05-28-2010 08:07 AM
I sympathize with the software providers that have been slandered by Norton's declaration of terrible embedded threats. At first I thought this might just be a false positive for a real virus/trojan. Now I better understand how Norton is misleading its subscribers to believe that the software has known virus/trojan (or something so bad that it can not be over-ridden by a consenting adult). If I had not downloaded the software from the government affiliated organization previously, I may have simply retreated and never gone back believing that the host could not control their available downloads. I am somewhat surprised that there is not a class-action type suit already filed.
I have been a dedicated user to Norton (from Peter Norton days) products and hope that Symantec will remove or fix this issue quickly. One by one resolutions as seen above are not a fix - at best a work-around that does not address the issue. Please take some action for the rest of us.
05-29-2010 02:37 PM
You are perfectly right this has now been going on a long time - dates back to 2009. Hence this is simple incompetence/ negligence on the part of Norton. Perhaps a 100 million $ class law suite might make them recognise that this is unacceptable behaviour.
Perhaps a quick solution is don't delete the file by default but give further information to the user and a choice of action.
For example a screen could pop up that says:
Norton 2010 has detected a potential threat in the downloaded file, but due to poor software engineering at Norton there is a high chance that this is a false positive.
What action would you like to take?
1. Delete the file
2. Use the file
3. Contact Norton tech support (but don't expect a reply - but hopefully it will make you feel better)
4. Delete Norton (recommended)
Seriously Norton get your fingers out and get this sorted , as a tech support person I'm getting sick and tired of sorting out your problems with our customers - our recommendation to them is dump Norton and use a Russian sounding name!
05-31-2010 08:54 AM
Norton is not reporting WS.Reputation.1 on all the zipped files I'm downloading now but it's still doing it on quite a few. I download several things a week, usually books. I'm not a tech person and if I didn't download as much as I do I probrably wouldn't have questioned Norton's saying a file was infected. A lot of people are probrably not complaining because they don't realize it's a false positive.
Files can be restored once they are removed or quarantined. I'm not sure which post tells how but one of the links in this thread shows how to restore a file. It's not the same on every version of Norton.
I have to agree that this really sucks for the less known programmers. The message that says WS.Reputation.1 will hurt their reputations. How hard would it be for the program to be changed to offer the downloader an option not to quarantine? It could say something like "At this time the file you have downloaded is unrecognized by Norton and we cann't guarantee it's safety. Would you like to remove/quarantine this program?". It could tell a person where to go for more information. I also think saying it's a medium risk is misleading and it should be changed to low.
05-31-2010 04:26 PM
dhuskes can you explain what you mean a little more. Does that just stop detection of WS.Reputation 1 or does it affect anything else too? I don't see 'web configuration' on my Norton 360.
05-31-2010 05:51 PM
I am using Norton Internet Security Version 184.108.40.206 (Brazilian Portuguese language). The option I mentioned just disables the NIS 2010 new "Download Insight" which will not run automatically any more after downloading files. All other NIS' traditional functions remain running normally.
06-01-2010 04:10 AM
I have to say that the detection of WS.Reputation.1 is extremely annoying, especially to general users. It provides no advantage to customer, only unnecessary confusion and action.
I have reported 3 disputes over the past 2 weeks already. Symantec was happy to remove detection for all those files. However, it is simply impossible for Symantec to know all files in the world. It is unreasonable to ask customers or developers to report "clean" files themselves. In addition, my trust to Download Insight has been decreasing due to the false positives.
As customers, we only need a software that protects us, not annoys us.
06-01-2010 06:48 AM
Dhuskes Thank's for the explanation. In my version, Norton 360 I would click on Settings, then Antivirus, then Scans and Risks to turn of Insight Network. I've found turning off Sonar right before I scan works for me but now that I figured out how to restore a file and it's not being picked up on every file that's zipped like it did at first I've just been scanning normally and restoring WS.Reputation.1 files. I'm still double checking them at virustotal's website.
