Microsoft Anti-Spyware Removes Norton Anti-Virus

An anonymous reader writes "According to a story over at Washingtonpost.com, the latest definitions file for Microsoft's Anti-Spyware beta flags Symantec's Norton Antivirus products as a password-stealing trojan and prompts users to delete portions of the program. Users who follow the instructions hose their installation of Norton, requiring delicate Windows registry edits and a complete removal/reinstall of Norton. Microsoft's support forum is quickly filling up with complaints about this problem, many from businesses that have been pretty hard hit. This should be a cautionary tale about deploying beta products in production environments."

What problem?

[HillBilly (120575)]

Probably the best thing any user can have happen. The removal or norton anti-virus.

Re:What problem?

[general_re (8883)]

Seriously. Considering how good NAV is at sucking up memory and CPU cycles, the only way anyone probably noticed was when their computer suddenly seemed much smoother and more responsive.

Re:What problem?

[dynamo52 (890601)]

Seriously. Considering how good NAV is at sucking up memory and CPU cycles, the only way anyone probably noticed was when their computer suddenly seemed much smoother and more responsive.

I agree. I am a computer services provider for mostly home users and I often find NAV and internet tools to be single greatest contributor to draining system resources. I usually recommend disabling NAV, using safe internet practices, and scanning weekly or if there appears to be a problem.

Re:What problem?

[spectre_240sx (720999)]

Well that's not surprising considering NAV runs at least 14 processes. I think it might be 15 including that glorified advertisement they call Norton Protection Center.

We're still selling it at the shop that I work at. I'm not sure why... We recommend AVG Free for most people, but for business users we sell NAV.

Re:What problem?

[The Snowman (116231)]

We recommend AVG Free for most people, but for business users we sell NAV.

AVG is an excellent product. I have been using it for a couple of weeks now with zero problems, minimal performance/CPU/RAM impact, etc. I am so impressed with it that I am actually going to pay for it, despite the free version working "good enough" for me.

At work, NAV sucks my computer dry. Sure, it works well enough, but the cure is worse than the disease. Too bad my employer is in bed with MS and Norton, no room for AVG...

NOD32

[MaineCoon (12585)]

I have found NOD32 to be a far superior product to Norton and Mcafee (not that it's hard to be a superior product)... extremely low system utilization, I don't even notice it's there, until a virus warning pops up (such as the few email viruses that get past the filters on my mail server).

It also proactively stopped all the common WMF exploits.

Re:What problem?

[Rekolitus (899752)]

When Microsoft Anti-Spyware users remove the flagged Norton file as prompted, Symantec's product gets corrupted and no longer protects the user's machine.

And besides, what kind of antivirus system lets some random program delete it's files, causing it to stop protecting the user's machine?

Re:What problem?

[AsbestosRush (111196)]

That is most likely the Corperate version of Symantec AV, which is *far* better than the desktop version that most people usually purchase. The corp version just sits in the tray until something comes along that might need some attention.

Re:What problem?

[quanticle (843097)]

If you don't need a yearly subscription, you probably have the corporate edition, which, for some reason, is far leaner and more polished than the home version.

Re:What problem?

[denebian devil (944045)]

I use it and like it, but 2MB of RAM is a joke. RTVscan uses 22.5MB, DefWatch uses 1.2MB, VPTray uses 3.8MB, and the update program uses 5MB, at least on mine.

Re:What problem?

[Nuskrad (740518)]

OS X has built in antivirus?

Re:What do you really expect it to do?

[Baricom (763970)]

I would wager that if you took two identical PC's, installed Norton Internet Security on one, and AVG Free Edition, Sygate Personal Firewall (R.I.P.), and Ad-Aware on the other, you'd find that the latter computer is just as protected and runs substantially faster than the Norton-infected one.

The first step I take when I'm working on somebody's computer is to remove Norton and install these replacements. Most people are shocked that their computer runs as fast as it does, especially considering that many of these people have always had Norton installed because it came with their computer.

Just because these products must use continuous system resources doesn't mean they need all of them. That would kind of defeat the purpose of having a computer.

Re:What do you really expect it to do?

[slashname3 (739398)]

Just because these products must use continuous system resources doesn't mean they need all of them. That would kind of defeat the purpose of having a computer.

But the purpose of having a computer is to run anti virus software, spy ware detectors, and firewalls. Between running those tools and updating the system there is not much time or resources for anything else.

Re:What do you really expect it to do?

[Baricom (763970)]

The first problem I see with your experiment is that you're comparing software that offers vastly different capabilities. Some do more than others, for instance. Like I said, some include email scanning, while others don't. Some include firewall capabilities, while others don't.

