Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Microsoft Anti-Spyware Removes Norton Anti-Virus 496

An anonymous reader writes "According to a story over at, the latest definitions file for Microsoft's Anti-Spyware beta flags Symantec's Norton Antivirus products as a password-stealing trojan and prompts users to delete portions of the program. Users who follow the instructions hose their installation of Norton, requiring delicate Windows registry edits and a complete removal/reinstall of Norton. Microsoft's support forum is quickly filling up with complaints about this problem, many from businesses that have been pretty hard hit. This should be a cautionary tale about deploying beta products in production environments."
This discussion has been archived. No new comments can be posted.

Microsoft Anti-Spyware Removes Norton Anti-Virus

Comments Filter:
  • What problem? (Score:5, Insightful)

    by HillBilly ( 120575 ) on Saturday February 11, 2006 @07:34PM (#14696634)
    Probably the best thing any user can have happen. The removal or norton anti-virus.
    • Re:What problem? (Score:5, Interesting)

      by general_re ( 8883 ) on Saturday February 11, 2006 @07:37PM (#14696656) Homepage
      Seriously. Considering how good NAV is at sucking up memory and CPU cycles, the only way anyone probably noticed was when their computer suddenly seemed much smoother and more responsive.
      • Re:What problem? (Score:5, Informative)

        by dynamo52 ( 890601 ) on Saturday February 11, 2006 @07:43PM (#14696701)
        Seriously. Considering how good NAV is at sucking up memory and CPU cycles, the only way anyone probably noticed was when their computer suddenly seemed much smoother and more responsive.

        I agree. I am a computer services provider for mostly home users and I often find NAV and internet tools to be single greatest contributor to draining system resources. I usually recommend disabling NAV, using safe internet practices, and scanning weekly or if there appears to be a problem.

        • Re:What problem? (Score:2, Interesting)

          by Tatsh ( 893946 )
          I switched to Symantec AntiVirus a while ago and it seems to be much better. My school also runs this. I remember that Norton was a slow piece. This one labeled as just Symantec AntiVirus seems to only take up less 2MB of RAM at the most. Anyone else have an opinion on this version? Getting definitions is exactly the same as Norton, but without a yearly subscription.
          • Re:What problem? (Score:3, Interesting)

            That is most likely the Corperate version of Symantec AV, which is *far* better than the desktop version that most people usually purchase. The corp version just sits in the tray until something comes along that might need some attention.
          • >I switched to Symantec AntiVirus a while ago and...

            I just switched [].
            • OS X has built in antivirus?
          • Re:What problem? (Score:3, Interesting)

            by quanticle ( 843097 )
            If you don't need a yearly subscription, you probably have the corporate edition, which, for some reason, is far leaner and more polished than the home version.
          • I use it and like it, but 2MB of RAM is a joke. RTVscan uses 22.5MB, DefWatch uses 1.2MB, VPTray uses 3.8MB, and the update program uses 5MB, at least on mine.
        • Re:What problem? (Score:5, Informative)

          by spectre_240sx ( 720999 ) on Saturday February 11, 2006 @09:19PM (#14697151) Homepage
          Well that's not surprising considering NAV runs at least 14 processes. I think it might be 15 including that glorified advertisement they call Norton Protection Center.

          We're still selling it at the shop that I work at. I'm not sure why... We recommend AVG Free for most people, but for business users we sell NAV.
          • Re:What problem? (Score:5, Informative)

            by The Snowman ( 116231 ) * on Sunday February 12, 2006 @12:48AM (#14698167)

            We recommend AVG Free for most people, but for business users we sell NAV.

            AVG is an excellent product. I have been using it for a couple of weeks now with zero problems, minimal performance/CPU/RAM impact, etc. I am so impressed with it that I am actually going to pay for it, despite the free version working "good enough" for me.

            At work, NAV sucks my computer dry. Sure, it works well enough, but the cure is worse than the disease. Too bad my employer is in bed with MS and Norton, no room for AVG...

