• 所有社区 - 中文
    • 所有社区 - 中文
    • 论坛
    • 创意
    • 博客
高级

不是您要找的? 咨询专家!

此论坛帖文需要解决方案。
好评0

Support of NIS 21.7.0.11 Discontinued

I have been advised that Symantec has discontinued support of version 21.7.0.11 and that the only remediation for the exposure disclosed in Security Advisory SYM16-10 is to upgrade to version 22.7.0.x.

Is this correct?

回复

好评0

Re: Support of NIS 21.7.0.11 Discontinued

Norton Official Support advised you ...? regarding Symantec Security Advisory SYM16-010.

好评0

Re: Support of NIS 21.7.0.11 Discontinued

If you consider the comment about the Help about to be informative, I beg to disagree.  Many of us have deferred updating to 22.x due to it's various deficiencies and bugs that are still being corrected.  21.7.0.11 received the last fix for an announced security advisory.  What makes this different?

I think it would be appropriate for Symantec to make a clear, authoritative statement about continuing support and remediation for 21.7.0.11.

好评0

Re: Support of NIS 21.7.0.11 Discontinued

RLWA32: I think it would be appropriate for Symantec to make a clear, authoritative statement about continuing support and remediation for 21.7.0.11.

For sure....that's why I asked who advised you.....

RLWA32: I have been advised that Symantec has discontinued support of version 21.7.0.11

好评0

Re: Support of NIS 21.7.0.11 Discontinued

The advisement was contained in a response to the thread I started regarding the security advisory i.e., the only remediation was a product upgrade from 21.7.0.11 to 22.7.0.x.

Clarification of this issue by Symantec is urgently needed.

好评0

Re: Support of NIS 21.7.0.11 Discontinued

好评3 Stats

Re: Support of NIS 21.7.0.11 Discontinued

RLWA32:

I have been advised that Symantec has discontinued support of version 21.7.0.11 and that the only remediation for the exposure disclosed in Security Advisory SYM16-10 is to upgrade to version 22.7.0.x.

Is this correct?

I apologize; I'm going to have to parse words here, because of the nature of the situation and also because it's downright confusing to most people. If you don't end up reading the whole thing, the 1st part is not accurate, but the 2nd part is correct...

RLWA32:

I have been advised that Symantec has discontinued support of version 21.7.0.11...

 That phrase "discontinued support" is an odd one. Customers who wish to remain at 21.7 can continue to renew their subscriptions and turn off the version updates. We are not forcing anyone to update to the latest version (though it can be done, and it's free with your subscription). And if customers using 21.7 experience an issue with their product, they are free to contact our customers support - also for free - to get assistance. That said, there have been updates and fixes to the product since the release of 21.7, and sometimes the solution is to update to the latest version, where a fix exists. And again, if you don't want them to take that action, you don't have to. But the issue will continue to exist if you don't. This is why we released patches - to fix problems.

RLWA32:

...and that the only remediation for the exposure disclosed in Security Advisory SYM16-10 is to upgrade to version 22.7.0.x.

Is this correct?

That part is correct. We recommend that our customers update to version 22.7.0.x for the vulnerability patches, as well as a number of product improvements and features.

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
好评0

Re: Support of NIS 21.7.0.11 Discontinued

Shame on you for playing word games.

It is reprehensible that you would assert that a product with a publicly disclosed and uncorrected vulnerability is currently supported.

This is a new low for Symantec.

好评1 Stats

Re: Support of NIS 21.7.0.11 Discontinued

RLWA32:

Shame on you for playing word games.

I apologize if it seems that way, that was not my intent. Perhaps you can define what you mean by "discontinued support". I gave it a try, but it's clear that we disagree on what that means.

RLWA32:

...It is reprehensible that you would assert that a product with a publicly disclosed and uncorrected vulnerability is currently supported...

You and I have a very different definition of "supported", it's clear. Let's take for example Norton Internet Security. It is a product, and we support it. We even support that product so much that we have provided updates all the way to right now, with 22.7. And if you're talking about a specific version of Norton Internet Security, like 21.7, our customer support team will help you. Support.

Maybe I'm not understanding what you want, but it seems you want to patch the vulnerabilities while still remaining on 21.7. As I said, you would need to update to version 22.7.0.x to receive a patch for the vulnerabilities.

RLWA32:

This is a new low for Symantec.

Please explain why "this is a new low for Symantec."

