Norton Antivirus Vulnerability Protection

Similar Messages

• Norton AntiVirus Auto Protect: Removal Inquiry

  Hello,
  I have uninstalled _Norton AntiVirus AutoProtect_ from my MacBook and I still get an Error Message every time I turn on my computer. I have downloaded the _Symantec Uninstaller_ hoping to solve this problem but it cannot find any Norton applications to uninstall. I have also check my preferences under Accounts and I do not have Norton to start up when I log in.
  Is there something I am doing wrong, or its just some file in disguise somewhere hidden in the library? Please help.
  Oh... Just for the record, this problem occurred when I Migrated Norton from my old PowerBook G4 to my Macbook. The PowerBook was running on Tiger.
  The message on the Error Message says *"Norton AntiVirus AutoProtect could not continue. Please reinstall Norton ANtiVirus and restart."*
  Thanks in Advance!

  Unfortunately, since I have migrated it from my old PowerBook, I do not have the CD or the manuals anymore.
  Still hoping this can be resoled thought.

• Norton AntiVirus Auto-Protect cannot run....

  ... with the 64 Bit Kernel. Asks me to restart with the 32 Bit Kernel and then re-enable Auto-Protect.
  My Mac Air is Version 10.7.4, 1.6 GHz, 4GB. What should I do? Do I need to re-install Norton or
  change something within my system/cmputer.
  Please give me specific details on what I need to do.
  By the way, I got the Norton off my MacBook Pro when transferring all the files via Time Machine.
  Thank you!

