Slashdot Mirror
Symantec Support Gone Rogue?
DigitalDame2 writes "PCMag Security Analyst Neil Rubenking has always praised Symantec's tech support. Lately, though, a number of readers have reported problems with chat support, so he investigated. Rubenking was trying to install Norton 360 version 3.0 on a malware-infested system when the computer crashed with a blue screen error. He connected with Symantec tech support and was told that they could fix the problem, but for a fee of $100! (Here is the transcript and screen-captures of the chat.) Even more, Symantec support suggested that he use a malware-removal tool that wasn't even made by Symantec."
They just went rouge?
At least they had him use a decent anti-malware program. I generally find symantec products to be more of a virus than most viruses, that crap is hard to get rid of once it's installed and doesn't detect much of anything.
Maybe the malware infected machine had a hacked hosts file and he was connecting to some site in Russia? Or some other way of redirecting the supposed chat session with "Symantec Support"
As a real-time scanner, it is pretty good, and the corporate editions are pretty light weight, but has symantec ever been useful as a repair tool?
The support tech sounds like he did right, despite the non-corporate policy of eating symantec's own dog food.
Anyone cleaning an already infected machine would start with malwarebytes or combofix before wasting their time with symantec's stuff.
Sounds like the tech who was helping him knew this.
Generally speaking, unless you are an expert at killing malware, the LAST thing you want to try to do is install new antivirus software on an already infected machine.
Seriously, its completely idiotic and a waste of time.
The computer was simply too infected to allow the Symantec software to install. This is not an abnormal occurrence. Symantec offered to have an engineer remotely access the system and clean it, which naturally costs money, since you're paying for a person's time to fix your computer, in addition to the license for the software. Symantec can't guarantee that your Windows installation isn't too badly damaged to allow their software to install, and they just offered an alternative to telling him to take the computer to be serviced. This is a non-story.
There are scads of free options.
Try a linux alternative
Like this.
Or this.
Hell even an online scan may work well enough, http://housecall.trendmicro.com/
As a general rule when working with badly infected systems, the only guaranteed way to get it working again is to nuke and reinstall. Symantec is, I suppose, doing them a service by trying to help, but if a system is too far gone to allow Norton to be installed, it's most likely too far gone to save. Every client of mine that insists on going through the motions about not wanting to pay for a data backup or to get all of their programs reinstalled signs a waiver that states that I offer no warranty on the system or any of the work done on it. Surprisingly enough, most of the systems I get that are so bad that they require a nuke and reinstall were running Norton to begin with.
Honestly, I've never, EVER found them to be worth a grain of salt. When installing a product (Norton 2005 I think), it refused to activate itself. So I looked on the website. I tried everything they offered, like their "Complete Removal Tool" to do a clean reinstall, and nothing worked. So I finally broke down and went onto their online support. Their advice was EXACTLY the same as the advice I'd already been given by their website. They (plural!) couldn't wrap their heads around the idea that I had already tried everything.
I had to reinstall Windows twice to get it to work.
People still get malware, and still use Symantec products?
I want to delete my account but Slashdot doesn't allow it.
There is a major difference between offering defect support for software and offering services surrounding the software. Let's review the order of events here:
1) Customer is unable to install product on test environment. Receives BSOD.
2) Customer contacts Symantec requesting defect support. Per customer the product is not functioning as described on a test system.
3) Symantec's front-line support team misinterprets the customer's request for defect support. Instead, they believe the customer wants the system cleaned, regardless of whether a Symantec product is used or not. As a result, Symantec services are offered for an additional fee of $100.
4) End-result is one unhappy customer, and a heavily biased article criticizing Symantec support.
What should have happened is anybody's interpretation. But, during #3, at a minimum, the issue should have been escalated to the next level where an actual support engineer discusses a bit further with the customer to try to understand if they a defect with the product, something unique to customer environment, etc.
Conclusion: Front-line reps at Symantec need more training. Customer needs to work on communication skills to be clear when contacting defect support. Failure to communicate.
