norton Utilities 8.0 for DOS. Every Windows-based Norton app has been prettyfied useless crap.
Hell, I'm using a free antivirus because it gets right to the point. No pretty 3-inch wide tray monitor, no HTMLized interface (that crashes the HTML engine half the time), nothing but virus scanning thank you very much. Firewall ? Comes with Windows, does the job just fine for me. I've got linux for my "important" network in the closet.
-Billco, Fnarg.com
If you sent someone a message on AIM or Y! with these commands in them, what happens then?
I tried this on a largish (~200 clients) irc channel on EFNet. Nobody dropped off the network. Are they all patched or have all of them removed Norton from their system?
strike
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
many times back in the mid to late 80's....... I dread to think what he thinks about where symantec has taken it now. Pete you where the best!
I agree with the first sentence, but the second doesn't make sense for Norton. If you ran XP as a non-administrator, you wouldn't need their products as much.
when I find that norton guy Im gonna piss on his leg
And just in case it was missed by you Google lovers, Google includes Norton in their "google pack," nice pick guys.
immediately ran into his or her favorite IRC channel to try this out?
This side effect of Norton's attempt to protect the user, or that Symantec thinks this is the best way to protect the user.
I mean, if Norton is aware of a keylogger worm on IRC, wouldn't it make more sense to have Norton Internet Security kill the keylogger process or block the data the keylogger tries to send out? It is a firewall after all. Or, for Norton Antivirus to identify the keylogger and remove it as part of removing the worm. Would it not be part of the worm, and therefore something Norton is supposed to be removing, as part of the program's specified function?
If stopping access to a service is how one should protect themselves from threats on it, maybe Norton should just block all TCP/IP traffic to prevent viruses, worms, and identity theft.
Good thing the keylogger trigger wasn't "hello everyone".
There actually was a simple workaround for that problem that almost all modems support. The standard command ATS2= sets which ASCII value is your modem escape code: the default value 33 is +.
However, the value 255 was special: if you do ATS2=255, the +++ escape feature is disabled entirely. In this mode, you hang up by dropping the "terminal ready" bit on the serial port - something that can't be faked like +++. This has the disadvantage that you can't switch to command mode without hanging up, but that feature was rarely used (especially because data sent by the other side while in command mode gets dropped).
This feature was frequently used by BBSs to stop this kind of thing from happening (IE, people doing +++ATH ATDT911).
Meow,
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
In closed source software it is not always easy to determine the quality of the underlying code. With Symantec stuff it's different. Every single one of them behaves strange, unexpected and/or different to standard conforming windows programs. Plus you get the usual bunch of auto-update-inform-me-spam-subscription options with defaults all wrong. I don't like their products, not a bit. I'm talking about PcAnywhere, Internet Security and Ghost.
On se Internetz nobody noes your German.
So, you say that you don't trust binaries from closed source companies?
Turns out you can't even believe in binaries you have built yourself.
Read this: http://www.acm.org/classics/sep95/
(Not for the paranoid!!!)
This time I was trying it on chatjunkies and was autojoined to #xchat and before I could try it, somebody else joined and beat me to it! They got booted, too. Looks like the party's winding down...
It appears that Irc channels do this too, i did test it in one irc channel. I got this.
:Message blocked: Stop trying to exploit NAV, you lamer
--- #[channel name removed]
These are commands typically issued by the Spybot worm
Symantec disconnects these without checking if there even is that process running first?
And it also just doesn't make sure it's removed by doing its job as an antivirus?
Is this saying Symantec can't detect if the Spybot worm is running or not, and simply disconnects at any symptom of the infection?? That doesn't look good...
Beware: In C++, your friends can see your privates!
pressing up, up, down, down, left, right, left, right, b, a, select, start, and the "any key" will disable the keylogger feature.
I thought these people were trying to *help* security?
No, if security on Windows suddenly got any good, they would be out of work.
Yes there are more commands, as you can see here in google's cache (originally from a symantec.com report that is no longer available). Scroll down to Appendix A.
This seems to go beyond Symantec. I'm running no Norton programs whatsoever, and shut down every concievable process I could, and I get kicked off by this. Very odd....
I kept getting nailed with it when I was on EFNet last week, so after getting mad about being kicked off all the time someone told me how to fix the bug/Norton. Problem is, now I've fixed the issue my Norton doesn't scan outgoing email anymore. Ah well... The things I do for IRC connectivity!
I don't know if it's the same string (probably not), but Norton was idiotic enough to forbid WoW from accessing the network any more after it detected something in the stream of data that looked like an SQL Server exploit. Or something like that, I don't remember the exact message, since I was busy swearing when that happened. The fact that it was a different program, on a different port, _and_ the direction in which the "exploit" was transmitted was all wrong... well, that didn't stop Norton from helpfully trying to protect me.
Also it didn't stop there, since thereafter their firewall was automatically configured to forbid access to the WoW client.
Frankly, by now I'm thinking most of these "security products" are:
1. unnecessary, if you have some clue, use a firewall, keep your system patched, and have enough brains to read pop-up messages before clicking "yes". None has yet detected a _real_ virus on my computers yet.
