The install itself was very quick (yay) which was a positive sign. It seems to be using less processes and less memory than any recent version. A very welcome sight.

Another noteworthy item is that the application itself is faster. The UI loads quickly and feels rather responsive. In previous years there was a several second lag. This is clearly gone. Scanning is also quicker.

Another interesting thing is that LiveUpdate was apparently fixed so that it no longer launches a dozen child processes when it runs. I haven’t looked too closely but I’ve yet to see this behavior when it runs. I think this was the single most annoying thing about 2008.

Symantec even went as far as putting a CPU monitor on the application itself to show how much CPU they are occupying. That itself is a pretty bold move considering their past history of bloat. Clearly this year they are trying to undo that reputation. Their website is updated to discuss performance now.

The big feature is that Symantec now feeds updates every few minutes rather than daily. This is a good move considering the fast pace of security threats these days. The UI even shows the seconds since the last update. It’s great to finally see this.

For anyone ever upgrading a Symantec product, here’s a bit of advice. Uninstall the previous version, restart, then run the Norton Removal Tool (NRT) and restart again. This will give you a much cleaner base than just installing and hoping for the best. Then finally install and follow directions. This has proven to be much better than any other method. AntiVirus software hooks just dig so deep into the OS that any other method just seems doomed to fail.

I should also note that it scans all volumes. This could be a bad thing if you have network volumes loaded. Make sure to exclude those if this is a problem.

Amazon

Norton Antivirus 2009
Norton Antivirus 2009 CD 3 User Ret
$20 Rebate (Expires 12/31/09) – should work with purchases from most stores including Amazon, despite being hosted on Fry’s.

We also found that Norton 360 is optimized for Internet Explorer only, and not Firefox and Opera browsers. It could be said that Symantec realizes that Internet Explorer users need more protection, but it would be nice to use the antiphishing feature in Norton 360 on Firefox or Opera. Of the three super suites, only McAfee supports Firefox; none support Opera.

I’d be curious to know if support is planned through an extension or not. They could potentially leverage existing infrastructure to do the job quite nicely. I’m not sure if anyone has used this functionality to date. As far as I’m aware nobody has. Not even PhishTank.

I’m still not sure if Norton 360 is really a product I’d be interested in. I use Norton AV, and despite a few small things, it’s a pretty solid product. I’m not really sure I see the added stuff in 360 as something beneficial. But I still have a little while on my subscription for the year, so I don’t have to decide just yet.

Please note these directions, and intended to be a casual guide for experienced individuals. I’m not providing assistance or support.

1. Download stunnel and install it.
2. Open up the stunnel.conf file (either through the Start Menu —> Stunnel —> Edit stunnel.conf, or navigate to the file yourself.
3. For each mail server you use, create an entry as follows. Replace mail.myisp.com with your mail server. Also make sure you set the appropriate port (995 is typically fine). Make sure the accept port is different for each one.

   client=yes
   accept=127.0.0.1:110
   connect=mail.myisp.com:995
   

4. Start Menu —> Stunnel —> Service install
5. Start Menu —> Stunnel —> Service start
6. Now configure your email client to use the following information:

   Server: localhost
   Port: 110 (or whatever port that account was set to use up above)
   

   SSL should be off (the SSL connection is now terminated at stunnel, which uses the local loopback interface to send mail to your mail client on port 110. So mail is sent over the web in SSL, but locally in plain text (where an AV can sniff it).

7. Test it out.

Important Last step

Up to now it should be working, but it’s using a generic key. This means everyone who downloads stunnel has the key. You need your own. There are good directions for that from available here. You can create one with a copy of OpenSSL (it’s up to you to get it for Windows, or hop on a Unix box for this step). I should note that the stunnel.cnf file is missing in the Windows binaries as of Stunnel 4.20 (don’t ask me why). If your going to gen a key on windows use the following in a text file named stunnel.cnf:

# create RSA certs - Server

RANDFILE = stunnel.rnd

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type

[ req_dn ]
countryName = Country Name (2 letter code)
countryName_default             = PL
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = Some-State

localityName                    = Locality Name (eg, city)

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Stunnel Developers Ltd

organizationalUnitName          = Organizational Unit Name (eg, section)
#organizationalUnitName_default =

0.commonName                    = Common Name (FQDN of your server)
0.commonName_default            = localhost

# To create a certificate for more than one name uncomment:
# 1.commonName                  = DNS alias of your server
# 2.commonName                  = DNS alias of your server
# ...
# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
# to see how Netscape understands commonName.

