• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos2 Stats

@Symantec - NIS 2011 a big improvement on NIS 2010!

I ran NIS10 for about 4-6 months.  During that time, I was extremely dissappointed with NIS10 both due to faulty Symantec releases and also what appeared to be incomplete and poorly thought out new features.  I then went back to NIS09 for, at least, a half year.

Well, I just upgraded one of my systems to NIS11 and have been going extensively through the various settings and also testing.  I have to say that I think NIS11 is a big improvement over NIS10.  It seems to correct most of the issues I had with NIS10.  Perhaps, in a month, I can look at finally retiring NIS09 across all systems.

I think if you, Symantec, can avoid the problematic NIS updates that happened this year (like missing UI, unable to launch full-screen apps, etc...), then you'll have a winner with NIS11.

Although I still wish that automatic forced patching of NIS was optional, and that it was easier to rollback a problematic patch.  I don't relish being the first kid on my block with a newly deployed patch.  I would much rather defer that honor to others.

In any case, thanks.

Replies

Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

I ran NIS10 for about 4-6 months.  During that time, I was extremely dissappointed with NIS10 both due to faulty Symantec releases and also what appeared to be incomplete and poorly thought out new features.  I then went back to NIS09 for, at least, a half year.

Well, I just upgraded one of my systems to NIS11 and have been going extensively through the various settings and also testing.  I have to say that I think NIS11 is a big improvement over NIS10.  It seems to correct most of the issues I had with NIS10.  Perhaps, in a month, I can look at finally retiring NIS09 across all systems.

I think if you, Symantec, can avoid the problematic NIS updates that happened this year (like missing UI, unable to launch full-screen apps, etc...), then you'll have a winner with NIS11.

Although I still wish that automatic forced patching of NIS was optional, and that it was easier to rollback a problematic patch.  I don't relish being the first kid on my block with a newly deployed patch.  I would much rather defer that honor to others.

In any case, thanks.

Kudos1 Stats

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

HI Mark_Kratzer,

Thanks for sharing that.

One thing I wanted to mention in regards to automatic patching though. There are two types of patches, one is definition updates and the other is program patch updates.

The definition updates are clearly too critical to your computer's security to not have them updated automatically.

What you may not realize is that some of the program updates can also affect security. Every once in a while a program patch could be put out which alone or together with a definition update could also resolve a security vulnerability.

In the end I think it would be really risky not to do both automatically.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Funny how some have issues and some don't.

I've been running NIS since 2002 and I've never had any problems - touch wood.

I think the reason why NIS keeps improving is the feedback on this forum. Why have a dedicated team of people trying to keep it modern when the users can do it far easier.

Lets be careful out there !
Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

well , i have seeing drastic improvements in norton from 2009 version and 2011 is another step forward

Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!


Mark_Kratzer wrote:

[...]
Although I still wish that automatic forced patching of NIS was optional, and that it was easier to rollback a problematic patch.  I don't relish being the first kid on my block with a newly deployed patch.  I would much rather defer that honor to others.
[...]


The software's 'automatic forced patching' behaviour is what keeps the Norton Internet Security software firmly entrenched in the 'perpetual beta' space. That's why we never see an official 'RTM' release during the beta testing...

Some updates, especially those patches that modify the NIS engine and require a system restart, really do need a setting that provides a  'Notify me before downloading' option. The notifications related to these patches should also provide a link to a comprehensive list of the issues being addressed by the patch. The choice on whether or not to install this patch should be left up to me to decide; it is MY computer after all.

Norton should remember that behind every 'End Point', to coin your terminology, there is a person who expects to be treated with respect. Please be mindful that if you treat me like an 'End Point' then Norton is behaving exactly like the 'Command and Control' centre behind a world-wide Norton ''Botnet'... 

Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Hello elsewhere & Mark_Kratzer et al

I have read with interest and curiosity and respect... your comments regarding the preference for a 'user optioned forced program patches'.

