Norton AntiVirus is A Virus - VERY INTERESTING

Re: Norton AntiVirus is A Virus?

Rick:

Yes, I've changed my mind on this, I've removed the SW components of my security setup.

See you later

 

Re: Norton AntiVirus is A Virus?

Hint: look at his avatar

 

Re: Norton AntiVirus is A Virus?

Ah so with my magnifying glass it shows! W98! I remember it well.

Probably not as popular a target as windows xp or vista for that matter!

 

Re: Norton AntiVirus is A Virus?

Most of this is designed into the operating system and software and can't be shut off per se. Some apps can be configured not to store MRUs, usually not the big name stuff. About the best you can do is a regular cleaning program for both registry stored MRUs and records stored as files, including index.dat. Using apps (non-Microsoft) that don't make a lot of MRUs is the best way to start. It's just so much easier to do on a 98 box than on XP. With a couple of batch files, I get rid of all index.dat files and the MRUs in the registry on each reboot. Actually the whole registry gets replaced with a clean, MRU free copy, good old DOS! Eraser takes care of the rest of the files and wipes the free space as scheduled tasks.

These are 2 separate but related problems. MRUs are more of a privacy concern than a security issue. As opposed to getting past your moats, they're more like the spies from within. Depending on what you do with your PC, MRUs can be nightmare if a forensic investigator starts reading them. It's becoming commplace to have your PC seized as "evidence" anytime the powers that be want to accuse you of something, computer related or not. MRUs can become a security issue if your OS or installed apps start sending that information out, a good argument for a firewall with tight control over outbound traffic. Again, much easier on a 98 box than XP. No services to fight with. The OS components on 98 work fine without internet access. XP can be tempramental when it doesn't get what it wants.

My last experience with Norton was 4 or 5 years ago, used NIS. Back then, it was a bloated, irritating nightmare that started nagging you when your subscription was half done. A virus? No, but anyone who installed it on a stock 98 box would probably call it malware. There's a lot of apps that meet that qualification. There's just as many supposedly legitimate apps with behaviors that could qualify them as adware or spyware, including Windows. Apparently, when it's just a component or a single behavior of an otherwise useful application, it doesn't get those labels. Adware components in useful apps are one thing, like AntiVir's Notifier, aka a giant "buy me" nag screen. It's when apps and OS components start calling home without your approval that I have a problem with them. Most of the time, we have no way of knowing what's being sent. It's usually unreadable.

IMO, the problem isn't just what data an OS or a piece of software sends out. It's the potential for abusing this that concerns me. Look at XP, as installed without a separate firewall. It stores all kinds of user records. It connects out or calls home without the users knowlege. It has open ports that can be connected to from outside. It can updated or modified at any time M$ chooses to do so via windows update or any number of other software updaters. All the necessary pieces for total spyware are there.

Companies have already proven that they will abuse the rights of users whenever it suits them. Microsoft's WGA. Sony's DRM rootkit. Other invasive forms of anti-piracy for software, media, etc, much of which isn't worth stealing, let alone protecting. The equating of file sharing with terrorist activity, believe it or not.

Somewhere along the line, "the information age" has been twisted to mean that companies, governments, and anyone else with big money or power has the right to grab as much of your private information as they can get their hands (or software) on. We've all heard the argument "what does it matter if you've got nothing to hide?" It's not about having something to hide. It's about having something to protect, namely the right to say "It's none of your business." A site that looks at my browser referrer sees that I came from their own site, not where I've been. When they check the user agent, my browser make is "Not your concern". The newer the OS and installed software, the harder it is to maintain the control needed to make such a statement stick. When you get right down to it, WGA exists to make you prove you didn't steal that OS. As far as I'm concerned, I don't have to accept that treatment. Not from M$, not from any company, and not from the NSA. Privacy is a control issue. How important it is to you will dictate how far you're willing to go to protect it. That control is the main reason I won't use anything newer than Win98.
Rick

 

Re: Norton AntiVirus is A Virus?

Magnifying glass? That's OK. I can't read yours either, even magnified.

Definitely not as targeted, not that I mind. IMO, also easier to secure, which lets me concentrate on privacy issues.
Rick

 

Re: Norton AntiVirus is A Virus?

I agree with Jimmy Ruska..
Norton is very poor AV and all comments and comparison are right.

 

Re: Norton AntiVirus is A Virus?

