Security shortcoming in Norton 360 v.22.5.2.15

Archive
1

I have been a staunch user of Norton products for many many years, both in my personal life and in my professional life. Norton 360 came with my Windows 7 laptop when I first purchased it (about 3-4 years ago).  It may have been called a different name back then, but the functionality was the same then as it is now (virus protection, security protection, backup, computer optimization, and many other utilities).

I have not had a problem or an issue with Norton 360.  This was until the latest update (to make it compatible with Windows 10) was released.  Since updating, my backup and my disk optimization won't run unless I'm logged into my laptop under an account that has administrator-level rights.

The requirement for administrator-level rights for the backup and the disk optimization is something new to Norton 360.  It wasn't experienced before the latest version (22.5.2.15) was released.  In speaking with Norton Tech Support representatives, I was told that it was discovered that administrator-level rights were needed for some functions (backup and disk optimization) to run completely in the new version.  This begs me to ask why was this modified to require this in the new version versus what was present in the previous version?  Was the previous version not able to access all necessary files?  

Common-sense security tells you to never use an an account with administrator-level rights in everyday use (due to the very increased risk of a virus or malware being downloaded and then being able to run having administrator-level rights to all files and processes on the computer).  This is why my everyday use account is not one that has administrator-level rights, it only has standard user-level rights.  If a program requires Administrator-level rights, it has to prompt me for the credentials of the Administrator-level account which I would then proceed to enter and allow the program to continue with the elevated access level.

Requiring customers to be using an account with Administrator-level rights for every day use (just so that backup and disk optimization can run completely and successfully) is a practice that defies common-sense security.  Requiring customers to have to log out of my standard user account (that doesn't have Administrator-level rights) and log in with my account that does have that access level is inefficient and will cause customers to choose not to do so.

Norton 360 v.22.5.2.15 needs to be patched so that Administrator-level rights are not necessary for these utilities to run.  Either that or the user is prompted to supply the credentials for an account that does have Administrator-level rights in order for these utilities to run correctly and successfully.

In the future, if this isn't patched, this would be a reason why I would not continue to use Norton products/Norton 360 and pursue other programs that can be used that don't require customers to always be on an account that has Administrator-level rights.