Is This Proof Norton AV Is Phoning Home With My Email?

Discussion in 'other firewalls' started by AlamoCity, Oct 17, 2007.

Thread Status:
Not open for further replies.
  1. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,131
    Re: Proof Norton AV Is Phoning Home With My Email

    I know NISS asked permission to send info back for is SONAR technology. Are you sure this is not what's happening?
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Re: Proof Norton AV Is Phoning Home With My Email

    Is is possibel to reproduce it by sending some mail in similar scenario and analyzing the packets sent by sygate once again?
     
  3. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Re: Proof Norton AV Is Phoning Home With My Email

    Sorry, zapjb, I missed that until it was pointed out. But then...
    ...brought about another question. Why are you using an expired AVo_O
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: Proof Norton AV Is Phoning Home With My Email

    You are NOT an idiot. All you are doing is raising the questions you have put to the thread. Your reasons for what happened or may have happened are your own.

    What you need is a solid analysis from the other FW forum maybe Stem to help sort this out for you.

    The rest is just FUD.

    My post to you about your set up to strengthen it was in good faith I hope I did not upset you with those ideas, but we don't know your set up other than an out of date Norton AV? Since you didn't react I kind of wondered:doubt:
     
  5. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    The only info Norton asked to phone home was the web sites I visit. They never said anything about key logging me/sending out packets of what I type while I'm on web sites.
     
  6. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    Good idea, but it didn't work when I just tried it. I'd like to analyze the original packet I stopped from going out, but I don't have a clue how to find it.
     
  7. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    I'm not "using it." It's just hard to get rid of -- it requires a special program you have to download from their site. I'm going to reformat anyway when I have time, so I never bothered with it. As I have a lot of other junk I want to get rid of.
     
  8. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Re: Proof Norton AV Is Phoning Home With My Email

    Now that the topic has been moved to the right forum, maybe some of the FW experts that frequent here can explain this. I am curious about it as well.
     
  9. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    No offense taken. I meant to respond to your other post but forgot. :oops:

    My set up is just Sygate and Firefox/no script. I had some other security programs but uninstalled them months ago after experiencing some problems. I only go to safe sites and do nothing risky online, so I never get viruses. Although I could have a trojan right now and not know it. I'm going to install KIS after I reformat, and that will probably be the only security program I use.

    As far as being an idiot, I should have made the title of this thread "Is This Proof Norton AV Is Phoning Home With My Email?", since the issue could simply be due to the way Sygate functions. So basically, I was jumping to conclusions based on Norton's eagerness to spy on the web surfing habits of their customers. As I assumed they had just taken it one step further and was logging everything their customers typed while they were on web sites.
     
  10. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    This is all good advice. Sygate is a good 2-way FW that I've been using for years.

    If Norton is spying on email, they wouldn't be reading all of it. They would just be scanning for the keywords they were interested in.

    I had a good router I was using at one time, but it's not compatible with my DSL service, so getting one that will work is on my list of 1,000 things to do. :)
     
  11. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Re: Proof Norton AV Is Phoning Home With My Email

    Say no more...I remember it well!!! :ouch:
     
  12. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: Proof Norton AV Is Phoning Home With My Email


    I just ran the Norton Removal Tool myself today! For completely different reasons.

    You download it from theri web site it is quick and simple.

    You should do this first NOW and not wait till reformat. This stuff digs way into your OS and inteferrs with other tools!

    If you google the following you will find it in seconds!

    Norton_Removal_Tool.exe
     
  13. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Re: Proof Norton AV Is Phoning Home With My Email

    Actually it is more referred to as SymNRT. Please remove NAV/NIS via Add/Remove first before running this tool. It does not replace A/R.
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Re: Proof Norton AV Is Phoning Home With My Email

    The fact that a few words in your email show up in a packet may have something to do with the fact that NAV has a firewall component in it which scans port 80 traffic, so when you did your web email, the firewall part of NAV probably scanned it and it therefore ended up in the packet you saw. But NAV *does* scan port 80 traffic. Perhaps that is a clue.

    As for the other arguments, I really just don't see Symantec caring one bit about *anyone's* emails. If they're looking at yours then they're looking at *millions* of other user's emails too right? Just stop and consider the ridiculousness of that. I'm sorry, but they just don't care... If anything, I have to chalk this whole issue up to excess paranoia more than anything rational. I don't know the technical details of what's happening, but I also don't think you need to jump to any wild conclusions either..

    Anyway, that's my 2 cents, take it or leave it, but I won't post more on this nonsense...
     
  15. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    After reading this, the procrastination part of my mind woke up and agrees that it should be done now, because there's no telling when I'll get around to reformatting. Thanks for the prompting.
     
  16. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    Thanks, good advice! I should have used the A/R long ago, as that may have at least kept Norton from trying to install the additional DLL's. Because when you click "no", Sygate won't let you use the browser again until you close it and reopen it -- as it shuts the Internet connection off. That REALLY sucks when you have a lot of web sites open!
     
  17. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    Interesting, I was not aware of the firewall component.

    If the Sygate packet IS evidence of spying, then it's not necessarily just email they'd be interested in -- it could be ANYTHING you type while you're on a web site.