            • Re:What problem? (Score:3, Informative)

              You use Norton at the office? It's corporate sibling, Symantec AntiVirus, runs far lighter and has much better deployment tools. While far from perfect (I have a list), it is much better than the home user oriented NAV.
        • NOD32 (Score:3, Informative)

          by MaineCoon ( 12585 )
          I have found NOD32 to be a far superior product to Norton and Mcafee (not that it's hard to be a superior product)... extremely low system utilization, I don't even notice it's there, until a virus warning pops up (such as the few email viruses that get past the filters on my mail server).

          It also proactively stopped all the common WMF exploits.
        • Re:What problem? (Score:3, Interesting)

          by Rekolitus ( 899752 )

          When Microsoft Anti-Spyware users remove the flagged Norton file as prompted, Symantec's product gets corrupted and no longer protects the user's machine.

          And besides, what kind of antivirus system lets some random program delete it's files, causing it to stop protecting the user's machine?

      • Software like NAV must inherently use the CPU on a frequent basis. Recall, it often has to scan data on each file access. Each time an application is started, or a DLL is loaded, it must perform a scan. Some of these products also protect from malicious VBScript scripts. When you're dealing with a product that also includes a firewall component, you'll incur some overhead during network activity. And of course, many of these products also include email filtering, which will again consume some CPU and RAM.

        • by Baricom ( 763970 ) on Saturday February 11, 2006 @07:59PM (#14696759)
          I would wager that if you took two identical PC's, installed Norton Internet Security on one, and AVG Free Edition, Sygate Personal Firewall (R.I.P.), and Ad-Aware on the other, you'd find that the latter computer is just as protected and runs substantially faster than the Norton-infected one.

          The first step I take when I'm working on somebody's computer is to remove Norton and install these replacements. Most people are shocked that their computer runs as fast as it does, especially considering that many of these people have always had Norton installed because it came with their computer.

          Just because these products must use continuous system resources doesn't mean they need all of them. That would kind of defeat the purpose of having a computer.
          • The first problem I see with your experiment is that you're comparing software that offers vastly different capabilities. Some do more than others, for instance. Like I said, some include email scanning, while others don't. Some include firewall capabilities, while others don't.

            So while AVG alone might run quicker than NAV, it doesn't offer the firewall capabilities. Soon enough you've installed ZoneAlarm or Kerio or some other firewall. And you may very well find your system performing worse than using onl
            • by Baricom ( 763970 ) on Saturday February 11, 2006 @08:10PM (#14696824)
              The first problem I see with your experiment is that you're comparing software that offers vastly different capabilities. Some do more than others, for instance. Like I said, some include email scanning, while others don't. Some include firewall capabilities, while others don't.

              I'm sorry that I wasn't clear. I meant that running all of those products in memory simultaneously is better for performance than running Norton in memory.

              Second, you're trying to give a quantitative value to something that is qualitative. What metric do you use to measure the vulnerability of a particular PC? Sure, you can throw a certain amount of malicious software at it, but that's not a realistic test.

              The measure is simple - which computer protected with its respective packages and attached directly to the network will be infected by a worm or hacked by a malicious user first? If you re-read my comment, you'll find that I said that both computers will be "just as protected." If both computers will be equally difficult to penetrate, why waste the extra memory and CPU on Norton?
              • I would add only one caveat to this.

                According to some antivirus studies - and I'm not proclaiming them necessarily correct or anything (there are lots of flamewars on Usenet about this) - NAV is marginally better at detecting viruses than AVG or most of the other free products. In other words, where AVG or Avast might detect 97-98% of viruses, Norton and McAfee are likely to hit even higher percentages.

                For home users who don't get tons of viruses, this is not really a problem. I've used the free versions of
            • Installing a software firewall on the machine it's meant to protect is like wearing a bullet-proof vest on the inside.
            • by michrech ( 468134 ) on Saturday February 11, 2006 @11:48PM (#14697879)
              So while AVG alone might run quicker than NAV, it doesn't offer the firewall capabilities. Soon enough you've installed ZoneAlarm or Kerio or some other firewall. And you may very well find your system performing worse than using only NAV for similar functionality, with a greater amount of memory consumption.

              Speaking as a person that has just installed AVG7 Network Edition on multiple computers in a school (yes, they paid for their licenses, before you ask), I'd have to correct you here. AVG 7, indeed, has a firewall built in.

              AVG has several other features built in (email scanning, etc). FAR less resource hogging than ANYTHING I could put on from Symantec.

