• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?

Heard about Java but really don't know 'if' i use it ...previously read about problems so i disabled the 'auto updates' for java ONLY - i have auto updates for NISS 'active' ...  went to Tools/enable-disable but didn't see JAVA as a choice .

              do not as of this writing have Norton 20.2.1.22  Current version is 20.2.0.19 if that means anything 

Here is the email /notice rec'd yesterday from Norton: (red color was from the email )  many thanks in advance ...edythe

 

United States Department of Homeland Security, regarding a vulnerability in Java. Java is both a language and a platform to run websites and programs used by many computer users, both on the PC and Mac operating systems. This vulnerability leaves millions of computers open to malware attacks and can lure online traffic to virus-infected websites. Rest assured, because you have a Norton security software product installed on your computer, you’re protected against the Java bug (CVE-2013-0422), as long as you have not disabled the automatic updates feature. We also recommend that you apply Oracle’s recently released security patch and make sure you are running the most updated version of Java.

Thank you for being a valued Norton customer.

Sincerely,
The Norton Team

Learn more about Java Zero-Day vulnerability

 

Replies

Kudos0

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?

Heard about Java but really don't know 'if' i use it ...previously read about problems so i disabled the 'auto updates' for java ONLY - i have auto updates for NISS 'active' ...  went to Tools/enable-disable but didn't see JAVA as a choice .

              do not as of this writing have Norton 20.2.1.22  Current version is 20.2.0.19 if that means anything 

Here is the email /notice rec'd yesterday from Norton: (red color was from the email )  many thanks in advance ...edythe

 

United States Department of Homeland Security, regarding a vulnerability in Java. Java is both a language and a platform to run websites and programs used by many computer users, both on the PC and Mac operating systems. This vulnerability leaves millions of computers open to malware attacks and can lure online traffic to virus-infected websites. Rest assured, because you have a Norton security software product installed on your computer, you’re protected against the Java bug (CVE-2013-0422), as long as you have not disabled the automatic updates feature. We also recommend that you apply Oracle’s recently released security patch and make sure you are running the most updated version of Java.

Thank you for being a valued Norton customer.

Sincerely,
The Norton Team

Learn more about Java Zero-Day vulnerability

 

Kudos1 Stats

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?

Hi EDYTHE,

It looks like the same one I got from them also:

https://response.nortonfromsymantec.com/servlet/website/PersonalizedForm?lRtHgmLJEy_8ez0_u7f_VTUW_790b2.26_2pkNl7sLkmELtHps_EKHtgRHgrFJhtJHlmDgLmElohPEg

I do believe it is legit.  It recommends you install Oracle's security patch - which I have done.  I am also considering totally removing JAVA as I understand it is not really needed y the average user.

I am sure others will add more info.

Kudos0

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?

It is legit.

If you use Java, make sure you use the latest version and apply any security patches, including this one.


If you don't need Java, don't install it at all, or uninstall it if you already have it.

Kudos0

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?


Bombastus wrote:

It is legit.

 

If you use Java, make sure you use the latest version and apply any security patches, including this one.


If you don't need Java, don't install it at all, or uninstall it if you already have it.


Hi - went to control panel/add-remove programs  -Java not listed in the line-up  so does that mean i'm not running Java -so there is no need to do the security patch?

Also opened Java tabs by clicking on Java icon within control panel -here's what i found (not that i understand all of this !)      THANKS IN ADVANCE ! 

.version 1.5.0;

auto config is 'blank''JNLP runtime settings user '' &unchecked enabled'' ;'

system -is enabled & can't remove the 'check' in that block;

advanced tab/settings:

debug (all blocks are unchecked;

java console ''hide console'

applet -blank

shortcut creation -prompt user if hinted'

JNLP file prompt user

security tab -all checked'

Misc - icon blank 

Kudos0

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?

PS - sorry forgot to add to your reply for help:

went to area to update/add patch and check ccurrent version -said i don't  have a working Java program ... thanks again

Kudos0

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?

