The incident came to light only recently, when hackers started to upload code sneak peeks and information to the Internet.

Symantec by then asked users of pcAnywhere to stop using the software to analyze and mitigate any arising risks. Symantec later on released a security recommendations whitepaper that described possible risk scenarios.

• The encoding and encryption elements within pcAnywhere are vulnerable, making users susceptible to man-in-the-middle attacks, depending on the configuration and use of the product. If a man-in-the-middle attack should occur, the malicious user could steal session data or credentials.
• A secondary risk: If a malicious user obtains the cryptographic key, they can launch unauthorized remote control sessions and thus access systems and sensitive data.
• If the cryptographic key itself is using Active Directory credentials, it is also possible for attackers to perpetrate other malicious activities on the network.
• In an internal pcAnywhere environment, if a network sniffer was in place on a customer’s internal network and the attacker had access to the encryption details, the pcAnywhere traffic could be intercepted and decoded. This implies that a customer either has a malicious insider who planted the network sniffer or has an unknown Botnet operating in their environment. As always, security best practices are encouraged to mitigate this risk.
• Since pcAnywhere exchanges user login credentials, the risk exists that a network sniffer or Botnet could intercept this exchange of information, though it would still be difficult to actually interpret the data even if the pcAnywhere source code is released.
• For environments with remote users, this credential exchange introduces an additional level of exposure to external attacks.

These information where later removed from the whitepaper after a patch had been issued.

The hackers in the meantime have released email correspondence on PasteBin. Here it gets a bit blurry as both sides apparently tried to broker a deal that would prevent the source codes from being released to the public. According to Symantec, it was a sting operation from the very beginning. The hackers on the other hand stated that they tried to “humiliate them” further.

A torrent of the source code has since then been released on the popular Bittorrent indexing site The Piratebay where it quickly climbed into the top 5 seeded files of the Misc category.

The hackers have already announced that they will also release the Norton Antivirus source code.

Should Norton and Symantec customers be worried about the source code release? Symantec stated that user’s who have upgraded the products to the latest version have nothing to worry about.

A demonstration video was shown, but no proof of concept website or exploit information were revealed besides that. Google’s official investigation of the vulnerability is still ongoing and taking longer than usual as Vupen is not sharing details of the exploit with Google.

Google engineers on the other hand expressed their opinion about the discovery on Twitter. Tavis Ormandy, a Google security engineer, posted a message on Twitter saying that Vupen had it all wrong, and that they exploited a Flash bug and did not penetrate the sandbox of Chrome. Others like Chris Evans posted similar messages on Twitter.

Discussion between Chrome engineers and Vupen researchers continued for some time on Twitter, and grew heated at times. Vupen meanwhile announced that they got the exploit to work both on Chrome 11 and 12.

There are now tow sides to the story. Vupen on one side claiming to have beat Google Chrome’s sandbox, and Google on the other saying that it was not the case. Google’s adamant in defending their browser’s security concept and sandboxing, as it is one feature that distinguishes it from other web browsers. A successful exploit could put a dent into the browser’s reputation as one of the most secure web browser.

Does it make a difference if a Flash vulnerability was used to load the Calculator on Windows? From a technical perspective yes, from an end users perspective no.

But Google was not the only company who refuted security allegations today.

Symantec published research on the company blog yesterday that revealed information about an access vulnerability discovered on the social networking site Facebook. According to Symantec’s research, Facebook applications may leak access keys to advertisers and other third parties. Access keys are generated when a user gives an application privileges on Facebook, and used to act with the user’s privileges.

With those keys in the wrong hand, they could be used to perform actions that the user has authorized the application for. This includes posting on the user’s wall, accessing a user’s profile or profiles of friends, or reading messages that the user has written in the past.

Facebook spokeswomen Malorie Lucich downplayed Symantec’s allegations in an email to PC World. She basically said that the report had inaccuracies, and that no private information could have been passed to third parties.

That sounds like a definitive no. Lucich continued stating that Facebook had no evidence of a privacy breach, and that the engineers took the necessary steps to resolve the issue, which again sounds like there has been a issue, and that Facebook did fix it after it was reported to them.

The truth in this case may be somewhere in the middle. Facebook did not deny Symantec’s findings directly, which indicates that there may be some truth to the findings after all.

If you look at the story from an end-user perspective, you are again left with no definitive answer as to what has happened. Were applications able to leak access tokens? Likely. Did advertisers or third parties exploit the issue? That’s not as likely, according to Symantec, and not possible according to Facebook.

If you are running last year’s version, say Kaspersky Internet Security 2010, you are bound to use it even after the 2011 product has been released by Kaspersky. At least that’s what many users believe. The update in the software confirms their views, as it will only update the 2010 version of the product, and not the update to the 2011 version.