I am not a techie...so, just respectfully wondering ...

If user A opted to install a 'forced program patch' and user B opted not to install a 'forced program patch'...

Would Norton then have to customize all future Live Updates for user B

I imagine program patches as building blocks for all future updates.

and with regard to one of AllenM logical points... What if a program patch was put out together with a definition update...ummm ?

So, just respectfully wondering... would having 'user optional forced program patches' even be possible. 

Would 'user optional forced program patches' be practical, workable, viable and a benefit for Norton users. 

Respectfully curiously wondering...

bjm_

Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Symantec clearly maintains compatible streaming definitions and download updater definitions for prior releases of their software.  In fact, I suspect that it is not as problematic as it has been made to sound in this thread.

Some specific examples:

(1)  During the NIS10 no UI debacle which lasted for almost two months, I had reinstalled the pre-debacle NIS10 version with my PCs disconnected from the Internet.  Then, I turned off auto updating.  Then, every morning I downloaded and ran the definition updates manually.  I did this for almost two months without a problem.  However, I decided to just go back to NIS09 when the next Symantec release wiped out the ability to run full screen apps.

(2)  Except for my work station on which I am evaluating NIS11, my other systems are running NIS09 with pulse updates.  No problem.

I believe Symantec pushes out the updates with no option for customers not to accept them or rollback as business decisions.  When you think of it from their perspective, assuming no patch debacles:

(1)  Pushing everyone forward should reduce operation expenses with regards to the free tech support they offer.  Less people will have legacy related problems and the less training needed for the call centers.

(2)  Symantec scores their greatest marketting coup when a zero day attack is thwarted by their product.  They have the best potential of doing that when everyone is pushed to the latest releases.  Having many of their customers getting burned in a zero day attack due to the fact that are lagging on patches is more likely to receive bad press than a buggy patches.  Despite the huge number of people suffering from NIS10 no UI, no full screen apps, having their program deleted etc ... did you ever see any mention of those in the trade press?

Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Hi Folks,

I have never heard of a case yet with streaming definition updates (pulse updates) introducing a bug.

With program patch updates sure bugs can and sometimes do occur but I honestly would accept the risk of that vs the alternative of not having a fully up to date program and definitions.

The reality is that if either the definitions or program itself is allowed to get out of date, your computer is at greater risk. Without getting into a debate over just how much additional risk you incur, clearly there is some level of additional risk you accept if your configure NIS to disable Live Update. When you disable live update, then pulse updates also don't work.

How many people will truly remember in this situation to run live updates manually or download the definition set independantly? Not many I'll venture to say.

For the vast majority of users, leaving NIS at the default and allowing it to download updates automatically is the best choice for them.

I am a software engineer and computer expert and I take a very hard stand on changes being made to my system without my full knowledge and consent which is why I get upset when MS does things like changing directory/file ownership and permissions during an OS upgrade, thereby forcing me to take it back again.

But when it comes to core security like NIS, I choose to let NIS do what it is designed to do and download updates as they become available, all automatically.

Just my thoughts on the matter.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Yes, I understand the additional exposure, but not being able to access NIS10's UI for 2 months introduces its own form of exposure.  I know Symantec asserted that customers were totally protected, but if I cannot get to the firewall or network rules to configure things, then perhaps I cannot block something that needs to get blocked like remote control protocols from the Internet.

After that, the inability to run full screen applications denied me the ability to use my system for the purpose which it was intended.  My system is a not a malware research lab.  Instead it is a tool to me.  The failure of that tool to function due to faulty security software can be just as crippling as its failure to function due to malware.

Symantec could do better in the area of providing people with options when it comes to problematic patches.  NIS10 clearly proved that they do happen and in a big way.  Not only were many customers (especially the less technical ones) left with no options, but even with so many people having problems, Symantec never pulled a patch from distribution, but continued to force it out over weeks and let the chips fall where they may.

