back to article Dodgy Norton update borks UNDEAD XP systems

A dodgy Symantec update brought pain for those remaining Windows XP users who rely on Norton to defend their undead operating system free from viruses. In a statement, Symantec admitted the problem but downplayed its significance. This issue has now been resolved. The limited number of customers affected should run a Live …

  1. wowfood
    Black Helicopters

    equips tinfoil hat

    Microsoft are starting to pay antivirus companies to bork up windows XP. That way more people will realize how much trouble xp is and will then upgrade to windows 8 (yeahright).

    That or norton are just terrible. I've had a lot of issues with them from dodgy updates, including blocking of all web traffic, so I coudln't even update norton, deleting my explorer.exe and blocking me from installing certain games / deleting the game exe after installation because it thinks the game is a virus.

    Not had nearly as many issues on kaspersky.

    1. Mtech25
      Devil

      Re: equips tinfoil hat

      Norton is just terrible, Microsoft does need to pay them to stuff something up they just need to wait.

    2. Anonymous Coward
      Anonymous Coward

      Re: equips tinfoil hat

      Google: Symantec sucks

      Norton AV has been a disaster area since 2007. Uninstall it already. MSSE should be enough for anyone.

      Kaspersky - the problem with them is that their customer base includes drooling lunatics that frequent the forums (no, not you, you're fine). A bit like Cadillac, a fine car, but risk of being confused with funeral directors, drug dealers and pimps.

      1. Anonymous Coward
        Anonymous Coward

        Re: equips tinfoil hat

        Norton probably was a disaster in 2007 but they noticed and did a major reimplementation for 2009 and it's been pretty good since then.

        1. Mpeler
          Mushroom

          Re: equips tinfoil hat

          Norton probably was a disaster in 2007 but they noticed and did a major reimplementation for 2009 and it's been pretty good since then.

          Yep, major reimplementation - new and improved disaster...

          anymore "if it's horton (hurtin'), it must be Norton..." They used to be good, long ago...(speaking as a former customer and "borkee"...)...

      2. regadpellagru

        Re: equips tinfoil hat

        "Norton AV has been a disaster area since 2007. Uninstall it already. MSSE should be enough for anyone."

        Not sure about the date, but indeed the darn thing has been shite for years. Too intrusive to OS, and not providing any significant cover.

        Use avast, destroy anything bearing the Norton tag you can see ...

      3. Gis Bun

        Re: equips tinfoil hat

        MSE is crap. It missed a few malware critters on one computer I saw and couldn't even detect a root kit on another. How I knew? Installed AVG Free. Trend Micro rootkit utility confirmed the rootkit.

        1. Anonymous Coward
          Coat

          Re: equips tinfoil hat

          MSE does not generally search for Rootkits AFAIK. That's usually down to other types of search and software.

          Malrewarebytes on the usb in the pocket...

        2. JeffyPoooh
          Pint

          Re: equips tinfoil hat

          The monthly MSSE Malware scan at boot-up is supposed to catch the deeper ones.

          Supposed to.

          If it's a Root-Kit, how could you guarantee any software running under the compromised OS to be able to detect it. This all goes back to some basic computational philosophy proven in the days of Turing et al.

          Fundamentally, Norton AV is *worse* than being infected. A living nightmare.

        3. Anonymous Coward
          Anonymous Coward

          Re: equips tinfoil hat

          "MSE is crap. It missed a few malware critters on one computer I saw and couldn't even detect a root kit on another"

          It's pretty good for free. If you find something it doesn't detect then send them a sample and it will usually detect it in less than a day...

    3. adam payne

      Re: equips tinfoil hat

      Microsoft doesn't need to pay Symantec to break Windows. Symantec can do that all by themselves.

      1. John Tserkezis

        Re: equips tinfoil hat

        "Microsoft doesn't need to pay Symantec to break Windows. Symantec can do that all by themselves."

        So can Microsoft, for that matter.

