Slashdot Mirror
Symantec Users, Start Your Keyloggers
An anonymous reader writes "Script kiddies have been taking advantage of intrusion prevention features of Symantec's Norton Firewall and Norton Internet Security Suites to knock users offline in IRC channels, according to an amusing post at Washingtonpost.com. From the article: 'Turns out that if someone types "startkeylogger" or "stopkeylogger" in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning. These are commands typically issued by the Spybot worm, which spreads over IRC and peer-to-peer file-swapping networks, installing a program that records and transmits everything the victim types (known as a keylogger).' Makes you wonder what other magic keywords produce unexpected results with Symantec's software."
People just don't learn very well from past mistakes...
.sig: file not found
Does startkeylogger work with other programs, or does startkeylogger only work with IRC? Any startkeyloggering program can trigger it, can't it?
503 Sig Unavailable
The Signature could not be accessed. Please try again later or contact the administrator
This is a very elegant trick; using the victim's anti-virus software as the tool to kick them off the net. Not only that, but you can do this to any number of people who happen to be on that channel and use the affected product. Now, if we could only get the skript kiddies to put their minds to something productive...
Good, inexpensive web hosting
startkeylogger -- phonex has quit (Read error: Connection reset by peer) -- TomA has quit (Read error: Connection reset by peer) -- something3280 has quit (Read error: Connection reset by peer
Arrrrrrr
thats a really scary concept, that the very programs we rely on to protect our computers are so incredibly insecure that a couple keystrokes can completely disable our protection. you would think that if we are expected to pay a company to protect us, that they would do their best. this day in age, that is NOT the best they can do. Not a chance.
If I am dueling with a leet player on WoW, will this work to kick him off the game? Would I be able to gank him before the server times him out?
Edith Keeler Must Die
While yes a bug, most of my experience on IRC would point towards a benefit if anyone could boot anyone else. The benefit is to those booted, to be clear.
Anyone who uses Symantec software with the expectation that it will actually protect them from anything deserves whatever they get.
I deal with hundredes of machines monthly, and it's always the NIS/Norton Antivirus machines that have been completely compromised without Norton making a peep.
US companies suck at malware detection. I've found the eastern European companies to be among the best.
does this mean that I have to change my nick to "startkeylogger"
[sVen]
Connection reset by peer.
"Mod, mod, mod...and another troll bites the dust."
I hate Norton products. They are incredibly bloated, offer no technical documentation, and literally take over a system once installed. Have you ever tried to uninstall a Norton product? They are as bad as the viruses, worms, and trojans they claim to protect against.
I have Symantec's Norton Firewall and when I type startkeylogge
Now, if we could only get the skript kiddies to put their minds to something productive...
Since IRC is mostly a time-killer, wouldn't something that knocks people off of it be considered productive?
Reminds me of a bash.org quote (can't find it atm) that looked like someone was disconnected by an obsene language filter every time someone in the channel swore. ..." ..."
"Wait so everytime someone says **** he gets disconnected?"
"Quit
"Join
etc...
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
It doesn't have to be spoken text. If an incoming packet is caught by norton firewall with a keyword in it, the connection is closed reguardless of where it is.
Which means you can change your nick to one of the words.
Or even more devlishly, put it in your ident where noone will notice it. Your speech will be so powerful it will knock people off the internet. Or is it your breath...
PS: Another keyword that works is "stopspy", which is more useful for idents. I don't normally take advantage of stuff like this but it's too good to pass up.
To redeem myself, I will mention that you can work around this by turning off some filter called "Spybot keylogger" or something under advanced options.
This happened to me the night it was "revealed." Appearently I had gotten kicked out of freenode about 20 or so times (because my client is set to rejoin), and I found myself banned in about half of the channels. It's all cleaned up now, though. Needless to say, it was the final nail in the coffin for me.
"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
OTOH if you want to quickly get ahold of a random asshole, and you don't live in NYC, it's really the only solution.
Literalism isn't a form of humor, it's you being irritating.
...I don't care who you are!