2. about as effective as a condom with a hole in it when you actually need them: they just give you a false sense of security while you're getting screwed. The one time when I did intentionally play with a virus, Norton _didn't_ detect it. (Yes, it was intentional. I actually planned to let a system get virused while I download Sygate Personal Firewall, then reformat and reinstall.)
Worse yet, there are plenty of viruses which disable them anyway. So if you did get a new virus (e.g., by not obeying point 1) before Symantec updates their signatures, chances are it will disable your antivirus anyway. So basically the only way to be sure you still have protection is... to not get virused in the first place, without its help. Does it sound superfluous yet?
Worse yet, these "security products" lately have more exploits of their own than Windows has, basically just creating extra oportunities to get pwn3d by a script-kiddie. I know of at least one virus which did already spread through an overflow in a security product.
3. Perhaps more importantly: good only for slowing the system down and creating annoying false positives.
E.g., the WoW disconnect described above. (Though it would also fit in the "creating a new exploit" category described above.)
E.g., I haven't had one yet which didn't pick on some innocent program on account that some bytes in it looked like they _could_ do something that _could_ be dangerous.
E.g., heck, forget disconnecting from IRC for keylogger commands. At least one was idiotic enough to insist on deleting mIRC (both installed _and_ the installer) off my computer, because they thought IRC was a risk. And yes, you've read that right. Not because of detecting some possible problem in code, not because of knowing of an exploit in that particular mIRC version, etc. Just because of a retarded biased judgment call that mIRC is dangerous, and they wanted to protect me from that. (As a side-note: then why not also delete IE, if they're at deleting programs just because they think they _could_ be dangerous? I dare say it's got a worse track record than mIRC.)
Etc.
4. and even more importantly, most are worse than a virus in and by themselves. I don't think a virus or trojan even exists yet that slows down a computer worse than most of these "security solutions." You'd have to get several layers of them before a modest computer starts to crawl the way it does with Norton or McAffee on it.
A polar bear is a cartesian bear after a coordinate transform.
Yep, I've been hit before by the exact same scenario you describe, although probably with a different string.
So I'm playing WoW happily and suddenly I'm completely lagged (you know, those time-bubbles where you can run around, but not cast spells or receive any update from the server) and then disconnected. Better yet, when I try to reconnect, I can't.
Turns out that something in that stream of binary data between the WoW server and the WoW client looked to Norton suspiciously like some old SQL Server exploit. Never mind that it wasn't even talking to the right program, on the right port, or in the right direction. So it helpfully took me offline, for my own good.
Now as I've said, I have no clue exactly _what_ sequence of bytes triggered it there. Presumably something more SQL-like than this one. But I wouldn't be surprised if someone took the time to figure it out and broadcast it in a battleground match.
A polar bear is a cartesian bear after a coordinate transform.
I was unable to figure out why I was being dumped by this, even though I had nothing Norton on my system whatsoever. After some trial and error, I was able to workaround the problem by simply plugging directly into my cable modem. When I switched back through the router, I began to get dumped by it again.
The router version is RT41-BU - It is a Linksys brand that is typically sold in Best Buy simply as "Wired Broadband Router". Despite the fact that I set myself as DMZ host and did my best to disable all the router's security systems, it STILL was dumping me from this exploit.
An easy way to know if you have an RT41-BU is simply by the IP you connect to the router. As far as I know, RT41-BUs are the only routers that use the IP "192.168.15.1".
I hear rumors that Netgear routers are also affected by this, but cannot test nor confirm them.
If you want to do it more subtly, tell them to do Alt-Space then C. Even works with GNOME!
Oolite: Elite-like game. For Mac, Linux and Windows
Norton Firewall, meet Sony Rootkit.
$sys$startkeylogger+++ATH
NO CARRIER
Rediculous is ridiculous!
Norton was once a prestigous and vernable institution, who faithfully provided good, reliable service for years.
Not Any More.
May the Maths Be with you!
Why do Symantec participate in government exercises, re 'Cyber Storm', and why do they have keyloggers built into their apps? Who really wrote the recent 'kama stura' worm that disables av software so eloquently?
ALL YOUR BASE ARE BELONG TO VIRUS!!!
Everyone in every chatroom ever does this. I don't think I've ever seen it work. Of course, assuming there's more than one person in there, 0 is in fact less than half.
You are now talking on ##windows
--- Topic for ##windows is Unofficial Windows support and discussion channel. YES, we know about the keylogger thing, and it doesn't work, so please no experiments!
What? This must be a home edition thing or some such. Every enterprise NAV setup I have seen doesn't require admin for virus updates, it happily updates on its own without any interaction. I wouldn't really know about the home user junk, I have never used NAV outside of enterpise situations, I choose not to use the junk for my own systems.
The only change I can believe in is what I find in my couch cushions.