Up to this point, I thought we had an interesting discussion going on the subject, and helping to clarify some questions other customers might have. It saddens me to think you're upset by this discussion, and for that I'm sorry. My "word games" are pretty important - I try to be as clear as possible in my communication, and I don't like to throw out terms that might be misunderstood. And when I do, and I'm wrong, I own up to it. You can check my past posts, or check with others on the forum. If I make a mistake, I apologize. But so far in your reply, you don't illustrate how I'm wrong or reprehensible, or even have sunk to a new low. I'm open to criticism, if it's backed up with information.

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
好评0

Re: Support of NIS 21.7.0.11 Discontinued

Q: do all Norton products prior to version 22.7.x need the 22.7.x patch to sort recent published vulnerabilities.

And by all, I mean... all major versions e.g., v21, v20, etc.
And by all, I mean...are v21, v20, etc. even subject to the recently published vulnerabilities.

好评2 Stats

Re: Support of NIS 21.7.0.11 Discontinued

I hardly think that a product with a publicly disclosed and unpatched vulnerability is being currently supported.  Telling me that I can stay on a vulnerable product if I want to is akin to telling folks that there's nothing wrong with continuing to run XP after Microsoft discontinued issuing security fixes. 

I find it hard to believe that Symantec has taken this position.  Why not just announce that NIS 21.7.0.11 is at End of Life and all must upgrade in order to be protected?

好评0

Re: Support of NIS 21.7.0.11 Discontinued

bjm_:

Q: do all Norton products prior to version 22.7.x need the 22.7.x patch to sort recent published vulnerabilities.

And by all, I mean... all major versions e.g., v21, v20, etc.
And by all, I mean...are v21, v20, etc. even subject to the recently published vulnerabilities.

Yes. 

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
好评0

Re: Support of NIS 21.7.0.11 Discontinued

Kudos to Project Zero

好评0

Re: Support of NIS 21.7.0.11 Discontinued

You're throwing out specific terms like "discontinued support", "discontinued", and "End of Life", which have very specific meanings, and varied implications. They also have legal definitions. But I don't think you're getting closer to what you actually want to say, or more specifically, what you want to hear from me.

So spell it out for me. What is it that you want at the end of this? What are you searching for? Use real words, not some terms that sound like they apply. I really want to give you answers, but we seem to be going back and forth.

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
好评0

Re: Support of NIS 21.7.0.11 Discontinued

Tony,

I'm not going to engage in semantic debate with you.  We can disagree about the meaning of terms all day but it doesn't change the fact that NIS 21.7.0.11 is now an unsafe product to leave installed in it's present state. 

好评0

Re: Support of NIS 21.7.0.11 Discontinued

I do agree with you, and I recommend the way to keep Norton Internet Security a safe product is to update to 22.7.0.x. But you don't want to do that, correct? Why not?

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
好评3 Stats

Re: Support of NIS 21.7.0.11 Discontinued

NIS 21.7.0.11 is presently installed on a Vista SP2 x64 system and a Vista SP2 x86 system.  I do not need compatibility updates for Win10 as these systems will not be upgraded to Win10.  From all that I have read on these forums 22.x has been extremely buggy. In my opinion, quality control has been less than stellar and the recent withdrawal and subsequent re-release of a 22.7.x update only serves to corroborate my feelings on the subject.

 My Vista systems will be taken out of service and replaced in the next several months since Vista SP2 will reach End of LIfe next year.  I was hoping to maintain stability in my platforms until they were replaced by new hardware and software but security advisory SYM16-10 and Symantec's decision not to provide a patch for 21.7.0.11 introduces unwanted complexity and, in my opinion, an upgrade of questionable quality and value.

好评0

Re: Support of NIS 21.7.0.11 Discontinued

I appreciate this excellent information. Thank you for helping me understand your situation and concerns. I'll be sure to let our product teams know about your perspective, as I'm sure there are other customers who feel the same way. You're seeing 21.7 and 22.x as 2 separate products, whereas we don't. So to that end, 21.7 will not be patched while keeping it at 21.7. The solution to this vulnerability is to update to 22.7.

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
好评0

Re: Support of NIS 21.7.0.11 Discontinued

Tony_Weiss:  You're seeing 21.7 and 22.x as 2 separate products, whereas we don't.

and yet, there was no free upgrade to v22 because v21 was a different product.   
FWIW ~ I see v21 and v22 as 2 separate products because Norton/Norton Support told me they're separate products.

好评0

Re: Support of NIS 21.7.0.11 Discontinued

RLWA32:

From all that I have read on these forums 22.x has been extremely buggy. In my opinion, quality control has been less than stellar and the recent withdrawal and subsequent re-release of a 22.7.x update only serves to corroborate my feelings on the subject....

...Symantec's decision not to provide a patch for 21.7.0.11 introduces unwanted complexity and, in my opinion, an upgrade of questionable quality and value.