[ cert_type ]
nsCertType = server

This is from the source code of version 4.20.

From there you can effectively use the following commands (from the above linkage):

openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem

Change 365 to something higher if you don’t want to do this on a yearly basis. Though may not be a bad idea to do annually. Answer the prompts as required. Make sure the Common Name is set to “localhost”.

Followed by:

openssl gendh 512 >> stunnel.pem

Make sure your cert.pem is in your stunnel directory, stop the service and start it again. From now on you should be good to go.

So that’s it. Now you have SSL encrypted mail connections, with support for AntiVirus scanning. This will work for any mail host that uses POP3 over SSL including Gmail.

First a little primer on making a PPTP connection . You essentially need two ports open, 1723/TCP, and IP Protocol 47 (GRE). Ok, this is pretty basic stuff. We can do that . Well in the little wizard Norton provides, to create a rule you have the following choices for protocol: TCP, UDP, TCP/UDP, ICMP, ICMPv6, All (pointless). No way to select GRE.

So the only way I’ve found to connect to a PPTP VPN thus far is simply to disable either just Internet Worm Protection, or disable Norton AV.

It’s rather odd that something like this is not supported. A search on Google didn’t turn up an answer. Symantec’s tech support database didn’t turn up anything helpful either.

I would have expected something like this to function without a hitch. I’m very surprised to see this requires any intervention, and even more surprised to see that even with intervention there’s still no way to get it working.

One computer had trouble uninstalling, the old version (2005) then installed fine. The next system had uninstall problems (but seemed to be a bit different), and failed to install on the first attempt. The third system is literally brand new so no problems (thankfully).

They used to have a “removal tool” online you could download. In the real world we call it uninstall and include it with software, but they don’t. Now instead of a download it’s ActiveX… just to make the situation suck slightly more.

I’ve pretty much had it with Symantec. This took 20X longer than it should have. You know your product has problems when a customer is unsatisfied with free.

I’m not sure who is at fault. It’s either Apple with a contaminated server, or Norton who incorrectly pushed a bad Virus definition file out. Either way it’s a bad thing.

Details: Attempted Intrusion “Apple Quicktime MOV Integer Overflow” against your machine was detected and blocked.
Intruder: movies.apple.com(62.153.251.222)(http(80)).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: XXX(192.168.xxx.xxx).
Attacked Port: 2499.

The URL in question is (proceed with caution):

http://www.apple.com/trailers/paramount/missionimpossibleiii/large.html

Anyone want to take a guess who is at fault? This is with Norton 2005 with 3/15/2006 Definitions.

Edit [3/16/2006 10:36PM EST]: Changed title to accurately represent dialog trojan worm. Added Norton Version.
Edit [3/17/2006 10:58AM EST]: Symantec acknowleges a problem with AOL in it’s latest update.
Edit [3/19/2006 5:30PM EST]: An document about the vulnerability (no mention on this bug), and update documentation.

Curious if anyone else out there ran across this, and if anyone resolved this problem.

It’s not hard to avoid that situation. It really isn’t. An 8 year old can do it.

Ok, it wasn’t that bad.

Symantec, apparently deployed a new version of Live Update today, and it apparently wasn’t well tested. After days of serious virus catches, it updated, and live updated, doesn’t function. I uninstall, reinstall, uninstall again, clear registry out a bit, search for files, look in Knowledge Base, reinstall. I got it working (think they disabled that update for now).

What a mess.

So for any Symantec engineer reading this. THANK YOU. That was fun

Try beta testing next time.