Is This Proof Norton AV Is Phoning Home With My Email?

Or maybe it's just a hacker using Norton? A picture is worth a thousand words, so here's some screenshots from my Sygate firewall for the security experts to peruse. The last picture is the "proof". Look in the bottom right hand corner -- the words "mimic a DOS" are words that I had just used in an email.

Here are the background facts:

1) I have Firefox and Internet Explorer open, running Windows XP.
2) I just started using Internet Explorer today.
3) I have Norton AV on my system, but I let it expire months ago.
4) I used FireFox to send an email via an online email service.
5) Right after sending the email, Sygate popped up the alert.

My interpretation is that Norton or the hacker needs to load the DLL's in order to steal my email. Maybe they've been using FireFox to do it in the past, and now that I have the IE browser open, they want to use it as well. I read that Norton phones home with all the sites you visit, but I don't think they're allowed to make copies of what you write. What do you think?

 

Re: Proof Norton AV Is Phoning Home With My Email

Think about what you're saying for a minute.... Why in the world would Symantec even remotely care about your or anyone else's email? Regardless of what you think you might be seeing, I think it's highly (99.999999%) unlikely....

 

Re: Proof Norton AV Is Phoning Home With My Email

I wonder why the exact phrase you used is in the connection data? I'm not an alarmist here, but maybe someone can explain.

 

Re: Proof Norton AV Is Phoning Home With My Email

I don't know what's really going on there, but I can almost guarantee one thing: Nobody cares about his email....

 

Re: Proof Norton AV Is Phoning Home With My Email

This is in the area of privacy concerns.

If you are concerned about privacy you may need to take some very specific steps to improve your set up.

Here are some considerations for you, maybe you have done all this already!

1) Why have an obsolete AV if your are worried about malware getting in and stealing information? If not already done install and use a top ranked AV asap and run the Norton removal tool. (it's on the Symantic web site)

2) Install a 2 way FW so you can control what programs can access the internet and BLOCK hackers from intruding on your system.

3) Get behind a router or H/W FW.

4) On email if it is secret you need to encrypt it and use an AV that scans in and out email and any attachments.

Hope this helps, I doubt that Norton has time to read all our email, but there is some concern about firms being used to track where users go on the internet. I don't know it is happening but I do know that some SW products routinely phone home and I don't mean to update the signatures!

 

Re: Proof Norton AV Is Phoning Home With My Email

I got that pop up warning this evening with Symantec Endpoint 11. Of course, I had just updated Firefox to 2.0.0.8.

 

Re: Proof Norton AV Is Phoning Home With My Email

Somehow, I'm getting the impression that a picture is not worth a thousand words to you. I can forward a copy of the email in question to a mod if requested, which will show those three words that are listed in the "binary dump" on that Sygate screenshot, as well as the time the email was sent, etc. The email had been sent to the tech support of a large web hosting company, who will verify receipt.

I'll answer your question with a question -- why would Symantec even remotely care about your or anyone else's web site viewing history? If you can answer that, then you'll probably be able to figure out why they would care about the contents of email, IF they are in fact spying on email.

As for the phoning home of the web sites you visit, I read that from Norton themselves. I think it just pertains to the AV program though. Anyway, I had to agree to this invasion of my privacy in order to install the program. So it's their own fault that I immediately suspected them of email spying when I saw that Sygate binary dump.

 

Re: Proof Norton AV Is Phoning Home With My Email

After sleeping on it, I'm thinking now that this could just be a weird issue with the firewall, in which it records a packet of whatever went through it last, and uses it for some reason during the DLL install process. Maybe this thread should be moved to the firewall forum, and then I'll wind up having to change the title to "Proof I'm An Idiot".

 

Re: Proof Norton AV Is Phoning Home With My Email

If they are spying on email, then it obviously wouldn't just be my email.

It would be the email of everyone who uses NAV (duh).

 

Re: Proof Norton AV Is Phoning Home With My Email

The command reveals this;

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\12fw>nslookup 74.53.181.82
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: 52.b5.354a.static.theplanet.com
Address: 74.53.181.82


C:\Documents and Settings\12fw>nslookup 69.153.61.159
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 208.67.222.222: Timed out
Server: resolver2.opendns.com
Address: 208.67.220.220

Name: adsl-69-153-61-159.dsl.snantx.swbell.net
Address: 69.153.61.159


C:\Documents and Settings\12fw>

Google reveals http://blogs.sun.com/JohnD/entry/what_is_static_theplanet_com and http://www.robtex.com/dns/static.theplanet.com.html

The port involved is http, not email.

If you have recently updated your Internet Explorer, then that is maybe why there is a change in the libarary.

12fw

 

Re: Proof Norton AV Is Phoning Home With My Email

As far as whether I'm an idiot, that still remains to be seen. Because there's the mystery of why Norton didn't want to install those DLL's until right after I sent the email.