    4. Anonymous Coward
      Anonymous Coward

      Re: equips tinfoil hat

      "I have 3 PCs with XP"

      That's your problem right there....

      1. Anonymous Coward
        WTF?

        Re: "That's your problem right there...."

        Eadon? Is that you? Who let you back on here without your meds?

    5. Gis Bun

      Re: equips tinfoil hat

      Just wondering if you are a conspiracy nut?

      Seriously? Microsoft paying Symantec to screw up the OS?

    6. paulc
      Mushroom

      Re: equips tinfoil hat

      Far be it for me to say, being a dedicated Linux user, but Windows 8 is fine once upgraded to 8.1 and a replacement shell put in place to bring back the proper start menu...

      the only reason I've got win 8.1 at all is because this bleeping laptop refuses to let me boot anything else but the hard disk... Linux is therefore running as a full screen virtual machine on that box...

  2. David Austin

    Probably just the start

    It's probably going to happen more and more, I'm afraid: As the XP Population (Very slowly) dwindles, the focus on testing and QA will switch to newer operating systems. Coupled with that, the vendors can't get ISV support from Microsoft to get the bottom of trickier issues.

    It may not be fair, but a mix of financial return spending on XP, and less wild systems to verify updates means this will crop up again.

    About the only small saving grace is that the people left on XP are going to get more and more technical, either due to being technical enough to do it already, or out of necessity to keep a critical legacy app running, so they'll get more adapt at sorting this kinda mess out.

  3. JeffyPoooh
    Pint

    'Uninstall all Symantec / Norton products immediately... that might help'

    There. I fixed it for you.

    1. Adam 1

      Re: 'Uninstall all Symantec / Norton products immediately... that might help'

      Lol. Someone who thinks the uninstaller provided by Norton is for removing the software.

  4. Brewster's Angle Grinder Silver badge

    If Microsoft won't support the OS without being handed a fat wodge of cash, why should anybody else?

    1. Lamont Cranston

      Are Norton giving out updates for free, then?

      Last time I checked, you needed to pay an annual subscription.

      1. veti Silver badge

        Re: Are Norton giving out updates for free, then?

        Exactly. They're being paid to provide a service, and they're offering that service to customers on XP - then those customers have every right to complain, loudly, when they don't get what they pay for.

  5. Anonymous Coward
    Anonymous Coward

    As for 'happens to all'...

    As a once-upon-a-time Norton user - don't quite remember why and it seems like another life, or someone else's - I got pleasure from their cultured crapness once I'd ditched Symantec. But it has become very disappointing the way all-but-everyone jumped on the bandwagon in recent years; especially including Kaspersky!!! Back in the acv day I settled on Kaspersky or Eset, but even before the former bricked machines with updates it became the treacleburger Norton and McEffme had thought they'd cornered the market in years before. As for NOD32, I've been using it for years now and the only time I've had an issue is when I used to test the betas (specifically an x64 build that wouldn't work if Data Execution Prevention was turned on, back in '07. Didn't brick the machine, just prevented the service starting, and as I say, this was a beta. Fixed by RTM). If anything I run NOD32 on has been compromised, I've never been aware of it; meanwhile it continues - as it has done since about '06 when one build was almost as bad as the competition - to run unobtrusively, i.e. un-performancesappingly. I stopped beta testing it when I started recommending it to customers, i.e. from that point I only ran what my customers were running. I give them free telephone support but none have ever required it.

    iow arse'oles to 'happens to all'.

  6. wikkity

    RE: behaved as "badly as a virus"

    So operating normally with norton installed then

  7. Jodo Kast

    For the love of...

    Windows XP computers should not be on the internet...

    Good gravy! I guess security is just not a concern for these users.

  8. Piro Silver badge

    "It costs a lot of pain before you work out it was Norton"

    Nah, it doesn't. The problem was clearly Norton. First place I'd start, to be honest.

