FYI: Security Problems Plague XP SP2 via Symantec/McAfee

Yahoo's tech Tuesday has some interesting stuff and here it is:

http://news.yahoo.com/techtuesday/

http://story.news.yahoo.com/news?tmp...0&sid=96089681

Microsoft Window users need to apply latest patches due to hackers taking
advantage of released information in above article.

http://story.news.yahoo.com/news?tmp...1740&ncid=1729

Microsoft Window users need to be aware that McAfee and Symantec (aka Norton)
products can disable advanced security features of XP SP2. I advise users to
rid their operating systems of these terrible products and use other means to
protect themselves in the on-line world.

Dan! Thank you, thank you, thank you! ! !

I was experiencing so many problems I was about to trash my machine and load
a disk-shaped hand grenade into the CD slot! Figured out it was Symantec's
stuff causing it all! Unloaded all their stuff and now everything runs great!

Thanks for the tip!

"Dan" wrote:

Yahoo's tech Tuesday has some interesting stuff and here it is:

http://news.yahoo.com/techtuesday/

http://story.news.yahoo.com/news?tmp...0&sid=96089681

Microsoft Window users need to apply latest patches due to hackers taking
advantage of released information in above article.

http://story.news.yahoo.com/news?tmp...1740&ncid=1729

Microsoft Window users need to be aware that McAfee and Symantec (aka Norton)
products can disable advanced security features of XP SP2. I advise users to
rid their operating systems of these terrible products and use other means to
protect themselves in the on-line world.

You are most welcome. Please feel free to share the stories with others and
warn them of the dangers of McAfee, Symantec, AOL and other programs that
disregard Windows by installing a bunch of unneeded junk to the computers as
well as trashing the registry. As I have tried to show here, it is not
always Microsoft who is responsible. Sometimes it is the fault of other
companies. Have a great night!

"mattlubic" wrote in message
...
: Dan! Thank you, thank you, thank you! ! !
:
: I was experiencing so many problems I was about to trash my machine and
load
: a disk-shaped hand grenade into the CD slot! Figured out it was Symantec's
: stuff causing it all! Unloaded all their stuff and now everything runs
great!
:
: Thanks for the tip!
:
: "Dan" wrote:
:
: Yahoo's tech Tuesday has some interesting stuff and here it is:
:
: http://news.yahoo.com/techtuesday/
:
:
http://story.news.yahoo.com/news?tmp...0&sid=96089681
:
: Microsoft Window users need to apply latest patches due to hackers taking
: advantage of released information in above article.
:
:
http://story.news.yahoo.com/news?tmp...1740&ncid=1729
:
: Microsoft Window users need to be aware that McAfee and Symantec (aka
Norton)
: products can disable advanced security features of XP SP2. I advise
users to
: rid their operating systems of these terrible products and use other
means to
: protect themselves in the on-line world.
:
:
:

Microsoft Window users need to be aware that McAfee and Symantec (aka
Norton)
products can disable advanced security features of XP SP2. I advise users
to
rid their operating systems of these terrible products and use other means
to
protect themselves in the on-line world.


Hi Dan,
Is it only XP users that are affected?
I see you posted this in a 98 group so I have to ask.

regards Jane

" Microsoft Window users need to be aware that McAfee and Symantec (aka
Norton)
products can disable advanced security features of XP SP2"

Could you elaborate a little more on that?


______________________________
Daniel Royer, University of Geneva
daniel at royer dot ch


"jane" wrote in message
...

Microsoft Window users need to be aware that McAfee and Symantec (aka
Norton)
products can disable advanced security features of XP SP2. I advise
users
to
rid their operating systems of these terrible products and use other
means
to
protect themselves in the on-line world.


Hi Dan,
Is it only XP users that are affected?
I see you posted this in a 98 group so I have to ask.

regards Jane

No, Jane. This particular issue, regarding Norton and McAfee
installations "fooling" the Windows Security Center" doesn't affect
anyone not running Windows XP with Service Pack 2 installed. See my
reply to Daniel Royer, below.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"jane" wrote in message
...

Microsoft Window users need to be aware that McAfee and Symantec
(aka
Norton)
products can disable advanced security features of XP SP2. I advise
users
to
rid their operating systems of these terrible products and use other
means
to
protect themselves in the on-line world.


Hi Dan,
Is it only XP users that are affected?
I see you posted this in a 98 group so I have to ask.

regards Jane

http://story.news.yahoo.com/news?tmp...1740&ncid=1729

If the above link doesn't work for you, try this:
http://tinyurl.com/7ybuc

That is the "more" you're asking for. More than this, Dan doesn't know,
I'm sure. My take on the subject is a bit different. While acknowledging
that I am not a fan of either product, and I've not hesitated to say so
on innumerable occasions, what is described by the article isn't a real
security risk, per se.