I had to help someone clean up a popup problem and Malwarebytes Anti-Malware (which is free) eliminated not only the adware but also identified and removed a trojan that an up-to-date Symantec Anti-Virus didn't even find. I was really surprised.
Symantec did just outsource a bunch of their support. I wonder if they'll reconsider the move.
I was employed by a call center company to do tech support for a large ISP many years ago, and one summer they opted to get a second call center going down in Texas. Within a week there were at least one or two incidents where hard drives were reformatted just to fix stupid dialup errors, or something else went horribly wrong. Naturally, those incidents had to be reported to the company we were working for, but by no means they were going to terminate the contract they had just signed.
The short answer is no. They'll take that incident and use it as an "opportunity for training" to make sure it doesn't happen again.
this is just more evidence that anti-virus/malware products need to be on bootable read-only CDs that can connect to the internet, obtain current definition files, and scan and clean a computer before actually installing any realtime protection software.
- James
inux isn't popular because it's a fad. It's popular because it's a successful alternative that doesn't allow remote control by the bad guys.
Neither does Windows if you have a clue. The problem is, most users don't.
The higher the technology, the sharper that two-edged sword.
Malwarebytes has a trial offer that is free, but the full product is not...
This post is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.
well the mafioso types that run these malware botnets are usually russian, and probably would have no qualms about killing people, so it's quite possible.
Do you know why they call it Norton 360? Because when you see it, you'll turn 360 degrees and walk away.
A hardware firewall will not stop outbound traffic if you don't have some kind of a IDS installed.
A really decent hardware firewall can do anti-virus, IDS and content filtering before it even reaches the PCs on your internal network. Problem is not everybody can properly configure the firewall or even understand exactly how it works. Which is why alot of security companies are making a killing on "security appliance" which for a yearly fee they will manage the device for you. They will push the updates to your hardware firewall and basically baby sit it for you. Only thing they will not help you with is ISP problems.
son, you ain't from around these parts, are you? that's an xbox 360 meme
Symantec's products have declined in quality to the point in which we do not recommend it to our clients, in fact, we actively discourage it. Endpoint protection, even the corporate version, is heavy and almost useless for the detection of any kind of malware. The management software is so bad, that when left unchecked, it will fill a server with logs sometimes generating as much as a gigabyte per manged PC in a month.
Our greatest enemy is neither a single man, nor is it a nation, it is, as it has always been, our own greed.
No matter how I tried to explain that, the only answer I received was that "Windows can only be installed on one computer per license".
I ended up getting soo frustrated that I swore at the guy on the phone and hung up on him before returning the copy of Windows and just going with Ubuntu instead.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
My Name is M'tumbo Botswana, I am the spyware removal expert of Nigeria. Please to transfer sum of 100,000 US dOllar to bank account written below. We value your customership very very much. Thank you
Hello,
/MBR switch, SYS and so forth).
I have worked in the antivirus industry for about nine years (with about another nine years doing networking things), starting with the technical support department at McAfee Associates (now McAfee). Even in the late 1980s and early 1990s, there were times when we had to run other companies tools to assist in detection or removal of computer viruses, or to obtain a sample. Peter Norton Computing's Norton Utilities Disk Editor and Sybex' Teledisk come to mind, as do various Microsoft MS-DOS utilities (DEBUG, FDISK with its then-undocumented
A few years ago, I re-entered the anti-virus (or anti-malware, as classic replicating infectors account for a few percentage points of what is seen these days) industry and it was and is not uncommon for our technical support people to help people remove rootkits, various Trojan downloaders and other pieces of malware that are either not detected or detected and not properly removed by our own software. One thing we make sure of is to get copies of any objects like files and registry entries so that our virus lab can add detection (or removal) in a new virus signature database update.
Sometimes, customers do get upset when they are sent download links to a third-party tool to assist with removal because they assume that one tool will protect them against all threats, however, with the shear number of unique pieces of malware being released every day by organized criminal businesses no one tool is going to prevent, detect or remove every piece of malware, every time, even with the best heuristics and generic detection technology. This is something which all anti-virus companies have to deal with, not just Symantec. On the plus side, we just started deploying our own supplmentary tools to detect and remove threats that the mainline products do not, and that will help wean our dependence on third-party programs.