First, most of what you will read on forums will concern problems that people are having.  Almost any new update for any software will have bugs, and people report them.  And although there have been glitches with the 22.7 update, I got both the first update and then the second and had no issues with either (Windows 10).  Updating to 22.7 does not mean you will automatically encounter problems.

Anytime something new rolls out, there is the possibility of something breaking.  Last week I discovered that a softphone program I use would no longer connect to its server.  After a lot of troubleshooting and research, it turns out that one of the latest Windows 10 patches broke something that the softphone needs to work properly.  These things happen and it doesn't mean that everyone should avoid or uninstall the Windows 10 update, just because my softphone doesn't work.

So can anyone guarantee you can install 22.7 and not have any issues at all.  No.  But the picture of complexity and problems you paint is not accurate, either.  One thing is for sure, though: the potential harm you might encounter by not updating is extremely serious.

好评0

Re: Support of NIS 21.7.0.11 Discontinued

Tony,

We agree that 21.7.0.11 is now unsafe.

After many years as a loyal customer my confidence in Symantec's Norton product line has been severely eroded.

Whether or not I will remain a Symantec customer is undecided at this time.

好评1 Stats

Re: Support of NIS 21.7.0.11 Discontinued

Tony_Weiss:

So spell it out for me. What is it that you want at the end of this? What are you searching for?

Hi Tony:

I agree with RLWA32's comments <here> regarding ongoing issues with v22.x.   I also have a Vista computer and my ideal solution would be to patch v21.7.0.11 for the vulnerabilities listed in the security advisory SYM-010.  I assume that would mean adding the new Symantec Data Scanner (SDS) engine to v21.x - which might be problematic if that SDS engine is responsible for any of the bugs currently listed in your Norton 22.7 - Hot Issues and Fixes post - but there are other features in the v22.x products (e.g., PEP, the emulator sandbox, etc.) that seem to cause no end of problems on older operating systems.  I tried upgrading to v22 on my 32-bit Vista machine a few months ago and immediately downgraded back to v21 because my system was so unstable.

If I remain with Norton my choices are to upgrade to a buggy v22.7 or stay with an unpatched v21.7 with known security vulnerabilities.  Now I have to consider a third option to remove NIS altogether and use another AV to tide me over until extended support ends for Vista in April 2017 and I have to purchase a new Win 10 laptop.  To bad I still have 200 days remaining on my NIS subscription.
------------
32-bit Vista Home Premium SP2 * Firefox v47.0.1 * NIS v21.7.0.11 * MBAM Premium v2.2.1

好评0

Re: Support of NIS 21.7.0.11 Discontinued

- N360 v21.7.0.11

- Windows 7 Home Premium OEM

Tony, I wanted to see if I understand what's been discussed in this thread. Is this the right interpretation? ↓

"I'll continue receiving normal (N360) v21x Live Updates but all v21x product versions will not receive some of the latest threat patches going forward."

Do I have that part right?

I haven't upgraded yet due to past reported issues with v22x related to its "Win 10 ready" problems.  I've noticed recently that the frequency of reported "Win-10 ready" related issues have decreased significantly.  As such, I've been thinking about trying the v22x upgrade but is that possible with N360 or would I need to change product lines to the NIS product line?  I can't recall the specifics that were discussed some months ago about it but I seem to recall that this is required (N360 v22x versions don't exist?).

Windows 7x64 Home Premium OEM Ver / MoBo: ASUS P7P55D-E / CPU: Intel i5-650 / RAM: 16 Gb Corsair DDR3
好评0

Re: Support of NIS 21.7.0.11 Discontinued

Scoop8: - N360 v21.7.0.11  I can't recall the specifics that were discussed some months ago about it but I seem to recall that this is required (N360 v22x versions don't exist?).

NAV/NIS/N360 v22.7.0.76 = Norton Security v22.7.0.76

My Norton product looks different
In the constant endeavor to provide latest technology and quality products, Norton has released an update for all of its security products.  Norton has released a new version of Norton AntiVirus, Norton Internet Security, Norton 360, Norton Security, and Norton Security Suite. This latest release reflects the new look of Norton, and is also compatible with Windows 10.

https://support.norton.com/sp/en/us/home/current/solutions/v111382660

好评1 Stats

Re: Support of NIS 21.7.0.11 Discontinued

Tony_Weiss:

You're seeing 21.7 and 22.x as 2 separate products, whereas we don't. So to that end, 21.7 will not be patched while keeping it at 21.7. The solution to this vulnerability is to update to 22.7.