The way I read the article is this:

One of the new features in Windows XP Service Pack 2 is the "Windows
Security Center". It keeps track of what, if any, antivirus and firewall
apps are installed, and whether they are up to date. If you are lacking
in a firewall or antivirus, or if they are simply not running, the WSC
advises you of the situation. However, as anyone who pays attention will
know, when you first install such applications, they are *never* up to
date and should be updated immediately. One result of this combination
of affairs is that while installing such apps, the new Windows Security
Center may warn, repeatedly, that the programs are not up to date.
Symantec and McAfee consider this detrimental to the "user
experience"--and in a way, I can't blame them. It *is* disconcerting to
get repeated warnings that you aren't protected while you are in the
very act of installing protection.

Norton solves this by deliberately disabling Windows Security Center
during installation (which makes one wonder about the architecture of
Windows Security Center, doesn't it?) McAfee changes the dates of
certain files to "now" as they are copied into the system. This
convinces Windows Security Center that there is now up-to-date
protection installed and it keeps quiet. However, apparently, the
antivirus app now thinks it's up to date, also, and may not initiate an
update, leaving the user with a very out of date antivirus until
sufficient time has passed and it then updates. Or perhaps it still
initiates an update during the normal course of installation, but in
many cases this isn't feasible due to the system not being able to
connect to the internet. I don't know the particulars.

For myself, the most alarming thing about this whole affair is that the
Windows Security Center *can* be disabled by any means other than user
intervention. Makes it rather useless, don't you think? Plus, McAfee's
methods would tend to leave a user with a false sense of security
between the time of installation and the first actual update. Judging by
the usual amount of time that such apps consider reasonable between
updates (a horribly long time in my opinion), a person could be running
several days without real antivirus protection and not realize it.

Of course, this has always been the case--automatic updaters are famous
for failing in their duties, especially where the systems aren't
connected to an always-on internet connection, or are used sporadically
for relatively short periods of time, or simply being inadvertently
disabled. This is why Windows Security Center was developed. And this is
why I always admonish users to *check* that AV and Firewall is running
when they startup and periodically throughout the day, and that they run
the updater(s) manually, on an at *least* daily basis. These are habits
that should be as deeply ingrained as checking your rear-view mirrors
regularly while driving.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Daniel Royer" wrote in message
...

" Microsoft Window users need to be aware that McAfee and Symantec
(aka
Norton)
products can disable advanced security features of XP SP2"

Could you elaborate a little more on that?


______________________________
Daniel Royer, University of Geneva
daniel at royer dot ch


"jane" wrote in message
...

Microsoft Window users need to be aware that McAfee and Symantec
(aka
Norton)
products can disable advanced security features of XP SP2. I
advise
users
to
rid their operating systems of these terrible products and use
other
means
to
protect themselves in the on-line world.


Hi Dan,
Is it only XP users that are affected?
I see you posted this in a 98 group so I have to ask.

regards Jane

http://www.symantec.com/techsupp/sp2/faq.html#9

Q: Why does the Windows Security Center say that the status of my Norton
security product is "unknown."

A: Your Norton security products contain tamper protection features that
prevent malicious code from determining their status. This tamper protection
also prevents the Windows Security Center from determining the status of your
Norton security products.

Symantec has released an update which adds compatibility to the Windows
Security Center so that it may report the status of your Symantec security
software. This update is included in Norton 2005 Security Products and is
available by LiveUpdate for Norton 2002/2003/2004 Security Products. The
update will install on Windows XP, but will not take effect unless you have
the Windows Security Center installed.



"Gary S. Terhune" wrote:

http://story.news.yahoo.com/news?tmp...1740&ncid=1729

If the above link doesn't work for you, try this:
http://tinyurl.com/7ybuc

That is the "more" you're asking for. More than this, Dan doesn't know,
I'm sure. My take on the subject is a bit different. While acknowledging
that I am not a fan of either product, and I've not hesitated to say so
on innumerable occasions, what is described by the article isn't a real
security risk, per se.

The way I read the article is this:

One of the new features in Windows XP Service Pack 2 is the "Windows
Security Center". It keeps track of what, if any, antivirus and firewall
apps are installed, and whether they are up to date. If you are lacking
in a firewall or antivirus, or if they are simply not running, the WSC
advises you of the situation. However, as anyone who pays attention will
know, when you first install such applications, they are *never* up to
date and should be updated immediately. One result of this combination
of affairs is that while installing such apps, the new Windows Security
Center may warn, repeatedly, that the programs are not up to date.
Symantec and McAfee consider this detrimental to the "user
experience"--and in a way, I can't blame them. It *is* disconcerting to
get repeated warnings that you aren't protected while you are in the
very act of installing protection.