Email From Symantec

I just got this email below.  My MailWasher program marked it as spam, and I thought the URL looked funny, so I did not click on the links.  Is this email actually from Symantec?

Since I decided to post this question, I’ve read this thread and downloaded the email to my email program, and it says I am protected against the latest Java vulnerability.

Is the response.nortonfromsymantec.com a legit URL?  I can’t recall getting an email like that before, and I’ve used Norton since about 1998 or earlier.

*********************

Norton by Symantec
Protecting the Stuff that matters.(TM)
https://response.nortonfromsymantec.com/servlet/cc6?kPuHglLJQABDSQSVniLjJPxoHjIhjkpKLQJhuV2VRVXLX
 
-----------------------------------------------------------

SERVICE NOTIFICATION
-----------------------------------------------------------

You are protected against the latest Java vulnerability

-----------------------------------------------------------

To view this message as a web page, click here.
https://response.nortonfromsymantec.com/servlet/cc6?kPuHglLJQABDSQSVniLjJPxoHjIhjkpKLQJhuV2VSVGf6beXVniLjJPxoHjIhjkpKLQJhuVXLX
 
-----------------------------------------------------------

You may have recently seen some of the extensive news coverage,
including statements from the United States Department of Homeland
Security, regarding a vulnerability in Java. Java is both a language
and a platform to run websites and programs used by many computer
users, both on the PC and Mac operating systems. This vulnerability
leaves millions of computers open to malware attacks and can lure
online traffic to virus-infected websites.

Rest assured, because you have a Norton security software product
installed on your computer, you’re protected against the Java bug
(CVE-2013-0422), as long as you have not disabled the automatic
updates feature.

Gary...Will Fly for Food
Kudos1 Stats

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?

Kudos1 Stats

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?

Hi Everyone,

The email is legit. We're trying to be proactive in keeping you informed that you're safe and there's nothing to worry about, as long as have not disabled the automatic updates feature.

Cheers!

Kudos0

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?

Yank and Dave, Thanks. I can’t recall seeing an email like this before, and the URL and the fact that my program labeled it as spam caused me to ask this question before I downloaded the email. I always keep Automatic Updates on.
Gary...Will Fly for Food
Kudos0

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?

Why would Norton use www.response.nortonfromsymantec.com? It makes is look like a phishing site. I can see Norton using a subdomain. Now anyone can buy a domain name with the word Norton or Symantec and use it to their benefit. My Gmail recognizes it as spam with warnings to use caution.

For what its worth,

Thanks,

Pat

Kudos0

Re: IS THIS A LEGITIMATE WARNING FROM 'THE NORTON TEAM? -IF YES, WHAT DO I DO ?


Dave_Coleman wrote:

Hi Everyone,

The email is legit. We're trying to be proactive in keeping you informed that you're safe and there's nothing to worry about, as long as have not disabled the automatic updates feature.

Cheers!


Hi Dave_Coleman

Why is there any need for Symantec to send out an email like this in the first place?

Shouldn't this information be readily available to NIS users by simply clicking on the 'Vulnerability Protection' link in the Advanced interface, as shown below?

As it stands, the only Java-related entries shown when clicking on the Vulnerability Protection link above are the following outdated entries that list Sun as the Vendor (instead of Oracle):

On the other hand, the 'Intrusion Signatures' list found under NIS 2013's Network Settings clearly shows that a number of signatures are covering Java vulnerability CVE-2013-0422:

Given the above, shouldn't these Java Intrusion Signature updates for CVE-2013-0422 be listed under 'Java' in the Advanced interface's 'Vulnerability Protection' feature as well? Is this a defect or is the 'Vulnerability Protection' feature simply a static list that never gets updated?

Please advise either way so that we can get this issue addressed.

Thanks

This thread is closed from further comment. Please visit the forum to start a new thread.