What many users don’t know is that it is quite possible to update from last year’s security software to this year’s release, without additional costs. The only requirement is a valid license of the security software.

Lets exemplify the process: To update Kaspersky Internet Security 2010 to Kaspersky Internet Security 2011 a user would do the following.

• Download the latest product version of the security software from the Kaspersky website
• Install the product after the download, without uninstalling Kaspersky Internet Security 2010 first.
• Reboot the PC to complete the installation.

Kaspersky automatically detects that last year’s version was installed, and will take over the license. Licenses usually run for 365 days, and the user can use the new version of the software for the remaining period without additional costs.

The same updating option is provided by software from other security software companies. It is for instance possible to update Norton Antivirus 2010 to 2011 this way, or Bitdefender 2010 to 2011.

Below are download links of the latest versions of popular security suites and programs:

• Bitdefender: Antivirus Pro 2011, Internet Security 2011, TOTAL Security 2011
• Kaspersky: Kaspersky PURE, Kaspersky Internet Security, Kaspersky Anti-Virus
• Symantec: # Norton 360, Norton Internet Security 2011, Norton AntiVirus 2011
• Eset: ESET Smart Security 4, ESET NOD32 Antivirus 4
• Avast: avast! Pro Antivirus 5.0, avast! Internet Security 5.0
• AVG: AVG Internet Security 2011, AVG Anti-Virus 2011
• Avira: Avira AntiVir Premium, Avira Premium Security Suite, Avira AntiVir Professional
• Panda: Panda Global Protection 2011, Panda Internet Security 2011, Panda Antivirus Pro 2011

Please note that we have not tested updating all software programs listed above. It is however very likely that updates to newer versions are supported by all of them, considering that this increases the likelihood of the customer staying with the company for another year, once the license runs out. If you are not sure, contact your company to get an official response before updating the software.

Update: Users who want to be on the safe side need to uninstall the installed product first, reboot the PC and install the new version on the next startup.

Most Internet users use their Internet Service Provider as the DNS provider, often without their knowledge. This may not always be the optimal solution depending on the provider’s infrastructure, network speed and handling of domain names that cannot be resolved as well as a country’s censorship implementations.

The last two aspects might need some clarification. Many IPSs display custom search pages if a domain name cannot be resolved. They do that to cash in on the user’s searches. This can be frustrating to the user who might want to prefer a different handling of those page requests.

Some countries use the domain name system to block access to web contents and other resources.

Using a different DNS provider can speed up domain lookup times, reduce web censorship and block custom error pages by the Internet providers.

Symantec is the latest company to enter the DNS provider market with Norton DNS which is currently offered as a public beta. The easiest way to use the settings is to change the DNS settings to: 198.153.192.1 and 198.153.194.1.

Symantec offers in depth instructions for Windows and Mac OS X on the official Norton DNS website.

Norton DNS promises the same advantages that Google offered when they introduced Google Public DNS back in December of 2009.

Norton DNS Public Beta offers you a faster, safer, and more reliable Internet experience.

The Norton DNS website and FAQ do not contain lots of information about how it is faster, safer and more reliable than the standard DNS provider. Norton seems to be using information from Norton Safeweb to block malicious site requests automatically. Similar services are offered by other DNS providers such as OPEN DNS as well.

Symantec seems to have plans to expand the product in the future naming parental controls in the FAQ as one of the planned features. It is likely that the service will get integrated into Symantec and Norton products once it comes out of beta.

The system scan takes less than a minute to complete and will display an initial rating for each of the elements that have been scanned. More important than the initial rating is the detailed report that can be accessed after each finished scan. This report will display additional information using visual indicators so that the user can see the areas that need improvement on first glance.

Norton PC Checkup Interface

Completed PC Checkup

Detailed Report

The issues that have been found will the displayed on the first page of the report with a link to take action. Additional information are displayed by hovering the mouse over one of the main icons at the top that divide the various areas that have been scanned.

Norton PC Checkup will always offer two solutions to resolve the issues that have been found. Option one would be to connect with the Norton PC Tune-Up service which is a commercial service that needs to be paid for.

Option two lets the user solve the problem manually which will open a website with details on how to do so. The website is relatively generic on the other hand and does not take into account the user’s operating system. The link led to a website with performance tips for Windows XP although the test system was using Windows 7. A link in that article was provided to a similar Windows Vista article but there was not one for Windows 7 at the time of writing.

Norton PC Checkup can provide helpful information if the user manages to look beyond the Norton products that are offered as solutions for those problems. Most – if not all of the – problems that are indicated by Norton PC Checkup after scans can be eliminated with free third party software as well.