Hi Tony:

Just had another thought.  Win XP machines with older CPUs that do not support the SSE2 instruction set all use v21.7.0.11 (or older) products because they can't upgrade to v22.7.0.76 per the support article Message: "An unsupported processor has been detected. This version of the product requires a processor that supports the SSE2 instruction set…" appears when I install my Norton product.

What options do these users have if Symantec doesn't patch v21.7.0.11 for the vulnerabilities listed in security advisory SYM16-010?
------------
32-bit Vista Home Premium SP2 * Firefox v47.0.1 * NIS v21.7.0.11 * MBAM Premium v2.2.1

好评1 Stats

Re: Support of NIS 21.7.0.11 Discontinued

So to that end, 21.7 will not be patched while keeping it at 21.7. The solution to this vulnerability is to update to 22.7...

Hi Tony,

Have to agree with the OP that your original answers came across somewhat muddled.  The above, however, is clear enough.  Frankly, if Symantec decides not to patch v21.7 and exit all effective threat support of same, well, in my view, they have decided to abandon ship in a less than honorable way.

The correct way should be to first patch and then give notice in advance of a pending eol for v21.7 .. allowing users to ponder what to do and to look for alternatives in case they don't want - or can't - upgrade to v22.7.

And, for the oldies still running SSE only XP computers the way forward would probably be to move to other products like Avast! et al. Unless you recompile v22.7 to run on such old CPUs.

Hope this mess works out to everyone's happiness! 

好评1 Stats

Re: Support of NIS 21.7.0.11 Discontinued

In my opinion, Symantec took the decision to strategically remove resources from NIS 21.7.0.11 maintenance and support beginning with its abandonment in 2015 of updates for the Firefox toolbar component. The writing was on the wall for those who cared to see it.  I am disappointed but not surprised by Symantec's current decision to leave 21.7.0.11 unpatched and susceptible to this latest publicly disclosed vulnerability.  It is consistent with the decline that began in 2015.

I do agree that a more responsible path should have been chosen by Symantec for it's 21.7.0.11 endgame instead of just summarily pulling the plug in an ambiguous and confusing manner.

好评0

Re: Support of NIS 21.7.0.11 Discontinued

RLWA32:

In my opinion, Symantec took the decision to strategically remove resources from NIS 21.7.0.11 maintenance and support beginning with its abandonment in 2015 of updates for the Firefox toolbar component. The writing was on the wall for those who cared to see it.  I am disappointed but not surprised by Symantec's current decision to leave 21.7.0.11 unpatched and susceptible to this latest publicly disclosed vulnerability.  It is consistent with the decline that began in 2015.

I do agree that a more responsible path should have been chosen by Symantec for it's 21.7.0.11 endgame instead of just summarily pulling the plug in an ambiguous and confusing manner.

ITMA.
​Changed-out N360 v21.7.0.11 - N360 v22.7.0.76, using the RnR Tool.
All progressed fine. Routine tested the facilities. OK

Hopefully, safely patched ?
Be safe out there !

"It's That Man Again."
The Silver Surfer. AK.  [ Nil illegitimi carborundum ! ]
p.s " AND NOW FOR, THE BBC NEWS ! "
http://www.bbc.co.uk/news/technology-36672002

好评0

Re: Support of NIS 21.7.0.11 Discontinued

Support is provided for all Norton products that have not reached the support end of life.
Symantec reserves the right to change its support policies at any time without notice.

https://support.norton.com/sp/en/us/home/current/solutions/v74023230

好评0

Re: Support of NIS 21.7.0.11 Discontinued

You may be required to update to the latest version of your product during the support process.

https://support.norton.com/sp/en/us/home/current/solutions/v74023230

好评0

Re: Support of NIS 21.7.0.11 Discontinued

Good morning to all.

Long time Norton customer since 2001...

So I suddenly discovered that my NIS 21.7 (which I renewed just last september) is at risk and no patch planned...

No communications on Live Update, popups or other.

If I haven't heard on a italian sw news site, I was unaware of the risk.

I hope that Norton do not suppose that users daily check Symantec's blogs.

The announcement is misleading: NO update at all to NIS. Only a conversion to NS subscription. Right?

So why allow users to still purchase renewal subscriptions to NIS which now is clearly no more supported?

Why I should still trust Norton?

I entrusted my pc to NIS and now I discover that I'm not protected? So for what I paid months ago? For no protection at all? For no security updates?

Who assure me that NS hasn't untold security flaws?

Is this a way to keep a customer?

Sorry if appear to be rude, but I am really disappointed of this nasty surprise.

好评0

Re: Support of NIS 21.7.0.11 Discontinued

Welcome to the club.

好评1 Stats

Re: Support of NIS 21.7.0.11 Discontinued

Axios2016:

So I suddenly discovered that my NIS 21.7 (which I renewed just last september) is at risk and no patch planned...

