Not what you were looking for? Ask our experts!
Reply
Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Norton Products and Rootkit Removal

With the Forums seeing more and more customers become Infected with Rootkits, and Norton Products not being able the Remove them, which Norton Products say they Protect you again everything, and, therefore, claiming to Remove everything to keep you Protected, I was wondering how many customers of Norton Products have had a Root kit on thei system which Norton Product Detected and Removed.

 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Norton Fighter
mdturner
Posts: 5,308
Registered: ‎04-11-2008

Re: Norton Products and Rootkit Removal

Red,

 

Better hope that they don't all reply to you at once or you could be busy reading alot of posts or PMs!!!!

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Norton Products and Rootkit Removal


Floating_Red wrote:

With the Forums seeing more and more customers become Infected with Rootkits, and Norton Products not being able the Remove them, which Norton Products say they Protect you again everything, and, therefore, claiming to Remove everything to keep you Protected, I was wondering how many customers of Norton Products have had a Root kit on thei system which Norton Product Detected and Removed.

 


*against

 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
delphinium
Posts: 9,862
Kudos: 2,966
Solutions: 293
Registered: ‎11-21-2008

Re: Norton Products and Rootkit Removal

Floating Red:

 

As you know, Norton products do an excellent job at keeping malicious software out of your system.  That is what it is designed for. Since security is a multipart system, including browser settings, vulnerability patching, program updating, and safe browsing habits, no one segment is completely responsible for the protection of the system.

 

From spending considerable time reading logs and keeping track of Quads' rootkits, I can tell you that the vast majority of the users have made errors.  An overwhelming number have more than one real time scanner on the system, some as many as they can run without actually causing the machine to quit working entirely.  This not only leaves them vulnerable, it gives them an false sense of security.

 

Another group are on P2P sites, torrents, or have cracks and keygens on their system, which they have brought into their own machine. A few still click on email messages, knowing that they shouldn't.  Once in a while, someone who did nothing wrong, other than fail to update

anything on their machine, or click something without thinking, gets caught, as well.  This is still operator error rather than Norton failure.

 

The software involved in the removal of rootkits is too destructive to add it to a commercially available consumer product.  We see people take it upon themselves to run Combofix twice.  The removals work here because the specific files are identified and targeted.  When a program is allowed to make the choices, similar to a cleaner, parts of the operating system go missing.

 

So, in my opinion, Norton does exactly what it promises to do.  It keeps you protected.  It can't be expected to protect users from themselves.  Considering the number of times you have posted advisories to our users about what to be careful of, I would expect our users to be much more aware than they are. 

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Norton Products and Rootkit Removal

delphinium,

 

I know that almost all users who get Rootkits on their system are mostly to blame, either by not Updating their Security Product - which is why symantec have included the Background Tasks in Norton 2009 Products - or Running multiple Real-Time-Protection Scanners; I have read almost all of the Threads which people have Rootkits on their system.

 

I know Norton Products do Protect you: The Firewall is excellent, as is the Intrusion Prevention (2009), and the Anti-Phishing Protection is an excellent way to aviod Fake Web Sites, as well as Norton Safe Web is; I wasn't saying that Norton was not Protecting you.  I was just intrested to know if Norton Products have actually Removed Rootkits Completely, since Norton Products are a Detection and Removal Product.  And yes, I know how Rootkits work: By going deep in to the system to cause Maximum Damage.

 

Thank-you for your long and very detailed Reply.  :)

 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Bot Obliterator
Quads
Posts: 16,543
Registered: ‎07-21-2008

Re: Norton Products and Rootkit Removal


Floating_Red wrote:

 And yes, I know how Rootkits work: By going deep in to the system to cause Maximum Damage.

 


Not really maximum damage,   as Maximum damage = PC doesn't start or boot.
 
Quads 

 

Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Norton Products and Rootkit Removal


Quads wrote:

Floating_Red wrote:

 And yes, I know how Rootkits work: By going deep in to the system to cause Maximum Damage.

 


Not really maximum damage,   as Maximum damage = PC doesn't start or boot.
Quads 

 


 

I didn't mean that far.  L.o.l.!  But Rootkits do cause serious damage.

 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]