• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Trovico not discovered

The homepage of my browser was hijacked by trovico.com, however NIS did not discover any problems nor I could find any hits on "trovigo" at the website of Norton. On the internet I found hijacking by trovigo can be a serious issue and finally a found and followed the solution at http://malwaretips.com/blogs/trovigo-virus-removal/ (hoping that the place and suggested software is safe). I expect from NIS a complete protection against internet threats, but it seems now that I need additional software to remove threats like generated by trovico.com. To what extend I can rely on Norton? Why does Norton contain gaps in the protection?

Replies

Kudos0

Re: Trovico not discovered


HoogendoornJH wrote:

The homepage of my browser was hijacked by trovico.com, however NIS did not discover any problems nor I could find any hits on "trovigo" at the website of Norton. On the internet I found hijacking by trovigo can be a serious issue and finally a found and followed the solution at http://malwaretips.com/blogs/trovigo-virus-removal/ (hoping that the place and suggested software is safe). I expect from NIS a complete protection against internet threats, but it seems now that I need additional software to remove threats like generated by trovico.com. To what extend I can rely on Norton? Why does Norton contain gaps in the protection?



Welcome,

Norton is an antivirus program that also catches other threats. It cannot catch all of them. In fact no single security program can protect you 100% of the time from 100% of the thousands of threats being released daily. Malwarebytes free scanner and SuperAntiSypware's free scanner are two that are often recommended here as second opinion scanners.

Please use only the free versions, the full [pro] versions have active scanners which will conflict with your Norton program.

In my opinion I think that Norton's programs provide the best available protection against viruses and other threats which can damage or destroy your data and programs. The other mentioned scanners are a great compliment to your Norton program. With a fully engaged chair / keyboard interface you will have as good protection as is available anywhere on the web.

Stay well and surf safe

Dick Win 10x64 current current NSBU
Kudos7 Stats

Re: Trovico not discovered

Hi HoogendoornJH:

Welcome to the Norton forum.  Sorry to hear about your problems with the Trovico browser redirector.

Further to dickevans' comments, there is an article here on the Lifehacker website titled The Difference Between Antivirus and Anti-Malware (and Which to Use) that also concludes that users should use an on-demand (manual) scanner like the free Malwarebytes Anti-Malware to scan for lower risk lower-risk PUPs (potentially unwanted programs) and PUMs (potentially unwanted modifications) like adware and browser redirectors that sometimes slip past your antivirus real-time protection.  The reason I like this article is because Lifehacker asked representatives from Avast (a free antivirus program), Norton, McAfee (paid antivirus programs) and Malwarebytes (a free anti-malware program) to explain what types of malware their software should detect.

There is a companion article here on the Lifehacker site describing the different classes of malware.

------------
MS Windows 32-bit Vista Home Premium SP2 * Firefox 27.0.1* IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: Trovico not discovered

Thanks for your response, dickevans and imacri. I understand the difference between the various threats, however, from a package named (Norton) Internet Security I expect more than virus protection alone. One of the reasons for choosing an Internet Security package is that I don't need a bunch of different programs to keep my computer environment safe. If the position of Norton is that for the detection of some types of malware I have to rely on additional programs (and have to find them myself) the reason for using NIS would be lost for me. I that case I will compose a bundle of free protection software myself, saving me the fee for using Norton.

Kudos3 Stats

Re: Trovico not discovered

Can I suggest that before you install anything you carefully read the EULA.  This could help you avoid installing some 'extras' that you may not want.

A little bit of knowledge is... well a little bit of knowledge.
Kudos1 Stats

Re: Trovico not discovered

Hi HoogendoornJH:

If you go to Settings | Computer | Real Time Protection |  Antispyware | Configure you will see the broad categories of threats (Spyware, Adware, Remote Access, etc.)  that NIS can detect in addition to viruses.  For a full list of the specific threats, go to Norton's Threat Explorer site here and click on a category.  Under Spyware, for example, you will find links for descriptions of several keyloggers such as Spyware.UltimateKeylog, Spyware.SuperKeylogger, etc. that Norton can detect.

There are many users in the forum who don't feel that using an antivirus program like NIS, Avast, McAfee, etc. in combination with a second opinion on-demand scanner like the free Malwarebytes Anti-Malware or SUPERAntiSpyware scanners as the Lifehacker article here recommends provides adequate protection - particularly against lower-risk PUPs like the browser redirector you were infected with.  There was a recent thread here in the forum, for example, discussing whether NIS users need to install specialized keylogger detection from companies like Zemana or SpyShelter (I'll leave it to you to read the full thread and make up your own mind, but just FYI, NIS was able to detect and remove the simulation keylogger Zemana provides for testing).  The need for additional protection depends entirely on each user's browsing/downloading habits and level of comfort.

------------
MS Windows 32-bit Vista Home Premium SP2 * Firefox 27.0.1* IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: Trovico not discovered


HoogendoornJH wrote:

Thanks for your response, dickevans and imacri. I understand the difference between the various threats, however, from a package named (Norton) Internet Security I expect more than virus protection alone. One of the reasons for choosing an Internet Security package is that I don't need a bunch of different programs to keep my computer environment safe. If the position of Norton is that for the detection of some types of malware I have to rely on additional programs (and have to find them myself) the reason for using NIS would be lost for me. I that case I will compose a bundle of free protection software myself, saving me the fee for using Norton.


 to the forum.