While I agree with the general sentiment against Norton, I don't agree with the argument presented in the article. While I can't verify that validity of the seemingly widespread consensus that Norton 2007 is much improved and has broken the trend of letdowns, I tend to believe there is some basis for what they are saying, especially when alot of members here are saying it. So assuming the revamping of the Norton lineup for 2007 has indeed resulted in a decent product--without the excessive system resource usage, plethora of bugs, and problems with uninstalling--then the accuracy and applicability of the article is lacking. As I said before, his reasoning is flawed, his point outdated, and his recommendations ill-advised. This is not to say that there aren't interesting parallels that can be drawn between malware and particular software programs (such as Norton AV over at least the last several years, with the apparent exception of the curent lineup), but such similarities are not sufficient to portray them as equivalents. For the record, I don't use Norton security products anymore and probably never will again, given my bad experience with them, their longstanding history of poor quality and performance, and other questionable behavior. I also will probably never recommend Norton, despite improvements. That is not to say I won't acknowledge said improvements, but I just don't use or recommend products that I've had bad experiences with and that have a history that leaves alot to be desired.

 

Re: Norton AntiVirus is A Virus?

I think his avatar says "Admin is watching you!!!" Though I'm not sure if I have the first word right.

 

Re: Norton AntiVirus is A Virus?

You got it! but I'm working on new avatars and need a clearer one!
I can't read mine that well either! Herb's is clearer.

I think I've got a copy of a copy so I'll remove it til I get a better one.

 

Re: Norton AntiVirus is A Virus?

Rick:

I agree 100% with your approach and argument.

I understand your point on the difference between the MRU as a privacy issue and the concern we both share on outbound control.

I should have been clearer, I meant here I have spent weeks on FW's (I don't regret any of that since I've learned new things) mean while those MRU spys were sitting there all that time!

Here is a question, I still have a windows 98 OS disk it's legal. But if went back to it I'll bet many if not all my existing applications would collapse!

What I want to do is maximize privacy and security with XP.

We have seen many examples of call homes by M$, ZA, Bitdefender, Norton etc. I have added as many sites as I can to the CFW block list.

We don't want to show these site here on the forum BUT if everyone here or let's say dozens of us shared our block sites in safe way that would be a real help. What do people think?

1) the idea of sharing sites to block to stop call homes?
2) If yes to 1, how to do it privately so the bad guys don't get it?

If this is not practical, suggest a better idea!

 

Re: Norton AntiVirus is A Virus?

You don't have to choose between the 2. You could use a 2nd hard drive or partition your existing one, put 98 on it, and use a bootloader. You could also add Linux and choose between 3 operating systems at bootup. You could use XP as your default while you equip and tweak 98. If nothing else, you could run 98 on a virtual machine. FYI, 98 gold or first edition can have problems with fast hardware. 98SE does not.

Applications for 98 can be a problem, but it doesn't have to be. There are apps that run on 98 that will do most tasks. You can't use Cyberhawk but you can use SSM free. The new versions of Adobe don't run on 98 but Foxit does. The newer MS office doesn't but OpenOffice.org does. There's always a substitute. Some apps that aren't supposed to be compatible with 98 will run on it. Some of the obsolescense is fake. M$ does this deliberately to try and force users to upgrade. Example, I'm running WMP 9 on 98. Works fine once you defeat the restriction in the installer.

The same applies to hardware. Often hardware that isn't supposed to be 98 compatible works fine on it. I added a new USB card so I'd have room to plug in my external hard drive. USB 2.0 isn't supposed to be compatible with 98 first edition. Neither was the external hard drive I was trying. I expected it to be slow, if it worked at all. To make a long story short, I'm running internet applications that are installed on that external USB hard drive, almost as fast as they'd run if they were installed on an internal drive. Hardware incompatibilities exist, but are very exaggerated. You don't know until you try.

The block list idea would be a problem. With an AV for instance, blocking the site it calls home to might also block its ability to update. A block list might help with some of the apps but others will have to be dealt with on an application level. Ones like AntiVirs Notifier are best dealt with by blocking the process from running. Others will need address and/or port specific blocking or limiting rules at the firewall. How you block a given outbound connection also depends on exactly what needs to be blocked. A single named site can be blocked at the hosts file. If it's an IP range, a standard block list won't work. I'd expect that every item will need it's own specific treatment.
Rick

 

Rick:

thanks for the multiple OS ideas

But to expand on the blocking list idea by being more explicit:

"The block list idea would be a problem. With an AV for instance, blocking the site it calls home to might also block its ability to update."