Norton PC Checkup can be downloaded from the Symantec website (via Blogs DNA)

The following links point to antivirus software programs that can be downloaded as trial versions. These trial versions can be used for either 30 days or 90 days without payment.

Which antivirus software developers are offering 90 day trials?

• McAfee VirusScan Plus [link]
• McAfee Internet Security [link]
• McAfee Total Protection [link]
• Norton Antivirus [link]
• Norton 360 [link]

Which antivirus software developers are offering 30 day trials?

• Kaspersky Antivirus [link]
• Kaspersky Internet Security [link]
• Bitdefender Antivirus [link]
• Bitdefender Total Security [link]
• Bitdefender Internet Security [link]
• ESET Smart Security [link]
• ESET Nod32 Antivirus [link]
• Trend Micro Internet Security Pro [link]
• Trend Micro Internet Security [link]
• Panda Security Antivirus [link]
• Panda Antivirus Pro [link]
• F-Secure Internet Security [link]
• F-Secure Antivirus [link]

Please let us know in the comments if we have missed a product.

Some notes: This article does not rate the antivirus software programs. There might be free programs out there that are comparable to the listed antivirus products. The only problem with this method is that users need to install different antivirus software regularly. This not only means more work for the user but also the requirement to get used to new software products.

Many antivirus companies are running promotions every now and then that offer longer trial versions for download. This will obviously help tremendously.

Any thoughts or ideas?

I contacted Norton with my proposal and they were all for it. I quickly received a review copy of Norton 360 and started the test about a month ago. Norton 360 is Norton’s top of the line product that combines all features of Norton Antivirus, Norton Internet Security and some additional ones exclusive to this version. Users who install Norton 360 get among other features an antivirus solution that protects against all forms of malware (including bots, rootkits, viruses, trojans and spyware), a software firewall, email protection, web browser protection, identity protection, a file backup solution, secure networking and PC tuneup modules.

This can look like overload to some users but the first surprise awaits during the installation of Norton 360. The installation is quick and painless. A system restart is required after installation of Norton 360 which was not noticeably slower than before. One point of criticism that has haunted Norton products for years seems to have been taken good care of by the Norton developers. Both the system start and the system itself do not feel noticeably slower than before (startup and shutdown time is probably in the region of 1-2 additional seconds at the most). That’s great and somewhat unexpected considering the past.

Norton 360 itself runs pretty much automated. It is a good idea to tweak the settings at least once. This includes disabling modules that are not needed (e.g. if you run a firewall you might not want to run another one, same for the backup solution or web browser protection). The purpose of an all-in-one solution like Norton 360 on the other hand is to be the one program that is needed to secure the PC. Users who only need specific modules might want to consider the two other Norton products Norton Antivirus or Norton Internet Security instead.

The interface of Norton 360 on the other hand could confuse some users as it opens several modules and options in new windows. It’s not that seldom that two or even three Norton 360 windows are open at the same time. Uses who are looking for advanced options need to go into the settings of the security software program.

A click on any of the modules in the Settings of Norton 360 will open display advanced configuration options. No direct help or explanation is offered there which can be problematic if the name of the setting does not explain what they do (anyone want to guess what Early Load or Sonar Advanced Protection in Automatic Protection under Antivirus do?). A click on the question mark will open a Windows help file that explains the settings in detail. It would be more comfortable if at least some explanation was given directly in the menu (for example by hovering over a name).

These settings on the other hand are very detailed. It is possible to enable some modules that are not enabled by default (for example Microsoft Office Automatic Scan, Advanced Events Monitoring or enabling Silent Mode). Advanced users should take their time and take a detailed look at the settings provided.

Norton 360 is a security software program that is ideal for users who want an all-in-one protection that requires barely any configuration. It might on the other hand also be an interesting alternative for uses who like to configure their security software programs as much as possible which is something that Norton 360 offers as well. The best part (if you ask me) is the confirmation that Norton security programs are not slowing down computer systems noticeably anymore.

So called anti virus removal tools have been created to effectively remove traces of anti virus software from the computer system. They usually run a series of processes that delete files, Registry settings and other parameters or options that have been installed by the antivirus software during installation.

Below is a collection of anti virus software removal tools that have been created by the developers of the programs to aid their users if they encounter difficulties uninstalling it.

• AntiVir Registry Cleaner
• Avast Removal Tool
• AVG Remover
• Bitdefender Uninstallation Tool
• F-Secure Uninstallation Tool
• Kaspersky Removal Tool
• McAfee Consumer Products Removal
• Microsoft One Care Uninstall Cleanup Tool
• Norton Removal Tool
• Panda Anti Virus 2008 Uninstaller
• Symantec Corporate Products Clean Up Tool

Did we miss antivirus software uninstallation tools in the list? Let us know in the comments.

