Whether the SONAR idea is good or not, I think the basic principle should be that the users be able to turn it off, without those disturbing  "at risk - fix NOW!" bells.

The recent trend is to impose the settings on the users, which is anormal. A part of them probably don't have much of a clue and prefer to stick to the standard settings, but others have specific needs and should have an "advanced user" flag allowing them to configure the system as they wish.

Symantec is reluctant to make any changes to SONAR.  We have been told that we should not be using NIS2010 but rather the Symantec business products.

We install and develop software on a number of machines.  This software is then isntalled on customer machines world-wide.  The Internet Secutiry Suites should not surreptitiously delete software.

This software is the worst type of malware.  A security vendor surreptitiously installing a feature that deletes software.

rft wrote

Symantec is reluctant to make any changes to SONAR.  We have been told that we should not be using NIS2010 but rather the Symantec business products.

-----------------------------------------------------

?????????????????????????????????

Clarification needed,   ---    for me anyway.

Scythal

re>  the users be able to turn it off, without those disturbing  "at risk - fix NOW!" bells.

SONAR is not totally Off ...when Off ....but, user can turn SONAR Off and avoid the "bell" with "ignore"

Regards

bjm_

---

rft wrote:

Symantec is reluctant to make any changes to SONAR.  We have been told that we should not be using NIS2010 but rather the Symantec business products.

 

We install and develop software on a number of machines.  This software is then isntalled on customer machines world-wide.  The Internet Secutiry Suites should not surreptitiously delete software.

 

This software is the worst type of malware.  A security vendor surreptitiously installing a feature that deletes software.

---

I have refrained from commenting on the tone so long it is impossible for me to do so any longer.

Although the people posting here about their problems with SONAR claim to a high level of expertise and say they are professionals in software development, they sound like high school kids with a burr in the wrong place.

"This software is the worst type of malware."  Indeed!  Such strong hyperbole.

For most people, the software does what it is supposed to.  For some people it is limiting.

Don't get me wrong; I am not disagreeing with the limiting part -- it is merely the tone and the expectation that makes me wonder at the source.

If I were developing software, it wouldn't be in an internet environment until it needed to be.  Most of my development would be in an insulated environment; and if I did need to go to the internet, it wouldn't be using a computer where I would browse from one dangerous site to another; all I'd need would be a one-way firewall, such as the one provided by Windows.  After I have mastered coding my software and have a coherent product, that would be the time to visit the real world and make sure it plays well with all the other apps in the playground; and that would be the time to submit the app to Symantec to make sure they don't see it as a threat.

Okay, that's my way.  I suppose all these professionals with large companies are limited to a single computer they share with their younger sister and can't afford to follow my designing strategy.  Fine, they should have the option to shut down Sonar.  It shouldn't be too easy, but neither should it be too hard.  The difference between NIS and 360, as I and others have pointed out, is customer configuration - we should have the right to configure it to me our needs and the risks we are willing to take.

I think there's a good chance it will happen.  But that kind of recoding is not going to happen overnight and it certainly won't happen in response to a diatribe against Symantec.  Bricks don't encourage affection.

Last, I do have to say that Symantec itself must assume some share of responsibility for what this criticism has come to.  Staying out of the conversation means losing control of the conversation.  So now we have all this anti-Symantec blather all other the internet (just try googling some of it and see how many hits there are).  All that was needed was a show of sympathetic ears and a reasonable response.  Even if that reasonable response has to be repeated over and over again.  That's called "soothing".  And soothing is what we need here.

Mijcar,

I think you are going to get some negative reaction from the cloud.  I think you are not aware of the quality of the bloggers nor the seriousness of the problem.

Each blogger has identified his concern about 'SONAR' and how it has affected him/her and giving issues that should be addressed.

You mention, if you were developing software.  This is not a "developing software" issue.  This is about existing software issues.

For me, the problem is software that has been distributed and used over time and now unknowing users have downloaded the "Free Norton Upgrade".  The user now clicks on the software that he/she has been using and it is not on her computer anymore. 

Is that our problem?  YES and NO.  YES, now we have to spend our time and go and correct the issue and NO, it was not created by us nor our testing... 

Norton is the one that should be testing their software... 

F

---

MED2000 wrote:

Mijcar,

I think you are going to get some negative reaction from the cloud.  I think you are not aware of the quality of the bloggers nor the seriousness of the problem.

Each blogger has identified his concern about 'SONAR' and how it has affected him/her and giving issues that should be addressed.

You mention, if you were developing software.  This is not a "developing software" issue.  This is about existing software issues.