Yes, so I don't do that. Identify and allow that site and it is okay!

During the FW learning thread some applications have built in call home functions that call sites not needed for updating. I don't want to restart that debate but it is all in those threads

One had at least 4 sites their users need to block if they care about managing unsolicted outbound connects. Another had the one site they told me is strictly for gathering information on spam and malware from users PC's.

These hardcoded calls are not stopped by the product opt out options since we showed they continue when turned on! Deceptive.

Thus the list of block sites. I've got 34 rules on blocking other members may want to benefit from those and I would from your list etc.

That is what I meant to say on sharing sites





A block list might help with some of the apps but others will have to be dealt with on an application level. Ones like AntiVirs Notifier are best dealt with by blocking the process from running. Others will need address and/or port specific blocking or limiting rules at the firewall. How you block a given outbound connection also depends on exactly what needs to be blocked. A single named site can be blocked at the hosts file. If it's an IP range, a standard block list won't work. I'd expect that every item will need it's own specific treatment."

 

The closest thing I've got to that is a series of Kerio blocking rules for the version of Yahoo IM I use and some specific blocking entries in Proxomitron and my hosts file for Google, their ads, analytics, syndication, etc. Whenever I've installed an app that connected out without my approval, I get rid of it. So far, I haven't found any program to be valuable or important enough to make me accept that kind of behavior.
Rick

 

Rick:

You said exactly what Stem said!

So I did exactly that! I dumped the 4 call home product even though I have time left on that subscription.

I did keep the 1 call out AV application why? They were honest enough to say yes, that is our site why they use it and yes, I could block it with no ill effects and that has proven to be the case.

The 4 call out program plays games with users who question their behavior first denial, must be services etc . Then they say it's bug that is fixed. They provide turn off procedures for users, yet even after all that is done/said the call homes to the mother ship continue. They are hard coded in and in a security product absolutely unacceptable. As to why they do it, who cares just shut it down. No one will tell us the real reasons they do it anyway.

If anybody doesn't know what products I'm referring too and wants to know they just do a search here on my id and they will find the threads some enough or PM me.

Rick, can I get your goggle rules somehow? PM? email whatever you want?

 

I don't want to interrupt Herbalist here, he's on a roll again, but:

He does not claim it's a virus.

He does not say to pay for MS anti-whatever. He says to scan with it.

On the other suggestions, it's his opinion. I agree with him on much.

This is where he's coming from.

 

They're not firewall rules. They're entries in a Proxomitron blocklist. It's not realistic to try to block Google with firewall rules unless you don't use any of their services. Blocking the IPs used by some of the items listed below will also block others, like their search engine.

The MVPS hosts file contains a lot of entries for Google that will do much of the same thing. Here's a copy of that section.

Code:

127.0.0.1  adwords.google.com #[Gmail ads]
127.0.0.1  pagead.googlesyndication.com
127.0.0.1  pagead2.googlesyndication.com #[Google AdWords]
127.0.0.1  adservices.google.com
127.0.0.1  ssl.google-analytics.com #[urchinTracker]
127.0.0.1  www.google-analytics.com #[Google Analytics]
127.0.0.1  imageads.googleadservices.com #[Ewido.TrackingCookie.Googleadservices]
127.0.0.1  imageads1.googleadservices.com
127.0.0.1  imageads2.googleadservices.com
127.0.0.1  imageads3.googleadservices.com
127.0.0.1  imageads4.googleadservices.com
127.0.0.1  imageads5.googleadservices.com
127.0.0.1  imageads6.googleadservices.com
127.0.0.1  imageads7.googleadservices.com
127.0.0.1  imageads8.googleadservices.com
127.0.0.1  imageads9.googleadservices.com
127.0.0.1  www.googleadservices.com
127.0.0.1  apps5.oingo.com #[Microsoft.Typo-Patrol]
127.0.0.1  www.appliedsemantics.com
127.0.0.1  service.urchin.com #[Urchin Tracking Module]

These will block most of the google-garbage that's embedded in web pages without killing your ability to use their search engine.

If you use Mozilla/Sea Monkey or Firefox, you can use the Dictionary Search extension to search Google for both web content and images using your own search preferences while blocking all Google cookies. I posted the necessary entries in This thread a while back.
Rick

 

I've used Norton and it's not that bad, but definitely not my favorite.