Preselecting the option to install bundled software or to change program settings is such a common practice these days, that users ought to expect it and to look for the boxes that need to be unchecked before continuing an installation. SInce the bundled software is not malicious, but simply unwanted, the decision to opt in or opt out is really up to the user, not the security software they are running. After all, the MSN homepage and Bing search engine are both offered in this way when one installs or updates Skype. Not everyone wants these, but many people do. I really don't foresee Norton blocking these two Microsoft offerings, so where would you draw the line?
'Bundled' software is a very irritating thing nowadays and I should definitely be warned by NIS if 'additions' are incorporated in an installation or update, whether it is from Microsoft, Skype or whatever.
A few days ago I updated my wife's Samsung Windows 8 tablet with the updater "SW Update Client". Guess what happened. After the update Norton Internet Security was installed on the tablet. I did not encounter a checkbox or it was hided in a way it was difficult to discover, I don't know. Maybe Norton does not want to combat 'bundled' software because they are part of the problem.
Anyway, I hold the opinion that I should be warned when my computer is 'invaded', whether it is malicious or unwanted.
If you have agreed to installing said PUPs, you can't really blame Norton for allowing it, can you?
Can you see what I am getting at?
Yes, I can, but do not agree. The point is that 'permissions' often are difficult to discover and the majority of users just skips quickly through all kind of windows during an update or installation (see my Norton case in my former post). The concept of ‘bundled’ software misuses this habit and should therefore be prevented. I really don’t know when and where trovigo invaded my computer, despite I am above average aware about safety. That is also why I am really agitated about the fact Norton did not give a clear signal when it happened and at least last week trovigo was not even known at the website of Norton.
I can understand Norton cannot take responsibility for ‘accidently’ installing unwanted software as they have no control over what I am doing, but I can blame Norton for not warning me.
Hi HoogendoornJH To my knowledge I thought that Norton only focuses on malware that could damaged or destroy your computer so this is one of the reasons it doesn’t pick up PUP and other things along those lines people may consider them malicious but they can’t destroy your system. Reason being as many people have said in this thread and other threads people actually want these features that are bundled with the download for example a tool bar or something like that. For that reason this is why people reccomend programs like MalwareBytes to act like a wingman along side your Norton program although I do not use MalwareBytes I have heard from people that it’s a great program and works well with Norton.
When you said ‘Maybe Norton does not want to combat ‘bundled’ software because they are part of the problem’ do you think that Norton is apart of bundled software? I’m not judging or insulting your opinion in anyway but I think if an AV was involved in something like that we’d probably all know about it but that’s just me.
When you said 'Maybe Norton does not want to combat 'bundled' software because they are part of the problem' do you think that Norton is apart of bundled software? I'm not judging or insulting your opinion in anyway but I think if an AV was involved in something like that we'd probably all know about it but that's just me.
Regards
Well, please check with Samsung and refer to their program "SW Update Client". Anyway, NIS was installed on my wife's tablet outside my awareness, which is a very unwanted experience. To me the experience with the trovigo invasion in the first place and with Norton later, both during last two weeks, means that the pressure of unwanted software installations (USI’s) on internet is increasing.
AudiA1 wrote: Hi HoogendoornJH To my knowledge I thought that Norton only focuses on malware that could damaged or destroy your computer so this is one of the reasons it doesn't pick up PUP and other things along those lines people may consider them malicious but they can't destroy your system. Reason being as many people have said in this thread and other threads people actually want these features that are bundled with the download for example a tool bar or something like that. For that reason this is why people reccomend programs like MalwareBytes to act like a wingman along side your Norton program although I do not use MalwareBytes I have heard from people that it's a great program and works well with Norton.
Regards
I think the vision of Norton is too limited. An Internet Security Suite (or better: a Data Exchange Security Suite, it’s not only about internet but also about data exchange over USB-ports, telephone lines or whatever) should protect me against all kinds of (potential) unwanted intrusions/invasions from the ‘outside world’.
I agree, what can be wanted for the one, can be unwanted for the other. This however, could be managed by settings. An IS suite (or DES suite) should protect me and make me aware about actual and potential inconveniences regarding what is going in and out my computer/device.