This discussion might be academic, but NIS10 was a rough release for myself and many other customers.  Although I hope that Symantec QA does better with NIS11, I would rather that as software engineers that they prepare for the fact that things which can go wrong will eventually go wrong ... thus, offer some reasonable options when that happens.

Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

@ Mark_Kratzer

@ AllenM

Thank you very much for all your detailed contributions to this Topic.


re > NIS10 was a rough release for myself and many other customers.

Yes ... I absolutely recall reading all your posts and the posts of other users experiencing a rough release...


Very interesting dialog...maybe this Topic will help Symantec, to help us all ....

Thank again

bjm_

Kudos1 Stats

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!


AllenM wrote:

[...]

How many people will truly remember in this situation to run live updates manually or download the definition set independently? Not many I'll venture to say.

For the vast majority of users, leaving NIS at the default and allowing it to download updates automatically is the best choice for them.

I am a software engineer and computer expert and I take a very hard stand on changes being made to my system without my full knowledge and consent which is why I get upset when MS does things like changing directory/file ownership and permissions during an OS upgrade, thereby forcing me to take it back again.

But when it comes to core security like NIS, I choose to let NIS do what it is designed to do and download updates as they become available, all automatically.

]...]


The issue here is about how Norton forces program patches onto it's users. It's not about definition updates and the like. I'm advocating a 'Notify me before downloading' option for program patches because I'd like to choose when a patch gets downloaded and applied to my system. These patches aren't typically lightweight  (a 70 MB download as a conservative estimate).

While you cite an example about how Microsoft (MS) annoyed you in terms of upgrading your OS, please keep in mind that you made the conscious decision to proceed with the OS upgrade in the first place. With Norton program patching, you have no choice; the moment LiveUpdate runs, the patch will be downloaded and applied to your system. So even if a patch is known to have issues,  your system is getting that patch whether you like it or not.  At least Microsoft  offers you options when it comes to how you receive patches to your Operating System. I notice that MS Windows Update has an option to 'Check for updates but let me choose to download and install them'.

Another pertinent issue is about how Symantec / Norton handle their usage of my internet connection. In an ideal world, everyone would have super-fast broadband connections with unlimited download quotas. The current LiveUpdate 'patch pushing' model works fine in that space, but unfortunately, this isn't the reality.

So, to quote the standard Norton 'patch pushing' methodology (see here) as an example:

"As a standard practice, we will be deploying the patch in a phased manner. On <insert date>, we will be releasing the patch to some randomly selected customers. We will then monitor our telemetry, as well as this forum, for any problem reports or issues."

Please consider the following scenarios where the above 'standard practice' is far from ideal:

  • I'm a dialup user. Norton's need to update itself by downloading an unsolicited 70MB patch is far more important than my immediate internet browsing requirements...
  • I'm temporarily staying in a hotel with my Norton protected laptop. Norton decides that this is the ideal time to patch my program. Suddenly, I'm responsible for my excessive downloads and charged accordingly. Supposing 20c/MB, suddenly, my free update just cost me $14...
  • I'm a pre-paid wireless broadband user with a 225MB download limit with a 30 day expiry. I use this while I'm away from my standard home internet connection.  In a flash around one-third of my quota is used up by a Norton Security patch that I didn't ask to download and that really could have waited until my laptop was back on my home internet connection later during the day...
  • I don't want to be the randomly selected customer to be used as a test machine for a new patch. Sorry, but there aren't any options in the program's settings that allow you to opt-out of this process...

The list can go on and on. Some people have Peak and Off-Peak broadband download quotas. Why can't they have the flexibility to reschedule the download of a large Norton patch to occur during the Of-Peak period? Normal updates (definitions, pulse updates,, etc) should still occur but downloading the patch should be deferrable to a time that suits me.

