• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Security shortcoming in Norton 360 v.22.5.2.15

I have been a staunch user of Norton products for many many years, both in my personal life and in my professional life. Norton 360 came with my Windows 7 laptop when I first purchased it (about 3-4 years ago).  It may have been called a different name back then, but the functionality was the same then as it is now (virus protection, security protection, backup, computer optimization, and many other utilities).

I have not had a problem or an issue with Norton 360.  This was until the latest update (to make it compatible with Windows 10) was released.  Since updating, my backup and my disk optimization won't run unless I'm logged into my laptop under an account that has administrator-level rights.

The requirement for administrator-level rights for the backup and the disk optimization is something new to Norton 360.  It wasn't experienced before the latest version (22.5.2.15) was released.  In speaking with Norton Tech Support representatives, I was told that it was discovered that administrator-level rights were needed for some functions (backup and disk optimization) to run completely in the new version.  This begs me to ask why was this modified to require this in the new version versus what was present in the previous version?  Was the previous version not able to access all necessary files?  

Common-sense security tells you to never use an an account with administrator-level rights in everyday use (due to the very increased risk of a virus or malware being downloaded and then being able to run having administrator-level rights to all files and processes on the computer).  This is why my everyday use account is not one that has administrator-level rights, it only has standard user-level rights.  If a program requires Administrator-level rights, it has to prompt me for the credentials of the Administrator-level account which I would then proceed to enter and allow the program to continue with the elevated access level.

Requiring customers to be using an account with Administrator-level rights for every day use (just so that backup and disk optimization can run completely and successfully) is a practice that defies common-sense security.  Requiring customers to have to log out of my standard user account (that doesn't have Administrator-level rights) and log in with my account that does have that access level is inefficient and will cause customers to choose not to do so.

Norton 360 v.22.5.2.15 needs to be patched so that Administrator-level rights are not necessary for these utilities to run.  Either that or the user is prompted to supply the credentials for an account that does have Administrator-level rights in order for these utilities to run correctly and successfully.

In the future, if this isn't patched, this would be a reason why I would not continue to use Norton products/Norton 360 and pursue other programs that can be used that don't require customers to always be on an account that has Administrator-level rights.

Replies

Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

Thank you for the link. I scanned that entire thread and couldn't find any reference to what I posted above.
Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

Re: NS 22.5 update changed my task settings

Posted: 13-Jun-2015 | 1:09PM • Permalink

bjm_:

Well, I pulled Norton Download Manager 22.5

As Krusty13 mentioned Check for New Version returns.  Non Admin and Power Source are still MIA.   Unless, I hear to the contrary.  I'll presume Non Admin and Power Source are missing as per design.  

Non-Admin access to settings was removed intentionally.  It is a security loophole that enables non-privileged users to access privileged product configuration.

Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

JEFFRIE

bjm_'s link is to point out why Norton felt the need to remove 'Non Admins Access'

I too miss the access from my standard account, but it does not really hobble the backup and disk optimization functions. Those still run in the background even if you are using your standard account. The only time you will need to go into your admin account is if you want to change some setting in your 360 or add/change something in your backup settings. I'm not sure how you use your system, and I realize everyone is different, but I have not gone into settings since I originally set up my Norton Security with Backup. And that was only to verity that the old settings from my NIS installation were carried forward correctly.

FWIW Disk optimization is not as important as it used to be in the past. With the power and speed of computer hardware these days, you will never notice any performance increase. In fact Windows purposely defragments some system files to improve performance.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

BJM and peter, please let me clarify.  My post isn't about being restricted in my settings at all....my post was about the issue that with no change to my settings (as they didn't change at all, just the product was updated to v.22.5.2.15 to be compatible with Win10...which I do not have yet, I'm staying with Win7 until I know 100% if I do or do not want Win10), Norton Backup and Norton Disk Optimization will not run on my computer unless I am logged in under an Administrator-level account...which shouldn't be necessary since the previous version of N360 never required Administrator-level rights in order for those two utilities to run successfully...neither run in the background at all...I know this because my taskbar icon (by the time) has a red X in it and opening up N360 tells me that the backup and the disk optimization hasn't run lately....so when I attempt to run then, I am told that I need to be logged in as an Administrator in order for those to run.

Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

JEFFRIE

I understand you are saying you cannot run a backup or optimize your drives unless logged in as an admin.

The difference could be in our products. I use Norton Security with Backup. In my case I know the backups are running because I see the pop outs from Norton notifying me that the backup has been completed in the background. It may be different in 360, but the guts of 360 have been upgraded to the same as Norton Security.