    This was already discussed in post #9. And if they are doing it, my guess would be that it just involves the customers for the NAV program, since that's who they're interested in the web site activity of.

    This was already discussed in post #7.

    I'm not saying they ARE logging everything that people type while they're on web sites, because I don't know if that Sygate packet is normal firewall activity (as far as it containing my keystrokes). I don't even know for sure if it would have been sent to that hosting company if I hadn't clicked no.

    But if they ARE logging keystrokes while their customers are on web sites, how is that so much different than logging the web sites they visit? They obviously care about the intelligence they gather from that activity, or they wouldn't be doing it. So why is it so difficult to comprehend that what you type while on those sites would also be of interest to them?

    Because if you had some reason to be interested in what web sites your customers visited, wouldn't you also be interested in what they wrote while on those sites? Richard Nixon was the president of the U.S., and he didn't have a problem with violating the law when he wanted something. Perhaps you believe that only U.S. presidents illegally spy on people, and that a software company would NEVER do anything like that? If so, I have a swamp in Florida I'd like to sell you, as it's the perfect location for a casino.

    LOL! I guess you haven't heard about AT&T using their vast ISP pipelines to spy on ALL of the Internet activity of millions of Americans, acting on behalf of that intelligence agency. If so, then I guess it's understandable why your mind would be unable to grasp the concept of Homeland Security recruiting a few large publishers of firewalls and anti-virus programs to spy on their customers.

    Also, I guess you're overlooking the fact that high speed computers scanning for certain keywords would make such spying extremely easy and practical. If anything, I have to chalk this whole close mindedness issue up to excess lack of knowledge more than anything rational. :)

    Jumping to conclusions was already covered in post #34. :)

    Consider it "left." :)

    Thank you! :)
     
  18. wat0114

    wat0114 Guest

    Re: Proof Norton AV Is Phoning Home With My Email

    You just started using IE at the time and one of the DLL's is named: NAVshext.exe. This is, I guess, part of a Norton IE shell extension. Norton probably detected IE as opened and automatically installed or updated the shell extension

    You used Firefox to send an email using an online email service, so maybe it's conceivable remote port 80 would be used. The words "mimic a DOS" could conceivably be in the packet. You got the alert for IE but it was opened at the time, so no surprises there.

    It was probably nothing more than a NAV IE shell extension causing the changed DLL alert. Hopefullly that's all it was ;)
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Re: Proof Norton AV Is Phoning Home With My Email

    And you're not paranoid? Sigh......

    I rest my case... ;)
     
  20. RarelyConfused

    RarelyConfused Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    2
    Re: Proof Norton AV Is Phoning Home With My Email

    by your own admission you say you aren't expert in firewalls or figuring out these packet movements, and yet you, who don't know much at all about this, are the first and only person in the world out of countless millions of nav users to discover that they are spying and logging the keystrokes of their users. wow! you ought to be interviewed by the elite in the industry since you've discovered something so big that no one else could figure out. o_O

    get real! yes, you are paranoid and no, norton is not logging the keystrokes of their millions and millions of customers. if they were, someone a lot more technically capable then you (or me) would have discovered it long ago and posted it somewhere else long before now.
     
  21. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,166
    Location:
    PA
    Re: Proof Norton AV Is Phoning Home With My Email

    It's certainly not out of the question that Homeland Security would use a security company. A massive illegal spying program was started, and who knows what the scope of it is now. But I haven't heard of Sygate picking up on this before. It really could be an isolated, explainable incident. If they really wanted to spy, I'm not sure it would be this detectable.

    Has the OP run an online web scanner, to see if he has a virus? His sigs were out of date.
     
  22. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    Thanks, but I really shouldn't even have confused the issue by making IE part of it. As the only thing that's really important is the following:

    1) How much more of my email was in the packet?

    2) What was the purpose of the packet?

    3) Why was the packet presumably being sent to the server at the web hosting company?

    4) How can I locate the packet on my hard drive to see what else it contains?
     
  23. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    Homeland Security to open domestic spying office
    http://www.thehindsightfactor.com/homeland_security_to_open_domestic_spying_office

    ACLU sues Homeland Security for arresting, spying on vegans who protested ham
    http://rawstory.com/news/2005/ACLU_...ting_spying_on_vegans_who_protested_0922.html

    Let's see, Homeland Security spies on ham protesters, but the concept of them spying on Internet activity is totally irrational and paranoid.

    And you're not closeminded? Sigh......

    I rest my case... ;)
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Re: Proof Norton AV Is Phoning Home With My Email

    I wish you well AlamoCity.... onward to other things for me.... :)
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Proof Norton AV Is Phoning Home With My Email

    Hello,

    The packet data looks incorrect. What you are showing is a "SYN" packet (the start of a connection), there should be no actual data tranfer at that time.

    If you look at the packet, it is too long, and the checksum is actually incorrect.

    I have attached your original pic of the hex dump with a pic of a correct "SYN"(connection) packet.

    01.JPG

    02.JPG

    At this time, without further info, I would say the hex dump is incorrect. Can you run a packet sniffer, to try and catch this? (if it happens again)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.