              Why are you defending NAV/NIS so much? They are utter pieces of shit and deserve a slow and painful death.
          • Do you have hard numbers on these comparisons? I can sit for a half-hour in front of almost anyone's computer, change some settings, install this, remove that, and ask them if they think it's faster. They'll almost always say that it's much faster than before, even when the difference is so slight that a human would never notice it, or even when it's actually slower than it was. I tested this once by knocking a DMA-capable hard-drive down to PIO, and the user swore it was faster. There was no expression
          • by slashname3 ( 739398 ) on Saturday February 11, 2006 @11:22PM (#14697747)
            Just because these products must use continuous system resources doesn't mean they need all of them. That would kind of defeat the purpose of having a computer.

            But the purpose of having a computer is to run anti virus software, spy ware detectors, and firewalls. Between running those tools and updating the system there is not much time or resources for anything else.
        • by hedronist ( 233240 ) * on Saturday February 11, 2006 @08:09PM (#14696811)
          Excuse me? NAV is a steaming heap of complete crap.

          AVG does the job better, faster, and with far less resource consumption. Every time I have been called on to disinfect a machine which was running NAV, I recommned the owners switch to AVG. Without exception, they comment on how much more responsive their system is. I have little trouble convincing them to support Grisoft by getting the not-for-free version.

          The machine I am on right now is running (probably unnecessarily) a full AVG install. It checks my email, it checks my downloads, it checks all of the crud running on the system, and it does this while burning some fraction of 1% of the CPU and a tiny bit of memory.

          If you are currently running NAV, disable it (if you can) and try running AVG for a couple of days. I think you'll notice the difference.
    • ... but a lot of older systems get hit hard by virus protection overhead. Machines with less than 256mb of RAM are pretty much dead in the water. I personally use a free version of AVG, and only run it once a month or so. I'm not running a business out of my home, and viruses don't usually cause me any trouble.
    • Should be insightful. Personally I can see why Norton could be ID'ed as maleware, it causes worse performance by itself than any amount of spyware I've ever seen.

      It causes your e-mail and network to break sometimes, it's the most damaging piece of commercial software besides windows itself I've ever seen.

      Honestly mcafee is right up there with it, I've never had any of the top 3 free virus scanners break any system but then they don't try to be 6 packages in one and aren't overly aggressive in scanning - hog
  • Thing is.. (Score:5, Funny)

    by XanC ( 644172 ) on Saturday February 11, 2006 @07:34PM (#14696639)
    Norton could be described as spyware. Norton assumes your system is there to do nothing but run Norton.
    • by jd ( 1658 )
      If it sucks up all the system resources, it does guarantee that viruses have no CPU cycles, so it is technically anti-virus...
  • Norton? (Score:5, Insightful)

    by DirePickle ( 796986 ) on Saturday February 11, 2006 @07:34PM (#14696643)
    Wait... Is not spyware? It's definitely malware.
  • by Tiberius_Fel ( 770739 ) <> on Saturday February 11, 2006 @07:36PM (#14696651)
    MS Antispyware isn't useless after all!
  • Discussion Link (Score:5, Informative)

    by Mz6 ( 741941 ) * on Saturday February 11, 2006 @07:36PM (#14696653) Journal
    Here's a link to the actual discussion []. Looks like this has been corrected with the latest definitions.
    • Looks like this has been corrected with the latest definitions.
      It's been corrected already? I could have used this to delete the last remnants of a broken Norton Internet Security that was resisting both removal and re-installation (it would not scan files, so Excel and Word would hang up when opening files, because the scan was initiated but never completed).
  • But what if (Score:4, Informative)

    by ImaLamer ( 260199 ) <<john.lamar> <at> <>> on Saturday February 11, 2006 @07:37PM (#14696660) Homepage Journal
    Microsoft knows something we don't?

    Norton/Symantec hasn't always been nice (are they now?) - remember when Norton Utilities couldn't be removed on DOS installations? The only option was to totally format the drive and start over. I know people who won't even try Norton/Symantec products after all of those years because of these types of problems.

    This should be a cautionary tale about deploying beta products in production environments.