Have you checked your History from 360? Choose the Backup from the drop down list on the history page and see what is reported there for successful backups. You can also see what has been reported for Disk Optimization from the drop down list in History.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

How do I check the History?  I don't have an option to check the history page.

Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

JEFFRIE:  How do I check the History?  I don't have an option to check the history page.

You may right click Norton tray Icon > View Recent History.  Or, open Norton main view > click Security > click History. 
Note drop down for History pages.

Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

There was no recent history for Backup at all. :/

Recent history for Disk Optimization shows not necessary as fragmentation is less than 3%, and other events where it was successful....woot.  It still makes me wonder why N360 won't allow me to manually start Disk Optimization manually (that's where I get the  Administrator-level rights necessary issue.

Also, there was no Security tab or menu in my N360 main page....so the above information was gathering using the taskbar icon method.

Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

Looking back at your original post

Requiring customers to be using an account with Administrator-level rights for every day use (just so that backup and disk optimization can run completely and successfully) is a practice that defies common-sense security.

 No one is suggesting you use an admin account for daily use. I use a standard user for my daily use and the backups run just fine after they were set up in the admin account.

Have you gone into your admin account to check that the optimization and backup settings were transferred correctly during the update? You only have to do this once then you can go back to your standard account.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

As an IT person who administers a bunch of personal computers as a favor for various Enterprise customers that I support - this is a HUGE feature that's missing.  None of our customers know the "admin" password - and I find that Norton 360 now seems to fail often times - requiring users to manually start a defrag or backup - yet they cannot now - as it prompts them to log in as the admin.

I believe this should be corrected and fixed.  I can agree that the settings should only be changed by admin users - but starting a backup or optimization or defrag, or cleanup task - should be allowed at a user level access.  I hope this gets corrected in the next release.

--------------------------------------Shawn P. LemayS&T Enterprises of WNYWilliamsville, NY 14221http://www.sandtent.com
Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

slemay

The issue of standard users not being able to run Backups has been addressed in the latest product update. See the announcement here.  https://community.norton.com/en/blogs/product-update-announcements/norto...

I am not sure there are plans to restore access to the other functions to standard users.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

I would "HOPE" there would be plans to get these back - why offer them as a solution?  Why alert the customer to something he can't fix?  ALL functions should be available to users - perhaps not the administrative (though I'd rather you offer it and allow us to password it - but that's a minor thing).  But all functions of what the product does - scanning, defrag, backup etc... should be available to a normal non-admin user.  WHO thought that wouldn't be a good idea?  This is a consumer product after all!  Not the enterprise product.  Wow - after reading this and a few other threads about this - I'm starting to really wonder who's making these types of decisions at Symantec???

--------------------------------------Shawn P. LemayS&T Enterprises of WNYWilliamsville, NY 14221http://www.sandtent.com
Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

As you have read other threads about this, you may have noted that there used to be a setting to allow standard users to access all settings. That disappeared when the product updated to the 22.x.x. versions.

As an aside. If you are helping Enterprise customers, they would normally not use a home consumer product for their security. So using enterprise security products, one would assume that no settings would be accessible to users.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

Peter - Enterprise products are great for the enterprise - not the residence where there is no backup, defrag, cleanup etc... built in.  Enterprise products are sold and administered in the Enterprise environment, where many conditions are strictly administered and configured.  The lack of control at the residence makes this sort of product (Norton 360) more ideal when the machines in question, never come back to the enterprise environment.  Now remote workstations (laptops / notebooks) that move between the environments is an entirely different story.

--------------------------------------Shawn P. LemayS&T Enterprises of WNYWilliamsville, NY 14221http://www.sandtent.com
Kudos0

Re: Security shortcoming in Norton 360 v.22.5.2.15

I understand Enterprise product usage. I was just commenting on your comment in your first post.  As an IT person who administers a bunch of personal computers as a favor for various Enterprise customers that I support.

If the remote workstations you mention are being connected to the enterprise system when moved back and forth, one would think that the enterprise IT department would still want things locked down, so a user could not inadvertently run a utility that might compromise the security of the enterprise data. These systems should not be considered a home system, and it is wise the IT department does not give the users the admin password.

I do understand a home user wanting access to these features, and I too missed this access. But for as often as I use them, I can just log into my admin account to do the maintenance.

Things happen. Export/Backup your Norton Password Manager data.

This thread is closed from further comment. Please visit the forum to start a new thread.