This mindset of downloading large amounts of data without asking first shows up in another feature of NIS 2011. The 'Automatic Download of New Version' setting, which by default is set to On, behaves in exactly the same manner. At what point during the implementation of this feature didn't someone have the common sense to say "Hey, maybe we should ask the customer first if they'd like to download the latest version, rather than just presuming they'll want it...".

 Like I said in my earlier post, this is my computer, not Norton's. Norton isn't paying my monthly internet connection bill so they should be asking first before downloading large amounts of data. Courtesy goes a long way in business.

Kudos1 Stats

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

I would like to add a few more things to the above very detailed post of issues:

(1)  Microsoft offers a number of options for Windows Update:

(1.1)  Autoupdate and run it right away.

(1.2)  Autoupdate and notify me when I have patches.

(1.3)  Don't autoupdate and it is up to me to either:

(1.3.1) Run Windows Update at my convenience.

(1.3.2) Download an offline Knowledge Base patch installer and run it.

(1.4) It should be >>> NOTED <<< Windows Update patches can be backed out through Add/Remove programs if there is a problem (assuming you can still boot).

(2) I recently took a trip to China.  It was to be a short trip (2 weeks) and originally, I was not going to bring any recovery media with my laptop.  I figured if the hardware died, I would make due without it.  But then I remembered, how 4 PCs had been hosed by NIS10's forced patches.  I realized Symantec could strike me from anywhere in the World.  So, I took two sets of image DVDs for the XP partition.  (fear of a security suite ... is there a phobia for this?)

(3)  The examples above were excellent.  Suppose I am working on a deadline.  Suppose I am an accountant which is typically swamped with seasonal work.  Do I really want to have NIS force a possibly problematic patch to my system(s) under such circumstances?  One that I cannot even roll back if there are problems?  I think not.  BTW, I am not an accountant, but there are plenty of times in my day to day life that forced patching is not convenient.

I hope someone from Symantec is listening here?  You may say that forced patching is for my own protection.  But you already provide me with options to disable almost every aspect of NIS and harm myself ... why not give me the power to patch when I want and to rollback a patch with problems?

Thanks.

Kudos1 Stats

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Hi Elsewhere,

I think there may be a misunderstanding of what I am really trying to say. I am not saying there should not be options where a user can choose when to have these updates applied. What I am saying is that for the majority of users I think it works out well to have them applied automatically.

And this option (though somewhat limited) does in fact exist through being able to turn Off automatic live update. This allows those with slower connections or other concerns the means by which they can be downloaded at their convenience. Turning off Pulse updates prevents the streaming definitions but allows Live Update to continue. These options exist because customers expect them and have asked for them.

What I think is missing from this is that currently if you turn OFF automatic live update you also cannot receive Pulse Updates. I think this should be changed and for the very concerns you raised. The Pulse Updates are typically very small and I see a value add to the user to be able to say "hey I want Pulse Updates in real time but NOT the full live update". In fact I've seen quite a number of users make this statement on the forums.

So again I'm not against having these options, in fact I am all for it but I would be remiss in not pointing out the additional risk that one takes on if they turn off automatic live update and do not regularly run Live update manually, whether that be during off peak hours or whatever.

Trust me, I've been participating in the Norton Community long enough to have seen all the points you raised many times over. I know the concerns and yes I think users should have these options.


"As a standard practice, we will be deploying the patch in a phased manner. On <insert date>, we will be releasing the patch to some randomly selected customers. We will then monitor our telemetry, as well as this forum, for any problem reports or issues."


I agree there should be an opt-out option for this.


This mindset of downloading large amounts of data without asking first shows up in another feature of NIS 2011. The 'Automatic Download of New Version' setting, which by default is set to On, behaves in exactly the same manner. At what point during the implementation of this feature didn't someone have the common sense to say "Hey, maybe we should ask the customer first if they'd like to download the latest version, rather than just presuming they'll want it...".


This can be turned OFF though I agree I think there should be an additional option as you mentioned in the context of live updates to notify but not download the new version. There is also an option in your Norton account to receive product update notices by email.