Heheh, seriously, it would be interesting to search for other "key" words that trigger a response from antivirus programs. Anyone else heard of or found other such triggers?
"First they ignore you, then they laugh at you, then they fight you, then you win."
-Gandhi
When I try to login to a irc server I'm getting
"Due to abnormally high throughput, our site is currently offline."
or
"Server Full"
Would I be wrong if I said half of slashdot maybe connecting to irc
server and trying to test this out like me
By mimicking the activities of spyware software, you trigger an anti-spyware response from a piece of security software.
...and this is news? Must be a slow news day.
Stupid slashdot! Great, now its public. I've had so much fun the last 2 weeks joining channels like 'teenlink69' and 'cyberz' on big networks and using the command.
Its good times watching 10-15 people drop at a time in the huge channels.
But now the fun will quickly disapear, thanks to slashdot. DOH!
According to the story, it happens with Symantec's Norton Firewall and Norton Internet Security Suites. That's different than Norton Anti-virus.
I saw this happening on #wikipedia a day or three ago. Someone with user/hostname like startkeylogger@....gnauk.co.uk showed up, and bang, a Norton user dropped off line.
I really couldn't believe any people would implement this sort of silliness in firewall/antivirus in this day and age. This was a "feature" of some censorware packages a few years back, I really hoped the folks would have wisened up. It's silly if you try to censor stuff, it's twice as silly if it goes under the guise of computer security.
Why is this news? The software is doing exactly what it's supposed to. If you don't like that feature, turn it off. Be exposed to the risks.
In my humble opinion, the fault here lies with the script kiddies, not Symantec's software.
-- Your mother uses Emacs.
I get "Message blocked: Exploiting Norton bug" on my favorite channel if I type in either command
Try to join #2600 on irc.2600.net before reading this article. Shit, probably too late.
"Where am I gonna find an asshole...around here...at this hour?"
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
I quit using symantec products back in the win98 days. I kind of feel sorry for Peter Norton for still having his name attached to a POS program like their suite. I tried to remove NAV from a computer for a friend of mine do to problems it created. I like to never got it removed.
Reminds me of another one of Symantec's annoying habits. If the echoj string is anywhere in a file trying to be access Norton considers that file "infected". Symantec doesn't seem to have very good detection algorithms, they search for string literals and that's it? Hmm..
You seemed to have forgotten about most online games, its almost a sure thing that you will meet an asshole on any game server.
I hang out with friends from high school on IRC. MSN and AIM suck for that, because you have to initiate contact. On IRC, all you do is type something, and all your friends see it. If they want to respond, they can. With modern IM's, when you initiate contact it's at the other person's inconvenience. You can leave a copy of XiRCON or mIRC minimized and idle 24/7. If you want to talk to people, just pop it up and you've got a convenient-for-both-parties instant line of communication. This is in contrast to instant messengers, which steal focus and make annoying sounds.
SRSLY.
I never thought I would intentionally go into a room full of Windows users on IRC, but I'm soooo all over this
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
Shouldn't norton know if the machine is infected and not terminate the connection when the malware isn't present?
Badass Resumes
I've found some, but not on the Norton firewall level. Not many ISPs do, but some certain ISPs make use of network filtering devices. They can monitor packets in real time and filter out certain things. All you have to do is find one of the filters they're using on port 6667 and make a message look like that.
I've even found some that are only exploitable if the IRC server sends it directly to the user. However, most filters wont check for the newline before the IRC message, so simply sending someone a message containing something that looks like an irc client exploit can work and they drop offline.
I wont give any examples though. I've left that as an exercise for the reader.
For a company that purports to "improve" your computer's security, Symantec clearly doesn't have much by way of policy on what actions can be taken based on untrusted data.
This is not the first "personal firewall" product to be attackable, either. BlackICE has had its time up on Slashdot, as well as other packages.
"Personal firewalls" do little to improve computer security, and do add overhead, complexity, and their own collection of security problems.
The real fix is to not start servers that you don't trust to be solid listening for traffic from your computer. Microsoft does (irritatingly) have a collection of servers running by default (unless SP2 disabled or blocked access to them -- dunno).