As Imacri mentioned,  a dual-layer PC protection plan can be helpful.  I'm using MBAM ("Malwarebytes") alongside Norton 360 AV.

The general consensus about the topic is that typical residential PC users are better protected when implementing a malware-specific (ie, "PUP"s as Imacri mentioned) protection tool in conjunction with your mainline AV product.

This approach isn't limited to Norton's AV products.  In other words, mainline AV products can't guarantee 100% protection statistics.  There's just too many malicious variants out there that are being launched into cyberworld on a daily basis to be detected and contained 100% of the time.

All that being said   ,I'm probably in the minority view in how I look at AV protection products.  I rely on them to block the vast majority of threats but just as important to me, I rely on the AV product to notify me of a potential issue as well as chcking my CPU usage, System Tray icons, current Process running, etc.

The important part to me is being aware of the presence of an intrusion.  If I know about such an intrusion, I'll use my backup plans as a means of recovery.

Windows 7x64 Home Premium OEM Ver / MoBo: ASUS P7P55D-E / CPU: Intel i5-650 / RAM: 16 Gb Corsair DDR3
Kudos0

Re: Trovico not discovered

Hi, HoogendoornJH. As you will be aware, no antivirus program will protect you 100% of the time.

This is why we recommend a multilayered approach to malware prevention. One tool won't do it all.

In the end, we all need to be aware of where we are browing, and what we download.

Many of these pups and puas are bundled with other software, and you really do need to check for unwanted addons.

Use Norton as your primary protection and apps like MalwareBytes and SuperantiSpyware, as passive back up scanners.

Take a sensible approach, and you'll stay safe.

Windows 10 Home X 64
Kudos0

Re: Trovico not discovered

Well, opinions differ whether NIS should 'cover all' or not. For me, the added value of 'payed protection' is that the product is complete and saves me from searching all kind of addiotions ('ontzorgen' as we call it in The Netherlands; I don't know how to translate this in English, but it is something like 'taking over total care from the customer'). If somebody can invent and develop apps like MalwareBytes and SuperantiSpyware, than Norton can do so too and add it to the NIS-suite. If somebody can develop a keylogger app, than Norton can do so too and add it to the NIS-suite. Etc. If NIS can't offer me 'total care', then I will do it myself, compose a 'suite' of free protection software and terminate my NIS-subscription.

Kudos0

Re: Trovico not discovered


lmacri wrote:

Hi HoogendoornJH:

If you go to Settings | Computer | Real Time Protection |  Antispyware | Configure you will see the broad categories of threats (Spyware, Adware, Remote Access, etc.)  that NIS can detect in addition to viruses.  For a full list of the specific threats, go to Norton's Threat Explorer site here and click on a category.  Under Spyware, for example, you will find links for descriptions of several keyloggers such as Spyware.UltimateKeylog, Spyware.SuperKeylogger, etc. that Norton can detect.


I have all concerning settings "on", nevertheless, NIS does not detect Trovico.

Kudos0

Re: Trovico not discovered


HoogendoornJH wrote:

Well, opinions differ whether NIS should 'cover all' or not. For me, the added value of 'payed protection' is that the product is complete and saves me from searching all kind of addiotions ('ontzorgen' as we call it in The Netherlands; I don't know how to translate this in English, but it is something like 'taking over total care from the customer'). If somebody can invent and develop apps like MalwareBytes and SuperantiSpyware, than Norton can do so too and add it to the NIS-suite. If somebody can develop a keylogger app, than Norton can do so too and add it to the NIS-suite. Etc. If NIS can't offer me 'total care', then I will do it myself, compose a 'suite' of free protection software and terminate my NIS-subscription.


What I want to add is that I understand that 100% safety can never be guaranteed, however I am not talking about 100% safety but about 'total care' to save time in managing my protection.

Kudos1 Stats

Re: Trovico not discovered


HoogendoornJH wrote:
What I want to add is that I understand that 100% safety can never be guaranteed, however I am not talking about 100% safety but about 'total care' to save time in managing my protection.

Hi HoogendoornJH:

I certainly agree with you on that point.  One obvious drawback of using a second opinion on-demand scanner like Malwarebytes Anti-Malware (MBAM) is that any malware/PUP that evades your antivirus real-time protection still manages to infect your computer and it's up to the user to find the best tool (whether it's MBAM or some other anti-malware tool) to fix the problem.

Norton users with infected systems have the option to pay an additional fee for the NortonLive spyware and virus removal service (which I personally think should be included in the price of my annual subscription) or to register with one of the free malware removal forums listed here in delphinium's post.

There have been several posts in the Product Suggestions board requesting that Symantec do a better job of detecting lower-risk malware like PUPs (see Quads' post here for one example, and leave a kudo if you agree with his comments) so I hope that the Symantec employees monitoring that board are taking those suggestions into consideration for their next product upgrade.