  9. Gis Bun

    AV support

    I think most AV software will cease to provide updates by around next July. I am assuming paid subscriptions won't let you go past that date [or barely].

  10. Anonymous Coward
    Anonymous Coward

    As long as...

    M$ offer free security updates to my XP [cough] POS[cough] install, the AV producers should not have an issue keeping THEIR products working correctly.

    btw, Norton software has been appallingly bad for almost as long as McAffes.

    PS I am still unsure if POS stands for "Point of Sale" or "Piece of Shit", in relation to M$ products.

    1. Anonymous Coward
      Anonymous Coward

      Re: As long as...

      I've always mentally translated it as Piece Of Shit long before Microsoft came along and what with all the retail breaches....

  11. Anonymous Coward
    Anonymous Coward

    The only good Norton

    was made by BSA.

    1. Pascal Monett Silver badge
      Trollface

      Whoa there !

      BSA made something ?

      And it was GOOD ?

      I think I need to lie down....

  12. Alistair
    Coat

    windows products now running in vm snapshots.

    If there are updates needed they get applied, and tested for 48 hours. If there are no issues, update the snapshots, otherwise roll back.

    keep 3 copies in backup.

    Burnt twice too often thanks.

  13. Cynicalmark
    Happy

    Norton?

    Blimey, someone still uses Norton Crappy Virus? Well, if i wanted my devices open to all and sundry I'd save myself the time of the install and just throw my bank and ID details open on the Net. Seriously though keeping XP is fine, but using such a bloated overpriced AV package is a recipe for disaster in my opinion.....

    1. PeterM42
      FAIL

      Re: Norton?

      Some people even use McCRAPAfee.

  14. chris lively

    Bad Virus Updates vs Viruses

    Isn't it time for someone to do a study that shows the number of computers killed by bad virus scanner updates vs the things they are supposed to be protecting us from?

    It seems to me that we see more articles talking about virus scanners killing computers than we do viruses causing issues.

    1. JeffyPoooh
      Pint

      Re: Bad Virus Updates vs Viruses

      Once upon a time, I uninstalled Norton AV because it kept breaking the PC, cleaned up the registry mess that the NRT left behind, and after some hours of effort got the computer up and running again. Then ran it naked on the 'net for months and months (zero security software). Worked like a champ. After a while, I found some new AV software to try. So I carefully installed it and run all the scans six ways from Sunday. Nothing found. Nothing.

      Eventually stumbled into MSSE and it's been 99.9% smooth sailing ever since. Seriously reduced my blood pressure compared to "The Living Hell That Is Norton"™.

  15. Anonymous Bullard
    Windows

    I'm not sure what's worse, Norton AV taking up CPU+disk, trashing your computer and emptying your bank account, or a virus?

    At least the bot-net trojans actually want your PC to remain active.

  16. Andy The Hat Silver badge

    I find it quite sad to read this. Norton utilities used to be *the* thing to have (I still have Peter Norton's excellent book on Dos somewhere ...) The very early Norton AV product was good too. As soon as it was rolled and bloated into the full 'Symantec' branded product (as someone said, about 2007 ish) that was the time to bail ...

  17. Anonymous Coward
    Anonymous Coward

    The architecture of Norton is a VM that hosts Windows, not very reliably.

  18. Speltier

    Norton bah humbug

    I used to be a Symantec/Norton customer for Windows. Right up till I let the kit expire and tried to renew. It took months of back and forth with Symantec helpless desk (uninstall, reinstall, no not once but twice in a row, run this special exec (multiple times with multiple flavors, sometimes from hidden pages on the Norton site), edit your registry (multiple times), delete this file or that one, re-install from CD not the net, no try the other way around, reboot whilst sacrificing a chicken on the keyboard, ...). This all happened after they hired the idiot CEO that decided to focus on "piracy", it was a common thing at that time to think a company's problems could be fixed by anti-piracy. Usually, though, all those heavy handed anti-piracy actions alienated paying customers. Like this one.