    Why even use Anti-Spyware when Norton Anti-Virus (corporate edition at least) can detect and remove spyware in real time?
    • Re:But what if (Score:4, Informative)

      by miffo.swe ( 547642 ) <> on Saturday February 11, 2006 @07:45PM (#14696711) Homepage Journal
      Frankly i dont remember having any troubles uninstalling Norton Utilities on dos. If you had used the drive compress feature you had to revert the disk back to its old uncompressed state before you uninstalled that feature but other than that it wasnt any problems uninstalling it.
    • Re:But what if (Score:2, Interesting)

      Whaddya mean you couldn't uninstall Norton for DOS? deltree c:\norton. Done.

      As far as not needing an anti-spyware program, Norton's sucks for one reason. Another reason is MSFT's product stops a lot of things on the fly. Most anti-spyware programs only work marginally but the extra realtime layer with the MSFT product helps.
  • First off, good call on "don't use beta in production!" I am sure many of us have had to make the call on using a beta product before. I know I used XP SP2 when it was beta because it had so many things that I needed at the time. However, I paid for it in many ways. I would still make the call again but I at least did it with eyes open.

    Second, what kind of moron installs that software, sees it tell you that your Norton software has to go, and then follow through with it when you are in a business environment? I just find that to be amazing.

    Third, this strikes at one of the main reasons I have thought Microsoft's move into the anti-malware industry was a bad one. Considering how protective they are of their IP and their EULAs, it suprises the hell out of me they would violate other company's EULAs (adware companies) among other things.

    Fourth and finally, there are going to be some lawsuits which really means more money for
  • How? (Score:2, Funny)

    by Exsam ( 768226 )
    I havn't RTFM since it won't load here at work, but how in the world does something like that happen accidentally?
  • by perlwolf ( 903757 ) on Saturday February 11, 2006 @07:39PM (#14696672) Homepage
    Shouldn't it be the other way round?
  • LOL (Score:2, Funny)

    by bogie ( 31020 )
    For once MS did something right. If only it removed Norton and installed AVG...

    Norton AV 200$ continues to be total crap, may every rep from Symantec who bitchs about this have to spend a month only working on systems that have been hosed by their very own horrible AV package.
  • by miffo.swe ( 547642 ) <> on Saturday February 11, 2006 @07:40PM (#14696679) Homepage Journal
    "This should be a cautionary tale about deploying beta products in production environments."

    Then how are we supposed to use Microsoft products? I thougt all Microsofts products was more or less beta.
    • Re:Bye Microsoft. (Score:5, Insightful)

      by mblase ( 200735 ) on Saturday February 11, 2006 @10:02PM (#14697417)
      I thougt all Microsofts products was more or less beta.

      You're thinking of Google, who release great products but keep them in beta for years.

      This is easily confused with Microsoft, who release mediocre products instead of keeping them in beta for years.
  • install DOJ []'s Anti-Trust []© to remove the offending product. Of course, it has been a little buggy since the Jan 2001 release.
  • This has nothing to do with using beta products in production or not. This has to do with the failure of big organizations to recognize that /any/ update applied to all computers within the organization should /always/ be tested, however short. I have fought hard with a previous client, as in the past one of the datfiles updates for McAfee managed to render most PC's useles becuase of a bug in the engine that was triggered by this particular datfile.
    Really, in a big organization, any update going to all P
  • Not a Beta Issue (Score:5, Insightful)

    by Bruce Perens ( 3872 ) * <> on Saturday February 11, 2006 @07:52PM (#14696738) Homepage Journal
    This isn't really a beta issue, because the definition file will be constantly updated - as with most anti-virus products. It's always beta. I'd imagine that each definition file gets some testing, but not the same amount as a new software product.

    This also brings up some interesting possibilities. Is it possible to craft a virus to deliberately have similar signatures to a commercial product? An anti-virus company that doesn't have quite all commercial applications on hand to test against could be caught by that. Maybe not, but I'm sure someone will try now.

    I'm glad I run Linux, and when things like this happen, I wish everyone did.


    • That would be pretty hard i suspect. If it is possible it would be one heck of a virus for wreaking havoc. Its in some ways nice that most viruses are made for botnets. If people would really want to hurt windows computers this type of virus would be able to do some serious damage i suspect. Imagine a series of them...

