---

Lee_G wrote:

It appears that you may have trouble with port 22 being blocked.  Do you know if you can SSH into any server?  If you are behind a corporate or personal firewall (e.g. NPF), you may want to find out about the settings.

---

I also see the same error message even with su <username of admin> -c 'sftp macupload.symantec.com'. After much scroogle-ing, I finally noticed Growl telling me that this address (216.10.196.81) made it into the P2P blocklist, so if PeerGuardian or similar is being used... 

Logging into the SFTP server with a username & password is not permitted. It requires DSA encryption to login and logging in via the shell is disabled on the server for security & legal reasons. Perhaps repeatedly attempting to log into the server caused PeerGuardian to get confused.

As long as you can log into another SSH server that is not on your local network, that should be sufficient, unless your ISP is filtering SSH packets that don't use password logins for some weird reason.

---

ryan_mcgann wrote:

Logging into the SFTP server with a username & password is not permitted. It requires DSA encryption to login and logging in via the shell is disabled on the server for security & legal reasons. Perhaps repeatedly attempting to log into the server caused PeerGuardian to get confused.

 

As long as you can log into another SSH server that is not on your local network, that should be sufficient, unless your ISP is filtering SSH packets that don't use password logins for some weird reason.

---

Sorry Ryan. I think I managed to get you thoroughly confused anyway. :-) This command (su <username of admin> -c 'sftp macupload.symantec.com') probably should have been written as (su <admin username> -c 'sftp macupload.symantec.com'). BTW, did you realize that trying to use a naked sudo command when logged in as a regular user doesn't work on OS X? You just get a message saying that you will be reported to the sudo police. That's why I recommend telling users to either log in as admin or else use the (su <admin username> -c '<command goes here>' format.

Back to the topic at hand. What I was trying to say is that 216.10.196.81 is listed in iblocklist.com's "Primary Threats" blocklist, so that anyone using that list would find that IP blocked. For example, traceroute -n  216.10.196.81 fails.

PG2 Log:

Wed Jan  4 2012 21:38:26.435 MST -Blck- 192.168.1.xx:0 -> 216.10.196.81:0 unkw 'traceroute (405)' (Symantec Corporation:P2P)
Wed Jan  4 2012 21:39:01.543 MST -Blck- local:0 -> 216.10.196.81:22 (ssh) tcp4 ' (408)' (Symantec Corporation:P2P)

We obviously can't do anything about the PeerGuardian list. It's their choice to put our IP address in their block list. You'll have to just turn off that service if you want to use error reportring. 

Not to editorialize too much, but this is another reason that block lists that are not vetted like this are not very effective. Our software includes a built-in blocklist for blocking known malicious users that is vetted and updated very frequently; I don't recommend using that in conjunction with any other blocklist. 

Just an update that Error Reporting still isn't working for me, but according to Symantec, it's not a bug with NIS 5 for Mac.

Apparently there were some malicious attacks from a Verizon customer, and they've had my ISP blocked for months, which is why my iMac has never been able to connect to upload any error reports.

I have no idea whether these attacks are still ongoing or not, but the block apparently is still in place.  It seems a bit ironic that an Internet Security company can have some functionality shut down indefinitely for some customers.

I appreciate that an ERD fix for situations like this is a low priority, but I hope in the future that Symantec can offer better protection for Norton Internet Security so its features could remain functional, in spite of potential malicious activity.

Well, to set the record straight--your ISP (Verizon) is not being blocked, just your IP address. Verizon is a huge ISP and we definitely are not blocking all Verizon customers; in fact I am a Verizon customer and I don't have this issue at home.

Error reporting is not a tier 1 service--that is to say, it's not business critical. The product still functions fine when error reporting is unable to report. Needless to say, our product is not shut down when it cannot contact the error reporting server. In fact the rest of the product is even aware of error reporting's existance, let alone its success/failure. The product functions fine, and no protection is lost. I'm not sure what causes you to think otherwise--is there something that says it is disabled or not functioning?

Our IT department is looking into your specific problem, but as I said, since the product functions fine, and the server is not tier-1, they have de-prioritized it. I can't give any estimates when it will be resolved.

I understand that it's been de-prioritized.  It's been over 5 weeks since I provided all the specifics you requested, yet ERD continues to spam the system log every two hours with its failure messages.

I do appreciate your help in debugging the problem, last month.  All I'm doing at this point is documenting the problem for the community, in the event that other customers are also affected by this particular ERD issue.

I understand that my system is still protected, and the only aspect of the product that isn't functioning is the uploading of error and crash reports.  Still, it does come across like a vulnerability if hackers can deny access for months to a (lower-tier) service for a block of IP addresses.

Thanks again for your time and help with this.

// We plan on releasing a Firefox 10 compatibility update //

And what about Google Chrome? Considering Chrome is a more widely used web browser on Mac OS X Lion compared to Mozilla Firefox and you already have a fully working extension for Chrome with Norton Internet Security 2012 for Windows and Chrome extensions use the exact same API no matter if you are using the Linux, Windows og OS X version there shouldn't be that difficult writing one for Norton Internet Security for Mac.

To me it seems like Norton for Windows receives way more attention from Symantec / Norton developers than their Mac counterparts. And I guess that's not surprising considering the vast majority of crap out there is aimed towards Windows and not OS X.

But, charing the same price for a product that is inferior to its Windows counterpart in almost every single way and receives nowhere near the same amount of development and care from the Symantec / Norton developer team feels like a fraud if you ask me. Since Norton Internet Security 2012 for Windows was released in October (?) there have been multiple larger updates and quite a few smaller ones. For Norton Internet Security 12 for Mac there’s really been just one real update and considering the product was inferior to begin with this is simply not good enough.

Do you honestly feel the price tag of Norton Internet Security 12 for Mac and Norton Internet Security 2012 for Windows should be the same? If so how do you really defend this? Considering the feature list is not remotely close to the Windows counterpart and Mac users can expect like one update for every tenth Windows update? I don’t follow this logic.

I have been a loyal Norton user all since the remap back in 2009, but your Mac versions aren’t living up to your market priceat all.