Is This Proof Norton AV Is Phoning Home With My Email?

Discussion in 'other firewalls' started by AlamoCity, Oct 17, 2007.

Thread Status:
Not open for further replies.
  1. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Or maybe it's just a hacker using Norton? A picture is worth a thousand words, so here's some screenshots from my Sygate firewall for the security experts to peruse. The last picture is the "proof". Look in the bottom right hand corner -- the words "mimic a DOS" are words that I had just used in an email.

    Here are the background facts:

    1) I have Firefox and Internet Explorer open, running Windows XP.
    2) I just started using Internet Explorer today.
    3) I have Norton AV on my system, but I let it expire months ago.
    4) I used FireFox to send an email via an online email service.
    5) Right after sending the email, Sygate popped up the alert.

    My interpretation is that Norton or the hacker needs to load the DLL's in order to steal my email. Maybe they've been using FireFox to do it in the past, and now that I have the IE browser open, they want to use it as well. I read that Norton phones home with all the sites you visit, but I don't think they're allowed to make copies of what you write. What do you think?
     

    Attached Files:

  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Re: Proof Norton AV Is Phoning Home With My Email

    Think about what you're saying for a minute.... Why in the world would Symantec even remotely care about your or anyone else's email? Regardless of what you think you might be seeing, I think it's highly (99.999999%) unlikely....
     
  3. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Re: Proof Norton AV Is Phoning Home With My Email

    I wonder why the exact phrase you used is in the connection data? I'm not an alarmist here, but maybe someone can explain.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Re: Proof Norton AV Is Phoning Home With My Email

    I don't know what's really going on there, but I can almost guarantee one thing: Nobody cares about his email.... ;)
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Re: Proof Norton AV Is Phoning Home With My Email

    This is in the area of privacy concerns.

    If you are concerned about privacy you may need to take some very specific steps to improve your set up.

    Here are some considerations for you, maybe you have done all this already!

    1) Why have an obsolete AV if your are worried about malware getting in and stealing information? If not already done install and use a top ranked AV asap and run the Norton removal tool. (it's on the Symantic web site)

    2) Install a 2 way FW so you can control what programs can access the internet and BLOCK hackers from intruding on your system.

    3) Get behind a router or H/W FW.

    4) On email if it is secret you need to encrypt it and use an AV that scans in and out email and any attachments.

    Hope this helps, I doubt that Norton has time to read all our email, but there is some concern about firms being used to track where users go on the internet. I don't know it is happening but I do know that some SW products routinely phone home and I don't mean to update the signatures!
     
  6. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Re: Proof Norton AV Is Phoning Home With My Email

    I got that pop up warning this evening with Symantec Endpoint 11. Of course, I had just updated Firefox to 2.0.0.8.
     
  7. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    Somehow, I'm getting the impression that a picture is not worth a thousand words to you. I can forward a copy of the email in question to a mod if requested, which will show those three words that are listed in the "binary dump" on that Sygate screenshot, as well as the time the email was sent, etc. The email had been sent to the tech support of a large web hosting company, who will verify receipt.

    I'll answer your question with a question -- why would Symantec even remotely care about your or anyone else's web site viewing history? If you can answer that, then you'll probably be able to figure out why they would care about the contents of email, IF they are in fact spying on email.

    As for the phoning home of the web sites you visit, I read that from Norton themselves. I think it just pertains to the AV program though. Anyway, I had to agree to this invasion of my privacy in order to install the program. So it's their own fault that I immediately suspected them of email spying when I saw that Sygate binary dump.
     
  8. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    After sleeping on it, I'm thinking now that this could just be a weird issue with the firewall, in which it records a packet of whatever went through it last, and uses it for some reason during the DLL install process. Maybe this thread should be moved to the firewall forum, and then I'll wind up having to change the title to "Proof I'm An Idiot".
     
  9. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    If they are spying on email, then it obviously wouldn't just be my email. :rolleyes:

    It would be the email of everyone who uses NAV (duh).
     
  10. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    Re: Proof Norton AV Is Phoning Home With My Email

    The command reveals this;

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\12fw>nslookup 74.53.181.82
    Server: resolver1.opendns.com
    Address: 208.67.222.222

    Name: 52.b5.354a.static.theplanet.com
    Address: 74.53.181.82


    C:\Documents and Settings\12fw>nslookup 69.153.61.159
    DNS request timed out.
    timeout was 2 seconds.
    *** Can't find server name for address 208.67.222.222: Timed out
    Server: resolver2.opendns.com
    Address: 208.67.220.220

    Name: adsl-69-153-61-159.dsl.snantx.swbell.net
    Address: 69.153.61.159


    C:\Documents and Settings\12fw>

    Google reveals http://blogs.sun.com/JohnD/entry/what_is_static_theplanet_com and http://www.robtex.com/dns/static.theplanet.com.html

    The port involved is http, not email.

    If you have recently updated your Internet Explorer, then that is maybe why there is a change in the libarary.