Worrying about personal firewalls, trying to treat NAT as a "security enhancer", etc...it's all crazy. Just don't open the holes in the computer in the first place and you don't have to worry about it.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
Ugh, I had to turn off my Norton firewall & antivirus to be able to read Slashdot...
Some mean editor decided to place the trigger words in the article text!!!
( lol )
Obligatory Deus Ex...
(kernelpanicked) startkeylogger
[quux(n=bryan@pdpc/supporter/sustaining/quuxo)] please don't do it again
(kernelpanicked) no problem, startkeylogger
*tear* It's like christmas for UNIX geeks has come early
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
thats just for starters
once you go slack, you never go back
*** (G) Banned from AustNet: This address has been used for deliberately try to disconnect others. (CET0603030304).
Frak.
In summary, be careful with this.
An IPS is subject to a denial of service attack? This has been considered a disadvantage of IPSs in general since the earliest days they were available.
"What kind of music do pirates listen to?" -Paul Maud'dib
"Yeeeaaarrrrr n' Bee!!" -Stilgar, Leader of Sietch Tabr
Oops, my bad.
Anyway, welcome to our side. As a convert, you will be appointed to the Jannisary guard of Slashdot, and equipped with a +5 Wand of Windows Bashing (Special powers: Reloads upon posting comment).
There's a Starman, waiting in the sky / He'd like to come and meet us, but he hasn't got the time.
...My university blocks all IRC.
Specifically, it's caught by the Intrusion Detection System, a part of Norton Internet Ssecurity.
"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
A couple of things of note I haven't seen addressed:
Why not just remove the text from incoming packets, leaving the rest intact?
If the purpose of your software is to keep malware off the computer, why the **** do you need this feature in the first place?
Programming may be tough to learn, but common sense appears to be impossible.
Type "start" and "key" and "logger" together and something funny happens!
<n00b>startkeylogger
* n00b has Quit IRC (G-Lined - Banned from AustNet: This address has been used for deliberately try to disconnect others)
<user1>ROFLMAO!
<user2>Dude, stop doing that
<user1>Don't worry, he won't do it again
<user2>LOL!
How about if you put one of the keywords in the channel name, how would affected machines behave on getting a listing or joining the channel?
When I was bored on IRC sometimes I used to visit a random, well populated channel I would simply type
"Press ALT-F4 now to gain instant access to my ratio free, unlimited download porn fserve"
And then sit back and watch the amount of nicks reduce by less than half.
Preeeemo stopkeylogger * #isohunt :Message blocked: Norton Bug
Good karma sticks to me like velcro on a piece of plexiglass.
Move along, citizen.
Why?
Because you have to run Norton as the administrator, if you want updates. You *used* to be able to get around this, by installing Norton as an admin, then setting up a cron (scheduled tasks
Lame? Yes, it is. Their techincal support staff find nothing odd about this, and their sales staff try to sell you an inordinately expensive "professional" product which does allow you to run as a normal user, and have updates occur without logging in as admin every 5 minutes. This is just sad. Every XP user should be running as a non-admin. Norton should be *encouraging* that.
I thought these people were trying to *help* security? The last thing I want anyone to do, is run as administrator on an XP box. Sure, you don't get the same level of security that you do under Linux, when one runs as a normal user, but it's still *very preferable* to run as a non-admin user for your day to day tasks, under XP.
There are so many "business" class products that don't understand such a simple concept. I've seen income tax software that must be run as the admin user under XP. Anti-virus software though??! That's just absurd.
Since, in order to fight the malware, they have to operate at the same ring level it does.
Best Slashdot Co
Was going to say the exact same thing. You beat me to it.
damn I just deleted myself..
Back in the day, one of the worms was causing my ISP's Wireless network no end of trouble. While our wirless at the time had plenty of download bandwidth, upload bandwidth is always at a premium. Our solution was to simply immediately terminate the active connection whenever the text string was seen in a packet. It worked smashing, we had a log of whomever was infected, their upload bandwidth was curtailed, and in general it kept our network running yet another day.