Hi Was it a trial of NIS that may have come with the tablet? Try maybe asking the store you bought it from if they have any information about that. That way you can rule out if you got it from another download or with the tablet but to my knowledge I’ve never heard of Norton coming with other programs. And in regards to the SW update client I searched up on it and found out its samsung updates or something like that. Here’s the link http://www.samsung.com/uk/support/usefulsoftware/supportUsefulSwNotebook.do
AudiA1 wrote: Hi Was it a trial of NIS that may have come with the tablet? Try maybe asking the store you bought it from if they have any information about that. That way you can rule out if you got it from another download or with the tablet but to my knowledge I've never heard of Norton coming with other programs. And in regards to the SW update client I searched up on it and found out its samsung updates or something like that. Here's the link http://www.samsung.com/uk/support/usefulsoftware/supportUsefulSwNotebook.do
Regards
It was a trial of NIS. I only have a licensed NIS on my laptop and the PC of my wife. Currently our tablets (Samsung and HP, both Windows 8) are protected by the standard windows protection software.
Apart from that, I think tracing how I got the Norton USI (Unwanted Software Installation) on the Samsung tablet is outside this topic. It's a minor issue and served as an illustration of what is going on regarding USI's. I am not so interested in what happened, I am finding out what I can do for the future to avoid PUPs, USI’s and invasions like trovigo. Until now, NIS does not appear to be a partner in this search.
Hi Sorry for my mistake. My advice to avoid unwanted programs would be too look through things carefully while downloading and run a program alongside Norton like MalwareBytes Free to help you out just incase you miss one and it ends up installing. Other than that I’m not sure how else you can be protected from them. Just make sure you double check a lot of the stuff! That’s my opionin
A few days ago I updated my wife's Samsung Windows 8 tablet with the updater "SW Update Client". Guess what happened. After the update Norton Internet Security was installed on the tablet.
I use a Samsung laptop with SW Update. The updates that are available are all free applications and updates. I doubt that a paid program like Norton would be offered. Of course you can always check in the SW Update program itself - it does show what updates are available, which ones you have already installed, and which are still available. More likely, the Norton trial was preinstalled on the tablet and presented a pop-up to activate it, which was accepted. Either way, a paid program will not install unless it is authorized by the user.
One more point about SW Update: it gives you the option of installing everything that is offered or selecting only those updates that you want. This goes to the more general point of being attentive to what you install. If you cherrypick what you want, you know what you are getting. If you use the "One Click Install and Update" button you will get everything that is offered - and I don't think you could expect Norton or any other program to second guess your selection. That is the crux of the issue with PUPs - they do not install without a user "OK," albeit that approval is often obtained in sneaky ways. But it is an approval none the less, and Norton has no way of knowing if you actually wanted to install the software or not. You need to read everything.
SInce the bundled software is not malicious, but simply unwanted, the decision to opt in or opt out is really up to the user, not the security software they are running. After all, the MSN homepage and Bing search engine are both offered in this way when one installs or updates Skype. Not everyone wants these, but many people do. I really don't foresee Norton blocking these two Microsoft offerings, so where would you draw the line?
Hi SendOfJive:
I agree with you that Norton products should not automatically block bundled PUPs in case the user wants to opt in and install the bundled software. What I am suggesting is that Norton could do a better job of detecting these PUPs and then present the user with the option to remove (quarantine) or allow the installation to proceed.
The following example demonstrates how a "fake" Sysinternals Process Monitor installer bundled with unwanted third-party PUPs can be downloaded to my hard drive because Download Insight assigns a trust level of Good even though the file has Very Few Users and is Very New (i.e., the reputation of this file is unknown in the Norton Community). Results shown below were conducted with my Firefox v. 27.0.1 browser but were identical when tested with IE9. Kudos to elsewhere for providing the link to this wrapped installer.
