Norton AntiVirus 2009

I installed Norton AntiVirus 2009. I’ve got a 3 CPU license and installed on two computer thus far. My initial feeling about it is that it’s vastly improved from 2008, and light years ahead of the clusterfuck that was the early 00’s. It’s been vastly better for about 2 years now, 2008 is a significant but still incremental improvement. 2005 was the bottom.

Norton 2009 CPU monitorThe install itself was very quick (yay) which was a positive sign. It seems to be using less processes and less memory than any recent version. A very welcome sight.

Another noteworthy item is that the application itself is faster. The UI loads quickly and feels rather responsive. In previous years there was a several second lag. This is clearly gone. Scanning is also quicker.

Another interesting thing is that LiveUpdate was apparently fixed so that it no longer launches a dozen child processes when it runs. I haven’t looked too closely but I’ve yet to see this behavior when it runs. I think this was the single most annoying thing about 2008.

Symantec even went as far as putting a CPU monitor on the application itself to show how much CPU they are occupying. That itself is a pretty bold move considering their past history of bloat. Clearly this year they are trying to undo that reputation. Their website is updated to discuss performance now.

The big feature is that Symantec now feeds updates every few minutes rather than daily. This is a good move considering the fast pace of security threats these days. The UI even shows the seconds since the last update. It’s great to finally see this.

Norton 2009 Update Frequency

For anyone ever upgrading a Symantec product, here’s a bit of advice. Uninstall the previous version, restart, then run the Norton Removal Tool (NRT) and restart again. This will give you a much cleaner base than just installing and hoping for the best. Then finally install and follow directions. This has proven to be much better than any other method. AntiVirus software hooks just dig so deep into the OS that any other method just seems doomed to fail.

I should also note that it scans all volumes. This could be a bad thing if you have network volumes loaded. Make sure to exclude those if this is a problem.

Amazon

Norton Antivirus 2009
Norton Antivirus 2009 CD 3 User Ret
$20 Rebate (Expires 12/31/09) – should work with purchases from most stores including Amazon, despite being hosted on Fry’s.

Norton 360

An interesting review of Norton 360 was posted by CNet. Overall the review was very positive, they seem to like it. Interesting to me was:

We also found that Norton 360 is optimized for Internet Explorer only, and not Firefox and Opera browsers. It could be said that Symantec realizes that Internet Explorer users need more protection, but it would be nice to use the antiphishing feature in Norton 360 on Firefox or Opera. Of the three super suites, only McAfee supports Firefox; none support Opera.

I’d be curious to know if support is planned through an extension or not. They could potentially leverage existing infrastructure to do the job quite nicely. I’m not sure if anyone has used this functionality to date. As far as I’m aware nobody has. Not even PhishTank.

I’m still not sure if Norton 360 is really a product I’d be interested in. I use Norton AV, and despite a few small things, it’s a pretty solid product. I’m not really sure I see the added stuff in 360 as something beneficial. But I still have a little while on my subscription for the year, so I don’t have to decide just yet.

Using Norton AntiVirus With POP3 Over SSL

I didn’t find this anywhere online, so I thought I’d post it. Norton AntiVirus up to and including 2007 doesn’t support POP3 over SSL. That’s a problem since sending mail without SSL is insecure, and sending mail over SSL with no virus scanning is also insecure. There is a fix.

Please note these directions, and intended to be a casual guide for experienced individuals. I’m not providing assistance or support.

Continue reading

Norton “Internet Worm Protection”

Norton AntiVirus has this strange omission I just can’t figure out. For some reason “Internet Worm Protection” won’t allow for creating a connection to a PPTP VPN. Not very helpful if you have to connect to one of the many VPN’s out there that use this protocol.

First a little primer on making a PPTP connection . You essentially need two ports open, 1723/TCP, and IP Protocol 47 (GRE). Ok, this is pretty basic stuff. We can do that ;). Well in the little wizard Norton provides, to create a rule you have the following choices for protocol: TCP, UDP, TCP/UDP, ICMP, ICMPv6, All (pointless). No way to select GRE.

So the only way I’ve found to connect to a PPTP VPN thus far is simply to disable either just Internet Worm Protection, or disable Norton AV.

It’s rather odd that something like this is not supported. A search on Google didn’t turn up an answer. Symantec’s tech support database didn’t turn up anything helpful either.

I would have expected something like this to function without a hitch. I’m very surprised to see this requires any intervention, and even more surprised to see that even with intervention there’s still no way to get it working.

Norton AV 2006 Update

I got Norton AntiVirus 2006 a few weeks ago, and decided today to update 3 systems from 2005 to 2006. It was free (after rebate) so a worthwhile update to keep those virus definitions fresh.

One computer had trouble uninstalling, the old version (2005) then installed fine. The next system had uninstall problems (but seemed to be a bit different), and failed to install on the first attempt. The third system is literally brand new so no problems (thankfully).

They used to have a “removal tool” online you could download. In the real world we call it uninstall and include it with software, but they don’t. Now instead of a download it’s ActiveX… just to make the situation suck slightly more.

I’ve pretty much had it with Symantec. This took 20X longer than it should have. You know your product has problems when a customer is unsatisfied with free.

The Apple Worm?

According to Norton AntiVirus, Apple’s own QuickTime.com website may be a threat to the safety of my (and your) computer. I was trying to view the M:i:III Trailer (link below in plain text, so you can think twice before clicking).

I’m not sure who is at fault. It’s either Apple with a contaminated server, or Norton who incorrectly pushed a bad Virus definition file out. Either way it’s a bad thing.

Apple Integer Overflow

Details: Attempted Intrusion “Apple Quicktime MOV Integer Overflow” against your machine was detected and blocked.
Intruder: movies.apple.com(62.153.251.222)(http(80)).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: XXX(192.168.xxx.xxx).
Attacked Port: 2499.

The URL in question is (proceed with caution):

http://www.apple.com/trailers/paramount/missionimpossibleiii/large.html

Anyone want to take a guess who is at fault? This is with Norton 2005 with 3/15/2006 Definitions.

Edit [3/16/2006 10:36PM EST]: Changed title to accurately represent dialog trojan worm. Added Norton Version.
Edit [3/17/2006 10:58AM EST]: Symantec acknowleges a problem with AOL in it’s latest update.
Edit [3/19/2006 5:30PM EST]: An document about the vulnerability (no mention on this bug), and update documentation.

Symantec Live Update Fun

Had Norton SystemWorks 2002 for a while, then upgraded AntiVirus to 2004. Worked fine for quite some time. Recently I reformatted my hard drive and reinstalled this duo. Now I’m getting an error that I Subscription Client Update failed LU1812. I’ve got no clue why this is happening. Following Symantec’s instructions to completely uninstall and reinstall didn’t work, nor did updating Live Update or any other step they gave.

Live Update Error

Curious if anyone else out there ran across this, and if anyone resolved this problem.

Thank you Norton, for wasting an hour of my life

I gave you the best hour of my life!

Ok, it wasn’t that bad.

Symantec, apparently deployed a new version of Live Update today, and it apparently wasn’t well tested. After days of serious virus catches, it updated, and live updated, doesn’t function. I uninstall, reinstall, uninstall again, clear registry out a bit, search for files, look in Knowledge Base, reinstall. I got it working (think they disabled that update for now).

What a mess.

So for any Symantec engineer reading this. THANK YOU. That was fun 🙁

Try beta testing next time.