Norton solves this by deliberately disabling Windows Security Center
during installation (which makes one wonder about the architecture of
Windows Security Center, doesn't it?) McAfee changes the dates of
certain files to "now" as they are copied into the system. This
convinces Windows Security Center that there is now up-to-date
protection installed and it keeps quiet. However, apparently, the
antivirus app now thinks it's up to date, also, and may not initiate an
update, leaving the user with a very out of date antivirus until
sufficient time has passed and it then updates. Or perhaps it still
initiates an update during the normal course of installation, but in
many cases this isn't feasible due to the system not being able to
connect to the internet. I don't know the particulars.

For myself, the most alarming thing about this whole affair is that the
Windows Security Center *can* be disabled by any means other than user
intervention. Makes it rather useless, don't you think? Plus, McAfee's
methods would tend to leave a user with a false sense of security
between the time of installation and the first actual update. Judging by
the usual amount of time that such apps consider reasonable between
updates (a horribly long time in my opinion), a person could be running
several days without real antivirus protection and not realize it.

Of course, this has always been the case--automatic updaters are famous
for failing in their duties, especially where the systems aren't
connected to an always-on internet connection, or are used sporadically
for relatively short periods of time, or simply being inadvertently
disabled. This is why Windows Security Center was developed. And this is
why I always admonish users to *check* that AV and Firewall is running
when they startup and periodically throughout the day, and that they run
the updater(s) manually, on an at *least* daily basis. These are habits
that should be as deeply ingrained as checking your rear-view mirrors
regularly while driving.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Daniel Royer" wrote in message
...

" Microsoft Window users need to be aware that McAfee and Symantec
(aka
Norton)
products can disable advanced security features of XP SP2"

Could you elaborate a little more on that?


______________________________
Daniel Royer, University of Geneva
daniel at royer dot ch

"Paul" wrote in message
...
http://www.symantec.com/techsupp/sp2/faq.html#9

Q: Why does the Windows Security Center say that the status of my
Norton
security product is "unknown."

A: Your Norton security products contain tamper protection features
that
prevent malicious code from determining their status. This tamper
protection
also prevents the Windows Security Center from determining the status
of your
Norton security products.

I'm interested in knowing how the update status of antivirus or other
security apps could possibly be of use to malicious code. In any case,
as I read it, this is not the issue being discussed in the article


Symantec has released an update which adds compatibility to the
Windows
Security Center so that it may report the status of your Symantec
security
software. This update is included in Norton 2005 Security Products and
is
available by LiveUpdate for Norton 2002/2003/2004 Security Products.
The
update will install on Windows XP, but will not take effect unless you
have
the Windows Security Center installed.


Which doesn't in the least explain why it needs to disable Windows
Security Center in order to install (if, in fact, it does so. I only
have the article to go by.)

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

Gary S. Terhune wrote:
http://story.news.yahoo.com/news?tmp...1740&ncid=1729

If the above link doesn't work for you, try this:
http://tinyurl.com/7ybuc

That is the "more" you're asking for. More than this, Dan doesn't
know, I'm sure. My take on the subject is a bit different. While
acknowledging that I am not a fan of either product, and I've not
hesitated to say so on innumerable occasions, what is described by
the article isn't a real security risk, per se.

The way I read the article is this:

One of the new features in Windows XP Service Pack 2 is the "Windows
Security Center". It keeps track of what, if any, antivirus and
firewall apps are installed, and whether they are up to date. If you
are lacking in a firewall or antivirus, or if they are simply not
running, the WSC advises you of the situation. However, as anyone who
pays attention will know, when you first install such applications,
they are *never* up to date and should be updated immediately. One
result of this combination of affairs is that while installing such
apps, the new Windows Security Center may warn, repeatedly, that the
programs are not up to date. Symantec and McAfee consider this
detrimental to the "user experience"--and in a way, I can't blame
them. It *is* disconcerting to get repeated warnings that you aren't
protected while you are in the very act of installing protection.

Norton solves this by deliberately disabling Windows Security Center
during installation (which makes one wonder about the architecture of
Windows Security Center, doesn't it?) McAfee changes the dates of
certain files to "now" as they are copied into the system. This
convinces Windows Security Center that there is now up-to-date
protection installed and it keeps quiet. However, apparently, the
antivirus app now thinks it's up to date, also, and may not initiate
an update, leaving the user with a very out of date antivirus until
sufficient time has passed and it then updates. Or perhaps it still
initiates an update during the normal course of installation, but in
many cases this isn't feasible due to the system not being able to
connect to the internet. I don't know the particulars.

For myself, the most alarming thing about this whole affair is that
the Windows Security Center *can* be disabled by any means other than
user intervention. Makes it rather useless, don't you think? Plus,
McAfee's methods would tend to leave a user with a false sense of
security between the time of installation and the first actual
update. Judging by the usual amount of time that such apps consider
reasonable between updates (a horribly long time in my opinion), a
person could be running several days without real antivirus
protection and not realize it.