The catch, of course, was it worked TOO well. It stopped the worm emails from coming in or out, but it also made it impossible to get the rest of your mail (as you could never get past that particular email, our server would kill the connection instantly), couldn't read any news websites (as they invariably had the text string on them as well), couldn't talk about the worm, etc.
I forget which worm it was (the I Love You one or Sasser, I think) but it was rather humourous. Worked great, though
Remember the old Bitcom for DOS? if you were reading messages on a BBS, and if in one of those messages you encountered the phrase "NO CARRIER", Bitcom would helpfully hang up the modem!
~REZ~ #43301. Who'd fake being me anyway?
Naturally, I had to try this. So, I went on #eztv on efnet. I figured on a channel with roughly 800 people, someone had to get kicked. So, I typed startkeylogger, hoping someone would get kicked. Turns out it was me. Kickbanned. By a BOT!!! GD people must have done this so much before. Just a warning.
I blame geof's speakers.
My guess is that it looks for the malware by matching that keyword.
Anyone can "stand up for what they believe", but it takes a very brave individual to change what they believe. - Loundry
!echo startkeylogger
Scott Swezey
The sad thing about this is Norton users will blame everything but their software. In reality, it's Norton's software that sucks, and has sucked since the dawn of Win95. The last product that still commands respect in my nostalgia is Norton Utilities 8.0 for DOS. Every Windows-based Norton app has been prettyfied useless crap.
Hell, I'm using a free antivirus because it gets right to the point. No pretty 3-inch wide tray monitor, no HTMLized interface (that crashes the HTML engine half the time), nothing but virus scanning thank you very much. Firewall ? Comes with Windows, does the job just fine for me. I've got linux for my "important" network in the closet.
-Billco, Fnarg.com
If you sent someone a message on AIM or Y! with these commands in them, what happens then?
I tried this on a largish (~200 clients) irc channel on EFNet. Nobody dropped off the network. Are they all patched or have all of them removed Norton from their system?
strike
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
many times back in the mid to late 80's....... I dread to think what he thinks about where symantec has taken it now. Pete you where the best!
I agree with the first sentence, but the second doesn't make sense for Norton. If you ran XP as a non-administrator, you wouldn't need their products as much.
when I find that norton guy Im gonna piss on his leg
Indeed.
IM = one to one
IRC = one to many
(Disclaimer: Yes, I know MSN et al can do multiperson chats, but IRC is much, much better at it, with fine-tuned controls and access levels.)
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
immediately ran into his or her favorite IRC channel to try this out?
This side effect of Norton's attempt to protect the user, or that Symantec thinks this is the best way to protect the user.
I mean, if Norton is aware of a keylogger worm on IRC, wouldn't it make more sense to have Norton Internet Security kill the keylogger process or block the data the keylogger tries to send out? It is a firewall after all. Or, for Norton Antivirus to identify the keylogger and remove it as part of removing the worm. Would it not be part of the worm, and therefore something Norton is supposed to be removing, as part of the program's specified function?
If stopping access to a service is how one should protect themselves from threats on it, maybe Norton should just block all TCP/IP traffic to prevent viruses, worms, and identity theft.
Good thing the keylogger trigger wasn't "hello everyone".
There actually was a simple workaround for that problem that almost all modems support. The standard command ATS2= sets which ASCII value is your modem escape code: the default value 33 is +.
However, the value 255 was special: if you do ATS2=255, the +++ escape feature is disabled entirely. In this mode, you hang up by dropping the "terminal ready" bit on the serial port - something that can't be faked like +++. This has the disadvantage that you can't switch to command mode without hanging up, but that feature was rarely used (especially because data sent by the other side while in command mode gets dropped).
This feature was frequently used by BBSs to stop this kind of thing from happening (IE, people doing +++ATH ATDT911).