...The announcement is misleading: NO update at all to NIS. Only a conversion to NS subscription. Right?  So why allow users to still purchase renewal subscriptions to NIS which now is clearly no more supported?

Hi Axios2016:

NIS v21.7.0.11 can still be upgraded to the patched NIS v22.7.0.76 on most machines by running the Norton Remove and Reinstall (NRnR) Tool at www.norton.com/nrnr or clicking Support | New Version Check from the main Norton window.  The only exception is older XP machines that cannot be upgraded to v22.7.x if the CPU does not support the SSE2 instruction set, as noted <here>.

The features and design of NIS v22.7.x are very similar to Norton Security (NS) Deluxe v22.7.x but you will retain the terms of your current NIS license (e.g., 3-PCs, 1-Year) after the upgrade.  See my comments in CBR44's thread ccsvchst.exe problem about NAV/NIS/N360 vs the newer NS line of products.

No communications on Live Update, popups or other.  If I haven't heard on a italian sw news site, I was unaware of the risk. I hope that Norton do not suppose that users daily check Symantec's blogs.

I agree, and I'm not sure why Symantec is leaving it to news outlets and online IT sites to inform their customers.  I live in Canada and the news story this morning on CBC NewsWorld noted that some of the open source code used by Symantec hadn't been updated in seven years.  From the online CBC article Google finds critical flaws in popular Symantec, Norton antivirus software:

"Some of the antivirus products will automatically update, but others won't, meaning that network administrators and customers may have to take action to stop the vulnerabilities from being exploited, now that they've been made public".
------------
32-bit Vista Home Premium SP2 * Firefox v47.0.1 * NIS v22.7.0.76 * MBAM Premium v2.2.1

好评2 Stats

Re: Support of NIS 21.7.0.11 Discontinued

... and just an FYI that I tried the upgrade to NIS v22.7.0.76 on my own 32-bit Vista machine last night and preliminary testing has been less than satisfactory.  Since booting up this morning I've had a 3048,3 error that AutoFix couldn't repair (the Open Support Web Site button was nonfunctional and didn't redirect me to the support site), at least one failed Quick Scan during a system idle (a big to the software designer who moved the old Norton Tasks window to Settings | Administrative Settings | Background Tasks | Configure), one BSOD while I was testing a connection to an ODBC database, and a few other minor glitches.

This was a clean install of NIS v22.7.0.76.  I uninstalled v21.7.0.11 from the Control Panel (selecting "Please remove all user data"), ran the Norton Removal Tool (NRT) and re-booted, installed v22.7.0.76 using the latest NIS offline installer from www.norton.com/latestnis, and ran a LiveUpdate to ensure v22.7.0.76 was fully patched.  All MBAM Premium real-time protection is currently disabled for testing.  I'll monitor my system for a few more days and then decide if I should try to refresh my installation with the Norton Remove and Reinstall (NRnR) Tool or just forfeit my remaining 200 days of subscription and remove Norton from my Vista machine altogether.
------------
32-bit Vista Home Premium SP2 * Firefox v47.0.1 * NIS v22.7.0.76 * MBAM Premium v2.2.1

好评1 Stats

Re: Support of NIS 21.7.0.11 Discontinued

Tony:

I find this thread very interesting in that you seem to be stating that v 21.7.0.11 is not at end of life, and is still supported.  Yet you seem to state that while it is indeed supported, a solution to some particular problem could be the recommendation to upgrade to v 22.7.x.

I currently have 2 active NIS subscriptions to cover 2 desktops (1 on Win XP Pro, 1 on Win 7 Pro) and 2 laptops (1 on Win XP Home, 1 on Win 7 Pro).  Both subscriptions were recently renewed/extended by using 2 different Product Keys for NS Deluxe keeping the 2 desktops on one license and the 2 laptops on another.  (Yes, I know I could have combined them all onto 1 license, but I prefer to keep them separate; the two licenses expire about 3 months apart.)

My reasons for staying with the older NIS product center around certain workflow processes and habits that I have developed over almost 40 years.  While some of my uses have changed over the years I have not varied workflow that has served me well.  Currently much of my time is spent with editing BluRay video, and compiling it into BluRay and DVD discs.  Much of this activity places heavy processing loads on the system (one typical system is Win 7 Pro, i7 processor, 18GB ram, multiple TB of both internal and external HDD).  Since none of the source media comes from the internet I do not see the need for malware protection while editing, compiling, rendering, burning, etc.  Thus, I routinely use the NIS functions to a) disconnect from the internet, b) turn on Silent Mode, c) Disable Antivirus Auto-Protect during these activities. 