Of course, this has always been the case--automatic updaters are
famous for failing in their duties, especially where the systems
aren't connected to an always-on internet connection, or are used
sporadically for relatively short periods of time, or simply being
inadvertently disabled. This is why Windows Security Center was
developed. And this is why I always admonish users to *check* that AV
and Firewall is running when they startup and periodically throughout
the day, and that they run the updater(s) manually, on an at *least*
daily basis. These are habits that should be as deeply ingrained as
checking your rear-view mirrors regularly while driving.


Great Post Gary!


The best computer security is like safe sex, only you can protect
yourself and your computer through your own vigilance.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

Gary S. Terhune wrote:

One result of this combination
of affairs is that while installing such apps, the new Windows Security
Center may warn, repeatedly, that the programs are not up to date.
Symantec and McAfee consider this detrimental to the "user
experience"--and in a way, I can't blame them. It *is* disconcerting to
get repeated warnings that you aren't protected while you are in the
very act of installing protection.

Norton solves this by deliberately disabling Windows Security Center
during installation (which makes one wonder about the architecture of
Windows Security Center, doesn't it?)

Symantec's explanation, as I remember it, seems to be that it is a
security risk for its products to report their status to windows
Security Center. But you make a good point anyway.

Ken

If you look at the Q&A posted by Paul, you'll see that it's rather the
opposite: They don't report their status to WSC until you apply the
update that provides for the exception of WSC form the general rule. The
general rule is to obscure its status from malicious code. I'm still at
a loss to understand how that could be a problem. What, the code is
going to see that Norton is up to date, tuck its tail between its legs
and run the other way?

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Ken Gardner" wrote in message
...
Gary S. Terhune wrote:

One result of this combination
of affairs is that while installing such apps, the new Windows
Security
Center may warn, repeatedly, that the programs are not up to date.
Symantec and McAfee consider this detrimental to the "user
experience"--and in a way, I can't blame them. It *is* disconcerting
to
get repeated warnings that you aren't protected while you are in the
very act of installing protection.

Norton solves this by deliberately disabling Windows Security Center
during installation (which makes one wonder about the architecture of
Windows Security Center, doesn't it?)

Symantec's explanation, as I remember it, seems to be that it is a
security risk for its products to report their status to windows
Security Center. But you make a good point anyway.

Ken

Gary S. Terhune wrote:

If you look at the Q&A posted by Paul, you'll see that it's rather the
opposite: They don't report their status to WSC until you apply the
update that provides for the exception of WSC form the general rule. The
general rule is to obscure its status from malicious code. I'm still at
a loss to understand how that could be a problem. What, the code is
going to see that Norton is up to date, tuck its tail between its legs
and run the other way?

I'm not a Symantec basher, but if I was, I might respond to the effect
of "well, this system already has Symantec installed -- what can be
more malicious than that?"

Ken

I have to admit that I *am* a Symantec basher, and while I agree with
the sentiments, but I can't say things like that too often--people might
take me less seriously, g.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Ken Gardner" wrote in message
...
Gary S. Terhune wrote:

If you look at the Q&A posted by Paul, you'll see that it's rather
the
opposite: They don't report their status to WSC until you apply the
update that provides for the exception of WSC form the general rule.
The
general rule is to obscure its status from malicious code. I'm still
at
a loss to understand how that could be a problem. What, the code is
going to see that Norton is up to date, tuck its tail between its
legs
and run the other way?

I'm not a Symantec basher, but if I was, I might respond to the effect
of "well, this system already has Symantec installed -- what can be
more malicious than that?"

Ken

"Gary S. Terhune" wrote in message
...
I have to admit that I *am* a Symantec basher, and while I agree with
the sentiments, but I can't say things like that too often--people might
take me less seriously, g.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Ken Gardner" wrote in message
...
Gary S. Terhune wrote:

If you look at the Q&A posted by Paul, you'll see that it's rather
the
opposite: They don't report their status to WSC until you apply the
update that provides for the exception of WSC form the general rule.
The
general rule is to obscure its status from malicious code. I'm still
at
a loss to understand how that could be a problem. What, the code is
going to see that Norton is up to date, tuck its tail between its
legs
and run the other way?

I'm not a Symantec basher, but if I was, I might respond to the effect
of "well, this system already has Symantec installed -- what can be
more malicious than that?"

Ken


I can easily say that I don't like any of the retail
products(symantec/norton) ....BUT I run SAV corp edition which updates
itself and pushes definitions to clients...all set to by my schedule. I've
disabled security center on XP because it was annoying and I think I can
handle my own security without Windows help :.