05-22-2010 11:20 AM
A few days ago, after three years of work, my wife and I celebrated the introduction of our new software program. A special version of the New Testament.
We uploaded samples of our new program to a "demo" page where potential customers could download a copy for testing. Little did we know of the "shark" that was waiting for us in the internet waters.
We quickly discovered that under the guise of "protecting" internet users from maybe dangerous programs, our new baby was quietly having it's throat cut by Norton Internet Security; the same program we paid good money to use ourselves.
No one who has the latest version of Norton can install the program from our demo page, nor can they even download it for later installation. In both instances Norton labels it as a "threat" saying it has WS.Reputation.1 and deletes it. The downloader is not even offered the option to download the file at their own risk; Norton just kills it.
The "reason" that Norton provides for taking this action is because "fewer than 10 people have used the program." I would like someone from Norton to explain to me how "more" than 10 people are ever going to be able to use the program when they delete it before anyone can even get it downloaded. This is the truest example of a "catch 22" I have ever seen.
How in the name of "anything" they are allowed to do this is beyond me. By making the flat statement that our program is a "threat" they are maligning the reputation of our company as well as the program itself. Their "information" further says "There are many indications that this file is untrustworthy and therefore not safe." What are our customers to think about us after we have been condemned by Norton; a "trusted" company?
We are not a big company, we are literally a "mom and pop" operation. My wife and I are not marketing geniuses. We are senior citizens living on social security who have worked hard for three years to contribute (hopefully) something of value to our fellow man and perhaps better our own lives in the process.
This demo page was the only idea we had on how to share our new program on the internet. It is now, if a visitor has Norton (as it seems a great many do) dead in the water.
Norton's answer seems to be that we should "submit" our program for their approval. A very unclear (to us) process that appears to take an unspecified number of "weeks." If we do this, we would have to go through the same process for each one of our programs. We presently have a dozen versions for different monitor resolutions, with many dozens of other special editions to come. Then, every time we change something in the program or come out with an upgrade, we would have to re-submit and go through the whole process all over again. I do not consider this to be service, it is certainly not help, it is much closer to something that I would call legalized extortion of business owners. If we don't yield to Norton’s demands we will continue to suffer the persecution of having our program falsely labeled and deleted.
Their deleting of our program is not “protecting” anyone; it is simply usurping and violating our rights, and the rights of our customers.
Their false labeling of our program is not a "mistake" it is a presumptuous out and out lie.
The following is part of what I agreed NOT TO DO to when I registered to participate in this forum. I agreed not to post any material that: “(a) is false or misleading; (b) is defamatory; (c) is harassing or invades another's privacy, or promotes bigotry, racism, hatred or harm against any group or individual; (d) is obscene; (e) infringes another's rights, including but not limited to intellectual property rights;”
I guess that applies to everyone except Norton themselves, eh?
You say you’re protecting people Norton? Who can I contact that will protect me from YOU?
05-25-2010 04:06 PM
I registered only because this function is ENTIRELY unacceptable. I am very angry that I am wasting my time trying to work around a FLAWED product. One that you know about and have not fixed. I am not unloading Norton simply because it is free to me at the moment but I will drop this program in a minute when I get another option if this type of issue is not fixed more promptly.
I am sure that you are generating a large amount of discontent with the heavy handed "PROTECTION" that does not even allow the user to simply override the poorly written and conceived download check.
05-25-2010 08:54 PM
It would satisfy all respondents here not to only help Indianbear but everybody complainting here.
Now I have the feeling that the other comments are not taken as seriously as Indianbear's.
05-26-2010 11:03 AM
We monitor this forum closely and take everyone's comments seriously. To give you some background, the WS.Reputation.1 detection considers many factors when making a decision about a file. As a result, there is no single solution that fixes every problem. We have already made improvements to WS.Reputation.1 and believe that most of the issues reported in this thread have been resolved. However, the detection is still not perfect and we are working hard to fix the small number of problems that are left. Until then, the sticky post at the top of the forum provides some potential workarounds - you can access it here. Thank your for your patience and understanding as we work through things.
05-26-2010 02:26 PM
I think it's just ridiculous that files are being quarantined
because not enought Norton members have downloaded them. I almost
didn't reknew my Norton subscribtion this year because I'd heard so
many complaints about the product. But I started looking for reviews
on virus programs and saw over and over how improved Nortons newly updated
service was and it seemed like it was now the best. This crap with
WS.Reputation.1 is giving me serieous doubts. I think Norton's gone
overboard and I'm wondering if I can get my money back so I can try
To Cerebrox I'm sorry my solution of turning off sonar and rescanning
through an online virusscanner ended up with another problem to solve.