I'm sorry that I wasn't clear. I meant that running all of those products in memory simultaneously is better for performance than running Norton in memory.

Second, you're trying to give a quantitative value to something that is qualitative. What metric do you use to measure the vulnerability of a particular PC? Sure, you can throw a certain amount of malicious software at it, but that's not a realistic test.

The measure is simple - which computer protected with its respective packages and attached directly to the network will be infected by a worm or hacked by a malicious user first? If you re-read my comment, you'll find that I said that both computers will be "just as protected." If both computers will be equally difficult to penetrate, why waste the extra memory and CPU on Norton?

Re:What do you really expect it to do?

[geminidomino (614729)]

Installing a software firewall on the machine it's meant to protect is like wearing a bullet-proof vest on the inside.

Re:What do you really expect it to do?

[michrech (468134)]

So while AVG alone might run quicker than NAV, it doesn't offer the firewall capabilities. Soon enough you've installed ZoneAlarm or Kerio or some other firewall. And you may very well find your system performing worse than using only NAV for similar functionality, with a greater amount of memory consumption.

Speaking as a person that has just installed AVG7 Network Edition on multiple computers in a school (yes, they paid for their licenses, before you ask), I'd have to correct you here. AVG 7, indeed, has a firewall built in.

AVG has several other features built in (email scanning, etc). FAR less resource hogging than ANYTHING I could put on from Symantec.

Why are you defending NAV/NIS so much? They are utter pieces of shit and deserve a slow and painful death.

Do you work for Norton by any chance?

[hedronist (233240)]

Excuse me? NAV is a steaming heap of complete crap.

AVG does the job better, faster, and with far less resource consumption. Every time I have been called on to disinfect a machine which was running NAV, I recommned the owners switch to AVG. Without exception, they comment on how much more responsive their system is. I have little trouble convincing them to support Grisoft by getting the not-for-free version.

The machine I am on right now is running (probably unnecessarily) a full AVG install. It checks my email, it checks my downloads, it checks all of the crud running on the system, and it does this while burning some fraction of 1% of the CPU and a tiny bit of memory.

If you are currently running NAV, disable it (if you can) and try running AVG for a couple of days. I think you'll notice the difference.

Re:Protection racket?

[cecom (698048)]

Compare Microsoft Windows XP with OpenBSD, which is equally complicated.

This is offtopic, but I wouldn't resist. I very much doubt that OpenBSD and Windows XP are equally complicated. Far from it. As far as I know, OpenBSD is a consistent and beautifully engineered piece of software. Windows XP on the other hand is full of hundreds of different subsystems, compatibility patches, work arounds, etc. WOW16, DirectX, DCOM, MTS, MSMQ, .NET - need I say more ?

BTW, I am not saying that most Windows XP compon

Norton isn't as bad as McAfee...

[michaeltoe (651785)]

... but a lot of older systems get hit hard by virus protection overhead. Machines with less than 256mb of RAM are pretty much dead in the water. I personally use a free version of AVG, and only run it once a month or so. I'm not running a business out of my home, and viruses don't usually cause me any trouble.

Re:Please stop trolling.

[mrchaotica (681592)]

It doesn't matter that Firefox is open source, and Opera is not. All that matters is that Opera is a better product.

I'm sorry, but you don't get to decide what other people think matters! I, for one, care very much that my software is Free, and pity you for being so short-sighted as to throw your freedom away for something as trivial as slightly more stable software!

Thing is..

[XanC (644172)]

Norton could be described as spyware. Norton assumes your system is there to do nothing but run Norton.

But... but...

[jd (1658)]

If it sucks up all the system resources, it does guarantee that viruses have no CPU cycles, so it is technically anti-virus...

Norton?

[DirePickle (796986)]

Wait... Is not spyware? It's definitely malware.

Not So Useless After All!

[Tiberius_Fel (770739)]

MS Antispyware isn't useless after all!

Discussion Link

[Mz6 (741941)]

Here's a link to the actual discussion [microsoft.com]. Looks like this has been corrected with the latest definitions.

But what if

[ImaLamer (260199)]

Microsoft knows something we don't?

Norton/Symantec hasn't always been nice (are they now?) - remember when Norton Utilities couldn't be removed on DOS installations? The only option was to totally format the drive and start over. I know people who won't even try Norton/Symantec products after all of those years because of these types of problems.

This should be a cautionary tale about deploying beta products in production environments.

Why even use Anti-Spyware when Norton Anti-Virus (corporate edition at least) can detect and remove spyware in real time?

Re:But what if

[miffo.swe (547642)]

Frankly i dont remember having any troubles uninstalling Norton Utilities on dos. If you had used the drive compress feature you had to revert the disk back to its old uncompressed state before you uninstalled that feature but other than that it wasnt any problems uninstalling it.