"Legitimate" Process Monitor zipped file (ProcessMonitor.zip v. 3.5) from Microsoft Sysinternals SHA256: 3e7aad3fa75cc876a4d99f9df4e01d381c671f17d1b0160ee5d0dc1254d7f72b
Test "infected" installer bundled with PUPs (SoftangoDownloader_SysinternalsProcessMonitor.exe v. 1.5.3.14) from Softango SHA256: 0c9b0b4f007e86ec3e74407672c84da625fb916770513dbc0e6d3390e0b39d27
When I download the infected installer, Norton's Download Insight reports that the file is Safe. Note that full details of the File Insight report (attached) show that the trust level (reputation) is rated as Good even though the file has Very Few Users and is Very New.
When I run a second opinion on-demand MBAM scan of the downloaded SoftangoDownloader_SysinternalsProcessMonitor.exe, the wrapped installer is detected as PUP.Optional.InstallBrain. No automatic action is taken by MBAM - I am given the option of selecting the file and sending it to quarantine or ignoring the file (i.e., creating a scan exception) and allowing the PUPs to install when the file is eventually executed. (Note that on-demand scans with a NIS Insight Network Scan and Norton File Insight both reported No Threat Found).
A submission of SoftangoDownloader_SysinternalsProcessMonitor.exe installer to VirusTotal currently shows a detection rate of 10/48. AVG, AntiVir, ESET, Malwarebytes and other popular free and subscrition-based antivirus software detect this file as a possible threat - see yesterday's analysis report here.
And PUPs are not the only issue - PRIOR posted results here showing that malicious files can also evade detection by Download Insight and corrupt your Windows OS (another case of a Good trust level even though the file has Very Few Users and is Very New) depending on the site the malware is downloaded from.
So while I agree that no one antivirus program is able to block 100% of infections 100% of the time, I still feel that there's a great deal of room for improvement in Norton's protection when it comes to threat detection. If the file reputatuion is unknown (Very Few Users , Very New) shouldn't Norton at least display the Download Insight pop-up in yellow and classify the trust level as Unknown until enough data has been gathered via Norton Community Watch to determine the file's safety?
------------ MS Windows 32-bit Vista Home Premium SP2 * Firefox 27.0.1* IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS
That is the crux of the issue with PUPs - they do not install without a user "OK," albeit that approval is often obtained in sneaky ways. But it is an approval none the less, and Norton has no way of knowing if you actually wanted to install the software or not. You need to read everything.
I don't agree with you. 'Sneakyism' is a rising phenomenon on the internet and protection software should include the option to warn against and even the option to kill beforehand any kind sneakylike intrusion, invasion, installation, PUP, PUM, USI or whatever. Reading all the stuff which comes to someone takes a lot of time and at moments of hurry something might easy escape your attention.
HoogendoornJH, if you find a program that protects you 100% from EVERYTHING bad on the net, can you let me know about it ?
Norton cannot give you 100 % protection. No one program can, which is why I talk about layered protection.
When you drive a car with airbags, you also have secondary protection from seatbelts.
These other programs like MalwareBytes, are your secondary protection.
A quick scan daily with MalwareBytes will take a couple of minutes, at most.
Not too much to ask, when Norton is your primary protection.
Again, it is not about guaranteeing 100% safety, but about ‘total care’. It seems that the distinction between the two is difficult to understand. See also message 15.
When an AV program is changed to add additional scans to its protection, the system resources are going to go up for that AV program.
How much of a drag on your system are you willing to accept for adding "just one more feature"? And then someone else wants an additional "one more feature".
AV products concentrate on what they do best. Protect the user's system from damaging software/malware. I am willing to run a Malwarebytes scan once a week, overnight while I sleep to check for the PUPs and PUAs.
Well, I think this post is losing track and can be finalized.
Unfortunately, the concept of ‘total care’ is not shared by most contributors to this post. I think the challenge for protection software developers is in offering a complete, configurable suite covering all the protection you need to avoid unwanted and ‘sneaky’ intrusions, invasions, PUPs, PUMs, USIs or whatever in data exchange between devices (whether by internet, USB-ports, telephone lines or whatever). This holds especially for paid protection software as it should supply ‘added value’ amongst separate, more specialized and often free protection software.
For me, the most valuable contribution to this post was message number 3 from lmacri. My conclusion is that NIS will not deliver the ‘added value’ I demand from a paid package and a will compose a suite myself with free software, saving me the contribution fee for Norton in the future.
