Hi 'Truly Puzzled',

OK, here's three specific scenarios:

(I mainly use CIB for protecting the unauthorised transmission of e-mails & passwords)

Sometimes e-mails from commercial companies like to embed images in their e-mails which 'phone home' with your e-mail address when you view the e-mail (this is NOT 'sender has requested confirmation ...' etc, this is totally 'behind the scenes & surreptitious..

I CAN CURRENTLY BLOCK THIS, with Confidential Information Blocking, but won't be able to with freaking 'Online Family' !

Other websites (CNN being one of the most annoying examples), if you have signed up for their 'alerts' or suchlike, then they drop a cookie on your hard drive and track whichever web-pages you visit by  'phoning home' with your e-mail address to various different (usually advertising-related) URLs, despite this being completely unrelated to your subscription to Alerts.

I CAN CURRENTLY BLOCK THIS, with Confidential Information Blocking, but won't be able to with freaking 'Online Family' !

Some RSS feeds like to 'phone home' with your e-mail address at strange times - they don't need this - I don't like this!

I CAN CURRENTLY BLOCK THIS, with Confidential Information Blocking, but won't be able to with freaking 'Online Family' !

I WANT TO KNOW WHEN MY E-MAIL ADDRESSES ARE BEING EXTRACTED BY EXTERNAL ORGANISATIONS, but I also want to be able to enter my e-mail as a user-id - thus the requirement for a blocker to be completely flexible on an incident-by-incident basis.

WHAT REALLY FREAKS ME OUT ABOUT THIS IS NORTON ALREADY *HAVE* THE BLASTED PROGRAMS, SO THEY DON'T HAVE TO *ADD* OR *DEVELOP* ANYTHING - JUST KEEP THE EXCELLENT PROGRAM WHICH IS ALREADY THERE !

IT SHOULD BE ADDED TO THE MAIN NIS PACKAGE AND RETAINED AS AN ESSENTIAL AND VALUABLE ELEMENT OF KEEPING YOUR COMPUTER & DATA SAFE!

p.s. if you still have CIB installed on your computer, try adding your e-mail suffix (the '@abc.com' bit) and watch in horror at how often it gets extracted by external organisations without your knowledge, both in e-mails & web-sites!!

---

Anfortas wrote:
p.s. if you still have CIB installed on your computer, try adding your e-mail suffix (the '@abc.com' bit) and watch in horror at how often it gets extracted by external organisations without your knowledge, both in e-mails & web-sites!!

---

I can assure you that your email address is not being extracted by any outside agent.  In your first example, if a company has sent you an email, they already have your email address.  Embedded images can be used to tell if you have actually opened the email.  That is because to "view" the image you actually connect to the server that has the image stored on it and your visit there is noted.  They can thereby confirm the email address they already have for you is a valid one.

Second, in your CNN example you are discussing cookies, which again do not steal your email address.  They are simple text files.  If you have signed up for news alerts and already provided an email address to CNN they might have your address because you gave it to them, not because they stole it.  You can block tracking cookies with your browser or have Norton remove them.

RSS feeds do not phone home.  They don't have too - you have already established the connection voluntarily through your browser or RSS reader.  They do not steal information, they just provide links to whatever website you have chosen.

You are getting alerts because something like "abc.com" is going to turn up often when you are online, especially if your ISP is abc.com.  This is a domain name, not your private email address. 

The crux of the matter is this:  CIB can do one thing and that is block whatever string of characters you tell it to.  If you are not very, very specific you will get a lot of false positives.  The number of unexplained alerts may unfortunately make it seem as if emails, cookies and RSS feeds are somehow scanning your entire hard drive, locating your email address and then sending it out in plain text.  This does not happen.  If you examine an email or web page or URL when you get an unexpected alert, you will find that your outgoing "information" is simply something matching your chosen phrase, being innocently incorporated into something having nothing to do with your sensitive data.

CIB was never designed to block outside agents from stealing your private data and cannot do that.  Its only function is to provide alerts to prevent you, yourself, from submitting your data by accident to insecure sites.  All of the other things that have been ascribed to CIB are largely imagined, and many of the threats mentioned in support of keeping CIB do not actually exist.  There are other features of NIS targeted at stopping  the sorts of malware that really do try to steal data.

SendOfJive,

You are right yet again, This post isn't about the retention of the AOP. It's to give you props on how you handled that guy's post. I started to explain it, but you did it much more eloquently. While remaining level headed. Mad props to SendOfJive!

Yvonne, very good to hear from the relevant Product Manager. Usually Symantec do an excellent job of burying you and making contact impossible.

I too have used the Add-On pack for a long while, in my case to overcome a bug in MS Outlook. After much SMTP tracing I discovered that if you set Outlook to only download message headers - so you can zap spam direct from the server without downloading it - if a spammer marks a message with a Read Receipt, Outlook creates a 'Not read' receipt to any mail deleted directly on from the server. Worse, it doesn't put this 'Not read' receipt in the Outbox, but hides it some place else where you can't find or delete it, so that when you next Send/Receive you end up sending the spammer notification of your Email address working; not good! So I've used the Add-On pack to intercept any message being sent including the string; "Read:" which therefore blocks these 'Not read' receipts being sent. Incidentally this bug was reported to MS who thanked me for the detail of my investigation, but don't seem to have done anything about resolving it. However, excepting passing on a good reason for people to use the information blocking options in NIS, I digress.

I have just updated from NIS 2010 to 2011 and so wanted to check whether my 'private information' set-up - the blocking of "Read:" - was still in place. I couldn't find any reference to it, the online help has nothing like this level of detail and so I was obliged to use an online 'Chat' session. Now as the Product Manager for Norton Online Family I hope you note the following carefully.

