I have used Norton products for over a decade
And today I am deeply disappointed in it's total failure to block a serious attack
I (rashly) downloaded something from Cnet.com (CoffeeCup VisualSite Designer)
Norton rated the download as having "good trust"
The Cnet installer then proceeded to install multiple malware components, including the isearch.claro-search.com browser hijacker virus
From research, it looks like this may now be the case for other Cnet downloads too
This is very disappointing, as Cnet used to be one of the most trusted download sites on the Internet
But Norton - it's your job to stop this kind of thing getting onto our PCs
Not only did Norton Internet Security say the file was OK (having "good trust") - but Norton Internet Security made no attempt to stop the browser being hijacked or stop any of the other junkware being installed
I would expect your software to flag it up immediately as a dangerous file
I have cleaned up the mess (as far as I can tell) - but it took a lot of time - and many people would have no idea how to fix it
It looks like downloads from Cnet.com may no longer be safe
Please can you address this ASAP - otherwise a lot of your users are going to get infested with this junkware
It's not malware. It's the Claro toolbar/browser extension. At the most, it would be termed a Potentiall Unwanted Program, but it isn't malware and that's why Norton doesn't detect it. It comes bundled with some programs, and it doesn't install itself - the user does. It's a useless piece of annoying crap software, but it actually is legit.
I have no problem at all with a program asking to install a toolbar
But that is NOT what it does
It does not ask - well actually it does ask, then ignores the reply
It then hijacks the browser - setting home page and default search providers to Claro. It is not trivial to change it back, especially on Firefox.
If you search the Internet, this has caused major upsets to a lot of people - and is most definitely viewed as a virus.
There is also additional junkware installed as well as this virus
In Nortons defence it did identify one of those pieces of junkware as a virus and removed it - but only one of them (the installer installed 4 unwanted things in total) - and after all the damage had been done
My concern is that from looking on Google, there appears to be a lot of people experiencing the same issue with Cnet downloads
So I would like to see Norton address this issue
if u use direct link u wont have those problems
alan1212,
None of what you describe corrupts your data or causes your system to malfunction. Norton is doing its job of protecting those assets.
The other point to remember is that no single security program is going to protect you 100% of the time from 100% of the threats which are being generated and released by the thousands daily.
I keep Malwarebytes free scanner
http://www.malwarebytes.org/products/malwarebytes_free
and the one from SuperAntiSpyware
on my desktop and run one or the other about once a week when all is well - just as a confirmation.
Stay well and surf safe
Dick
Thanks for your reply
But I (and a lot of other people) consider having my browser hacked to be in the catagory of "having your system malfunction"
It does not work properly any more - searches are messed up - and takes time to put it all back. No one could seriously consider Claro to be a proper search provider
If you do a search for this issue, you will see that this has caused serious grief for a lot of people
Of course there are much more serious viruses out there
But my concern is the number of people that will be affected by downloading from this major site
So I strongly believe that Norton should address this issue
Hi,
I won't argue the 'malfunction'. The point is that all of the components are still fully funcional. Nothing hard or soft has been destroyed.
As for Norton addressing the issue, I cannot speak for them. I would expect that at some point the code being used will get squashed and the bad guys/gals will have to develop a variant so they can continue to try to destroy things.
Hi alan1212,
CNET has been known to bundle PUPs in their installers in the past, so your experience isn't new - but you are correct that there are a lot of recent posts online about the practice apparently reappearing lately. From what I have read, the installation of Claro or Babylon does require user acceptance, although the installation screens may not make it obvious that you are agreeing to install something in addition to the software you wanted. As in all cases when downloading something, you need to be very, very careful to read everything and proceed slowly. This is true even when downloading directly from a vendor's site (Adobe usually bundles extra software with their free programs).
As Bombastus mentioned, such added software is usually legitimate, despite sometimes being horribly annoying and troublesome to deal with. In the absence of clearly malicious intent,, most security programs will not prevent PUPs from installing, instead leaving it up to the user to make the determination about which applications to install. A recent article at PCWorld offered some insight and good instruction on PUPs, in response to a forum post there (and here) about why Norton did not block a particular PUP:
I agree with dickevans. I always tell my business clients that a security suite alone is never enough as there are many things intentionally designed to get by them by piggybacking on legitimate processes. Running one of the free scanners that you mention once a week keeps the system far safer than a security suite alone