Meow,
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
In closed source software it is not always easy to determine the quality of the underlying code. With Symantec stuff it's different. Every single one of them behaves strange, unexpected and/or different to standard conforming windows programs. Plus you get the usual bunch of auto-update-inform-me-spam-subscription options with defaults all wrong. I don't like their products, not a bit. I'm talking about PcAnywhere, Internet Security and Ghost.
On se Internetz nobody noes your German.
So, you say that you don't trust binaries from closed source companies?
Turns out you can't even believe in binaries you have built yourself.
Read this: http://www.acm.org/classics/sep95/
(Not for the paranoid!!!)
This time I was trying it on chatjunkies and was autojoined to #xchat and before I could try it, somebody else joined and beat me to it! They got booted, too. Looks like the party's winding down...
It appears that Irc channels do this too, i did test it in one irc channel. I got this.
:Message blocked: Stop trying to exploit NAV, you lamer
--- #[channel name removed]
These are commands typically issued by the Spybot worm
Symantec disconnects these without checking if there even is that process running first?
And it also just doesn't make sure it's removed by doing its job as an antivirus?
Is this saying Symantec can't detect if the Spybot worm is running or not, and simply disconnects at any symptom of the infection?? That doesn't look good...
Beware: In C++, your friends can see your privates!
Yes there are more commands, as you can see here in google's cache (originally from a symantec.com report that is no longer available). Scroll down to Appendix A.
I kept getting nailed with it when I was on EFNet last week, so after getting mad about being kicked off all the time someone told me how to fix the bug/Norton. Problem is, now I've fixed the issue my Norton doesn't scan outgoing email anymore. Ah well... The things I do for IRC connectivity!
I don't know if it's the same string (probably not), but Norton was idiotic enough to forbid WoW from accessing the network any more after it detected something in the stream of data that looked like an SQL Server exploit. Or something like that, I don't remember the exact message, since I was busy swearing when that happened. The fact that it was a different program, on a different port, _and_ the direction in which the "exploit" was transmitted was all wrong... well, that didn't stop Norton from helpfully trying to protect me.
Also it didn't stop there, since thereafter their firewall was automatically configured to forbid access to the WoW client.
Frankly, by now I'm thinking most of these "security products" are:
1. unnecessary, if you have some clue, use a firewall, keep your system patched, and have enough brains to read pop-up messages before clicking "yes". None has yet detected a _real_ virus on my computers yet.
2. about as effective as a condom with a hole in it when you actually need them: they just give you a false sense of security while you're getting screwed. The one time when I did intentionally play with a virus, Norton _didn't_ detect it. (Yes, it was intentional. I actually planned to let a system get virused while I download Sygate Personal Firewall, then reformat and reinstall.)
Worse yet, there are plenty of viruses which disable them anyway. So if you did get a new virus (e.g., by not obeying point 1) before Symantec updates their signatures, chances are it will disable your antivirus anyway. So basically the only way to be sure you still have protection is... to not get virused in the first place, without its help. Does it sound superfluous yet?
Worse yet, these "security products" lately have more exploits of their own than Windows has, basically just creating extra oportunities to get pwn3d by a script-kiddie. I know of at least one virus which did already spread through an overflow in a security product.
3. Perhaps more importantly: good only for slowing the system down and creating annoying false positives.
E.g., the WoW disconnect described above. (Though it would also fit in the "creating a new exploit" category described above.)
E.g., I haven't had one yet which didn't pick on some innocent program on account that some bytes in it looked like they _could_ do something that _could_ be dangerous.
E.g., heck, forget disconnecting from IRC for keylogger commands. At least one was idiotic enough to insist on deleting mIRC (both installed _and_ the installer) off my computer, because they thought IRC was a risk. And yes, you've read that right. Not because of detecting some possible problem in code, not because of knowing of an exploit in that particular mIRC version, etc. Just because of a retarded biased judgment call that mIRC is dangerous, and they wanted to protect me from that. (As a side-note: then why not also delete IE, if they're at deleting programs just because they think they _could_ be dangerous? I dare say it's got a worse track record than mIRC.)
Etc.