    This sort of "every customer is a criminal IP thief unless proven otherwise" attitude damaged several companies. You'd think that a customer that has been around for a few years is likely legit...and reserve the thumb screw version of the software for first time buyers. The c-suite is usually devoid of intelligence though.

  19. yuhong

    On MSE and WinXP...

    Unfortunately, I know of no way to turn off the WinXP warning in MSE, and they only guarantee definition updates until July 2015 anyway.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • Symantec: More malware operators moving in to exploit Follina
    Meanwhile Microsoft still hasn't patched the fatal flaw

    While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.

    Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.

    In the meantime, reports of active exploits of the flaw continue to surface. Analysts with Proofpoint's Threat Insight team earlier this month tweeted about a phishing campaign, possibly aligned with a nation-state targeting US and European Union agencies, which uses Follina. The Proofpoint researchers said the malicious spam messages were sent to fewer than 10 Proofpoint product users.

    Continue reading
  • VMware customers fear Broadcom acquisition will stall innovation, increase cost
    Gartner advises renegotiating subscriptions now to avoid ‘dramatic’ and ‘extraordinary’ price rises

    Analyst firms S&P Global Market Intelligence and Gartner have both offered negative evaluations of Broadcom's takeover of VMware.

    S&P surveyed VMware customers and found 44 percent feel neutral about the deal, and 40 percent expressed negative sentiments.

    But when the analyst crunched the numbers for current customers of both VMware and Broadcom, 56 percent expressed negative sentiments. More than a quarter rated their response to the deal as "extremely negative".

    Continue reading
  • Clipminer rakes in $1.7m in crypto hijacking scam
    Crooks divert transactions to own wallets while running mining on the side

    A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.

    The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions, according to researchers with Symantec's Threat Intelligence Team.

    The first samples of the Windows malware appeared in January 2021 and began to accelerate in their spread the following month, the Symantec researchers wrote in a blog post this week. They also observed that there are several design similarities between Clipminer and KryptoCibule – another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.

    Continue reading
  • North Korea's Lazarus cyber-gang caught 'spying' on chemical sector companies
    Crypto-coin theft isn't enough to keep these miscreants busy

    North Korea's Lazarus cybercrime gang is now breaking into chemical sector companies' networks to spy on them, according to Symantec's threat intel team.

    While the Korean crew's recent, and highly profitable, thefts of cryptocurrency have been in the headlines, the group still keeps its spying hand in. Fresh evidence has been found linking a recent espionage campaign against South Korean targets to file hashes, file names, and tools previously used by Lazarus, according to Symantec.

    The security shop says the spy operation is likely a continuation of the state-sponsored snoops' Operation Dream Job, which started back in August 2020. This scheme involved using phony job offers to trick job seekers into clicking on links or opening malicious attachments, which then allowed the criminals to install spyware on the victims' computers.

    Continue reading
  • Russian-linked Shuckworm crew ramps up Ukraine attacks
    Cyber-espionage gang using multiple variants of its custom backdoor to ensure persistence, Symantec warns

    A Russian-linked threat group that has almost exclusively targeted Ukraine since it first appeared on the scene in 2014 is deploying multiple variants of its malware payload on systems within the country.

    The Shuckworm gang – also known as Armageddon and Gamaredon – is using at least four distinct variants of its Pterodo backdoor that are designed to perform similar tasks but communicate with different command-and-control (C2) servers, according to Symantec's Threat Hunter Team.

    "The most likely reason for using multiple variants is that it may provide a rudimentary way of maintaining persistence on an infected computer," the researchers wrote in a blog post Wednesday. "If one payload or [C2] server is detected and blocked, the attackers can fall back on one of the others and roll out more new variants to compensate."

    Continue reading
  • Kaspersky cracks Yanluowang ransomware, offers free decryptor
    Step one, get some scrambled files back. Steps two through 37...

    Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.