So many lols, I don't know where to begin or end!

[rosewood (99925)]

First off, good call on "don't use beta in production!" I am sure many of us have had to make the call on using a beta product before. I know I used XP SP2 when it was beta because it had so many things that I needed at the time. However, I paid for it in many ways. I would still make the call again but I at least did it with eyes open.

Second, what kind of moron installs that software, sees it tell you that your Norton software has to go, and then follow through with it when you are in a business environment? I just find that to be amazing.

Third, this strikes at one of the main reasons I have thought Microsoft's move into the anti-malware industry was a bad one. Considering how protective they are of their IP and their EULAs, it suprises the hell out of me they would violate other company's EULAs (adware companies) among other things.

Fourth and finally, there are going to be some lawsuits which really means more money for findlaw.com.

Other way round?

[perlwolf (903757)]

Shouldn't it be the other way round?

Bye Microsoft.

[miffo.swe (547642)]

"This should be a cautionary tale about deploying beta products in production environments."

Then how are we supposed to use Microsoft products? I thougt all Microsofts products was more or less beta.

Re:Bye Microsoft.

[mblase (200735)]

I thougt all Microsofts products was more or less beta.

You're thinking of Google, who release great products but keep them in beta for years.

This is easily confused with Microsoft, who release mediocre products instead of keeping them in beta for years.

Looks like it might be time to...

[GOD_ALMIGHTY (17678)]

install DOJ [usdoj.gov]'s Anti-Trust [usdoj.gov]© to remove the offending product. Of course, it has been a little buggy since the Jan 2001 release.

Not a Beta Issue

[Bruce Perens (3872)]

This isn't really a beta issue, because the definition file will be constantly updated - as with most anti-virus products. It's always beta. I'd imagine that each definition file gets some testing, but not the same amount as a new software product.

This also brings up some interesting possibilities. Is it possible to craft a virus to deliberately have similar signatures to a commercial product? An anti-virus company that doesn't have quite all commercial applications on hand to test against could be caught by that. Maybe not, but I'm sure someone will try now.

I'm glad I run Linux, and when things like this happen, I wish everyone did.

Bruce

This carries sloppiness to a new level.

[Futurepower(R) (558542)]

From the parent comment: "This isn't really a beta issue..."

I agree completely, and for a different reason, also. Microsoft bought their anti-spyware software because it was successful commercial software. There was a lot of publicity that ignored the "beta" designation, including articles in the mainstream media.

This is a case of Microsoft having it both ways: Getting credit for clearing spyware, and avoiding responsibility.

Anyhow, as the parent poster said, this is NOT a failure in the anti-spywa

Norton should strike back

[hsoft (742011)]

and make their anti-spyware utility remove Windows.

Re:Norton should strike back

[gEvil (beta) (945888)]

Well, with the way Symantec's products work, I'd say this is something that they've been working on for a long time now...

Have you actually verified this is true? Anyone?

[mschuyler (197441)]

I run both on XP Pro. They (and XP) are both completely updated. They both still "work." Microsoft did not flag NAV or any of its parts. NAV still "works." Yet another excuse to dump on MS. Doesn't matter if it's true or not. And the CIA invented and spread AIDS, too.

Faster way to clean up Norton

[TheGSRGuy (901647)]

If MS Antispyware wipes out your Norton install, the fastest and easiest way to clean out Norton to prepare for a reinstall is with Symantec's Norton Removal Tool, aka SymNRT. It's available for free from their website and is designed for situations like this where the install gets corrupted and you can't remove it.

The tool removes every trace of Norton from your system. It does a better job than the normal uninstaller.

The real question is

[Dracos (107777)]

Does MS Anti-Spyware still not detect Gator^H^H^H^H^HClaria crap as malware?

Why are businesses running beta software?

[GodBlessTexas (737029)]

Maybe it's just me, but one of the key components of ensuring availability of computer systems for end users involves NEVER running beta or pre-production code on production systems. I can understand using a release product in a controlled environment for testing of a new product in your production environment, but anyone who uses pure beta software in the work environment is asking to face these kinds of trouble and shows they have absolutely no idea what they're doing when it comes to providing IT services and technologies. Beta code, by it's very nature, is going to have and cause problems.

Slow computers help Microsoft sell more copies.

[Futurepower(R) (558542)]

From the Slashdot story: "This should be a cautionary tale about deploying beta products in production environments."

That's not what happens in the case of Microsoft's virtual monopoly. Many people, when they find their computer has become slow, buy a new computer [nytimes.com]. Then Microsoft sells another copy of Windows, which, of course, still has huge security risks.