------------
MS Windows 32-bit Vista Home Premium SP2 * Firefox 27.0.1* IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos2 Stats

Re: Trovico not discovered

I'm not sure what "total care" means, if it doesn't refer to 100% safety.  Security software is only one component of computer security, and it is arguably not even the most important or effective component, regardless of how many features it offers.  Really, the solution to the issue of unwanted software is simply to pay attention to all screens that are presented during the installation of new or updated software, especially free programs.  Preselecting the option to install bundled software or to change program settings is such a common practice these days, that users ought to expect it and to look for the boxes that need to be unchecked before continuing an installation.  SInce the bundled software is not malicious, but simply unwanted, the decision to opt in or opt out is really up to the user, not the security software they are running.  After all, the MSN homepage and Bing search engine are both offered in this way when one installs or updates Skype.  Not everyone wants these, but many people do.  I really don't foresee Norton blocking these two Microsoft offerings, so where would you draw the line?

Kudos0

Re: Trovico not discovered

"Well, opinions differ whether NIS should 'cover all' or not. For me, the added value of 'payed protection' is that the product is complete and saves me from searching all kind of addiotions ('ontzorgen' as we call it in The Netherlands; I don't know how to translate this in English, but it is something like 'taking over total care from the customer'). If somebody can invent and develop apps like MalwareBytes and SuperantiSpyware, than Norton can do so too and add it to the NIS-suite. If somebody can develop a keylogger app, than Norton can do so too and add it to the NIS-suite." And you want to pay how much????
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Trovico not discovered


SendOfJive wrote:

I'm not sure what "total care" means, if it doesn't refer to 100% safety.


It’s all about risks. You can do everything you know to reduce risks (“total care”), but nevertheless not reach 100% safety.

Cyber criminals are always one step ahead of protection software, so in principle protection software can never guarantee 100% safety. Protection software developers cannot write software for things they don’t know, nor can virus databases contain virus definitions for unknown viruses (although heuristic scanning attempts to cover this). “Total care” means that a protection software developer includes everything in its suite to combat threats regarding data traffic from and to a device (whether it is via internet or via an USB-port or whatever). However, as stated before, not everything is known, so the protection suite cannot guarantee 100% safety by definition, despite the fact the software developer did everything what was within its knowledge and capability to protect you.

Where to draw the line? That is more or less where what is known ends.

Kudos0

Re: Trovico not discovered


delphinium wrote:
 And you want to pay how much????

Well, most additions concern free software, so inclusion or redevelopment would not cost too much, I would say.

Kudos0

Re: Trovico not discovered


lmacri wrote:

There have been several posts in the Product Suggestions board requesting that Symantec do a better job of detecting lower-risk malware like PUPs (see Quads' post here for one example, and leave a kudo if you agree with his comments) so I hope that the Symantec employees monitoring that board are taking those suggestions into consideration for their next product upgrade.


Yes, they should really think about the concept of "total care".

Kudos0

Re: Trovico not discovered

Presently, when it comes to Potentially Unwanted Programs, the onus is on the end user to carefully read the End User License Agreement when installing, especially free, software.

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Trovico not discovered


Krusty13 wrote:

Presently, when it comes to Potentially Unwanted Programs, the onus is on the end user to carefully read the End User License Agreement when installing, especially free, software.


Yes, you mentioned this before. I searched the Norton License Agreement (NLA, hoping this is the same as EULA) for the word "free", but did not get a relevant hit. Can you please be more specific in what you mean?

Kudos0

Re: Trovico not discovered

No, what you are calling the NLA is actually the contract you agree to when you install Norton products.  So Norton's EULA looks like this  -  http://www.symantec.com/content/en/us/about/media/eulas/2014/en_ie/NAV_NIS_N360%2021.0_IE%20-%20EULA.pdf

When you install third party programs you will need to agree to their EULA.  If you read carefully that EULA you might find that you will be agreeing to install a bundle included with the program that you want.  In that bundle are often PUPs which most of us do not want, and some of which can be a real pain to remove.  You will more likely see these PUPs when you install free software.

All that said, since you agreed to install that program and it's bundle, you then find yourself afflicted with PUPs.

If you have agreed to installing said PUPs, you can't really blame Norton for allowing it, can you?

Can you see what I am getting at?

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Trovico not discovered


SendOfJive wrote:

Preselecting the option to install bundled software or to change program settings is such a common practice these days, that users ought to expect it and to look for the boxes that need to be unchecked before continuing an installation.  SInce the bundled software is not malicious, but simply unwanted, the decision to opt in or opt out is really up to the user, not the security software they are running.  After all, the MSN homepage and Bing search engine are both offered in this way when one installs or updates Skype.  Not everyone wants these, but many people do.  I really don't foresee Norton blocking these two Microsoft offerings, so where would you draw the line?


'Bundled' software is a very irritating thing nowadays and I should definitely be warned by NIS if 'additions' are incorporated in an installation or update, whether it is from Microsoft, Skype or whatever.

A few days ago I updated my wife's Samsung Windows 8 tablet with the updater "SW Update Client". Guess what happened. After the update Norton Internet Security was installed on the tablet. I did not encounter a checkbox or it was hided in a way it was difficult to discover, I don't know. Maybe Norton does not want to combat 'bundled' software because they are part of the problem.

Anyway, I hold the opinion that I should be warned when my computer is 'invaded', whether it is malicious or unwanted.

Kudos0

Re: Trovico not discovered


Krusty13 wrote:

If you have agreed to installing said PUPs, you can't really blame Norton for allowing it, can you?

Can you see what I am getting at?


Yes, I can, but do not agree. The point is that 'permissions' often are difficult to discover and the majority of users just skips quickly through all kind of windows during an update or installation (see my Norton case in my former post). The concept of ‘bundled’ software misuses this habit and should therefore be prevented.
I really don’t know when and where trovigo invaded my computer, despite I am above average aware about safety. That is also why I am really agitated about the fact Norton did not give a clear signal when it happened and at least last week trovigo was not even known at the website of Norton.

