Hi Norton users,

The Norton AntiVirus 12.1 and Norton Internet Security 5.1 updater has been posted. Also posted is Symantec Vulnerability Protection 3.7 and Norton Shared Components 2.1 which updates Norton Licensing and Symantec Uninstaller. This release also serves as our Firefox 9 compatible update. 

LiveUpdate will download these updates automatically so there's no action that needs to be taken. However if you the updates

now, you may run LiveUpdate manually using the Norton QuickMenu's LiveUpdate menu options.

This update is mainly a maintenance release that fixes several issues, some of which were reported or discussed here on the forums, as well as other issues reported via other support channels.  Not all issues were fixed in this update; some issues we have yet to reproduce internally and others just simply didn't make the cut.

This is the first major update to Norton AntiVirus 12 and Norton Internet Security 5, but it will definitely not be the last. We plan on releasing a Firefox 10 compatibiliy update, and another mainteance release, early next year. We also plan on releasing some new products early next year, as well as the previously announced Norton One. 

Enjoy!

Ryan,

I cannot seem to find any documentation relating to this update. Is it possible to post the release notes for 12.1 or a link to the notes? Thanks.

How am I suppose to get this update if I can not download updates after installing NIS 5?

Regarding what is addressed by these patches, here are the highlights:

Firefox 9 support for Norton Identity

Fixes for Deepsight community reporting, install dashboard, and error reporting

Enabled "Buy a Key" functionality

Fixed Trialware purchase problem

NAV scan engine does better reporting of archive scan totals

Fixed Location Awareness alert repeatedly appearing when connecting to VPN

I'm not sure what specific error reporting fixes were made, Lee, but error reporting still isn't working on my iMac after having updated to the most recent NIS 5 software and restarting.

OS X Lion 10.7.2, NIS 5.1

12/23/11 9:23:56.614 PM Symantec Error Reporting: Symantec Error Reporting Daemon launched.

12/23/11 9:26:26.367 PM Symantec Error Reporting: Symantec Error Reporting Daemon beginning submission for domain local-domain.

12/23/11 9:26:26.371 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Submitting 36 error reports.

12/23/11 9:26:26.372 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Submitting 36 reports.

12/23/11 9:26:26.643 PM Symantec Error Reporting: Symantec Error Reporting Daemon beginning submission for domain current-user.

12/23/11 9:26:26.653 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Submitting 1 error reports.

12/23/11 9:26:26.661 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Submitting 1 reports.

12/23/11 9:26:37.846 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Submitting 0 panic reports.

12/23/11 9:26:37.847 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Submitting 0 crash reports.

12/23/11 9:26:37.847 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Submitting 1 error reports.

12/23/11 9:26:39.145 PM Symantec Error Reporting: Result of upload command: 65280

12/23/11 9:26:39.149 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Failed to submit anything.

12/23/11 9:26:39.204 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Submitting 0 panic reports.

12/23/11 9:26:39.204 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Submitting 0 crash reports.

12/23/11 9:26:39.204 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Submitting 36 error reports.

12/23/11 9:26:41.456 PM Symantec Error Reporting: Result of upload command: 65280

12/23/11 9:26:41.466 PM Symantec Error Reporting: Symantec Error Reporting Daemon: Failed to submit anything.

12/23/11 9:27:39.150 PM com.apple.launchd.peruser.501: (com.symantec.errorreporting.periodic-agent[7035]) Exited with code: 70

12/23/11 9:27:39.150 PM com.apple.launchd.peruser.501: (com.symantec.errorreporting.periodic-agent) Throttling respawn: Will start in 6978 seconds

12/23/11 9:27:41.468 PM com.apple.launchd: (com.symantec.errorreporting.periodic[7023]) Exited with code: 70

12/23/11 9:27:41.468 PM com.apple.launchd: (com.symantec.errorreporting.periodic) Throttling respawn: Will start in 6875 seconds

(FYI, the code 70 status started appearing after a mid-November LiveUpdate.  The couple of months prior to that update, launchd never reported throttling ERD.)

Would love to see ERD being able to properly send reports to Symantec, to eliminate this repetitive console log spam.

Sorry for the problems.  I'll pass this along to the folks who work on this feature.  It may be a little while before you hear back, due to the holidays.

Hi,

One of the engineers has requested output from the following 3 commands (in /Applications/Utilities/Terminal):

/usr/libexec/PlistBuddy -c "Print :Internal" /Library/Preferences/com.symantec.errorreporting.plist

/usr/bin/host macupload.symantec.com

sftp -o LogLevel=DEBUG3 macupload.symantec.com

Thanks for following up on this, Lee!

Here's the output that the engineer has requested:

kathryns-imac:~ kathryn$ /usr/libexec/PlistBuddy -c "Print :Internal" /Library/Preferences/com.symantec.errorreporting.plist
false
kathryns-imac:~ kathryn$ /usr/bin/host macupload.symantec.com
macupload.symantec.com has address 216.10.196.81
kathryns-imac:~ kathryn$ sftp -o LogLevel=DEBUG3 macupload.symantec.com
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to macupload.symantec.com [216.10.196.81] port 22.
debug1: connect to address 216.10.196.81 port 22: Connection refused
ssh: connect to host macupload.symantec.com port 22: Connection refused
Connection closed

It appears that you may have trouble with port 22 being blocked.  Do you know if you can SSH into any server?  If you are behind a corporate or personal firewall (e.g. NPF), you may want to find out about the settings.

---

Lee_G wrote:

It appears that you may have trouble with port 22 being blocked.  Do you know if you can SSH into any server?  If you are behind a corporate or personal firewall (e.g. NPF), you may want to find out about the settings.