AVG Remover has been specifically designed to remove the antivirus software program AVG Antivirus from a computer system. It will remove all parts of the AVG installation from a computer system including all Registry settings and files on disk. The program has been designed by AVG software developers as a last resort. They let us know that the AVG Remover tool “is the least option to be used in case the AVG uninstallation / repair installation process has failed repeatedly”.

The software program could therefor prove to be useful to remove AVG after a system crash or some other catastrophe that rendered the default uninstaller useless.

Similar tools exist for Kaspersky software in the form of KAV Remover and the Norton Removal Tool.

The last time I used one was when I bought a new laptop which had all kinds of trialware installed. The McAfee Consumer Product Removal Tool removes all 2005, 2006, 2007, and 2008 versions of McAfee consumer products including trial versions.

The tool works on all Windows NT systems including Windows XP and Windows Vista. The interesting aspect is that McAfee recommends to remove the product from the Remove Programs option in Windows before running the cleanup tool.

After removing the McAfee product from the Remove Programs option in Windows the McAfee Consumer Product Removal Tool has to be used to remove any files, folders and Registry keys that have not been removed by the default Windows uninstallation process.

Windows Vista users have to start MCPR.exe as administrators by right-clicking the file and selecting Run As Administrator from the menu.

If the cleanup fails a Cleanup Unsuccessful notification appears that provides access to a detailed log file. A simple text document that can be analyzed or send to McAfee support for further details.

Symantec issued a patch on June 5th and Microsoft released a patch as well a few days ago that should solve the issue for users who are experiencing blank device managers and are missing networks in the network connections menu.

Users now have the choice to use the Microsoft patch or the Symantec fix to correct the issue. Using the Symantec fix however makes only sense if a Symantec product was installed on the system during the upgrade to Windows XP Service Pack 3.

Initially Symantec blaimed Microsoft solely but admitted that symprotect was involved as well. The tool SymRegFix.exe has been designed by Symantec to remove the bogus Registry entries and correct the errors that have been caused by them on the user’s system. The software has to be downloaded to the local computer and executed from there, it will fix the Registry automatically.

Symantec users who have not updated to Windows XP Service Pack 3 yet will be delighted to hear that Symantec added a solution to prevent the situation to live updates of their products. If the Symantec product is fully updated the problems will not arise and symprotect does not have to be disabled during Service Pack 3 installation.

Reese Anschultz, Sr. SQA Manager of Symantec Corporation, posted information on how to disable the SymProtect feature in all Symantec products in a support forum. Symantec is currently developing a tool to clean the Registry from those extraneous registry keys. Unfortunately no information were posted when the tool will be available but it will most likely be in the coming week.

The problem apparently spawns from the fact that the Microsoft tool fixccs.exe is adding temporary keys to the Windows XP Registry during the update which cannot be deleted due to the SymProtect protection which prevents changes to the Registry.

Below are the instructions on how to disable SymProtect on the various Symantec products.

To help prevent this issue from occurring, you should disable SymProtect prior to installing the Windows XP SP3 upgrade. This setting, in Norton Internet Security 2008 and Norton AntiVirus 2008, can be found within the Options page as “Turn on protection for Norton products.” In this case you should uncheck the box prior to the upgrade. After the upgrade is complete, please remember to re-enable this feature. It should be noted, however, that this workaround only addresses issues with Symantec products. You may still run into similar problems with other products affected by this XP SP3 upgrade issue.

For Norton SystemWorks 2008 you have to go to the Advanced Options UI that is under Settings. Next, click on “Norton SystemWorks Options” and select the General tab. Lastly, uncheck the box that says, “Turn on protection for my Symantec product”.

For Norton SystemWorks 2008 Premier you can use either the previous instructions or the Norton AntiVirus instructions.

What I don’t understand is that companies are always changing the location of the options and menus. That’s not user friendly. Microsoft for instance is always changing the location of the options in Internet Explorer.

Norton Internet Security 2006 for instance slows down system start of the average pc by more than 40 seconds which is one of the reasons why I think that it is not worth it. A lot of great, resource friendly applications exist that can fully replace most Norton applications and I would recommend to make the switch.

The Norton Removal Tool is helpful because it can remove a failed installation or damaged Norton product from your system. I would even suggest to run this application after using the default uninstallation process just to make sure that all files and settings are gone as well.

A lot of computers and notebooks ship with (trial) versions of Symantec or Norton products as well and I would suggest to uninstall them as well using the described method.

Alternatives vary of course depending on the Norton product that you are using. I suppose the antivirus software is the most common one which can be replaced by AntiVir for instance. Just write a comment if you are looking for a recommendation for another product.

Read More:

Norton Removal Tool for Windows 2000 / XP / Vista
Norton Removal Tool Windows 98 / Me
AntiVir