NAV

[Tea]

AV You know, Kristi mentioned something today that gave me one of those "oh yeah, I know that, I've just never actually said it out loud before" moments.

About every second or third time a machine comes in to have the viruses removed, it turns out to be running Norton Anti-Virus. Sometimes it's even up to date. Sometimes it's so out of date that you wonder how they got in on machinery that new, and (perhaps most often of all) it's out of date but only just out of date - like a few weeks is all. But the viruses on the machine, in the main, are way older than that.

What gives?

Is it simply the correlation (about 0.7) between Norton ownership and cluelessness?

Is it that NAV is one of the most common programs out there?

Is it just that NAV sucks.

Or - and my paranois is showing here - is it some kind of scheme Symantec have cooked up to punish people who don't renew their subscriptions?

 

[Clocker]

I didn't see this option but I think it is because most don't update their virus signatures. I don't think it is a 'punishment' by Symantec. I think it is simply a lack of updating (whether the subscription is still 'good' or not).

Then, most people never pay to update their subscription after the first year...

C

 

[Tea]

Well that's the funny thing about it, Clocker. I'm talking about machines that have viruses that pre-date the installed virus signatures. Kristi tells me that she sees a lot of machines that are out-of-date, but not very much so - three weeks or a couple of months since the last signature update.

But they come in riddled wth viruses that first appeared months or even years ago! We have no idea who NAV doesn't pick them up.

(And if it wasn't for Housecall, I have no idea how we would fix them all. FORMAT C: would work, I guess.)

 

[Tea]

A clarification. I shouldn't have said "subscription" above. I should have made it clear that I was talking about the date of the last signature download.

 

[Mercutio]

I've seen viruses get by Norton and McAfee both. My personal thinking is that a lot of people think that AV software is a license to do stupid things on their PC (Hm, a stranger s sending me an attachment called "Iloveyou.exe"! Better see what it is.)

I also wonder if virus writers know how to circumvent NAV and McAfee, since I have seen up to date machines get viruses as well.

 

[The JoJo]

Uhhh, NAV? The blowfactor....or was it suckfactor....can't remember....Anyways, it's the program that really S**ks.....

 

[Bozo]

Never saw a AV program that works. NAV seems to be the worst. We update our work PCs weekly and still manage to get infected.
In defense of the AV writers, not all computer cancer can be stopped by AV software. The last infection we got was a chunk of cancer floating around the net looking for unpatched Windows boxes. It caused the computers to reboot every 2 minutes. (I forgot the name of this scumbag software). Norton said they couldn't stop it.
Actually it was pretty funny. Every computer in our cube farm would continuously reboot and beep every time it did. Corporate IT never bothered to install the patch, which was available months before the cancer hit.

Bozo :mrgrn:

 

[mubs]

Well, well, well.

I've been running NAV for a few years and have always been clean. Like it has been said, no AV sw is perfect, but I may have some explanations for Tea's issues.

I think NAV as AV sw is ok. What sucks really bad is Automatic LiveUpdate. In theory, when you're on the 'net, it's supposed to check for updates, download and install them automagically. It doesn't. Most people set this option on and believe they're protected. I find I have to manually download and install the latest sigs. I think this is the single biggest problem with NAV - a false sense of security. It is even acknowledged on their web site in a support note.

As to why the m/c has viruses that precede the date of the sig files, the user was probably out of date, got infected, then caught up with the sigs, but never did a scan of the system (and has regular, automatic system scans turned off like I do; else you'll need a 10GHz A64 for the CPU).

And honestly, I don't think it's the AV sw's responsibility to cover for every friggin hole Gates and Co. put in their sw.

I know opinions will vary, but IMO, NAV sucks less than MaxAfee (which I was using before).

 

[ddrueding]

I'd vote yes to at least 3 of those options, but cluelessness is the primary factor.

1. Most computer users are completely clueless. Those with a minor clue know that viruses exist, those with a slightly larger clue have heard of Norton.

2. These people take the fact that Norton is on their system as impenetrable body armor against everything evil on the internet. Many times I've had people protest their massive spt/adware infestation saying "but I have Norton!".

3. Norton is so common that a few viruses have targeted them. One I remember targeted norton during installation, making it look like its functioning properly, while making it completely impotent. This is why Norton 2004 does a system scan before installation.

