Jump to content
xisto Community
Sign in to follow this  
tansqrx

I Don't Want Norton To Delete My Viruses And Hacktools!

Recommended Posts

I know that it will not do any good but I had to blow off some steam. Below is the letter that I sent to Norton feedback. Does anyone have an address that I can send a hardcopy to?

 

To Whom It May Concern:

 

I have been a supporter of Symantec products for several years now. I not only recommend your products to all of my friends but also to all of my co-workers as I am the IT department for my company division. I recently purchased SystemWorks 2006 and Internet Security 2006 in anticipation that these products were improved versions that would add extra security features.

 

That was about two months ago and now I am seriously considering uninstalling all Norton products and installing a competitors product. Although this letter may not be read by anyone other than a lonely email server script, I feel a need to give you feedback to why I have become so angry. I know from a customer service standpoint that good feedback can be invaluable and I have been a loyal customer for so long that I feel it my duty.

 

The one feature that makes me the most angry, if not burst into a psychotic fit, is the spyware detection. The straw that broke the camels back so to speak was an alert that I received stating that Norton had detected a spyware called Hypercam (spyware.hypercam, http://forums.xisto.com/no_longer_exists/). I have been an avid Hypercam user for several years and I can not come close to a reason that this software should be considered spyware. I understand that it can take screenshots of your desktop but why didnât the 20 other screen capture tools on my computer get detected?

 

Now to the more serious reason that I am considering switching to another security platform. I am a security researcher. I have several large documents on my wall that state I know a fair bit about computers. Most notably I have a Masters in Computer Engineering with a specialty in security. Now I am not telling you this to brag, I am telling you this to build credibility. With all of this said I have some very nasty things that live on my computer. Prior to installing AV 2006 I had a very nice collection of research tools (hacktools according to Norton) that I had acquired. Admittedly many were not things the normal users should have installed but they were there none the less.

 

After the first scan, years of work were gone, all without asking me. I can understand detecting these programs but at least give me an option to exclude them. I was raving mad after they were deleted without my approval. I also have questions with some of the programs labeled hacktools. I use netcat, nmap, Cain and Able, John the Ripper, and the list goes on, on a daily basis. Yet every time I download them again I am not asked, they are just deleted. Example; I currently have the install file for Cain and Able in my download directory. Every time I try to download something new I get that same annoying message. I am not given the opportunity to say âhey this is OK.â I suppose all that I am asking is to say that a program is OK and never be bothered by Norton again.

 

All of this is quite surprising considering Symantec has a lengthy involvement in the security community. I regularly stop by Security Focus and Foundstone (both owned by Symantec). If these sites are not the epitome of what a user should not have on his computer I donât know what is. I also have to question why Norton is going after specific products such as Hypercam. In my opinion, Windows Media Player is a bigger spyware threat than Hypercam could ever be.

 

I will have to apologize for having a harsh tone with this subject but this has been driving me nuts ever since I installed the latest installment of Norton. I know that you can not do anything about my particular situation but I do feel obligated to let you know why I will not purchasing any more Symantec products or recommending them to anyone else.

 

 

With saddened departure,

xxx

Share this post


Link to post
Share on other sites

I have no Anti-virus installed in my PC, because i do not open any illegal websites :( or any serials crack websites. plus i dont let the virus to enter in my PC :( these day i am working on linux Firewall

Share this post


Link to post
Share on other sites

First a question... if you are collecting viruses and don't want to delete them than why did you get an anti-virus program?

Normally you can download viruses in ZIP files and set them lose ONLY when you want to. Except, it is DANGEROUS to let a Windows machine even get on a LAN, let alone the Internet, without some sort of anti-virus.

I have Norton 2004. I find it best to turn off automatic scanning so it won't delete any viruses you want.

Also, I hope you're being VERY careful with your virus collection... Virus collecting is about as dangerous as radioactive sample collecting...

I have no Anti-virus installed in my PC, because i do not open any illegal websites :( or any serials crack websites. plus i dont let the virus to enter in my PC :( these day i am working on linux Firewall

I hope you're NOT using Windows as your primary OS then... it doesn't matter if you go to crack website/illegal websites or not. That's BS right there... There have been studies done and you can get a virus within the first 6 seconds of being online to a full 5 minutes. The Internet is a network. Viruses and worms spread through networks. LANs or the Internet, it doesn't matter. Malicious code WILL find its way into your computer. Actually, you could be infected right now and not even know it. Don't put all your trust into a firewall. A firewall is just that, a FIREWALL. It can block some traffic, like worms, but does it stop them from coming in via email? Nope.
[N]F
Edited by nightfox (see edit history)

Share this post


Link to post
Share on other sites

Theyâve gone too far this time. I just got a popup about the most hideous threat that I have ever seen.

 

Spyware.HyperCam

http://forums.xisto.com/no_longer_exists/

 

Are they serious? How in the world could Hypercam be a threat? Who in their right mind could even come up with such a thing? Will Windows Media Player be next?

 

I'm starting to doubt that you're as knowledgable as you claim. You may be book smart, but are you street smart? Learn to open your eyes and read things:

 

Behavior

Spyware.HyperCam is a video capture program that can covertly record your actions on a computer. It can be used for legitimate purposes when the computer user is aware of its presence on the computer.

 

That's also stating that it COULD be used for malicous purposes as well, such as when the computer user ISN'T aware of its presence. I have the same complaint agains WinVNC as I use it to remotely do maint. on other computers on my network and it is even labled as spyware for the fact that it could be used malicously.

