Norton AntiVirus 2009

I installed Norton AntiVirus 2009. I’ve got a 3 CPU license and installed on two computer thus far. My initial feeling about it is that it’s vastly improved from 2008, and light years ahead of the clusterfuck that was the early 00’s. It’s been vastly better for about 2 years now, 2008 is a significant but still incremental improvement. 2005 was the bottom.

Norton 2009 CPU monitorThe install itself was very quick (yay) which was a positive sign. It seems to be using less processes and less memory than any recent version. A very welcome sight.

Another noteworthy item is that the application itself is faster. The UI loads quickly and feels rather responsive. In previous years there was a several second lag. This is clearly gone. Scanning is also quicker.

Another interesting thing is that LiveUpdate was apparently fixed so that it no longer launches a dozen child processes when it runs. I haven’t looked too closely but I’ve yet to see this behavior when it runs. I think this was the single most annoying thing about 2008.

Symantec even went as far as putting a CPU monitor on the application itself to show how much CPU they are occupying. That itself is a pretty bold move considering their past history of bloat. Clearly this year they are trying to undo that reputation. Their website is updated to discuss performance now.

The big feature is that Symantec now feeds updates every few minutes rather than daily. This is a good move considering the fast pace of security threats these days. The UI even shows the seconds since the last update. It’s great to finally see this.

Norton 2009 Update Frequency

For anyone ever upgrading a Symantec product, here’s a bit of advice. Uninstall the previous version, restart, then run the Norton Removal Tool (NRT) and restart again. This will give you a much cleaner base than just installing and hoping for the best. Then finally install and follow directions. This has proven to be much better than any other method. AntiVirus software hooks just dig so deep into the OS that any other method just seems doomed to fail.

I should also note that it scans all volumes. This could be a bad thing if you have network volumes loaded. Make sure to exclude those if this is a problem.

Amazon

Norton Antivirus 2009
Norton Antivirus 2009 CD 3 User Ret
$20 Rebate (Expires 12/31/09) – should work with purchases from most stores including Amazon, despite being hosted on Fry’s.

Norton 360

An interesting review of Norton 360 was posted by CNet. Overall the review was very positive, they seem to like it. Interesting to me was:

We also found that Norton 360 is optimized for Internet Explorer only, and not Firefox and Opera browsers. It could be said that Symantec realizes that Internet Explorer users need more protection, but it would be nice to use the antiphishing feature in Norton 360 on Firefox or Opera. Of the three super suites, only McAfee supports Firefox; none support Opera.

I’d be curious to know if support is planned through an extension or not. They could potentially leverage existing infrastructure to do the job quite nicely. I’m not sure if anyone has used this functionality to date. As far as I’m aware nobody has. Not even PhishTank.

I’m still not sure if Norton 360 is really a product I’d be interested in. I use Norton AV, and despite a few small things, it’s a pretty solid product. I’m not really sure I see the added stuff in 360 as something beneficial. But I still have a little while on my subscription for the year, so I don’t have to decide just yet.

Using Norton AntiVirus With POP3 Over SSL

I didn’t find this anywhere online, so I thought I’d post it. Norton AntiVirus up to and including 2007 doesn’t support POP3 over SSL. That’s a problem since sending mail without SSL is insecure, and sending mail over SSL with no virus scanning is also insecure. There is a fix.

Please note these directions, and intended to be a casual guide for experienced individuals. I’m not providing assistance or support.

Continue reading

Norton “Internet Worm Protection”

Norton AntiVirus has this strange omission I just can’t figure out. For some reason “Internet Worm Protection” won’t allow for creating a connection to a PPTP VPN. Not very helpful if you have to connect to one of the many VPN’s out there that use this protocol.

First a little primer on making a PPTP connection . You essentially need two ports open, 1723/TCP, and IP Protocol 47 (GRE). Ok, this is pretty basic stuff. We can do that ;). Well in the little wizard Norton provides, to create a rule you have the following choices for protocol: TCP, UDP, TCP/UDP, ICMP, ICMPv6, All (pointless). No way to select GRE.

So the only way I’ve found to connect to a PPTP VPN thus far is simply to disable either just Internet Worm Protection, or disable Norton AV.

It’s rather odd that something like this is not supported. A search on Google didn’t turn up an answer. Symantec’s tech support database didn’t turn up anything helpful either.

I would have expected something like this to function without a hitch. I’m very surprised to see this requires any intervention, and even more surprised to see that even with intervention there’s still no way to get it working.

Norton AV 2006 Update

I got Norton AntiVirus 2006 a few weeks ago, and decided today to update 3 systems from 2005 to 2006. It was free (after rebate) so a worthwhile update to keep those virus definitions fresh.

One computer had trouble uninstalling, the old version (2005) then installed fine. The next system had uninstall problems (but seemed to be a bit different), and failed to install on the first attempt. The third system is literally brand new so no problems (thankfully).