Because I have various $oftware program$ and video/photo hardware device$ that are not supported by Win 10, I have no intention of going to Win 10 --since it would incur a large expenditure to upgrade/replace my current software and hardware environment.

Currently, my biggest concern is that controlling (enable/disable) these 3 functions cannot be done in NS in the simple two or there key stokes it takes in NIS.  An additional concern is the removal of the Network Security Map function from NS.

Can you enlighten me as to what a viable path forward could be using Norton?

好评2 Stats

Re: Support of NIS 21.7.0.11 Discontinued

There is no disagreement that it is unsafe to continue using 21.7.0.11 which has not been patched for the publicly disclosed vulnerability described in Security Advisory SYM16-10.  At this juncture, Symantec's position is that the vulnerability is remediated by upgrading to 22.7.0.76.  You may decline to upgrade at your own risk.

好评3 Stats

Re: Support of NIS 21.7.0.11 Discontinued

There is no disagreement that it is unsafe to continue using 21.7.0.11 ... and, yet, Symantec still suggests that people with older computers stay with v21.7.x.x.

I know, a small portion of the user base, but, let me quote Symantec: The newest version of our Norton product (22.x.x.x) requires SSE2 compatibility to run. The Norton product version that is compatible with your processor is 21.7.x.x.

https://support.norton.com/sp/en/us/home/current/solutions/v101962385_En...

I installed 22.7.0.76 on one of my W7 laptops only to remove it shortly thereafter.  I went back to 21.7 via a re-image of the c: drive.  The reason why I returned to 21.7 was twofold: a) 22.7 introduced changes to my laptop which made it unstable (and which I did not understand); b) I dislike the 22.7 UI compared to 21.7.

It feels as if the smart guys have made changes to the 22.7 UI not to improve functionality, but, instead, just for the sake of making changes.  Besides being pretty dull, as pointed out, simple stuff is now hidden under multiple menu layers...

好评2 Stats

Re: Support of NIS 21.7.0.11 Discontinued

ITMA.
​In this modern day and age, with the global addiction to all-things tech. It's only going to get worse all-around.
The turn-around time for IT stuff, in all categories, is constantly decreasing. It's all driven by the ever-increasing demand for profits.
What the WWW, Companies, Providers, Uncle Tom Cobley & ALL require, is an enforceable 'CODE OF PRACTICE'

" YOU'RE NEVER GOING TO GET IT ! " ¦ " MORALS & MONEY DON'T MIX. "

Be safe out there !
"It's That Man Again."
The Silver Surfer. AK. [ AGED ¦ BUT, NOT OLD. ]

好评1 Stats

Re: Support of NIS 21.7.0.11 Discontinued

Seriously concerned by all BSOD reports on NS 22, the lack of SONAR offline, no network map... First time in 15 years that I'm considering other av...
好评2 Stats

Re: Support of NIS 21.7.0.11 Discontinued

Tony_Weiss:

You're throwing out specific terms like "discontinued support", "discontinued", and "End of Life", which have very specific meanings, and varied implications ...So spell it out for me. What is it that you want at the end of this? What are you searching for?

Hi Tony:

Here's a few additions for the wishlist:

Accountability from Senior Symantec Managers

Earlier this year Tavis Ormandy found an update spoofing vulnerability in Malwarebytes' Anti-Malware (MBAM) where updates were not delivered over secure https: connections. CEO Marcin Kleczynski posted an open letter to customers titled Malwarebytes Anti-Malware Vulnerability Disclosure in the MalwarebytesLab blog that included:

  • Steps Malwarebytes had already taken to fix the problem on their servers
  • Additional steps Premium (paid) users could take to mitigate the vulnerability on their own computer until they received the permanent patch
  • An actual apology to users for potentially exposing their system to exploits
  • Steps Malwarebytes was taking to prevent similar problems from happening in the future
  • An e-mail address where users could send specific concerns and questions

That's a great example of how AV and other security software companies should communicate with their customers as soon as serious vulnerabilities in their products are made public.

Clear Timelines for End of Support for Older Product Lines and Versions

Microsoft's Windows Lifecycle Fact Sheet clearly shows that mainstream support (feature improvements plus non-security and security updates) for my Vista SP2 OS ended 10-Apr-2012 and that extended support (security updates only) will end 11-Apr-2017 when Vista SP2 reaches it's official end-of-life (EOL).  Definitions for mainstream vs extended support are outlined in item # 6 of the FAQ.

Symantec's Support Policy only states that "Support is provided for all Norton products that have not reached the support end of life. You can find a list of the currently Supported Product Families below. You may be required to update to the latest version of your product during the support process".  That policy is vague and misleading if there is no clear definition or timeline for the EOL of a product.