I can understand Norton cannot take responsibility for ‘accidently’ installing unwanted software as they have no control over what I am doing, but I can blame Norton for not warning me.

Kudos1 Stats

Re: Trovico not discovered

Hi HoogendoornJH
To my knowledge I thought that Norton only focuses on malware that could damaged or destroy your computer so this is one of the reasons it doesn't pick up PUP and other things along those lines people may consider them malicious but they can't destroy your system. Reason being as many people have said in this thread and other threads people actually want these features that are bundled with the download for example a tool bar or something like that. For that reason this is why people reccomend programs like MalwareBytes to act like a wingman along side your Norton program although I do not use MalwareBytes I have heard from people that it's a great program and works well with Norton.

When you said 'Maybe Norton does not want to combat 'bundled' software because they are part of the problem' do you think that Norton is apart of bundled software? I'm not judging or insulting your opinion in anyway but I think if an AV was involved in something like that we'd probably all know about it but that's just me.

Regards
Kudos0

Re: Trovico not discovered


AudiA1 wrote:

When you said 'Maybe Norton does not want to combat 'bundled' software because they are part of the problem' do you think that Norton is apart of bundled software? I'm not judging or insulting your opinion in anyway but I think if an AV was involved in something like that we'd probably all know about it but that's just me.

Regards

Well, please check with Samsung and refer to their program "SW Update Client". Anyway, NIS was installed on my wife's tablet outside my awareness, which is a very unwanted experience. To me the experience with the trovigo invasion in the first place and with Norton later, both during last two weeks, means that the pressure of unwanted software installations (USI’s) on internet is increasing.

Kudos1 Stats

Re: Trovico not discovered


AudiA1 wrote:
Hi HoogendoornJH
To my knowledge I thought that Norton only focuses on malware that could damaged or destroy your computer so this is one of the reasons it doesn't pick up PUP and other things along those lines people may consider them malicious but they can't destroy your system. Reason being as many people have said in this thread and other threads people actually want these features that are bundled with the download for example a tool bar or something like that. For that reason this is why people reccomend programs like MalwareBytes to act like a wingman along side your Norton program although I do not use MalwareBytes I have heard from people that it's a great program and works well with Norton.

Regards

I think the vision of Norton is too limited. An Internet Security Suite (or better: a Data Exchange Security Suite, it’s not only about internet but also about data exchange over USB-ports, telephone lines or whatever) should protect me against all kinds of (potential) unwanted intrusions/invasions from the ‘outside world’.

I agree, what can be wanted for the one, can be unwanted for the other. This however, could be managed by settings. An IS suite (or DES suite) should protect me and make me aware about actual and potential inconveniences regarding what is going in and out my computer/device.

Kudos0

Re: Trovico not discovered

Hi
Was it a trial of NIS that may have come with the tablet? Try maybe asking the store you bought it from if they have any information about that. That way you can rule out if you got it from another download or with the tablet but to my knowledge I've never heard of Norton coming with other programs. And in regards to the SW update client I searched up on it and found out its samsung updates or something like that. Here's the link http://www.samsung.com/uk/support/usefulsoftware/supportUsefulSwNotebook.do

Regards
Kudos0

Re: Trovico not discovered


AudiA1 wrote:
Hi
Was it a trial of NIS that may have come with the tablet? Try maybe asking the store you bought it from if they have any information about that. That way you can rule out if you got it from another download or with the tablet but to my knowledge I've never heard of Norton coming with other programs. And in regards to the SW update client I searched up on it and found out its samsung updates or something like that. Here's the link http://www.samsung.com/uk/support/usefulsoftware/supportUsefulSwNotebook.do

Regards

It was a trial of NIS. I only have a licensed NIS on my laptop and the PC of my wife. Currently our tablets (Samsung and HP, both Windows 8) are protected by the standard windows protection software.

Apart from that, I think tracing how I got the Norton USI (Unwanted Software Installation) on the Samsung tablet is outside this topic. It's a minor issue and served as an illustration of what is going on regarding USI's. I am not so interested in what happened, I am finding out what I can do for the future to avoid PUPs, USI’s and invasions like trovigo. Until now, NIS does not appear to be a partner in this search.

Kudos0

Re: Trovico not discovered

Hi
Sorry for my mistake.
My advice to avoid unwanted programs would be too look through things carefully while downloading and run a program alongside Norton like MalwareBytes Free to help you out just incase you miss one and it ends up installing. Other than that I'm not sure how else you can be protected from them. Just make sure you double check a lot of the stuff! That's my opionin :)

Good luck and take care
Regards
Kudos0

Re: Trovico not discovered


HoogendoornJH wrote:
A few days ago I updated my wife's Samsung Windows 8 tablet with the updater "SW Update Client". Guess what happened. After the update Norton Internet Security was installed on the tablet.

I use a Samsung laptop with SW Update.  The updates that are available are all free applications and updates.  I doubt that a paid program like Norton would be offered.  Of course you can always check in the SW Update program itself - it does show what updates are available, which ones you have already installed, and which are still available.  More likely, the Norton trial was preinstalled on the tablet and presented a pop-up to activate it, which was accepted.  Either way, a paid program will not install unless it is authorized by the user.