For me, the problem is software that has been distributed and used over time and now unknowing users have downloaded the "Free Norton Upgrade".  The user now clicks on the software that he/she has been using and it is not on her computer anymore. 

Is that our problem?  YES and NO.  YES, now we have to spend our time and go and correct the issue and NO, it was not created by us nor our testing... 

Norton is the one that should be testing their software... 

F

---

Any security product worth its name is going to look for early warning behavior.  The first warning is malware signatures; the second warning is malware-like behavior.  And any new application that tries to modify the registry, changes files that are intrinsic to the system, that goes places malware likes to go will trigger a warning.  Once an application is ready for the big time, it will still have to be found acceptable nor just by Symantec, but by every security company's product out there.

Initially, the heart of this discussion was about developers working on their own computer and having their own product identified as a threat and removed -- while they were still working on it!  That is a legitimate problem:  You don't want your creation pulled out and deleted while you are working at it.  I've lost six hours of work once on new code by a simple act of stupidity; I know what that kind of loss can feel like.

But now we are also talking about someone, anyone, who has released his new application into the wild and feels it should be immediately accepted as the safe thing it is.

Bull.

Even a friendly app can be dangerous.  When we design software, we run the risk of bumping into something we had no reason to expect.  If this can happen to a big company like Symantec (or like Microsoft, for that matter), then it can happen to anyone.  So my friendly Calendar app can inadvertantly do registry damage when it is on a machine with someone else's equally friendly weather-reporting application -- because neither of us anticipated the collision between the two programs.

Maybe I am misreading you, but you seem to be saying that developers of various skill levels (some high, some low) have a right to develop and market or simply give away their creations to the general public without beta testing, without security testing, without validation at their own personal whim.  I wish that were true and also safe -- it would make my own developing a lot easier.  But looking at this from the point-of-view of the consumer, these developers are nothing more than street corner guys flipping open their jackets to show me their wares.  I need some protection from the sociopaths among them.

Once I have developed my application, I need to prove it is safe and that means it has to pass the various security test obstacles legitimately put in their path by security companies.  And if my application trips their security warning system, then it is time for my application to identify itself as safe and then the companies can release modifications to accomodate my product or perhaps I will have to make the modifications.

My gosh, think how easy it would be to write a user friendly application to keep track of upcoming movies, for example, and to bury in that application a time bomb set to go off on Aug. 21, 2011.  And on that date, 200,000 people will find all their personal documents zeroed out and a rootkit deep inside, besides.  Crazy?  Hardly.  This kind of malware has already been out there doing its thing for a long time.

So you get my support in terms of a product that allows you room to develop.  You do not get my blessing for a product to be used on other people's computers that will blindly accept the behavior of any application they happen to acquire on their computer.

Let me clarify things.  I have over 40 years of experience in developing software, e.g. O/S's, networks, device drivers, real-time control systems, etc.

The software that has been deleted by SONAR does not explicitly access the internet.  Any internet access would be through the MICROSOFT and INTEL provided API's and run-time environments.  Such access is generally implicit in the design of the operating system's file handling.

Application software that has been unchanged for years is deleted quietly by SONAR upon activation.  We and and our customers depend on this software.  It is mission critical to our customers.  This software has been scanned and analyzed by NORTON NIS 2009 and by many other vendors' security suites.  No problems have ever been found until the advent of NIS 2010.

NORTON/SYMANTEC does not get the calls from customers that the production systems are down.  They do not have to diagnose and repair the damage caused.  They do not incur the loss of revenue and customer satisfaction caused by such problems.  NORTON/SYMANTEC are generally immune from the end-user criticism since it is assumed that their products are providing protection of the customers' network and systems.

Malware is short for bad software.  By any standard SONAR in NIS 2010 is bad software.

Hi, I'm new to this forum so forgive me if I'm on the wong thread.

My problem with Sonnar is that it is deleting slide show exe fles that I've created using WNsoft PicturesToExe programme.

A full sysytem scan with Norton IS 2010 only revealed tracking cookies as a problem. However, as soon as I clicked to open a PicturesToExe file a waring Soonar window appeared and the file was deleted before I could prevent it. NB Sonnar indicated I had chosen this action but I had not.

As I created the file for my own use it is not surprising it was designated as 'little used'. Furthermore it took me many hours to create the slide show so I am extremely upset.

Questions.

1. I cannot see that I can switch onnar off, is this possible?

2. Is it possible to retrieve the files that Sonnar has deleted.

I never had this problem with any of the earlier versions of Norton IS and am now regretting upgrading.

Any advice, please?