      Im also glad i admin linux. If something like this breaks out i will still be sitting with my coffee watching top while the other admins runs around like crazy monkeys.
    • I strongly suspect that it is not possible to craft a virus [0] so that it's indistinguishable from a piece of commercial software - unless it it's functionally identical (in which case ... the point is moot).

      The core argument is that a virus scanner that uses signature matching can match on any part of the virus. It is therefore insufficient to have only part of the virus matching code from some false positive source - all subsequences of the virus must make a false positive in some other known good softw
    • From the parent comment: "This isn't really a beta issue..."

      I agree completely, and for a different reason, also. Microsoft bought their anti-spyware software because it was successful commercial software. There was a lot of publicity that ignored the "beta" designation, including articles in the mainstream media.

      This is a case of Microsoft having it both ways: Getting credit for clearing spyware, and avoiding responsibility.

      Anyhow, as the parent poster said, this is NOT a failure in the anti-spywa
  • by hsoft ( 742011 ) on Saturday February 11, 2006 @07:53PM (#14696745) Homepage
    and make their anti-spyware utility remove Windows.
  • by mschuyler ( 197441 ) on Saturday February 11, 2006 @07:56PM (#14696750) Homepage Journal
    I run both on XP Pro. They (and XP) are both completely updated. They both still "work." Microsoft did not flag NAV or any of its parts. NAV still "works." Yet another excuse to dump on MS. Doesn't matter if it's true or not. And the CIA invented and spread AIDS, too.
  • I once had a copy of Norton that hosed my Windows 3.1 installation when I ran a virus scan. Of course, this was many many years ago, but could it possibly be retribution for this seemingly unrelated act?
  • I'd do the same if I was cleaning malware off someone's computer. Norton deliberately makes itself hard to uninstall, that qualifies it in my book.
  • The group with the complaints is no longer on their web page. I guess Microsoft wants to keep the lid on this.
  • Next up: removal of Firefox and OpenOffice.

    Those doctored images of it flagging Firefox from when it first came out might just turn out to be true...
  • Typo Correction (Score:2, Insightful)

    by eander315 ( 448340 )
    "This should be a cautionary tale about deploying beta products in production environments."

    This should be a cautionary tale about deploying Microsoft products in production environments.

  • I run NAV 8 and the MS Anti-Spyware beta. No problems and I just updated and ran a scan. Maybe it doesn't affect NAV 8?
  • by TheGSRGuy ( 901647 ) on Saturday February 11, 2006 @08:07PM (#14696805)
    If MS Antispyware wipes out your Norton install, the fastest and easiest way to clean out Norton to prepare for a reinstall is with Symantec's Norton Removal Tool, aka SymNRT. It's available for free from their website and is designed for situations like this where the install gets corrupted and you can't remove it.

    The tool removes every trace of Norton from your system. It does a better job than the normal uninstaller.

    • When I used SymNRT and those batch files they have on their site, they did something to my Windows msi installer. For about two weeks after removing everything Norton from my machine, the Windows installer would randomly pop up and run for a few seconds, usually during application launches (apps totally unrelated to Norton). It generally wasn't a problem, since it would pop-up, the thermometer would chug for a second, then it would be done and close. The biggest problem was that Quicken couldn't make backup
  • by Dracos ( 107777 ) on Saturday February 11, 2006 @08:10PM (#14696818)

    Does MS Anti-Spyware still not detect Gator^H^H^H^H^HClaria crap as malware?

  • by GodBlessTexas ( 737029 ) on Saturday February 11, 2006 @08:17PM (#14696853) Journal
    Maybe it's just me, but one of the key components of ensuring availability of computer systems for end users involves NEVER running beta or pre-production code on production systems. I can understand using a release product in a controlled environment for testing of a new product in your production environment, but anyone who uses pure beta software in the work environment is asking to face these kinds of trouble and shows they have absolutely no idea what they're doing when it comes to providing IT services and technologies. Beta code, by it's very nature, is going to have and cause problems.
  • a year ago, Microsoft Anti-spyware removed Internet Explorer []!
  • I mean, C'MON! You mean to tell me that NAV has any sort of signature that matches some malware? (I'm not talking about their signature database! Anybody writing malware detecters should have enough brains to be able to handled a competitor's signature database! Get serious!)