One more point about SW Update:  it gives you the option of installing everything that is offered or selecting only those updates that you want.  This goes to the more general point of being attentive to what you install.  If you cherrypick what you want, you know what you are getting.  If you use the "One Click Install and Update" button you will get everything that is offered - and I don't think you could expect Norton or any other program to second guess your selection.  That is the crux of the issue with PUPs - they do not install without a user "OK," albeit that approval is often obtained in sneaky ways.  But it is an approval none the less, and Norton has no way of knowing if you actually wanted to install the software or not.  You need to read everything.

Kudos3 Stats

Re: Trovico not discovered


SendOfJive wrote:
SInce the bundled software is not malicious, but simply unwanted, the decision to opt in or opt out is really up to the user, not the security software they are running.  After all, the MSN homepage and Bing search engine are both offered in this way when one installs or updates Skype.  Not everyone wants these, but many people do.  I really don't foresee Norton blocking these two Microsoft offerings, so where would you draw the line?

Hi SendOfJive:

I agree with you that Norton products should not automatically block bundled PUPs in case the user wants to opt in and install the bundled software.  What I am suggesting is that Norton could do a better job of detecting these PUPs and then present the user with the option to remove (quarantine) or allow the installation to proceed.

The following example demonstrates how a "fake" Sysinternals Process Monitor installer bundled with unwanted third-party PUPs can be downloaded to my hard drive because Download Insight assigns a trust level of Good even though the file has Very Few Users and is Very New (i.e., the reputation of this file is unknown in the Norton Community).  Results shown below were conducted with my Firefox v. 27.0.1 browser but were identical when tested with IE9.  Kudos to elsewhere for providing the link to this wrapped installer.

"Legitimate" Process Monitor zipped file (ProcessMonitor.zip v. 3.5) from Microsoft Sysinternals
       SHA256: 3e7aad3fa75cc876a4d99f9df4e01d381c671f17d1b0160ee5d0dc1254d7f72b

Test "infected" installer bundled with PUPs (SoftangoDownloader_SysinternalsProcessMonitor.exe v. 1.5.3.14) from Softango
      SHA256: 0c9b0b4f007e86ec3e74407672c84da625fb916770513dbc0e6d3390e0b39d27

When I download the infected installer, Norton's Download Insight reports that the file is Safe.  Note that full details of the File Insight report (attached) show that the trust level (reputation) is rated as Good even though the file has Very Few Users and is Very New.



When I run a second opinion on-demand MBAM scan of the downloaded SoftangoDownloader_SysinternalsProcessMonitor.exe,  the wrapped installer is detected as PUP.Optional.InstallBrainNo automatic action is taken by MBAM - I am given the option of selecting the file and sending it to quarantine or ignoring the file (i.e., creating a scan exception) and allowing the PUPs to install when the file is eventually executed.  (Note that on-demand scans with a NIS Insight Network Scan and Norton File Insight both reported No Threat Found).



A submission of SoftangoDownloader_SysinternalsProcessMonitor.exe installer to VirusTotal currently shows a detection rate of 10/48.  AVG, AntiVir, ESET, Malwarebytes and other popular free and subscrition-based antivirus software detect this file as a possible threat - see yesterday's analysis report here.

And PUPs are not the only issue - PRIOR posted results here showing that malicious files can also evade detection by Download Insight and corrupt your Windows OS (another case of a Good trust level even though the file has Very Few Users and is Very New) depending on the site the malware is downloaded from.

So while I agree that no one antivirus program is able to block 100% of infections 100% of the time, I still feel that there's a great deal of room for improvement in Norton's protection when it comes to threat detection.  If the file reputatuion is unknown (Very Few Users , Very New) shouldn't Norton at least display the Download Insight pop-up in yellow and classify the trust level as Unknown until enough data has been gathered via Norton Community Watch to determine the file's safety?

------------
MS Windows 32-bit Vista Home Premium SP2 * Firefox 27.0.1* IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: Trovico not discovered


SendOfJive wrote:
That is the crux of the issue with PUPs - they do not install without a user "OK," albeit that approval is often obtained in sneaky ways.  But it is an approval none the less, and Norton has no way of knowing if you actually wanted to install the software or not.  You need to read everything.

I don't agree with you. 'Sneakyism' is a rising phenomenon on the internet and protection software should include the option to warn against and even the option to kill beforehand any kind sneakylike intrusion, invasion, installation, PUP, PUM, USI or whatever. Reading all the stuff which comes to someone takes a lot of time and at moments of hurry something might easy escape your attention.

Kudos0

Re: Trovico not discovered

HoogendoornJH, if you find a program that protects you 100% from EVERYTHING bad on the net, can you let me know about it ?

Norton cannot give you 100 % protection. No one program can, which is why I talk about layered protection.

When you drive a car with airbags, you also have secondary protection from seatbelts.

These other programs like MalwareBytes, are your secondary protection.

A quick scan daily with MalwareBytes will take a couple of minutes, at most.

Not too much to ask, when Norton is your primary protection.

Windows 10 Home X 64
Kudos0

Re: Trovico not discovered


F4E wrote:

HoogendoornJH, if you find a program that protects you 100% from EVERYTHING bad on the net, can you let me know about it ?

Norton cannot give you 100 % protection. No one program can, which is why I talk about layered protection.