You mentioned having an option to be notified of regular updates to the current version before being downloaded. This might work for Live Updates which are only 2-3 times per day but I don't think anyone would want this notice for Pulse Updates. Can you imagine getting notices every 10 minutes of the day that new updates are waiting for you? Sorry, just a bit of levity.

So to reiterate I am absolutely for having these options under the users control and my intent was to point out the risks of turning off all the updates and not doing regular live updates manually.

I'll go one step further and say that I think Live Updates should be able to be scheduled, much like you can schedule full system scans in place of the Idle Time scan. In fact I think I will post this suggestion in the Ideas Forum.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Hi Folks,

If anyone cares to lend their voice (so to speak ) to the idea of being able to schedule live update (similar to scheduling custom scans) please see below.

http://community.norton.com/t5/Norton-Product-Ideas/Allow-Live-Update-to-be-Scheduled/idi-p/291582

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

thanks for seeing such a topic..generally people complain their problem here..:P..

Kudos1 Stats

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Allen,

I don't know enough about the specifics of NIS to know if Live Updates have a 1:1 relationship with forced NIS patches.  To be clear, I define a patch to NIS as anything that increments the version number of the product as seen in the ABOUT dialogue.

Rather than tell Symantec what low level features I want, I prefer to indicate what high level capabilities I want and let the developers figure out the best way to implement it.

Towards that end, I am requesting:

(1)  The ability to opt out of forced auto patching of NIS (only this one particular activity); I want all my other definition streams and NIS information exchanges to continue.

(2)  The ability to revert (rollback) a problematic patch with one click.

(3)  A Web page that provides links to full NIS installers for every version released so that I can manually reinstall previous versions or upgrade to newer versions without having to follow this forum and grab these things when someone finally posts a link.

Please communicate this to your friends at Symantec for me, since they have never acknowledged this thread or previous requests for such capabilities.

Thank you very much.

Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Hi Mark_Kratzer,

I think the Idea I just posted and linked to above will satisfy #1 on your list.

Regarding the other ideas I would highly suggest that you post these in the Ideas Forum yourself. These are paid attention to by Symantec staff and is the correct forum for presenting ideas for new features or changes to existing features.

I'm not sure about #2 but I suspect #3 might prove to be problematic because there are a lot of updates and the overhead of maintaining something like this I suspect would be significant. One other thing to note here, some of the minor program updates do not always bump the version number from Support > About.

Anything posted in the Ides forum will be seen by Symantec and the more support you gather for the Idea from other users the more chances that Symantec might do something with the suggestion.

Symantec does not necessarily respond to each and every suggestion posted there as there are lots of post, but they do see each one. If they need clarifcation on any suggestion or have decided to formally consider the idea they usually post to that thread to indicate same.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Allen,

Okay, done.  Thanks.

http://community.norton.com/t5/Norton-Product-Ideas/NIS-Allow-customers-the-option-not-to-auto-patch/idi-p/291888

That would go a long way to eliminate any lingering anxiety I have with NIS.  The way it is right now, I know that on any given reboot I might just find that NIS11 just broke and the only short-term (meaning hours; not weeks) I am going to get will be the result of my own ingenuity to work around it as best as I can.

Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Hi Mark_Kratzer,

Thanks for that. May I make one suggestion? If you believe the suggesion I posted about being able to disable Live and pulse update individually and to schedule live update sessions satisfies #1 on your list, you might want to remove that item so that it does not lead to any confusion.

Thanks again and best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos0

Re: @Symantec - NIS 2011 a big improvement on NIS 2010!

Well, actually, I am not sure if it does.

I would rather tell Symantec what my requirements are and leave it to them to decide how to best implement it.  As a software engineer, I am sure you can appreciate the distinction between a requirement and an implementation.  Thanks.

This thread is closed from further comment. Please visit the forum to start a new thread.