After hearing about Heartbleed and the recent IE loophole, I decided to test and cross-test my Win 8.1 PC.
Norton 360 found nothing, but then I checked with AVG Free and found out that my Norton 360 virus definitions were infected! (see 1st attachment)
I fixed this through AVG, then updated Norton and checked my security log.
The log explicitly shows that My computer is under attack, and that my Norton installation is specifically targeted with attempts to replace numerous files (see examples in pics).
Although the attempts have calmed down a bit, they still persist.
Also, I cannot be certain that the updated virus definitions are safe. Since the attackers were succeeded in tampering with my installation, couldn't they make it download false definitions from their servers from now on, masking them to look like valid definitions from your servers?
My question is:
What do I do now?
How can I know my installation is safe?
Is there a way to see what happened to my computer when it was down?
Do I have to change passwords on all sites I ever joined?
Is there a way to make the installation less vulnerable (meaning -they know I'm using 360 and are specifically attacking it. Is there a way to make my 360 files seem different to them?
After checking with AVG I also checked with MalWareBytes, and it came through fine.
My biggest concern is the high frequency of these attacks, which shooted sky-high on 4/28/2014 when the IE loophole was announced. Very few before that day, very few after I cleaned w/ AVG and updated N360.
Any way to reduce the number of attacks? (such as somehow changing my IP, or moving my N360 installation to another folder)
IMHO even if you have a great shield such as Norton, once your enemy knows you're using it and targets more and more attacks, the probability of an attack sliding through rises. Once one slides through - you become wide open.
Brad, you really don't need to worry. Norton protects both heuristically and by definitions, and Pulse Updates are coming through regularly 24/7. Also the IE flaw has been patched, via Windows Update.
FWIW, I have my Boot Time Protection set to Aggressive which means Norton loads before anything else, giving you maximum protection.
My computer is shut down at night, and as soon as I log on, I run Live Update for the latest definitions.
Having said that, no one program can protect you 100% of the time.
Surf sensibly, look out for bundled unwanted software when you download things, and you'll be pretty much ok.
Run back up scanners like MalwareBytes, and you're well covered.
You may also want to check this thread out. Lots of good tips from other users.
After hearing about Heartbleed and the recent IE loophole, I decided to test and cross-test my Win 8.1 PC.
Norton 360 found nothing, but then I checked with AVG Free and found out that my Norton 360 virus definitions were infected! (see 1st attachment)
I fixed this through AVG, then updated Norton and checked my security log.
The log explicitly shows that My computer is under attack, and that my Norton installation is specifically targeted with attempts to replace numerous files (see examples in pics).
Although the attempts have calmed down a bit, they still persist.
Also, I cannot be certain that the updated virus definitions are safe. Since the attackers were succeeded in tampering with my installation, couldn't they make it download false definitions from their servers from now on, masking them to look like valid definitions from your servers?
My question is:
What do I do now?
How can I know my installation is safe?
Is there a way to see what happened to my computer when it was down?
Do I have to change passwords on all sites I ever joined?
Is there a way to make the installation less vulnerable (meaning -they know I'm using 360 and are specifically attacking it. Is there a way to make my 360 files seem different to them?
First uninstall AVG. You should never run two realtime security programs simultaneously - this can lead to system instability and actually make you less secure. What AVG found in your screenshot was simply a legitimate Norton file. Most security programs have some aspects that are rootkit-like. Rootkit detection tools like AVG can only tell you if such hidden files exist on your system - they cannot tell you if the files are legitimate or not. All rootkit detection results need to be evaluated by the user to determine if the items found are actually threats. Obviously, a hidden Norton file is not a problem.
Also, as already pointed out, the Norton Product Tamper Protection log entries are normal and are simply instances where Norton has blocked another program from accessing Norton files or processes. They are not attacks - they are the results of legitimate programs interacting with Norton. If these were malicious, you would be getting actual alerts (not just log entries) and Norton would be putting the "actor" in quarantine.
You wrote: "Since the attackers were succeeded in tampering with my installation, couldn't they make it download false definitions from their servers from now on, masking them to look like valid definitions from your servers?" The answer is no. LiveUpdate authenticates and will not install anything that isn't the real deal.
You also wrote: "IMHO even if you have a great shield such as Norton, once your enemy knows you're using it and targets more and more attacks, the probability of an attack sliding through rises. Once one slides through - you become wide open." It is far easier to attack something like Adobe Reader, or Java. Most malware will attempt to evade antivirus protection rather than subvert it. Your concern is not baseless, but it isn't something that you need to worry about, since the likelihood of something like that occurring is extremely remote.
Now go uninstall AVG. Running two resident antiviruses is a very bad thing to do.
I only installed AVG (and later Kaspersky) to perform that cross-check scan. I know only one program should remain active, and have alreay uninstalled both AVG and Kas.
It wasn't always this way (years ago NIS was SLOW!) but nowadays I am an extremely satisfied N360 customer. It would take a considerable amount of persuasion to make me even consider using one of the other solutions as my full-time guard.
I guess MalwareBytes is compatible with N360, and will keep it for periodic scans.
Make sure you have run the uninstall utilities for AVG and Kaspersky to ensure they have been fully removed. If this is not done, there could still be compatibility issues with Norton.
MBAM is OK to use as long as you are using the free version, as there is no real time components installed.