Does anyone know if 'Insight Network' only picks up how well known a file is or does it detect other more important things as well?
06-01-2010 08:05 AM
Having seen the many posts on this topic, I thought that I'd add a few further comments.
I run a small software development business, and have a demo installation program that can be downloaded from my web site, which has been running without major problems for the last 8 years. The installation program is a digitally-signed exe file, compiled using Inno Setup, which installs an application of dBASE PLUS. I uploaded the latest version of the program to my web site on May 15th and checked that it downloaded OK - at that time I had Norton Internet Security 2009 installed on my computer.
Last week, I upgraded to NIS 2010, accepting the standard settings, including Download Insight. A few days ago, I did a test download of my program. To my alarm, when the download had finished, a Norton message appeared, advising that a threat had been found. On clicking 'View Details', the following information was displayed:-
My filename (WS.Reputation.1).
This insight Network Threat has been removed.
Fewer than 10 users in the Norton Community have used this file.
File risk is medium.
Startup Item: No. (I've no idea what this means).
Launched: No. (Again, I've no idea what this means).
There are many indications that this file is untrustworthy and therefore not safe!
Origin: My web site. This was ticked as SAFE!
On checking my Download folder, the file wasn't there, of course. So, it appears that, in spite of the fact that my file is DIGITALLY-SIGNED and my web site is rated as SAFE, any potential customers with NIS 2010 are not going to be given
the chance to install my program. This strikes me as a very high-handed and unreasonable attitude for Norton to adopt - to give a warning is one thing, but to remove the file is going too far! I understand that the 'less than 10 users' reason is based on Norton's Community Watch feedback; if this is the case and no Norton users are able to download the file, how is this figure going to increase?
Last year, to avoid Microsoft's 'Unidentified program' message, I went to the expense of purchasing a code-signing certificate, so that I can digitally-sign my exe files, but Insight is ignoring all this and acting as sole judge and jury. It appears to me that, in its current form, Download Insight is ill-conceived and quite unjustifiably causing loss of income and reputation for entirely legitimate businesses. What amazes me is that NIS 2010 was released in September 2009 and, despite all the adverse comments, Symantec have not seen fit to admit that they're wrong and take some positive action, which, at the very least, must be to stop the automatic removal of downloaded files.
06-02-2010 12:36 AM
We wanted to let the forum users know that Symantec is actively engaged in addressing the false positives seen in the field. At first glance, WS.Reputation.1’s behavior might seem an overkill, and in limited instances, it may exhibit a false positive. That’s not a good thing and I assure you, we’re constantly trying to eliminate false positives – we have an entire division just focused on this.
That said, I’d like to give you a little background as to why our product reacts in this way, and why we think it’s actually a huge net positive. Last, I’d encourage you to read the work around and ways to report issues that we have posted in the sticky here: http://community.norton.com/t5/Norton-Internet-Sec
Today, our research show us that 80% to 90% of malware threats are generated/mutated on the fly by attackers to ensure that each victim is attacked by a previously unseen threat due to which traditional antivirus techniques, such as fingerprinting and even heuristics and behavior blocking are often totally ineffective. However, these malware files stick out like a sore thumb to our reputation system. This system, the largest of its kind in the world, computes reputation ratings on well over a billion distinct files found on over 55 million participating customers’ machines (it uses complex algorithms, not unlike Google’s PageRank algorithm, to compute these ratings) and enables us to block 80% or more of all the unknown malware that’s slipping by every other AV product on the market - literally over twenty thousand new threats every day that would otherwise go undetected!
While we do everything in our power to learn about as many files and setups as possible there are occasionally outliers like your legitimate application on which we need more information to further fine-tune our algorithms.
We apologize for the inconvenience, and would like your help in improving the service and preventing any re-occurrence. We can get this information from the dispute system at https://submit.symantec.com/dispute/. <https://submit.symantec.com/dispute/> - please use it to report any disputes and refer to the link (http://community.norton.com/t5/Norton-Internet-Sec
Thanks again for your patience and cooperation.
Norton Forums Moderator