 

[ddrueding]

So is everyone here fairly confident about housecall's ability to find everything?

 

[Mercutio]

I think it's better than wasting time with an AV product that's actually installed on a PC.

If a machine is so borked it can't connect to the internet to run Housecall it probably needs to be gold disk'd anyway.

 

[ddrueding]

gold disk'd?

 

[Tea]

Another one today.

NAV signature update: 5 July 2004
Virus: JS_FORTNIGHT.M
Virus first discoverd: Octover 2003

This is not in the slightest unusual. Kristi sees this stuff all the time.

Mubs, maybe your theory about users getting the bug first and downloading the updates second sounds likely. But if you were going to go to all the trouble of downloading the latest updates and crawing under your desk and unplugging your system and putting it in the car and taking it out again and bringing it in here and paying us money to fix it, and then taking it home again don't you think that you would do a full system scan first?

I dunno.

Go figure

PS: other viruses on that same machine (it just finished the scan)

* TROJ_DUMARIN
* WORM_PLEXUS.B
* WORM_KORGO.V
* TROJ_DUMARIN.H

Plus 141 items on Ad-Aware scan

I gotta say, Nortons just can't cut the mustard.

 

[Tea]

Who said McAffee sucks too?

He were no fool, dat man.

 

[ddrueding]

So is housecall "it"? Is there not a resident virus scanner worth a hill of beans? I have clients clamoring for it...but they're all shite.

 

[GMac]

AVG and Trend in combination does the job for me - why pay for unreliable bloatware? :?: But the idiocy of owners definitely comes into it - I've seen far too many staff PCs come into the office (some with Norton, others with the AVG we installed when we first set them up) that are infected with multiple virii, trojans and spyware because they haven't seen an update in months :roll: A good proportion of these were expressly told to keep updating the software when they go online (and automatic updating was set to 'enabled'), but our advice simply went in one ear and out of the other..... :roll: They just think "we have anti-virus software installed - we'll be fine" and blithely go on opening dodgy e-mail attachments........

GM

 

[Santilli]

Macs are good for email.

I'm sick of all this stuff, and I don't open questionable attachments. I use Eudora, and, I'm getting sick of Bagel this and Bagel that...

Trend has worked well for me, and, after going through Cnet looking for anti-virus, and firewall stuff, Trend is the ONLY one I'd look at, along with
Ad-Aware.

s
PS I averaged every other day with some sort of worm, virus, etc. on my home machine. This week, after going to the mac for email, nothing, nada, for any of that stuff.

It was getting so bad, I thought the virus' were being installed by Trend, but that's obviously not the case, just my paranoia and frustration coming through..

Finally, XP is worth looking at for, if only the firewall...at least it has one that sort of works.

 

[Fushigi]

AVG has been fine for us. No abnormal behavior and no viruses in a long time; longer than I can remember. Years. But we also have firewalls installed on the PCs and the router and don't do the Top Ten Stupid Browser/Email Tricks. And run AdAware & SpyBot on occasion. And apply security patches as they become available.

FWIW, AVG is set to not only update every night but to also run a full scan every night after the signature update. Since the PCs are on 24x7 this works quite well and leads to unobtrusive protection. Were I handling machines that aren't up 24x7 I'd schedule it for sometime during the day like lunch hour or sometime when it's safe to assume the user has the machine up & online like 10AM.

Haven't tried Housecall, Trend, etc. Haven't needed to.

NAV is a virus. Took me 45 minutes to fully uninstall it one time. After it's app uninstall finished I spent a long time removing all of the related registry turds it left behind.

 

[Will Rickards WT]

There are nasty viruses that disable NAV and others. So if one of those got on the machine, there is your problem. But my vote was for NAV sucks.

Use NOD32 and be happy.

 

[Tannin]

Macs are good for email.

Just so, Santilli.

People have learned not to laugh out loud when they see the two incredibly out-of-date and horribly clunky-looking OS/2 machines that run the mission-critical things in my office.

But in the 10 or 12 years I've been running OS/2, I have never been infected by a virus, and I'm not even careful!