It seems to me that anti-virus efforts should only be half of Symantec's work... Isn't in their shareholders' interest to also write viruses [without being caught]? They must either be really really good at reverse engineering binaries, or a few of the big ones were theirs... (How do they know the date and time that a virus will strike?)
It might not shut down protection, but it does enact a DoS attack on your IRC client, so Norton actually introduces the flaw in security, hence it does disable natural protection from plain text in IRC. That's pretty damn bad.
Saskboy's blog is good. 9 out of 10 dentists agree.
This reminds me of irc in the old days. If you changed your nick to "com1" and sent someone a message, when they messaged you back their pc locked up. Supposedly their pc would try and send data to their com1 port and screw things up.
There used to be lots of fun things you could do on irc to be mean to people. Of course, telling people that alt-f4 gives ops still works sometimes too.
And this would be the "expensive product" he was talking about.
That being said its crappy you can't schedule them, are you sure you can't run Norton from the command line with some switches? Then you'd at least be able to schedule a batch file and supply admin credentials for the job.
Those who would give up essential chatting for temporary safety from malware, deserve neither.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
I had a US robotics modem in the late 90s. It did indeed have that guard time feature but for reasons not known to me they set this time by default to 0, i.e. ineffective. I got thrown off the web numerous times before I ran across exploit code on packetstorm which abused exactly this misconfiguration to throw other people off the net. Only then I learned what guard time is and that indeed some pathetic modems (including mine) had this silly setting.
And for all who think otherwise: I used linux back then and no, this was not a cheesy winmodem!
You might be able to, but that's not really the point. I was willing to setup a "scheduled task" for Norton updates as an admin, but once it got to having to think about writing batch files.. well, that was that.
I don't like touching Windows to begin with, and my client does not like having to pay extra $$$ to have solutions engineered each year to fix problems with his virus software. A switch was made, immediately, to another product.
Saskboy, Thanks for getting to this before i did. about time SOMEONE understood
Pissing on Peter Norton's leg won't help - he sold his name to Symantec years ago and they've been trading on it ever since. Once Peter left Symantec, their products slowly turned to shit.
We do not allow **ANY** Symantec products on any of our client's networks - if we find anything, that machine is scheduled for a reinstall. I don't trust their crap, and more importantly, their crap makes Windows system unstable.
Back when I played Warcraft II on Mac over AOL (yes, good times), and your game was lagging a bit, the trick was to say, "hold down Command and type QUICK to get rid of the lag." Of course, Command-Q is the shortcut for Quit on MacOS. (You could be sure that everyone playing was a Mac user, because WC2 didn't support TCP/IP connections on Windows until the "silver" version came out years later.) I also saw this a few times on Hotline servers... "Hold down Command and type QUICK to speed up your downloads."
Comment of the year
The car industry is making well sure you can't do anything about your car except minor or accident-critical tasks like changing tires and checking oil and these only, one could argue, because they are too deeply integrated into western culture to get rid of again. Should you ever have to change a tire, of course you'll take your car to a garage afterwards anyway, because you are just not gonna take the risk of depending on your own car-mechanical competence when this means your life depends on it.
Then, most people are not in the habit of going out on a shopping spree and returning with two new exhaust pipes and a new steering wheel.
Nifty tech toys is where the majority of computer users, hence money and the media is. People want to plug it in and 'play', are already doing this, with USB and Windows, no less. People are buying computers because of it. As long as Linux is not as 'easy' (including all connotations of the word) as Windows, the lion's share of the people will not cross the bridge.
Then, as an aside, the Linux-community should really consider whether they do want an 'easiness' quite like that.
Makes you wonder what other magic keywords produce unexpected results with Symantec's software.
I put on my robe and wizard hat.
10 or so years ago I was an op in #warez+ and had a lot of fun with:
Hey I just found something cool, press ALT+F4 and enter really fast and something cool pops up in mIRC!!!
Those were the days, IRC was more fun.
My name is ... Shake Zula ... the mic rula ... the old schoola ... you wanna rock ... I'll reset your moda ...
I recently switched an older compaq running Windows to Kubuntu, and it was extreamly annoying until I figured out how to enable graphical root login. What the Linux-on-the-desktop crowd can't seem to figure out is that, as a home user, I am the admin. To have to do some sudo commandline stuff to create a folder on a second hard drive is a PITA! And this is supposed to be user friendly?! The people who advocate the split between user and root should spend less time studying design philosophy and more time studying how people actually use computers and work with that.
"The moment "pride" is lost, "freedom" is also lost." - Ramza.
Let me get this straight.
You're sending a DoS attack. A guy asks you to stop. You do it again.
That's your idea of a holiday, you selfish bastard?
Why should Norton encourage people to run as non-admin? If they don't run as admin, not many people will get as many viruses (virii for some), and then where will Norton's money go?
Would you kindly mod me +1 insightful?
I have seen "Type "/join #uberfiles,0" for fserv" work repeatedly over the timespan of years. On several occasions I've seen the same person do it several times in a row, thinking there was something wrong with the non-existent fserve.
Well I've wrestled with reality for thirty five years doctor, and I'm happy to say I finally won out over it.