After very carefully explaining what I wanted to do I was first told I needed to use ID safe - er no, I don't think so. Ah, so I need to use the firewall - er no, I don't think so, we're talking about Layer 7 data here, not Layer 3 packets. Ah, you need to use anti-spam - er no, we're talking about outgoing scanning not incoming spam detection. My call was escalated to the shift leader during all this and still he was sure it must be anti-spam I was talking about.

Now as Product Manager for Online Family, I hope you note how utterly and totally useless your own support service are pointing customers towards the benefits of your product. I'm afraid this isn't an isolated incident either. My experience is that by the time I need to ask support, the detail of the question will undoubtedly be beyond the person I'm speaking to. I end up advising them about their own product. Now maybe this isn't the case for all customer - I am a Security Architect and so maybe 'go a little deeper' before calling support - but it's still pretty disheartening to know the guy at the other end understands less than you.

So thank you for your post here. Maybe the Norton support people should Google for their answers as I found this thread within a few minutes of giving up on the utter rubbish they were telling me.

Might I suggest you take this post and present it to your VP Support services and explain to him that your off-shored support really does not work. They might be well-meaning and they may try hard, but rarely are they able to help, so my message for your VP Support is clear; your support services are broken, and the fact that they weren't able to point me towards a part of your own product suite does, I think, very clearly illustrate this.

So thanks again Yvonne for 'surfacing' here. I'll now go and take a look at Online Family, but be aware that your support people will be pointing potential users of your product away from it at all kinds of completely irrelevant other functions of the base NIS package.

Thx.../Iain

Oh dear Yvonne, this is looking like Norton Online Family doesn't really do the job of the old Add-On pack at all. It looks like in Symantec's enthusiasm you have simply dropped an important pieces of NIS functionality.

I have downloaded and installed Norton Online Family. It then asks me if a child uses this computer; No. So do I want to install NOF anyway; Yes. Good...so now add a child to NOF; Ah, but I don't want to, no child uses this computer, we did that bit at the start. Ah...but you MUST add a child. Okay, so we'll have a child called 'Nochild', that makes NOF happy. Ah but what's this now...which Windows account does 'Nochild' use? Well they don't, as there is no child, so do I need to create a Windows account only to not have it used?

But then what's this it says at the bottom? The following accounts will not be monitored: <admin_account_name> and <my_account_name>. So does this mean if I add a useless 'Nochild' Windows account, NOF won't actually monitor my outgoing information and so block these 'Not read' receipts which Outlook so unhelpfully sends?

It looks awfully to me like someone has not through the usage of the old Add-on pack and happily dropped in in favour of NOF which appears NOT provide equivalent functionality to the old Add-on...or am I misunderstanding what NOF is saying to me?

Of course I could go ask support, but then they'll probably tell me I need to set a firewall setting or something equally ill-informed, so I think I'll spare myself the frustration of trying that. Can you advise?

.../Iain

  Anfortas, I completely agree with you. This kind of thing really bugs me. someone, somewhere, will be SO pleased about what they've done with NOF without understanding what they've dropped. I'd love to give some of these people some real customer feedback!

And while in 'gripe mode', which stunning genius at Symantec decided it would be good to not permit you to download an install package and instead have to go via an online 'in session' upgrade? So here's some feedback; This is a bad, bad BAD user experience. I have a 5 computer pack and so it means I must re-download the same several hundred Mb over and over for each machine instead of downloading it once to a local network-connected software location from which I can re-use it for each machine.

And of course if I replace a machine I presume I'll need to load NIS 2010 just so I can run the upgrade to 2011 as I have no NIS 2011 image. Guys, this BAD. Maybe someone in Marketing thinks it's all very slick and cool, but for the poor sucker trying to use it this is all adding up to a BAD use experience. Is the message getting through?

.../Iain

Actually this isn't correct. Some HTML Emails contain images used to track the opening of the message by using something like the following:

<img src=someimage.gif?reader=yourEmail@isp.com>

Hence if the sending of 'yourEmail@isp.com' was a blocked/notified string, it would indeed stop this being transmitted back to the originating server, however, most sites will track the request for an image by a UID and nothing as obvious as your Email address, meaning this technique would have limited value. Of course any cookies related to the domain/host on which the image sat would be returned as part of the HTTP protocol and so could be used to track the request for the image. The only way to really stop this is to switch off Email images and only allow images from sites you trust...or at least sites that you mind less about tracking your reading of Email from them.

.../Iain

I've read through this thread just now because we too have been trying to figure out a way to replace the AOP functionality lost with NIS2011 and NOF.

Personally I would like to see the CIB functionality added into the core NIS package, perhaps as an extension to "Identity Safe".  CIB also needs to allow users to ALLOW the transmission of this information to certain web sites by simply checking "always allow" when the popup shows up.

As far as my children go, we have major issues due to the way NOF either completely blocks all CI (confidential information) from any transmission OR allows it to always be transmitted.  There is no way to allow it at all on a site by site basis.

As an example of how this effects us, my daughters like to play Fiesta and it uses e-mail addresses as the login account.  This means every single time the game is played it needs to send the e-mail address and if it is in the NOF CIB list, it gets blocked (and the game will not play).  There are numerous web sites that require e-mail addresses, while in general we want our children to at least be notified (blocked completely in my youngest daughter's case) if they attempt to send their e-mail address to a new site.  With NOF I ended up giving up and disabling the CIB features since I couldn't find any way to selectively send CI data when it was required.

So - in summary, please consider enhancing the "Identity Safe" capabilities within the core NIS product to include the ability to notify and restrict the transmission of confidential information.

An excellent summary.

I'd add too that it would be good for the CIB details to be applied against  non-child accounts, e.g. for the blocking of these unwanted read receipts issued by Outlook.

Is anyone in Symantec listening to this?