 

So, no, Windows Media Player couldn't possibly be next unless it has a hidden keylogger in it. :(

 

Degrees & diplomas say you might be book smart, but I'm only in high school and I'm already working for my school's technology department because I have the skills to pickup things quickly. Out of all 7 of us summer workers, I'm the most responsible & trustworthy so I get treated well. They trust me to configure network switches (CISCO) and new computers, and here and there I get the ability to hop onto our NetWare server console. Yet, I don't have any kind of degree or diploma. You just have to be street smart and use common sense.

 

See where I'm getting at? You attacked Symantec for wrongly claiming a program as spyware. Just because YOU might use it legitimately doesn't mean someone else will... do you see where I'm taking this?

 

[N]F

Share this post


Link to post
Share on other sites

I have no Anti-virus installed in my PC, because i do not open any illegal websites :( or any serials crack websites. plus i dont let the virus to enter in my PC ;) these day i am working on linux Firewall


If you are running windows then you are better of dead as of now. I can bet 101% that your OS is now infected. base on your next sentences, I assume that you are using Linux but are you aware dear sir that even if you dont visit illegal sites, that you can still get worms and viruses.

There are programs that are lurking and scanning all IPs that they can find that responds to pings.. better turn off that ping reply from your firewall. And there is a 70% chance that you are connected to an ISP, if you are not then you are one of those lucky guys that have big bucks to run your own connections.

ISP's most of the time are clogged by viruses since they always identify themselves on system scans to enable the subscribers to see them. I dont know if on some countries a turn around for this flaw was implemented. And since you and the ISP have a full trust connection then I can safely say, that once your ISP get infected then you can get infected too.. that is from a trusted zone that may go past your firewall.

I have written virus from the past and still testing on better ways to avoid them and the next best approach is to use Antiviruses and firewalls.. the best option and not the practical one is to write your own Operating System and believe me that I have undergone that path since I was totally pissed off from MSDOS viruses way years ago.

In the end, I just get myself an AV since I do have a virus free system but I need to rewrite all system programs that I need. From text editing to image processing.. The process alone will make me thousand of years behind in terms of technological improvements.

Just my few cents..

NOTE:
I have succesfully planted a worm a couple of years ago using port mapping.. :( better find much more secure way to run you firewall.. I bet that you need to turbo charge your IP rules.. I dont know exactly what it is called on your Linux system but on my Linux it was called IPtables..

If you got more spare money and your ISP uses windows as server for IP leasing, you can even use IPtables to mask your pc and let outside connectiosn to your PC directed to another unit. That is logically you can have two computers using the same IP, one is hidden using the IPtables rules and the one exposed to be seen [no rules].. I will no longer tackle this stuff since in our country, this is a matter of dispute about its legality..
Edited by vhortex (see edit history)

Share this post


Link to post
Share on other sites

i had the same problem. A while back i had a server in my home, and i was running variouse tools to test its security. They were mostly rats,keyloggers ect. But norton kept on deleting them, so i put it on a cd so norton cant delete it, and run it from there

Share this post


Link to post
Share on other sites

It appears that my specific problem with Hypercam has been resolved. Hyperionics, the maker of Hypercam apparently complained to Symantec about including Hypercam in their database of spyware.

UPDATE July 3, 2006... Symantec agreed with our dispute and is removing HyperCam from the list of "Spyware". This should be effective with their next security database update. This is a good news for all of us at Hyperionics and all our customers. Thank you, Symantec, good luck fighting the real spies, pirates and virus writers!

Looks like I wasnât the only one complaining about Symantecâs poor judgment on this one. You can refer to the rest of the article at http://forums.xisto.com/no_longer_exists/.

This next part is to address the concerns of nightfox. There are several good reasons that I believe Hypercam is not a good tool to use by hackers. From my experience I have found that when a machine is compromised, the attacker is usually remote and has a command line to work with. If the attacker wants to monitor the activity on the victimâs machine then Hypercam would be the last thing to use. It is true that Hypercam can be setup to show no signs that it is running but none of those options could be used from a command line or added to a startup script. These options must be set in the GUI and then the Record button is pushed. An attacker would have to VNC into the machine and set all of this up without the user knowing which is quite unlikely. Additionally this would have to be performed every time the machine is rebooted which would raise the frustration of the attacker and his chance of being caught. Hypercam is also a commercial closed source program so there is no chance of an attacker modifying the source code and adding this functionality (which is a moot point because this in itself would change the program signature).

There is also another possibility where this scenario has a higher probability of being executed and that is where the attacker has physical access to the machine. In this case I would think that Hypercam would be the least of the victimâs worries. Although this is most likely the best use of an attacker using Hypercam, moderate physical security should take care of this problem.

In the end I believe that the benefits of Hypercam far outweigh possibility of an attacker using Hypercam. Certain safeguard already exist that prevent Hypercam being used in a stealthy way from a remote perspective.

P.S. The reason I mentioned Windows Media Player as being spyware is that it constantly talks to the Internet while being used. It has the capability of doing such things as asking the Internet what the title of the mp3 that I am playing is and recommend stores for buying similar products. It also has the sometimes scary job of reporting usability data back to the mothership or asking unknown sources if it is OK to play content protected data. (heard of several horror stories where âcontent protectedâ music or movies turned out to be a virus or trojan). All of this adds up to make me deny WMP at the firewall and never let it talk to the Internet and thus I can somewhat consider it spyware.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.