And more importantly:

1) Why would using Firefox to send the email immediately trigger Norton to want to use the IE browser to install the DLL's. Because what does Firefox have to do with the IE browser? Nothing.

2) Plus, I had the IE browser open for many hours, and had been using both browsers. But Norton waits until I use Firefox to send an email before it tries to get IE to install the DLL's.

3) Prior to using FF to send the email, I hadn't used IE for at least half an hour. And I was still using FF at the time I got the Sygate alert about IE.

4) I've used that online email service many times with Firefox, and Norton never needed DLL's for it before. But as soon as it senses the IE browser is open, it suddenly wants IE to install the DLL's when I use the email service web site.

So you can see why I find this suspicious, given the Sygate binary dump showing content from my email. Inquiring minds want to know -- is there a firewall expert in the house who can offer a logical explanation for these mysteries? This is your chance to prove I'm an idiot. Because maybe Sygate doesn't even send the "binary dump" to Norton when it downloads and installs DLL's.

 

Re: Proof Norton AV Is Phoning Home With My Email

The dsl.snantx.swbell.net is my ISP, and theplanet is the hosting company the packet was being sent to, since it's listed as the destination. So the $64,000 question is whether Norton has an account at that host, and why a packet containing content from my email was being sent to them. If that is in fact what Sygate was doing.

 

Re: Proof Norton AV Is Phoning Home With My Email

Maybe a fierwall thread should be started. I know I'd be alarmed seeing eMail contents displayed. When ZA or Comodo were suspected, they were properly tested for security breaches.

 

Re: Proof Norton AV Is Phoning Home With My Email

IE got updated. Thats it. PERIOD. Jeez.

 

Re: Proof Norton AV Is Phoning Home With My Email

If Norton has a hosting account there, the http port would be for their dedicated server. (As I'm sure with all their money they wouldn't be using a shared or VPS account.) And once the binary packet reached their server, it could be channeled to whatever software they use to scan packets for whatever keywords they're seeking, if that is in fact what's going on.

 

Re: Proof Norton AV Is Phoning Home With My Email

It sounds like you skipped my post #11, as well as several other posts. Otherwise you'd know that the real issue is about my firewall, and why it was presumably trying to send out a packet to a hosting company containing content from my private email. Thats it. PERIOD. Jeez.

 

Re: Proof Norton AV Is Phoning Home With My Email

I agree, this thread should be transfered to the firewall forum to rule out whether the packet containing content from my email is normal behavior for Sygate. Hmm, too bad Norton won't have a tech chime in here to explain things, since they own Sygate now.

 

Re: Proof Norton AV Is Phoning Home With My Email

I'm not familiar with either NAV or Sygate. But my guess is those NAV parts are probably some BHO's.
12fw

 

Re: Proof Norton AV Is Phoning Home With My Email

The unauthorized IE calling out is cause for concern. This is serious.
12fw

 

Re: Proof Norton AV Is Phoning Home With My Email

1st you say it's "Proof Norton AV Is Phoning Home With My Email".

Then:

I think either you accepted or M$ forced an update of IE. And then Sygate notified.

 

Re: Proof Norton AV Is Phoning Home With My Email

By default IE does not check for updates, but would have been updated on the 10th (MS-Tuesday) and Sygate should have noticed the change the first time IE was opened after MS-Tuesday. The question should be, was IE used before the 17th If so, the pop-up wouldn't be in regards to updating.

 

Re: Proof Norton AV Is Phoning Home With My Email

If you would read the entire thread, you'd see that my initial suspicion was that Norton OR a hacker was involved. Then as time passed and the fog cleared, I realized that it might just be an innocent issue with my firewall.

Again, the real issue is about why my firewall was presumably trying to send out a packet to a hosting company containing content from my private email.

 

Re: Proof Norton AV Is Phoning Home With My Email

I haven't allowed any MS updates for about 3 weeks now, as I didn't want to have to do a restart because of everything I have open. I've never used IE on this computer before, but it's the latest version. I just started using IE on the 17th, and Norton had many hours to download DLL's, but it waited until after I used that online email service. And again, I wasn't even using IE at the time Sygate alerted me.

But again, the issue is not that Norton used IE to try to install the DLL's -- that's just a "minor" part of it. The real issue is that Sygate was presumably trying to phone home a packet containing content from my private email.

So the only question is whether the packet was destined to be sent to the server at The Planet hosting company -- or whether it's normal behavior for Sygate to use the packet on my PC only. My best guess is that the packet would have been sent out if I hadn't clicked no. So the question is (if I'm correct): why would Sygate, owned by Norton, be sending my private email to Norton? (If Norton does in fact have a server at The Planet -- as maybe the packet was being sent to a hacker.)

 

Re: Proof Norton AV Is Phoning Home With My Email

http://news.hping.org/comp.security.firewalls.archive/0621.html
read the bottom of that link it should shed some light on the issue.
lodore

 

Re: Proof Norton AV Is Phoning Home With My Email

Correct.

As stated by OP.