When you drive a car with airbags, you also have secondary protection from seatbelts.

These other programs like MalwareBytes, are your secondary protection.

A quick scan daily with MalwareBytes will take a couple of minutes, at most.

Not too much to ask, when Norton is your primary protection.


Again, it is not about guaranteeing 100% safety, but about ‘total care’. It seems that the distinction between the two is difficult to understand. See also message 15.

Kudos1 Stats

Re: Trovico not discovered

Another issue to think about.

When an AV program is changed to add additional scans to its protection, the system resources are going to go up for that AV program.

How much of a drag on your system are you willing to accept for adding "just one more feature"? And then someone else wants an additional "one more feature".

AV products concentrate on what they do best. Protect the user's system from damaging software/malware. I am willing to run a Malwarebytes scan once a week, overnight while I sleep to check for the PUPs and PUAs.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Trovico not discovered

Absolutely agree with peterweb. I downloaded Adblock from a green flagged site by both Norton and WOT, and it downloaded a pup.

I scanned it with MalwareBytes before install, and the pup was picked up and removed.

Currently Norton is very light on my system, and I want it to stay that way.

Windows 10 Home X 64
Kudos1 Stats

Re: Trovico not discovered

And right on cue, Leo Notenboom posted this blog article yesterday that is right on point:

Is it safe to download from download sites?

Answer: "no."

Kudos0

Re: Trovico not discovered


F4E wrote:

Absolutely agree with peterweb. I downloaded Adblock from a green flagged site by both Norton and WOT, and it downloaded a pup.


Hi, F4E.

Mind sharing which site that was?  Surely, it wasn't either Mozilla or Google's website for Chrome

Semper ubi sub ubi
Kudos0

Re: Trovico not discovered

Hi Inquirer. No, it was  http://adblock-ie.en.softonic.com/

The installer is clean according to Norton, but a scan with MBytes found a pup.

Another reason to install direct from the developer whenever possible, rather than a 3rd party host site.

Windows 10 Home X 64
Kudos0

Re: Trovico not discovered

Okay.  Thanks, F4E.

Semper ubi sub ubi
Accepted Solution
Kudos0

Re: Trovico not discovered

Well, I think this post is losing track and can be finalized.

Unfortunately, the concept of ‘total care’ is not shared by most contributors to this post. I think the challenge for protection software developers is in offering a complete, configurable suite covering all the protection you need to avoid unwanted and ‘sneaky’ intrusions, invasions, PUPs, PUMs, USIs or whatever  in data exchange between devices (whether by internet, USB-ports, telephone lines or whatever). This holds especially for paid protection software as it should supply ‘added value’ amongst separate, more specialized and often free protection software.

For me, the most valuable contribution to this post was message number 3 from lmacri. My conclusion is that NIS will not deliver the ‘added value’ I demand from a paid package and a will compose a suite myself with free software, saving me the contribution fee for Norton in the future.

Kudos3 Stats

Re: Trovico not discovered


HoogendoornJH wrote:

Well, I think this post is losing track and can be finalized.

Unfortunately, the concept of ‘total care’ is not shared by most contributors to this post. I think the challenge for protection software developers is in offering a complete, configurable suite covering all the protection you need to avoid unwanted and ‘sneaky’ intrusions, invasions, PUPs, PUMs, USIs or whatever  in data exchange between devices (whether by internet, USB-ports, telephone lines or whatever). This holds especially for paid protection software as it should supply ‘added value’ amongst separate, more specialized and often free protection software.

For me, the most valuable contribution to this post was message number 3 from lmacri. My conclusion is that NIS will not deliver the ‘added value’ I demand from a paid package and a will compose a suite myself with free software, saving me the contribution fee for Norton in the future.


Other members of the Norton Community share your view on this issue though. Please see my posts here:

http://community.norton.com/t5/Tech-Outpost/Malwarebytes/m-p/1078497/highlight/true#M8897

http://community.norton.com/t5/Tech-Outpost/Why-does-Norton-360-NOT-warn-against-sites-like-Open-Candy-and/m-p/1106438/highlight/true#M9455

NIS already has the Download Insight reporting feature which could handle potentially unwanted programs; all it needs is for detections for the files to be added.

For example, if I launch the PUP that lmacri described earlier, the following dialog is displayed which asks me what action do I want to take:

If I launch the same file using Malwarebytes Pro 2.0 (beta), the following dialog is displayed which asks me what action do I want to take:

The Malwarebytes alert clearly warns me that the file contains a PUP. If I choose to proceed with the install, then at least I'll be on my guard to look out for all those 'sneaky' checkboxes.

.

Kudos1 Stats

Re: Trovico not discovered


elsewhere wrote:


Non-Malware Detected.  It's fine if Malwarebytes wants to alert to those sorts of things, but it does point up the bottom line that we are talking about programs that are not malicious.  I'm not saying that Norton shouldn't also alert to non-malware, but certainly it does get into a legal gray area when you are blocking someone else's legitimate program only because you think the user might not really want it. 

Kudos2 Stats

Re: Trovico not discovered


SendOfJive wrote:
I'm not saying that Norton shouldn't also alert to non-malware, but certainly it does get into a legal gray area when you are blocking someone else's legitimate program only because you think the user might not really want it.