That is pretty much how things stand with recommendations for the use of third party software by anti-virus vendors, now.
As far as selling support goes, well, fifteen years ago it was not unusual to sell support contracts or service level agreements to enterprise customers offering them priority round-the-clock access to technical support. Free, unlimited support via telephone, fax, electronic means (email, BBS, CompuServe, et cetera) was provided, but it was on a first-in-line basis. That started to change in the mid-1990s when the anti-virus companies started to generate substantial revenue and get taken over by professional business people instead of engineers, but when a company becomes publicly-traded, it switches from being technology-focused to being focused on maximizing stakeholder value every quarter, and that means looking at things which cost money like having to pay salaries for support engineers and turn them into things which generate revenue. At that point, I was leaving the company, and really did not care what they did with my department. I have been told by a couple of people who stayed on after me said that Bill Larsen used to give motivational speeches like, "I would fire you if I could." and "I don't understand why we have to provide support to customers, after all, we've got their money." to the support staff, but even if they are not actual quotations, they certainly are reflective of the culture at that time. At a publicly-traded company, loyalty to the shareholders usually takes precedence over loyalty to the customers. Some companies figure out that customer loyalty actually translates into more value for shareholders in the form of increased revenue from license renewals, customers who purchase new products or services from the company, et cetera, but it seems there are plenty who are unable to make this evolutionary leap in understanding how their business works.
These days, my current employer does provide free, unlimited technical support via phone and electonic means and
Dexter is a good dog.
Norton disk doctor and norton speedisk where both fantastic compared to the Microsoft alternatives under DOS 5/6/6.22 (my era) speedisk used to do a real, thorough defrag of the drive, sure it took a hell of a long time but it totally sped things up, especially logging disks in ztree.
Over the years it became worse and worse, I think the first one or two windows revisions were somewhat decent but it's been a good 6 or 7 years since I'd ever even consider installing their stuff on my machine anymore.
FWIW I found a tool called "Ultimate defrag" it's got a ghastly interface and looks like it was designed by someone with 'my first developement toolkit' but the underlying defrag technology it uses is actually pretty damn slick, it really will do the old school Norton style "full with file re-order" and actually does move what you want, where you want it, scope it out.
(No I don't work for them)
Michael Jackson can turn 360 degrees and walk away. Called the Moonwalk.
I give my usual spiel that the best protection is not to pay money for anything, it's hard to say it's worth it (Slowing down your system, possibly causing more crashes and program compatibility issues, and then only catching perhaps 90% of threats). Open-source or freeware tools will do just fine to actually scan and heal threats. Largely it's the users actions that are the initial problem. I then offer my time, for free, to teach some safe practices.
You can't just punch in your credit card number and expect adequate protection.
Mark my words, there are lots of botnet'd windows boxes that have full-paid anti-virus software on them running just fine. My parents had one of them. (problem was identified in the logs of their linux firewall). The solution was to wipe it, given them firefox with some add-ons and clam-av. Zero issues since.
If your machine is properly patched your very unlikely to be taken over by a worm attack. Following that, with the right software, your unlikely to be hijacked in your browser and then infected. With the right ISP you won't have spam and e-mail threats. It's down to how the user operates, and discouraging them from skipping virus scanning that keygen.exe when downloading warez. Largely it's browsing that's the problem. Firefox plus some add-ons, and a little bit of user coaching.
I really wonder in who's interests it is to keep users dumbed down on security matters. Which in todays world has become as important as locks and alarms on houses cars and businesses. It's protection of critical infrastructure.
Why pay a exorbitant monthly subscription for a security guard to stand outside your house, because your house is equipped with vulnerable locks and the occupants are poorly trained at keeping the doors closed when they go out?