They used to have a “removal tool” online you could download. In the real world we call it uninstall and include it with software, but they don’t. Now instead of a download it’s ActiveX… just to make the situation suck slightly more.

I’ve pretty much had it with Symantec. This took 20X longer than it should have. You know your product has problems when a customer is unsatisfied with free.

The Apple Worm?

According to Norton AntiVirus, Apple’s own QuickTime.com website may be a threat to the safety of my (and your) computer. I was trying to view the M:i:III Trailer (link below in plain text, so you can think twice before clicking).

I’m not sure who is at fault. It’s either Apple with a contaminated server, or Norton who incorrectly pushed a bad Virus definition file out. Either way it’s a bad thing.

Apple Integer Overflow

Details: Attempted Intrusion “Apple Quicktime MOV Integer Overflow” against your machine was detected and blocked.
Intruder: movies.apple.com(62.153.251.222)(http(80)).
Risk Level: Medium.
Protocol: TCP.
Attacked IP: XXX(192.168.xxx.xxx).
Attacked Port: 2499.

The URL in question is (proceed with caution):

http://www.apple.com/trailers/paramount/missionimpossibleiii/large.html

Anyone want to take a guess who is at fault? This is with Norton 2005 with 3/15/2006 Definitions.

Edit [3/16/2006 10:36PM EST]: Changed title to accurately represent dialog trojan worm. Added Norton Version.
Edit [3/17/2006 10:58AM EST]: Symantec acknowleges a problem with AOL in it’s latest update.
Edit [3/19/2006 5:30PM EST]: An document about the vulnerability (no mention on this bug), and update documentation.

Symantec on Firefox vs IE

Many remember a few months ago Symantec came under fire for suggesting that IE was more secure than Firefox, because it had less security issues. Immediately many pointed out that Symantec’s methodology in the research was flawed, since they focused on vendor acknowledged security issues. That essentially lets the development teams decide how many security issues they want to have.

Symantec has now revised their research to include how many non-vendor confirmed security issues were reported. This puts things a bit more level of a playing field. Naturally you’d expect Firefox to have more confirmed flaws, because development is transparent. The IE team has the ability to selectively choose what’s “critical”. That’s a big advantage in the old comparison. They don’t seem to declare a “winner”, they just lay out the data.

Moral of the story? Data is only accurate if the research is well done. Symantec realized their research was flawed, and corrected it in a way that seems pretty fair, considering Firefox and IE have totally different development situations.

Norton AntiVirus doesn’t like Windows Defender

I upgraded from MS AntiSpyware to Windows Defender. Seems Norton AntiVirus doesn’t exactly like it. In Norton’s Log Viewer are a ton of the following:

Event Details:
Time: 2/22/2006 8:02:17 PM
Actor: C:\Program Files\Windows Defender\MsMpEng.exe (PID=464)
Target: C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped

www.symantec.com

Not nearly as bad as Kaspersky zapping Microsoft AntiVirus. Hopefully Symantec or Microsoft will get to it soon. Nothing about that in the release notes.

Other than that, no opinion formed quite yet.. It has a “new engine” supposedly. Not sure if it will prove any better or worse. I guess time will tell. Doesn’t seem to give as many alerts to the user as the old version did. Personally I liked them, let me know what’s going on. Perhaps I’ll revisit and review it a bit at a later date.

Kerio Personal Firewall Saved

Sunbelt Software bought Kerio Personal Firewall, saving it from being killed by Kerio (who is discontinuing the product at the end of the year). I’ve been using it for a few months, after using Sygate Personal Firewall for ages (which is also discontinued now that it’s owned by Symantec). I must say Kerio is much better, if not simply for performance, Sygate was much more resource intensive from what I can see.

On their blog (one of the few good corporate blogs I might add), they discuss their plans ever so briefly, of note is:

  • Upon the close of the deal, Sunbelt will also announce new reduced pricing for the full version of the product and a variety of special offers for both Kerio and Sunbelt customers.
  • Additionally, Sunbelt will continue Kerio’s tradition of providing a basic free version for home users.

Also really great to hear. Hopefully they will improve the basic version as well. Lowering the price is a good move considering it’s a rather high $45.

It’s good to see there are some alternative firewalls out there. Having a laptop (and not always the benefit of being behind a real hardware based firewall) the extra protection is welcome.

[Hat tip: dslreports.com]

Symantec Live Update Fun

Had Norton SystemWorks 2002 for a while, then upgraded AntiVirus to 2004. Worked fine for quite some time. Recently I reformatted my hard drive and reinstalled this duo. Now I’m getting an error that I Subscription Client Update failed LU1812. I’ve got no clue why this is happening. Following Symantec’s instructions to completely uninstall and reinstall didn’t work, nor did updating Live Update or any other step they gave.

Live Update Error

Curious if anyone else out there ran across this, and if anyone resolved this problem.