Hi SendOfJive:

I'm not sure that presenting a pop-up asking a user if they would like to quarantine or install a bundled PUP creates a legal grey area.   A wrapped installer might not carry a malicious payload capable of corrupting my OS or stealing passwords, but I always worry about PUPs like browser re-directors that could expose my system to other malicious software.  I still think MBAM's "Non-Malware Detected" warning shown in message # 41 is much better than Norton's green checkmark and "Safe to Run" notification, but I concede I might be in the minority.

I have a paid version of MBAM PRO on my system so I thought users might be interested to know what happens when I run both NIS and MBAM PRO together in realtime protection mode and try to download the test file (SoftangoDownloader_SysinternalsProcessMonitor.exe) mentioned in message # 30.  The malicious website blocking feature of MBAM's realtime protection blocks the connection to the humiapp.com server and prevents the "infected" wrapped installer from downloading to my hard drive.  The message displayed in my Firefox browser is "Unable to Connect - Firefox can't establish a connection to the server at www. humipapp.com".




Norton ConnectSafe provides users with similar protection from malicious web sites, but I think this speaks to the OPs comments about "total protection".  Newbies who purchase an Internet Security suite (and I include any IS suite from Norton, McAfee, Kaspersky, etc. here) and are infected by one of these PUPs are often surprised when they post in the forum and learn that they should also perform on-demand scans with MBAM or SUPERAntiSpyware, reconfigure DNS settings to use the SafeConnect IP addresses, and take other preventative measures to supplement their IS protection.  I missed the point the OP was trying to raise when I read his initial post and I apologize to HoogendoornJH if my early replys in this thread sounded like I was dismissing his concerns.
------------
MS Windows 32-bit Vista Home Premium SP2 * Firefox 27.0.1* IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: Trovico not discovered

"The protection module protects you from malicious threats..."  I am in complete agreement that malicious threats should be blocked.  Software that installs without providing a way for the user to know or to opt out is malicious.  That should not include anything labled "non-malware."  If the Softango downloader installs any secondary software without notice, then yes, it should be blocked, but if it simply offers InstalBrain, that is the gray area.

Kudos1 Stats

Re: Trovico not discovered


SendOfJive wrote:

"The protection module protects you from malicious threats..."  I am in complete agreement that malicious threats should be blocked.  Software that installs without providing a way for the user to know or to opt out is malicious.  That should not include anything labled "non-malware."  If the Softango downloader installs any secondary software without notice, then yes, it should be blocked, but if it simply offers InstalBrain, that is the gray area.


All Malwarebytes is doing is warning the user that it has detected InstallBrain in the installation file that the user is running. InstallBrain has been classified as a PUP because it exhibits one or more of the bad behaviours listed on Malwarebytes' PUP checklist. If the creators of InstallBrain want to dispute that classification then they can do that via a PUP Reconsideration request. Keep in mind that we wouldn't be discussing this issue if PUP removal was always as simple as a Control Panel uninstall that removed all traces of the PUP in question.

Symantec's position on dealing with PUPs is inconsistent across operating systems as well. Norton Spot on the Android OS will rate apps based on a potential annoyance factor. Here is an example of Norton Spot detection for an app:

Potential annoyance is medium.

Ad Network: <Name>

- Displays ads in the app

- Collects location coordinates

That's all it detects for that app. What are the options presented to the user to deal with this app? Only one - Uninstall. If those two criteria above are enough to trigger a detection with an annoyance level of medium, then why aren't PC applications subjected to the same 'potential annoyance factor' criteria?

With respect to not including anything labled "non-malware", consider the cases where a PUP installs a Bitcoin miner on the unsuspecting user's PC:

http://blog.malwarebytes.org/fraud-scam/2013/11/potentially-unwanted-miners-toolbar-peddlers-use-your-system-to-make-btc/

Quoting that article:

So now that we have proof that a PUP is installing miners on users systems, do they do it without ever letting the user know? Well not exactly, their EULA specifically covers a section on Computer Calculations:

COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.

Their explanation is basically the purpose of Bitcoin Miners and that they will install this software on the system, run it, use up your system resources and finally keep all rewards from the effort YOUR system puts in.

Talk about sneaky.

How many users here would have read that part of the EULA and thought "Oh, it's going to install a Bitcoin miner."? Given the potential for a Bitcoin miner to damage the hardware, isn't the best time to warn the user about this potentially unwanted program the moment they try to install it?

Kudos0

Re: Trovico not discovered


HoogendoornJH wrote:

Well, I think this post is losing track and can be finalized.

Unfortunately, the concept of ‘total care’ is not shared by most contributors to this post. I think the challenge for protection software developers is in offering a complete, configurable suite covering all the protection you need to avoid unwanted and ‘sneaky’ intrusions, invasions, PUPs, PUMs, USIs or whatever  in data exchange between devices (whether by internet, USB-ports, telephone lines or whatever). This holds especially for paid protection software as it should supply ‘added value’ amongst separate, more specialized and often free protection software.

For me, the most valuable contribution to this post was message number 3 from lmacri. My conclusion is that NIS will not deliver the ‘added value’ I demand from a paid package and a will compose a suite myself with free software, saving me the contribution fee for Norton in the future.


Hi,
Just one request. When you have built that package please share it.

Thanks

Dick Win 10x64 current current NSBU
Kudos2 Stats

Re: Trovico not discovered


SendOfJive wrote:
I'm not saying that Norton shouldn't also alert to non-malware, but certainly it does get into a legal gray area when you are blocking someone else's legitimate program only because you think the user might not really want it.