In hindsight I should have modded as redundant the mandatory:
Install Linux
which is inexplicably modded +5 something.
If 90% of the world ran one Linux distribution we would still have a thriving ecosystem viruses, trojans (albeit on a lesser scale). Good design, transparency and rapid patching in OSS only goes so far, it's not magic immunity. There is also a fairly constant amount of problems between the keyboard and chair - now that will not go away. Windows is the most common, therefore the most attacked... is the statement that raises hackles for some. However it is the truth. In much the same way having millions of genetically identical crops/livestock in unnatural concentrations provides for massive outbreaks of everything from blight to foot and mouth disease. Likewise millions of humans living in close proximity results in plagues - the human immune system was not built for this. And so our information technology infrastructure suffers the same fundamental laws of nature, you have one monoculture of identical entities you invite pandemic infection.
So how do we live in 20-30 million person cities, and don't all get wiped out in two weeks by ebola? We have sanitation: we all get taught how to cover our mouths when we cough, cook food properly and wash our hands after visiting the lavatory etc etc and we have some sanitary measures to back it up, ie chemicals that can clense pathogens.
User education is the key. The first thing we can teach is to stay the hell away from clearly rogue companies. We can also stop beating redundant very tired drums.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
NOD32 is great as well. Really low performance impact and a very accurate heuristics engine. Highly recommended.
Amnesty International
I found another one called JKDefrag that also works very well.
The higher the technology, the sharper that two-edged sword.
Nope. Not even an Apple can save you from Symantec.
Agreed. NOD32 is definitely the way to go. The top performer at Virus Bulletin's annual tests, doesn't contain bloatware, completes the same tasks as Norton's AV ... but efficiently, and costs $20 a year. You can't go wrong with it. After being fed up with Norton's for years, my last straw was the pricing and speed of Norton 360. I switched to NOD32 then and haven't looked back.
If you turn 180 degrees, you will be right where you started too.
Modding me -1 troll doesn't make me wrong.
First of all, let's not resort to namecalling here.
Neil tested the the software on 12 different infected systems, and found that one resulted in an endless-loop problem requiring support, whereas it installed and worked properly on the others. That right there alone is a better than 90% success rate for Norton. That's hard data. What hard data have you come up with after your extensive testing of av products, Killall? Yeah, I didn't think so.
But this isn't a story about the program's performance (that's in the linked product review). This is a story about the failure of support and a support staff's overzealous attempts to make an extra buck from a desperate customer.
No one expects any free or retail software to clean out all problems all the time, but when you pay for a retail software package, a modicum of free support is part of the deal after a failure to install. Contrary to the tech's assertions, the purchase price include support to install a retail product. If the tech doesn't want to go through the hassle of installing AV products on infected systems via telephone or remote, then the tech should search for another line of work. (And I know - I did this sort of support for 5 years.)
If there were truly no free solutions (and it turns out there were) AT A MINIMUM the tech support person should have offered the option to refund the customer's money after establishing the software wouldn't install. That's not great "tech support," but it at least fair "customer support."
There's also the matter of the tech offering paid services rather than directing the user to free services offered by Norton themselves for just this sort of problem. Offering paid support services for free products is an established business model (SugarCRM anyone?), but ignoring free solutions offered by your own company in order to make an extra buck with a paid solution for a retail product is simply disrespectful to the customer, as is not offering a refund, and Neil called 'em on it. What is your problem with that again?
And finally, there's the little act of plagiarism where the tech represented a third-party free antispyware cleaner as a Symantec product. Also disrepectful, especially when Symantec has its own free tools that are supposed to do the job too. And again, Neil called 'em on it.
Most product reviewers just rewrite press releases without any real testing these days - Neil is one of the few that really tests these things out on banks of infected systems, and then goes through the trouble of pretending to be a normal customer going through tech support to see how it works. There just aren't that many tech reviewers doing that anymore. Personally, I can only think of one other, and modesty prohibits me from mentioning who.
So let's direct that anger to Symantec rather than the reviewer, eh? Symantec dropped the ball on this one.