    12fw
     
  11. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    As far as whether I'm an idiot, that still remains to be seen. Because there's the mystery of why Norton didn't want to install those DLL's until right after I sent the email.

    And more importantly:

    1) Why would using Firefox to send the email immediately trigger Norton to want to use the IE browser to install the DLL's. Because what does Firefox have to do with the IE browser? Nothing.

    2) Plus, I had the IE browser open for many hours, and had been using both browsers. But Norton waits until I use Firefox to send an email before it tries to get IE to install the DLL's.

    3) Prior to using FF to send the email, I hadn't used IE for at least half an hour. And I was still using FF at the time I got the Sygate alert about IE.

    4) I've used that online email service many times with Firefox, and Norton never needed DLL's for it before. But as soon as it senses the IE browser is open, it suddenly wants IE to install the DLL's when I use the email service web site.

    So you can see why I find this suspicious, given the Sygate binary dump showing content from my email. Inquiring minds want to know -- is there a firewall expert in the house who can offer a logical explanation for these mysteries? This is your chance to prove I'm an idiot. Because maybe Sygate doesn't even send the "binary dump" to Norton when it downloads and installs DLL's.
     
  12. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    The dsl.snantx.swbell.net is my ISP, and theplanet is the hosting company the packet was being sent to, since it's listed as the destination. So the $64,000 question is whether Norton has an account at that host, and why a packet containing content from my email was being sent to them. If that is in fact what Sygate was doing.
     
  13. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Re: Proof Norton AV Is Phoning Home With My Email

    Maybe a fierwall thread should be started. I know I'd be alarmed seeing eMail contents displayed. When ZA or Comodo were suspected, they were properly tested for security breaches.
     
  14. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    Re: Proof Norton AV Is Phoning Home With My Email

    IE got updated. Thats it. PERIOD. Jeez.
     
  15. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    If Norton has a hosting account there, the http port would be for their dedicated server. (As I'm sure with all their money they wouldn't be using a shared or VPS account.) And once the binary packet reached their server, it could be channeled to whatever software they use to scan packets for whatever keywords they're seeking, if that is in fact what's going on.
     
  16. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    It sounds like you skipped my post #11, as well as several other posts. Otherwise you'd know that the real issue is about my firewall, and why it was presumably trying to send out a packet to a hosting company containing content from my private email. Thats it. PERIOD. Jeez.
     
  17. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    I agree, this thread should be transfered to the firewall forum to rule out whether the packet containing content from my email is normal behavior for Sygate. Hmm, too bad Norton won't have a tech chime in here to explain things, since they own Sygate now.
     
  18. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    Re: Proof Norton AV Is Phoning Home With My Email

    I'm not familiar with either NAV or Sygate. But my guess is those NAV parts are probably some BHO's.
    12fw
     
  19. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    Re: Proof Norton AV Is Phoning Home With My Email

    The unauthorized IE calling out is cause for concern. This is serious.
    12fw
     
  20. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    Re: Proof Norton AV Is Phoning Home With My Email

    1st you say it's "Proof Norton AV Is Phoning Home With My Email".

    Then:
    I think either you accepted or M$ forced an update of IE. And then Sygate notified.
     
  21. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Re: Proof Norton AV Is Phoning Home With My Email

    By default IE does not check for updates, but would have been updated on the 10th (MS-Tuesday) and Sygate should have noticed the change the first time IE was opened after MS-Tuesday. The question should be, was IE used before the 17tho_O If so, the pop-up wouldn't be in regards to updating.
     
  22. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    If you would read the entire thread, you'd see that my initial suspicion was that Norton OR a hacker was involved. Then as time passed and the fog cleared, I realized that it might just be an innocent issue with my firewall.

    Again, the real issue is about why my firewall was presumably trying to send out a packet to a hosting company containing content from my private email.
     
  23. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Re: Proof Norton AV Is Phoning Home With My Email

    I haven't allowed any MS updates for about 3 weeks now, as I didn't want to have to do a restart because of everything I have open. I've never used IE on this computer before, but it's the latest version. I just started using IE on the 17th, and Norton had many hours to download DLL's, but it waited until after I used that online email service. And again, I wasn't even using IE at the time Sygate alerted me.

    But again, the issue is not that Norton used IE to try to install the DLL's -- that's just a "minor" part of it. The real issue is that Sygate was presumably trying to phone home a packet containing content from my private email.

    So the only question is whether the packet was destined to be sent to the server at The Planet hosting company -- or whether it's normal behavior for Sygate to use the packet on my PC only. My best guess is that the packet would have been sent out if I hadn't clicked no. So the question is (if I'm correct): why would Sygate, owned by Norton, be sending my private email to Norton? (If Norton does in fact have a server at The Planet -- as maybe the packet was being sent to a hacker.)
     
  24. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
  25. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    Re: Proof Norton AV Is Phoning Home With My Email

    Correct.

    As stated by OP.
     
Thread Status:
Not open for further replies.