The incredible CPU-sucking of Norton software also helps Microsoft sell more copies of Windows, also.

Somehow Microsoft has arranged that owners of Microsoft Windows XP must pay again when they get a new computer.

It's miserable to have billionaires who care only about money riding on your back. That's why open source is necessary.

But it's not really a beta...

[vudufixit (581911)]

This was a full product called Giant Anti-spyware that MS acquired.
"Beta" is their term.

75% of my private client calls involve removing malware, and the MS product
is a champ at this task.

MS antispyware gives you a summary screen that breaks down each item it found,
assigns it a perceived threat rating, and gives you the choice to "Remove, Ignore, Quarantine."

So, anyone watching with any degree of care should notice that Norton was one of the choices
and simply select the "ignore" option.

Personally, I haven't seen this happen myself.

I agree with many other posters that Norton isn't that great of a product.
I've noticed their firewall suddenly,without provocation, start blocking
all websites.

I've also noticed their antivirus turn itself off for no reason, never
to be turned on again. Reinstalling is often interesting, since even the
least little trace of the product prevents an install/reinstall, but it
almost never uninstalls cleanly.

Damn Norton

[oPless (63249)]

Norton Antivirus has been the most annoying damn bit of software I've ever had to remove ever. It's "helpfully" preinstalled on many machines, but after the 'free' subscription expires after a year or whatever, it manages to screw with windows at random.

Yup the firewall prevents internet access, and other oddities. Of course with an expired subscription the user still thinks they're still proof against malware and that they're firewalled.

Parents machine; Norton removal hoses networking completely, and I need to reinstall the network adaptor to get networking to work!

Customers machine; Random 'internet access' and 'cd writing' problems

Customers machine; Doesn't uninstall properly, interferes with Vodafone and Orange Data card installation, use a combination of regedits, the symantec removal tool and add/remove programs to get the machine into a state I can reinstall the corp edition ... and many more ...
First thing I do is download firefox, avg free, m$ anti spyware and adaware ... then unplug the machine and take off NAV/Spybot/umpteen other 'helpful' software, and install avg, adaware, m$anti spyware; reconnect to the internet after an initial scan... then update everything, and try to kill off any remaining spyware

The only thing I cant seem to get rid of is a certain young ladies "VX2 / Nail / Aurora" spyware nonsense, any help on that front is appriciated, as the only thing I can think of doing is a reinstall!

Re:Is it really worth the hassle?

[MSFanBoi2 (930319)]

They also want a fully supported environment where the corporate hardware and software they use are easy to get, support and continue using.

Does most of the buiness apps in the office today run on Solaris or BSD? ESPECIALLY BSD? Hell no.

Re:Is it really worth the hassle?

[nmb3000 (741169)]

need any more examples for your serious users of business applications?

Excel.
Project.
Visual Studio.
Photoshop.
Acrobat.
Final Cut Pro.
[big expensive accounting package].
[all sorts of in-house custom software].

I could go on and on. The truth is that while you might be able to move to *nix, *BSD, whatever on your desktop without much pain it is near impossible for most businesses who depend on a very long list of programs that run *only* on Windows or even OSX.

The whole "any business could/should migrate away fr

Re:Is it really worth the hassle?

[HillBilly (120575)]

Who ever rolled out a beta product in a business environment deserves be publically flogged, shamed, tarred and feathered. And then they should lose their jobs and never be able to do anything more then service a commodore 64.

Re:Is it really worth the hassle?

[Linker3000 (626634)]

Hmmm..must go stop everyone using most of Google's stuff then.

Future Virues

[nurb432 (527695)]

If alternatives become more common then Windows, then expect the same sorts of attacks.

Sure, in theory the system level is more secure, but if something blows away user data, its still just as effective.

And dont kid yourself, unix has holes too.. Just no one digs deep enough.

Re:Is it really worth the hassle?

[CyricZ (887944)]

Any administrator would do their best to incorporate technology which has a proven track record at being secure. Unfortunately, Windows does not offer such a record. Between this and the numerous other well-known issues involving Windows, it has been nothing but trouble for many, many users.

Thus, any administrator worth his or her weight in salt knows to use systems that are designed to be secure. Systems like Solaris and OpenBSD fit such a criteria. Much effort has been put into making them solid, reliable

Re:Maybe we should look into what Norton AV does

[Feyr (449684)]

what does it do? you mean beside hosing computers?

i work for an isp, and the checklist the tech monkeys use now has "do you have any norton products installed?" at the top of it. it's the single biggest cause of connection and email troubles we get. it randomly blocks outgoing and incoming connection to the email server. also does the same for web, but it's much rarer.