---

I also see the same error message even with su <username of admin> -c 'sftp macupload.symantec.com'. After much scroogle-ing, I finally noticed Growl telling me that this address (216.10.196.81) made it into the P2P blocklist, so if PeerGuardian or similar is being used... 

Logging into the SFTP server with a username & password is not permitted. It requires DSA encryption to login and logging in via the shell is disabled on the server for security & legal reasons. Perhaps repeatedly attempting to log into the server caused PeerGuardian to get confused.

As long as you can log into another SSH server that is not on your local network, that should be sufficient, unless your ISP is filtering SSH packets that don't use password logins for some weird reason.

---

ryan_mcgann wrote:

Logging into the SFTP server with a username & password is not permitted. It requires DSA encryption to login and logging in via the shell is disabled on the server for security & legal reasons. Perhaps repeatedly attempting to log into the server caused PeerGuardian to get confused.

 

As long as you can log into another SSH server that is not on your local network, that should be sufficient, unless your ISP is filtering SSH packets that don't use password logins for some weird reason.

---

Sorry Ryan. I think I managed to get you thoroughly confused anyway. :-) This command (su <username of admin> -c 'sftp macupload.symantec.com') probably should have been written as (su <admin username> -c 'sftp macupload.symantec.com'). BTW, did you realize that trying to use a naked sudo command when logged in as a regular user doesn't work on OS X? You just get a message saying that you will be reported to the sudo police. That's why I recommend telling users to either log in as admin or else use the (su <admin username> -c '<command goes here>' format.

Back to the topic at hand. What I was trying to say is that 216.10.196.81 is listed in iblocklist.com's "Primary Threats" blocklist, so that anyone using that list would find that IP blocked. For example, traceroute -n  216.10.196.81 fails.

PG2 Log:

Wed Jan  4 2012 21:38:26.435 MST -Blck- 192.168.1.xx:0 -> 216.10.196.81:0 unkw 'traceroute (405)' (Symantec Corporation:P2P)
Wed Jan  4 2012 21:39:01.543 MST -Blck- local:0 -> 216.10.196.81:22 (ssh) tcp4 ' (408)' (Symantec Corporation:P2P)

We obviously can't do anything about the PeerGuardian list. It's their choice to put our IP address in their block list. You'll have to just turn off that service if you want to use error reportring. 

Not to editorialize too much, but this is another reason that block lists that are not vetted like this are not very effective. Our software includes a built-in blocklist for blocking known malicious users that is vetted and updated very frequently; I don't recommend using that in conjunction with any other blocklist. 

Just an update that Error Reporting still isn't working for me, but according to Symantec, it's not a bug with NIS 5 for Mac.

Apparently there were some malicious attacks from a Verizon customer, and they've had my ISP blocked for months, which is why my iMac has never been able to connect to upload any error reports.

I have no idea whether these attacks are still ongoing or not, but the block apparently is still in place.  It seems a bit ironic that an Internet Security company can have some functionality shut down indefinitely for some customers.

I appreciate that an ERD fix for situations like this is a low priority, but I hope in the future that Symantec can offer better protection for Norton Internet Security so its features could remain functional, in spite of potential malicious activity.

Well, to set the record straight--your ISP (Verizon) is not being blocked, just your IP address. Verizon is a huge ISP and we definitely are not blocking all Verizon customers; in fact I am a Verizon customer and I don't have this issue at home.

Error reporting is not a tier 1 service--that is to say, it's not business critical. The product still functions fine when error reporting is unable to report. Needless to say, our product is not shut down when it cannot contact the error reporting server. In fact the rest of the product is even aware of error reporting's existance, let alone its success/failure. The product functions fine, and no protection is lost. I'm not sure what causes you to think otherwise--is there something that says it is disabled or not functioning?

Our IT department is looking into your specific problem, but as I said, since the product functions fine, and the server is not tier-1, they have de-prioritized it. I can't give any estimates when it will be resolved.

I understand that it's been de-prioritized.  It's been over 5 weeks since I provided all the specifics you requested, yet ERD continues to spam the system log every two hours with its failure messages.

I do appreciate your help in debugging the problem, last month.  All I'm doing at this point is documenting the problem for the community, in the event that other customers are also affected by this particular ERD issue.

I understand that my system is still protected, and the only aspect of the product that isn't functioning is the uploading of error and crash reports.  Still, it does come across like a vulnerability if hackers can deny access for months to a (lower-tier) service for a block of IP addresses.

Thanks again for your time and help with this.

// We plan on releasing a Firefox 10 compatibility update //

And what about Google Chrome? Considering Chrome is a more widely used web browser on Mac OS X Lion compared to Mozilla Firefox and you already have a fully working extension for Chrome with Norton Internet Security 2012 for Windows and Chrome extensions use the exact same API no matter if you are using the Linux, Windows og OS X version there shouldn't be that difficult writing one for Norton Internet Security for Mac.

To me it seems like Norton for Windows receives way more attention from Symantec / Norton developers than their Mac counterparts. And I guess that's not surprising considering the vast majority of crap out there is aimed towards Windows and not OS X.

But, charing the same price for a product that is inferior to its Windows counterpart in almost every single way and receives nowhere near the same amount of development and care from the Symantec / Norton developer team feels like a fraud if you ask me. Since Norton Internet Security 2012 for Windows was released in October (?) there have been multiple larger updates and quite a few smaller ones. For Norton Internet Security 12 for Mac there’s really been just one real update and considering the product was inferior to begin with this is simply not good enough.

Do you honestly feel the price tag of Norton Internet Security 12 for Mac and Norton Internet Security 2012 for Windows should be the same? If so how do you really defend this? Considering the feature list is not remotely close to the Windows counterpart and Mac users can expect like one update for every tenth Windows update? I don’t follow this logic.

I have been a loyal Norton user all since the remap back in 2009, but your Mac versions aren’t living up to your market priceat all.