4. and even more importantly, most are worse than a virus in and by themselves. I don't think a virus or trojan even exists yet that slows down a computer worse than most of these "security solutions." You'd have to get several layers of them before a modest computer starts to crawl the way it does with Norton or McAffee on it.
A polar bear is a cartesian bear after a coordinate transform.
Yep, I've been hit before by the exact same scenario you describe, although probably with a different string.
So I'm playing WoW happily and suddenly I'm completely lagged (you know, those time-bubbles where you can run around, but not cast spells or receive any update from the server) and then disconnected. Better yet, when I try to reconnect, I can't.
Turns out that something in that stream of binary data between the WoW server and the WoW client looked to Norton suspiciously like some old SQL Server exploit. Never mind that it wasn't even talking to the right program, on the right port, or in the right direction. So it helpfully took me offline, for my own good.
Now as I've said, I have no clue exactly _what_ sequence of bytes triggered it there. Presumably something more SQL-like than this one. But I wouldn't be surprised if someone took the time to figure it out and broadcast it in a battleground match.
A polar bear is a cartesian bear after a coordinate transform.
I was unable to figure out why I was being dumped by this, even though I had nothing Norton on my system whatsoever. After some trial and error, I was able to workaround the problem by simply plugging directly into my cable modem. When I switched back through the router, I began to get dumped by it again.
The router version is RT41-BU - It is a Linksys brand that is typically sold in Best Buy simply as "Wired Broadband Router". Despite the fact that I set myself as DMZ host and did my best to disable all the router's security systems, it STILL was dumping me from this exploit.
An easy way to know if you have an RT41-BU is simply by the IP you connect to the router. As far as I know, RT41-BUs are the only routers that use the IP "192.168.15.1".
I hear rumors that Netgear routers are also affected by this, but cannot test nor confirm them.
If you want to do it more subtly, tell them to do Alt-Space then C. Even works with GNOME!
Oolite: Elite-like game. For Mac, Linux and Windows
Norton Firewall, meet Sony Rootkit.
$sys$startkeylogger+++ATH
NO CARRIER
Rediculous is ridiculous!
Norton was once a prestigous and vernable institution, who faithfully provided good, reliable service for years.
Not Any More.
May the Maths Be with you!
Additionally, most IRC clients have scripting capabilities, making IRC a valuable tool for roleplayers who just can't get a group going in their area. I have a weekly IRC roleplaying session and while it's not perfect it's far better than nothing.
Also, IRC is extremely easy to interface with. Open a socket, write some data to it and bang, you've got yourself an IRC client. This ease of use makes it great for when you need a simple method for network communication. Which is exactly why malware authors love it.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Spybot has thousands of variants. No anti-virus software can detect this virus by a signature, and I wouldn't be surprised if we see a hundred variants of this virus with a new command set by the end of the summer.
Any fool can criticise, condemn, and complain, and most fools do. - Benjamin Franklin
Everyone in every chatroom ever does this. I don't think I've ever seen it work. Of course, assuming there's more than one person in there, 0 is in fact less than half.
You are now talking on ##windows
--- Topic for ##windows is Unofficial Windows support and discussion channel. YES, we know about the keylogger thing, and it doesn't work, so please no experiments!
I'm the main admin for a small irc network. It's a place where a group of people can get together and chat, play games, make fun of each other, etc. All this in an environment we as a group have control over. If someone misbehaves, there's sanctions, and the possibility of permanent removal. Add to that the ability to script, the fact that the servers and services are entirely OS and thus adaptable to one's wishes in any way possible.
People replying to my sig annoy me. That's why I change it all the time.
What? This must be a home edition thing or some such. Every enterprise NAV setup I have seen doesn't require admin for virus updates, it happily updates on its own without any interaction. I wouldn't really know about the home user junk, I have never used NAV outside of enterpise situations, I choose not to use the junk for my own systems.
The only change I can believe in is what I find in my couch cushions.
It seems to me that anti-virus efforts should only be half of Symantec's work... Isn't in their shareholders' interest to also write viruses [without being caught]? They must either be really really good at reverse engineering binaries, or a few of the big ones were theirs... (How do they know the date and time that a virus will strike?)