Hi SendOfJive:

I suspect our opinions about the grey area that companies like Malwarebytes and Symantec face when it comes to distinguishing PUPs vs. malware is quite similar.   I was only objecting to the term "legal gray area" since, as elsewhere noted in message # 45, Malwarebytes has posted a comprehensive list of unacceptable behaviours for their PUP criteria (e.g., hijacking search engines, hijacking the home page, out-of-context advertising, etc.) and has a formal appeal process that software developers can follow if they feel their software has been unfairly classifed as a PUP.

I posted a question in the Malwarebytes forum here and asked if MBAM PRO should be able to detect bundled PUPs during downloads (i.e., similar to the "infected" SoftangoDownloader_SysinternalsProcessMonitor.exe wrapped installer I tested in message # 30).  The replies from Malwarebytes employee AdvancedSetup are very much in line with your comments.  AdvancedSetup also recommended I read his post titled The Complexity of Finding, Preventing and Cleanup from Malware that includes comments on the role of individual users (e.g., keep Flash/Java/Windows up-to-date, back up important data, etc.) in preventing/recovering from malware infections.

------------
MS Windows 32-bit Vista Home Premium SP2 * Firefox 28.0* IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos2 Stats

Re: Trovico not discovered


dickevans wrote:

HoogendoornJH wrote:

Well, I think this post is losing track and can be finalized.

Unfortunately, the concept of ‘total care’ is not shared by most contributors to this post. I think the challenge for protection software developers is in offering a complete, configurable suite covering all the protection you need to avoid unwanted and ‘sneaky’ intrusions, invasions, PUPs, PUMs, USIs or whatever  in data exchange between devices (whether by internet, USB-ports, telephone lines or whatever). This holds especially for paid protection software as it should supply ‘added value’ amongst separate, more specialized and often free protection software.

For me, the most valuable contribution to this post was message number 3 from lmacri. My conclusion is that NIS will not deliver the ‘added value’ I demand from a paid package and a will compose a suite myself with free software, saving me the contribution fee for Norton in the future.


Hi,
Just one request. When you have built that package please share it.

Thanks


Your comment comes across as rather flippant, dickevans. If Norton products don't provide the protection that users expect, then those users may very well turn to free products that do meet their needs. User feedback like this important to Symantec as it provides further insight into the reasons behind their recent lacklustre financial results:

http://news.techworld.com/security/3499736/symantecs-results-show-firm-battling-changing-security-market/?olo=rss

Objectively speaking, what is your position on this Norton PUP detection issue?

Kudos3 Stats

Re: Trovico not discovered

Moving on then.

Please find below another impressive example of EULA abuse:

http://blog.malwarebytes.org/online-security/2014/03/soundcloud-downloader-always-read-the-eulas/

Highlights from the article above include:

Worth noting that if you read all of the listed EULAs and policy pages, you’re looking at something like 18,000 words to plough through. I say “something like”, because one of the pages isn’t text you can tally up – it’s one gigantic screenshot of text instead.

A dialog box presented during the install that advises that:

“…we would like to install on your machine the following program that uses your CPU for virtual currency mining and other computational activities when it is idle / standby, this program does not interfere with normal operations of the processor while you are working on the machine”

...and then there is this little gem in the EULA (emphasis mine):

Here’s the bit that made me sit up and take notice:

2) “…may do but not limited to the following actions to your personal computer: utilize all computing processing unit and graphics processing unit, power, random access memory, virtual memory…network capacity and bandwidth and any other resources it sees fit, activate all fans and generate an unlimited amount of heat, and utilize an unlimited amount of electricity (outlet and battery). This may damage and cause irreparable harm to your computer

That sound you hear is the ever increasing distance of my footsteps, breaking into a mad dash for freedom. [...]

On the one hand, the people behind this bundle are being surprisingly upfront about the system stressing possibilities of a miner (assuming you click the links in the installer, otherwise you’re going to miss it). On the other hand, who would read all of the above and think “Yes please, sign me up”?

Luckily for end-users, Symantec products detect this file as Trojan.ADH.2, as per the VirusTotal results noted in the link above.

However, if you applied the ‘legal gray area’ argument to this file though, then Norton products should not be detecting this file. The EULA and installation dialog boxes associated with this file clearly state that the software vendor is going to install a virtual currency miner on the end-user's machine and that, as a consequence, this software may potentially damage and cause irreparable harm to that end-user’s computer. If the end-user has consented to the terms of this EULA (by mindlessly clicking through the EULA/installation dialogs or otherwise), then what right, under the ‘legal gray area’ argument, has Symantec to interfere with this software installation process by detecting this file as Trojan.ADH.2? Food for thought.

If Symantec wishes to continue taking a risk-averse position in terms of their Norton product’s Potentially Unwanted Program (PUP) detection capabilities, then, at the very least, they should consider introducing a new global detection for virtual currency miners eg. a Bitcoin miner.  This detection would give the Norton end-users, who have fallen foul of a rogue virtual currency miner installation, a method of removing the miner from their system. This Norton-detected miner removal process would, in some ways, make amends for their Norton product’s initial failure to block the Potentially Unwanted Program that installed the miner in the first place...

This thread is closed from further comment. Please visit the forum to start a new thread.