I don't really know anything about the various
virus scanners used. I haven't encountered virustotal actually
detecting anything in any of the files I scanned.You should click
on the link on their page for statistics. It's amazing how often
many scanners will detect nothing and others find things.I didn't know
anything about false positives with virus scanners until I was reading
messages at a forum I belong to where people post freeware files
and stuff like that and the site owner warned people to make sure
a file really had a virus before reporting them because many virus
scanners give false positives. Just like we're experiencing with
Virustotal uses a lot of well known scanners like
Avast, Kapersky, McAffee, Symantec and many others. If I run a file
through there and it comes up clean I feel safe as I can. There's no 1
100 % guarantee from any virus program. If One of the scanners
reported a suspected Win32TrojanDownloader then I'd probrably
try and google for more information to see if I could figure it out.
I'm afraid I'm just using this as a solution for the files that are
quarantined WS.Reputation.1. On my computer I'm only getting this
result when I scan by right clicking on a zipped file I've downloaded.
Did you try running your program through virustotal again to see if you
get the same results? You could try http://scanner.virus.org or
http://www.virscan.org or http://www.viruschief.org. These all work along
the same line as virustotal using mulitiple scanners. Maybe one of them
uses the same VBA32 scanner and you can see if it detects it again. I wish
I could be more helpful.
05-26-2010 08:36 PM
I work for a small company that has just released a new version of our product and our customers are being hit with this WS.Reputation.1 warning and having their very expensive download simply "removed" by Norton. The dialog says "removed" not "quarantined." No option is given to either leave the download alone, or to reverse this removal.
I do not own Norton, so I have only the screenshot that was sent by our customer. In this screenshot you say "OurProgramName.exe (WS.Reputation.1)" which implies our program CONTAINS something called WS.Reputaiton.1, an implication for which you have no evidence. It also says in red "Threat has been removed," again implying that our program CONTAINS a threat, another implication for which you have no evidence.
In order to help our customer, I looked into Tony_Weiss's post here: http://community.norton.com/t5/Norton-Internet-Sec
The third screenshot on that page also says something completely unfounded, and again, I can only assume that our program would have a similar message, so please correct me if I am wrong. It says "there are many indication that this file is untrustworthy and therefore not safe." I would like to know what those indications are and where you feel that you have the right to say such things without any evidence.
This is software profiling, not entirely unlike racial profiling. Both are unacceptable. In this country we rely on evidence.
If you insist on doing such profiling, you need to at least do two things: describe it as such and allow your users a quick and easy way to ignore and/or disable it.
05-27-2010 04:07 AM - edited 05-27-2010 04:14 AM
I think that the very idea of Quorum detection is wrong & it should be optional. Firefox nightly build Minefield is one of its preys. All the dll files of Minefield & the plugin-container.exe are constantly being sent to quarantine. When a threat is detected, Norton does not give user option to choose what to do. I had to excluded whole firefox folder from all scans! Now who will be responsible if firefox REALLY gets infected? Still the plugin-container.exe is getting detected but at least norton gives me an option here. I am also not getting the option to mark the files as trusted but then, as those files change everyday it would be no use either. Norton has returned to its golden era of 2003-2005 & I am definitely not renewing my subscription after it gets expired within two months.
Edit: May I kindly ask why the ws.reputation.1 is not available in exclusion list? What worse will it be than excluding other harmful spywares? I think you Symantec people are treating your customers as lab rats here; at least I feel like one. I am gonna disable whole SONAR now & if that does not solve problem I am getting Avira free on next ws.reputation.1 popup.
05-27-2010 05:20 AM - edited 05-27-2010 05:27 AM
After posting my problems with Norton falsely labeling my program as having WS.Reputation.1 I was contacted by a company representative. In fairness to him, he apologized, fixed my problem in less than 24 hours and was extremely courteous.
No, this does not mean that I have changed my mind about the way Norton is conducting themselves by causing this problem in the first place. I still believe their approach is entirely wrong. It was a painful experience; one that I know many others are still dealing with.
But, at least someone (a real human being) was on the job to provide emergency treatment and repair the damage. For that I am grateful and Jeff W. Has my thanks.
He gave me this link to use if I encountered any further problems. He said that I would receive help there much faster than I would if I posted on this forum. I know the link is available, not hidden, as I traced it down myself when I first decided to post my experience. I just did not follow through and actually use the link. For anyone else who still has an unresolved problem here it is. https://submit.symantec.com/dispute/
To the powers that be at Norton/Symantec: If you had approached this new concept of the "wisdom of millions" with the attitude of actual "service" that Jeff W. expressed to me, you would be BUILDING your reputation, not destroying it.
There is no "wisdom" in the profile labeling and "vigilante lynching" of a program just because you have no information on it. To me, that is no different than planting a sign in the front yard of the new guy in your neighborhood saying he is a "child molester" just because you don't know him.
In the real world that kind of behavior would get you a multi-million dollar lawsuit for libel.
In any event; Jeff, you have a difficult job. I thank you again for your help.