If Symantec is not going to patch Norton v21.7.0.11 and older versions for the critical security vulnerabilities listed in SYM16-010 then I agree with RLWA32 that these versions have effectively reached EOL - regardless of whether they continue to receive daily virus definition updates or not.  Clear instructions for upgrading to v22 products should be pinned at the top of the NIS/NAV/N360 board ASAP.  Options (and a stern warning on possible risks) should be provided for customers like CeeBee who own older XP machines that cannot be upgraded to v22 because their CPU does not support SSE2 instructions.  Allowing unwary customers to continue running AV software that is vulnerable to exploit is irresponsible.
-----------
32-bit Vista Home Premium SP2 * Firefox v47.0.1 * NIS v22.7.0.76 * MBAM Premium v2.2.1

好评0

Re: Support of NIS 21.7.0.11 Discontinued

lmacri:

Symantec's Support Policy only states that "Support is provided for all Norton products that have not reached the support end of life. You can find a list of the currently Supported Product Families below....

If Symantec is not going to patch Norton v21.7.0.11 and older versions for the critical security vulnerabilities listed in SYM16-010 then I agree with RLWA32 that these versions have effectively reached EOL - regardless of whether they continue to receive daily virus definition updates or not.

I don't mean to quibble, but the Support Policy you cite lists Norton Products by product type, not version.  So if a product can be patched by updating to the latest version, then that product is indeed supported.  Norton is not basing support on individual version numbers, so saying that version X has effectively reached EOL doesn't really mean anything if it has an update that is available to you and the product itself, (NIS, NS) is being still supported.

I do think users faced with the SSE2 issue have a legitimate concern that needs to be addressed.  But for users who simply prefer the older version or want to wait until all the bugs are fixed in the latest version, I don't think you can make an argument based on "support" - the remedy for the security vulnerability is available to you.

好评2 Stats

Re: Support of NIS 21.7.0.11 Discontinued

SendOfJive:
lmacri:

Symantec's Support Policy only states that "Support is provided for all Norton products that have not reached the support end of life. You can find a list of the currently Supported Product Families below....

If Symantec is not going to patch Norton v21.7.0.11 and older versions for the critical security vulnerabilities listed in SYM16-010 then I agree with RLWA32 that these versions have effectively reached EOL - regardless of whether they continue to receive daily virus definition updates or not.

I don't mean to quibble, but the Support Policy you cite lists Norton Products by product type, not version.  So if a product can be patched by updating to the latest version, then that product is indeed supported.  Norton is not basing support on individual version numbers, so saying that version X has effectively reached EOL doesn't really mean anything if it has an update that is available to you and the product itself, (NIS, NS) is being still supported.

I do think users faced with the SSE2 issue have a legitimate concern that needs to be addressed.  But for users who simply prefer the older version or want to wait until all the bugs are fixed in the latest version (you do so at your own risk), I don't think you can make an argument based on "support" - the remedy for the security vulnerability is available to you.

v21 NAV/NIS/N360 users were (note were) denied free upgrade to Norton Security v22 because they were (note were) not the same product.   
note: Symantec reserves the right to change its support policies at any time without notice. (IMO ~ legal speak for protect the mother ship)
(IMO ~ if there is a policy > write it down || ~ if there is no policy > why not)

好评3 Stats

Re: Support of NIS 21.7.0.11 Discontinued

1. Symantec was quite capable of nagging me to upgrade to the next version of NIS by displaying prominent notices on my screen.  The same mechanism could be used to advise 21.7.0.11 users that they are now at risk and that a version upgrade is the only available remediation.

2. Symantec has my email address in its records and it probably has the email addresses of a large number of it's customers.  A mass mailing that advised of the unpatched security vulnerability and the need to upgrade to achieve remediation would be another way to communicate with the customer base.

3. As long as 21.7.0.11 remains unpatched maintaining the pretense that continued use without upgrading is supported (by any definition) is both irresponsible and misleading.  The unpatched vulnerability makes discussions about definitions of support moot.  This version is unsafe at any speed.  Symantec should recognize that defending the propriety of this position and its legalistic conformity with written terms of service is actually a disservice to customers.  Lawyers are the only group satisfied by this nonsense.  Real customers are confused by the poor communication and the incredible disconnect between the existence of an unpatched vulnerability that effectively ends the useful service life of 21.7.0.11 while at the same time Symantec publicly asserts that 2.17.0.11 is still supported.

4. When it comes to XP, diehard users are already treading in dangerous territory but at least there is no illusion that Microsoft currently supports the operating system.  Asserting the fiction that there is support for 21.7.0.11 on older XP systems, even when there is no remediation (and no upgrade path due to well known hardware limitations)  is both irresponsible and disrespectful of the customer.