    Yanluowang, named after a Chinese deity and underworld judge, is a type of ransomware that has been used against financial institutions and other firms in America, Brazil, and Turkey as well as a smaller number of organizations in Sweden and China, Kaspersky said yesterday. The Russian security shop said it found a fatal flaw in the ransomware's encryption system and those afflicted can get a free fix to restore their scrambled data.

    Symantec's threat hunters uncovered this Windows ransomware strain in the fall and said unknown fiends have been using it to infect US corporations since at least August 2021.

    Continue reading
  • Mutating Verblecon malware in illicit cryptomining ... so far
    Symantec team warns ransomware and spying could be next

    Internet fiends are using a relatively new piece of a malicious code dubbed Verblecon to install cryptominers on infected computers. 

    The mutating malware attempts to evade detection by antivirus tools and similar defenses, meaning bad news all round if the software was used to deploy more destructive payloads — and that the crooks using Verblecon may not realize the power of the loader's full potential.

    "The activity we have seen carried out using this sophisticated loader indicates that it is being wielded by an individual who may not realize the capabilities of the malware they are using," Symantec's threat hunting team warned today.

    Continue reading
  • How do China's cyber-spies snoop on governments, NGOs? Probably like this
    Cicada's months-long global espionage campaign marks an expansion of team's capabilities

    A China-backed crew is said to be running a global espionage campaign against governments, religious groups, and non-governmental organizations (NGOs) by, in some cases, possibly exploiting a vulnerability in Microsoft Exchange servers.

    +Symantec's Threat Hunter Team said the campaign, which aims to spy on targeted victims and steal information, likely started in mid-2021, with the most recent activity detected in February. It may still be going on, the researchers observed in a report this week.

    The Threat Hunter Team team is attributing the attacks to Cicada, also known as APT10 – a group that has been operating for more than a decade and that intelligence agencies in the US have linked to China's Ministry of State Security. The researchers are pointing at Cicada because a custom loader and custom malware that have been used exclusively by the group were found in victims' networks.

    Continue reading
  • China-linked malware targeted secure networks in 'multiple governments'
    'Daxin' malware creates backdoors and may have been used since 2013

    The United States' Cybersecurity and Infrastructure Security Agency (CISA), working with security vendor Symantec, has found an extremely sophisticated network attack tool that can invisibly create backdoors, has been plausibly linked to Chinese actors, and may have been in use since 2013.

    Symantec's threat hunting team has named the malware "Daxin" and described it as "a stealthy backdoor designed for attacks on hardened networks". The Broadcom-owned security firm says it's found samples of the malware dating back to 2013, and that features present in recent versions were also found in older cuts of the code. Those recent versions of the malware have been associated with "China-linked threat actors".

    CISA's advisory about the malware describes it as "a highly sophisticated rootkit backdoor with complex, stealthy command and control functionality that enabled remote actors to communicate with secured devices not connected directly to the internet". The agency asserts that Daxin "appears to be optimized for use against hardened targets, allowing the actors to deeply burrow into targeted networks and exfiltrate data without raising suspicions".

    Continue reading
  • Windows XP@20: From the killer of ME to banging out patches for yet another vulnerability
    When NT and 9x became one

    Feature It was on this very day, 20 years ago, that Microsoft released Windows XP to General Availability.

    Regarded by some as the cockroach of the computing world, in part due to its refusal to die despite the best efforts of Microsoft, XP found its way into the hands of customers on 25 October 2001 and sought to undo the mess wrought upon the public by 2000's Windows Millennium Edition (ME). While ME used the Windows 9x kernel, XP was built on the Windows NT kernel, formerly aimed at the business market and a good deal more stable.

    It also upped the hardware requirements on its preceding consumer OS. Where ME recommended 64MB of memory, XP wanted at least 128MB. And although masochists could run ME on a VGA screen, XP insisted on a minimum of SVGA. It all seems rather quaint now, but could be a painful jump back in the day.

    Continue reading

Biting the hand that feeds IT © 1998–2022