Sure, like Mercutio and several other members here, I don't usually bother with AV software and instead I use a little care and common sense for my Windows boxen, and almost never have a problem with them — no IRC, no ICQ, no Kaza, no Outbreak Express, caution with email attachments — but the odd thing slips through from time to time. Never anything serious, not since I had STONED back in XT and ST-225 days. That would have been about 1991, I guess.

Sometime I get frustrated at the idiots who send me pricelists in Excel or Word format (have these morons never heard of plain text or Acrobat?), and it's a bit of extra bother to fire up my trusty old overclocked K6-III/450+ with Win98SE so that I can read the damn things — and gold disk the thing in 20 minutes if any nasty bug slips through — but then I look at the phenomenal number of machines we strip the scumware out of, and look at conversations like this one, and remember just how long it takes to reconstruct a good, useful system from backups and factory install discs, and I remember why the two machines that actually store important data don't run Windows.

 

[Tannin]

As for removing NAV turds in the registry, Fushigi, I couldn't agree more. It takes forever. Do you do it the same way as me? Search the registry for anything with "Norton", "Symantec" or "NAV" in it and take out the entire entry?

(But you have to watch out, because there are completely unrelated words that appear in the registry that include the string "NAV" - I can't think of any at the moment as examples though.)

 

[Fushigi]

As for removing NAV turds in the registry, Fushigi, I couldn't agree more. It takes forever. Do you do it the same way as me? Search the registry for anything with "Norton", "Symantec" or "NAV" in it and take out the entire entry?

(But you have to watch out, because there are completely unrelated words that appear in the registry that include the string "NAV" - I can't think of any at the moment as examples though.)

Pretty much that way, yes. And you can't blindly do F3 - Delete, F3 - Delete, etc. since, as you mentioned, that combo may appear elsewhere. Navigation software could easily contain the NAV string. You might also have Ghost installed and want to keep it, so Norton & Symantec references must be read before being deleted.

 

[Buck]

A vote for NOD32. That is the only antivirus software I recommend. I have come across too many infected systems running Norton or McAfee. But, as has been mentioned, even outstanding antivirus programs are as good as their updates. If the user doesn't want to purchase a new license after a year, it's just more money in my pocket when they come in with another severe infestation. A good example was on Sunday, she didn't have a virus protection that would be considered new my a long shot, and NOD32 found 1890 viruses.

My previous summation of Spybot was not very good. However, after using it again recently, I would say it was on par with Adaware - or more correctly, they are neck-and-neck with each taking the cake once in a while.

 

[CityK]

If used correctly, Norton is probably just as effective as all the rest - meaning I place the onus on the user. That said, Norton is Big Bulky Buggy Bunk.

 

[Onomatopoeic]

The problem is a well-known one by security folk in that people don't update their NAV virus definitions each time they log onto the Internet. A new bugaboo hits the wires and then it hits them over the head because their anti-virus definitions are 1 day, or 1 week, or 6 weeks, or 6 months out-of-date.

All of this is not to mention that NAV (now SAV) has had some on-an-off problems for years about "breaking." Every once in a while, Norton (Symantec) issues SAV updates that are more than just virus definition updates, as they download new scan engines or supporting code (DLLs, etc). To get these sort of updates, it seems that you need to manually open up the NAV/SAV control panel and manually press the "Live Update" button. It will download a bunch of Norton crap, but you virus definition version may not change! And, you may even need to reboot your computer for the update to take effect.

 

[mubs]

A computer science researcher has highlighted the shortcomings of Microsoft's latest patch for its Internet Explorer browser by identifying another way that online vandals could run malicious programs on a Web surfer's computer. <snip>

In early June, Kuperus found a Web site that used two previously unknown vulnerabilities, plus the recently patched one, to install adware on victims' computers. <snip>

This is not anything new, but does serve to remind that:
a) Malicious types are way ahead of eveyone else in the game, and many are doing their work stealthily
b) Most of us experienced folks use an alternative browser, unlike the hordes out there and
c) we are more cautious in our surfing habits and frequently sanitize our machines

Given the "normal" situation quoted above, it's no wonder the average user's machine gets hopelessly infected.

Tea aluded to but did not explicitly blast the party most responsible for the problem - Microsoft.

 

[mubs]

In case anyone's interested, the story is here.