好评2 Stats

Re: Support of NIS 21.7.0.11 Discontinued

I do think users faced with the SSE2 issue have a legitimate concern that needs to be addressed...

As long as Symantec makes a point of saying that "The Norton product version that is compatible with your processor is 21.7.x.x...", imo, they  should provide support: https://support.norton.com/sp/en/us/home/current/solutions/v101962385_En... 

Not to quibble, I would say that this signifies support based on version number.

If not, Symantec should notify 21.7 users in good time that patch support will be discontinued so that they can plan ahead.  The current muddle and 'slow-or-no' action silence is pretty pathetic in my humble opinion!

I would indeed like to see 21.7 patched/maintained for some time, but, my key concern is not my legacy (non-SSE2) computers running XP Pro.  It's my other W7 computers also running 21.7, as I do not care for 22.7 in its current incarnation (as noted in another posting).

Said differently, granted that 21.7 is patched, I'll probably stay on this version for some time to come.  Hope is the last thing....

好评0

Re: Support of NIS 21.7.0.11 Discontinued

ITMA.
​IT'S ALL ABOUT MONEY !
Nobody wants to utilize a 'leaky sieve' security product. Why would anyone buy a product with 'bugs' ?
You wonder what part of any
'passion for product', 'code of practice', or 'customer experience', adopted by 'Symantec/Norton', applies in this case.
You'd like to see an 'all product' fix, or some sort of
remediation.
I'd be surprised if anyone is made a cash offer. A bit like Microsoft and the $10,000 ex-gratia payment, for screwing up the W10 upgrade.
Forums give you a voice; but is anybody really listening ?

Be safe out there !
"Patronizing, demeans humanity."
The Silver Surfer. AK. { OLD ¦ BUT, NOT AGED. }

好评0

Re: Support of NIS 21.7.0.11 Discontinued

Tony_Weiss:

...21.7 will not be patched while keeping it at 21.7. The solution to this vulnerability is to update to 22.7.

So, that's it?!  Thread finished?  All four of my computers are still on 21.7 and I don't have a Plan B to upgrade to 22.7 at present.  Maybe time for Plan C...   

好评0

Re: Support of NIS 21.7.0.11 Discontinued

 

So, that's it?!  Thread finished?  All four of my computers are still on 21.7 and I don't have a Plan B to upgrade to 22.7 at present.  Maybe time for Plan C...   

What did you expect?  Are you following the BSOD thread in the Norton Security forum?

好评0

Re: Support of NIS 21.7.0.11 Discontinued

RLWA32: What did you expect?  Are you following the BSOD thread in the Norton Security forum?

Well, no, I wasn't.  But, skimming through that thread [BSON] explains why it's pretty quiet here.  At any rate, in hindsight it seems it was a good thing to remove my test 22.7 and revert to 21.7 in spite of its shortcomings.  I hope my other AV programs pick up the slack.  Thanks for the heads up.

好评0

Re: Support of NIS 21.7.0.11 Discontinued

CeeBee:
.  I hope my other AV programs pick up the slack.

I don't think you fully understand the severity of the unpatched vulnerability in 21.7 (or 22.6).  Read http://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html

Technical details aside, the report states "These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption."

好评0

Re: Support of NIS 21.7.0.11 Discontinued

RLWA32:
I don't think you fully understand the severity of the unpatched vulnerability in 21.7 (or 22.6).  Read http://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html

Technical details aside, the report states "These vulnerabilities are as bad as it gets...

What is there not to understand in "...as bad as it gets"?  That said, I read and reread the link above and frankly most of it is Greek to me.  So, those parts I don't fully understand.  I bet few normal users do.  And why should they?

Then again, if 22.7 is BSOD and 22.6 and 21.7 are vulnerable, what's left?  Another AV as my Plan C.  Besides, I do not rely on Norton alone.  I use a multi-pronged defense approach .. all very classified! 

好评0

Re: Support of NIS 21.7.0.11 Discontinued

The vulnerability essentially makes unpatched NIS an attack vector.  It can be used to hose your system  without any interaction from you. In describing one of the vulnerabilities, the researcher said " It’s a 100% reliable remote exploit, effective against the default configuration in Norton Antivirus and Symantec Endpoint, exploitable just from email or the web. As the bug is in the core scan engine’s decomposer library, all Symantec and Norton branded products are affected."

So that means that the vulnerable Symantec email scanner can be exploited any time you receive mail!  The risk is yours to take.  Good luck.

This thread is closed from further comment. Please visit the forum to start a new thread.