It might not shut down protection, but it does enact a DoS attack on your IRC client, so Norton actually introduces the flaw in security, hence it does disable natural protection from plain text in IRC. That's pretty damn bad.
Saskboy's blog is good. 9 out of 10 dentists agree.
This reminds me of irc in the old days. If you changed your nick to "com1" and sent someone a message, when they messaged you back their pc locked up. Supposedly their pc would try and send data to their com1 port and screw things up.
There used to be lots of fun things you could do on irc to be mean to people. Of course, telling people that alt-f4 gives ops still works sometimes too.
That being said its crappy you can't schedule them, are you sure you can't run Norton from the command line with some switches? Then you'd at least be able to schedule a batch file and supply admin credentials for the job.
It could be worse - they could change it so that, instead of using a keyword to enable/disable keylogging, it uses any phrase with a particular set of properties (hopefully sufficiently general that the false positive rate would be prohibitive).
Hmmm... I ought to patent that. Oh well...
Those who would give up essential chatting for temporary safety from malware, deserve neither.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
I had a US robotics modem in the late 90s. It did indeed have that guard time feature but for reasons not known to me they set this time by default to 0, i.e. ineffective. I got thrown off the web numerous times before I ran across exploit code on packetstorm which abused exactly this misconfiguration to throw other people off the net. Only then I learned what guard time is and that indeed some pathetic modems (including mine) had this silly setting.
And for all who think otherwise: I used linux back then and no, this was not a cheesy winmodem!
You might be able to, but that's not really the point. I was willing to setup a "scheduled task" for Norton updates as an admin, but once it got to having to think about writing batch files.. well, that was that.
I don't like touching Windows to begin with, and my client does not like having to pay extra $$$ to have solutions engineered each year to fix problems with his virus software. A switch was made, immediately, to another product.
Saskboy, Thanks for getting to this before i did. about time SOMEONE understood
Back when I played Warcraft II on Mac over AOL (yes, good times), and your game was lagging a bit, the trick was to say, "hold down Command and type QUICK to get rid of the lag." Of course, Command-Q is the shortcut for Quit on MacOS. (You could be sure that everyone playing was a Mac user, because WC2 didn't support TCP/IP connections on Windows until the "silver" version came out years later.) I also saw this a few times on Hotline servers... "Hold down Command and type QUICK to speed up your downloads."
Comment of the year
You might be interested in Jabber's Multi-User Chat which let people join "chat rooms" on any Jabber server. One of the interesting features it has over IRC is the "history discussion delivery on join".
BTW, you can connect to Jabber (and most IM services) through any IRC client.
No GNU has been Hurd during the making of this comment.
I recently switched an older compaq running Windows to Kubuntu, and it was extreamly annoying until I figured out how to enable graphical root login. What the Linux-on-the-desktop crowd can't seem to figure out is that, as a home user, I am the admin. To have to do some sudo commandline stuff to create a folder on a second hard drive is a PITA! And this is supposed to be user friendly?! The people who advocate the split between user and root should spend less time studying design philosophy and more time studying how people actually use computers and work with that.
"The moment "pride" is lost, "freedom" is also lost." - Ramza.
Why should Norton encourage people to run as non-admin? If they don't run as admin, not many people will get as many viruses (virii for some), and then where will Norton's money go?
Would you kindly mod me +1 insightful?
Where would one find something like that? IRC channel for paper RPGs?
Good question. The one I play in was founded by me and a couple guys scattered all across Germany who couldn't find a local group either. If you know people who like to roleplay and who don't have anyone to roleplay with but who are too far away to meet in the real world you might be able to start a channel. If you don't... Hmm, forums? If you are in some kind of forum-based web community it might be a good idea to just start a thread.
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
I have seen "Type "/join #uberfiles,0" for fserv" work repeatedly over the timespan of years. On several occasions I've seen the same person do it several times in a row, thinking there was something wrong with the non-existent fserve.
Well I've wrestled with reality for thirty five years doctor, and I'm happy to say I finally won out over it.