    Jesus Baron Von Christ! If this isn't obviously anticompetitive behavior on the part of Gates, I don't know what is!

    Now everybody will tell me, "Ho
  • From the Slashdot story: "This should be a cautionary tale about deploying beta products in production environments."

    That's not what happens in the case of Microsoft's virtual monopoly. Many people, when they find their computer has become slow, buy a new computer []. Then Microsoft sells another copy of Windows, which, of course, still has huge security risks.

    The incredible CPU-sucking of Norton software also helps Microsoft sell more copies of Windows, also.

    Somehow Microsoft has arranged that owners of Microsoft Windows XP must pay again when they get a new computer.

    It's miserable to have billionaires who care only about money riding on your back. That's why open source is necessary.
  • AVG (Score:2, Insightful)

    by Dr Floppy ( 898439 )
    AVG is by far the best Ive found, and its free. At least the version I install on windows machines. Glad I knew enough when I got my Mac I didnt buy that worthless software.
  • When will ppl get it?
    It's the OS stupid.

    This should be a cautionary tale about deploying any M$ products in production environments.

    In Capitalist West Anti-Spyware software delete competing product.
    In Communist Russia Anti-Spyware software delete your family.

  • M$ vs. Norton? Whoa, I really have no idea who to root for there - I'd actually hope they both lose, because that's the only way the end-user will win. :)
  • by vudufixit ( 581911 ) on Saturday February 11, 2006 @08:35PM (#14696950)
    This was a full product called Giant Anti-spyware that MS acquired.
    "Beta" is their term.

    75% of my private client calls involve removing malware, and the MS product
    is a champ at this task.

    MS antispyware gives you a summary screen that breaks down each item it found,
    assigns it a perceived threat rating, and gives you the choice to "Remove, Ignore, Quarantine."

    So, anyone watching with any degree of care should notice that Norton was one of the choices
    and simply select the "ignore" option.

    Personally, I haven't seen this happen myself.

    I agree with many other posters that Norton isn't that great of a product.
    I've noticed their firewall suddenly,without provocation, start blocking
    all websites.

    I've also noticed their antivirus turn itself off for no reason, never
    to be turned on again. Reinstalling is often interesting, since even the
    least little trace of the product prevents an install/reinstall, but it
    almost never uninstalls cleanly.
  • Damn Norton (Score:3, Informative)

    by oPless ( 63249 ) on Saturday February 11, 2006 @11:48PM (#14697877) Journal
    Norton Antivirus has been the most annoying damn bit of software I've ever had to remove ever. It's "helpfully" preinstalled on many machines, but after the 'free' subscription expires after a year or whatever, it manages to screw with windows at random.

    Yup the firewall prevents internet access, and other oddities. Of course with an expired subscription the user still thinks they're still proof against malware and that they're firewalled.

    Parents machine; Norton removal hoses networking completely, and I need to reinstall the network adaptor to get networking to work!

    Customers machine; Random 'internet access' and 'cd writing' problems

    Customers machine; Doesn't uninstall properly, interferes with Vodafone and Orange Data card installation, use a combination of regedits, the symantec removal tool and add/remove programs to get the machine into a state I can reinstall the corp edition ... and many more ...
    First thing I do is download firefox, avg free, m$ anti spyware and adaware ... then unplug the machine and take off NAV/Spybot/umpteen other 'helpful' software, and install avg, adaware, m$anti spyware; reconnect to the internet after an initial scan... then update everything, and try to kill off any remaining spyware

    The only thing I cant seem to get rid of is a certain young ladies "VX2 / Nail / Aurora" spyware nonsense, any help on that front is appriciated, as the only thing I can think of doing is a reinstall!
    • Re:Damn Norton (Score:3, Informative)

      Start > Run > msconfig > Startup tab > uncheck any suspicious looking program name. Especially those with names similar to known legit windows process but with a typo. Example: "svchosts" = legit, while "svhosts" = malware.

      Anywho, a re-install is probably the best, then install all of your standard programs and get all of the latest updates and service packs. Finally use something like Norton Ghost to create a pristine backup of the OS to restore when then inevitable 6 months marker roles around

Overflow on /dev/null, please empty the bit bucket.