Norton in action

time · Sep 28, 2004

I received this query:

For the last 2 days, Norton Internet Security has alerted me that this destination is trying to access data on my hard drive which I designated as 'private information'. The data in question is actually the last five digits on one of my credit cards.

The destination appears valid, as I have my computer set to automatically download Windows Updates--including SP2 (but alert me before installing them, as my software doesn't yet support SP2). Furthermore, I don't actually believe this credit card number is actually resident on my hard drive.

My question is, does this number coincidentally correspond to a number Microsoft requires in order to commence downloading SP2? I noted a couple of times today that the tray icon was downloading an update, but when it reached approximately 34% complete, it disappeared (probably due to my blocking my PC from sending that number). Prior to today (for the last week or so) this icon has regularly advised that a download is 0% complete when I hover the cursor over it.

Would you advise that I remove this number from Norton's privacy information list?

Does anyone know anything about Norton's privacy information list? It sounds like they encourage you to store credit card numbers on your computer!

Buck · Sep 28, 2004

That just doesn't sound good. I don't have any credit card numbers stored on my system and SP2 was a breeze to download and install. I would presume that this is a coincidental occurance with something malicious.

sechs · Sep 28, 2004

I agree that this is likely coincidental. Five digits isn't that hard to randomly come across on a single computer.

time · Sep 29, 2004

sechs said:
I agree that this is likely coincidental. Five digits isn't that hard to randomly come across on a single computer.

Exactly, yet Symantec - masters of security that they are - believe it's useful to filter the data stream for five digit number sequences ...

sechs · Sep 29, 2004

The user chooses the number of digits to enter. The fact of the matter, however, is that, if you enter a good portion of your credit card number, and your computer is compromised, the numbers are right there for the taking.

Symantec suggests five or six, as a reasonable compromise between risk and reward.

Howell · Sep 29, 2004

sechs said:
Symantec suggests five or six, as a reasonable compromise between risk and reward.

Suggests? Why/for what purpose? Keep in mind I don't have an Symantec software anymore.

sechs · Sep 30, 2004

So that it can protect your personal data. If it doesn't know anything about your personal data, it can't protect it....

Norton in action

time

Storage? I am Storage!

Buck

Storage? I am Storage!

sechs

Storage? I am Storage!

time

Storage? I am Storage!

sechs

Storage? I am Storage!

Howell

Storage? I am Storage!

sechs

Storage? I am Storage!