  jman79 wrote:
  Could you provide a source for first-party documentation of the Max OS X built in malware detection
  That's a very tall order. I'm sure that any such documentation is firmly locked up by Apple Security and I doubt that anybody here would be able to discuss it even if they knew. As you can imagine, all A-V software vendors publish very little about the actual operation of their software to prevent the bad guys from easily defeating it. Even the open source ClamAV information is somewhat limited, especially as regards bugs, limitations and deficiencies.
  The key to OS X protection is in the Quarantine system which came with Leopard, IIRC, with improvements in each upgrade. Every new file brought in from outside is flagged with a date/time and where it came from. Initially it was only used to warn the user the first time it is launched/opened with that information.
  The XProtect system took that a step further in that anything that contained executable code was scanned and matched against the definitions signature database. This can be either a hash identifier or a telltale hex character string (normally translated from ASCII text). The Lion and Mountain Lion XProtect systems will also disable blacklisted Java and FlashPlayer versions.
  The current database contains 21 entries representing different variants of most all modern day OS X malware, most have multiple definitions for various components of that malware variant, which prevents false positives. Note that all of these definitions are targeted to find the initially delivered file since that's where the most immediate threat is. For that reason, any malware that was allowed to install or subsequently downloaded won't be detected. Since Apple was late deploying preventive majors on two occasions, they had to deploy a Malware Removal Tool (MRT) for MacDefender at the same time they rushed to add XProtect to Snow Leopard (I suspect it was already in the works for Lion and they moved it forward) and again for this years Flashback Trojan/Backdoor when they were late to patch Java to prevent it. Quarantine (and therefore XProtect) only deal with installed files and Flashback was using Java applets in RAM, which can't be quarantined or detected. The MRT cleaned up all the common payloads left by MacDefender and Flashback before the fixes were made.
  Thomas Reed's catalog of Macintosh Malware lists 30 unique types of malware, but most of these were patched long ago, either in the OS or application they infected, so are no longer a threat to anybody with an up-to-date system/application suite.
  how often it updates its definitions?
  It updates definitions immediately, as required, and the database is checked by all Macs running OS X 10.6.7 or above each time they boot and every twenty-four hours thereafter, unless they are asleep at the time, in which case they check at wake-up.
  As somebody that checks to see if there has been an update at least once a day, I can tell you that they are currently as good and sometimes better than the commercial vendors. That wasn't always the case, but there seems to be a lot more cooperation these days. I've seen ClamAV beat them by a few hours once or twice, but most of the time they, along with the vendor blogs came out the same day.
  Since new threats to OS X don't come out daily, there is no attempt to do it nearly that often. By far the majority of definitions released by commercial vendors are for Windows and cross-platform threats which don't impact OS X. XProtect does nothing to attempt to detect these, and since there is no manual scan capability, there is no reason to include definitions for most installed payloads. Another area that it doesn't deal with is e-mail content (other than attachments). It relies on junk/spam filtering both by the e-mail client application and the e-mail ISP's server to catch those. The OS X Server software comes with ClamAV to check any mail server being run on it. There is no known e-mail malware that can impact OS X when reading it. Most of these threats involve phishing or spoofed URL's which users need to be cautious of. XProtect does nothing about this and filters aren't always effective, either.
  XProtect has not been used against vulnerabilities (CVE's) as they would prefer to issue a Security update to patch the vulnerability. Instead they use XProtect to counter any threat that attempt to exploit these vulnerabilities.  Some commercial vendors check for files that appear to be attempting an exploit, which produce quite a few false alarms and are not removed when the vulnerability has been patched on that particular platform.Lifehacker's
  Non-Alarmist’s Guide to Mac Malware Protection calls the built-in malware detection service "months behind the databases provided by security firms like Sophos."
  I don't recall ever seeing months behind, although there have been times when it was a week and as I said, somehow things have improved greatly. I'm guessing that Apple just wasn't tied into the right sample sources initially and it took them some time to develop the right relationships. In the MacDefender days they were coming out with updates within hours of the time the malware developer deployed a new variant.
  It took Apple weeks (at least) to update the built in software to detect Flashback
  Again, I don't recall that. Only the variants before Feb 2012 are detected. The delay on the Java based variants was due to Apple's being late to update Java (which is a legitimate gripe against Apple) and their inability (even today) to detect applets that are downloaded and executed from RAM. As far as I know, no A-V software has that capability today, but some use an active watch capability to observe packets received from the Internet which could catch it, and OS X does not have such a capability. Many users were saved by Little Snitch from being completely infected by the variant that made all the headlines with perhaps 600,000 infected Macs. The download component was caught phoning home for instructions by LS so most such users were able to shut down the process before it did any real harm. Again, this was only fixed by updating Java, not by doing anything with the database.

• Problems with Norton antivirus after Tiger install

  I installed Tiger yesterday and it all went well. After the install however, on every restart or when turning on the computer I get this error message:
  Norton AntiVirus Error. Norton AntiVirus Auto Protect could not continue. Please reinstall Norton AntiVirus and restart.
  Of course, I did the reinstall for Norton but continue to get the error message. Any assistance is appreciated.

  There's no question that the exploit is serious, but it is a very narrow exploit, only involves specially-crafted RAR files, and there's both a completely adequate workaround and a virus definition to flag potentially compromised RAR files.
  Given that, there's no reason to uninstall NAV: simply implement the workaround, download the latest virus defs, and stay away from RAR files for a bit. I expect we'll see a patch shortly.
  The hysteria that this problem has generated from some, as well as some of the responses — uninstall NAV, throw out NAV, etc. — is wholly unfounded given the workaround and available virus def.
  There have been Mac OS X exploits announced for which an Apple-provide fix took a couple of days to publish. Given the response to this Symantec issue, I'm surprised some didn't advocate uninstalling Mac OS X at those times.
  As you point out, there are those who exchange documents with Windows systems, employ macro-enabled documents, etc. Uninstalling NAV vs. using the available workaround opens them up to a wider range of threats. Doing so simply makes no sense — i.e. is "nonsense" in the dictionary definition sense of that word — given that the available workaround and virus definition address the RAR exploit until a patch is published. That's not disparaging: that's fact.
  Why waste the time or expose one's self to other potential threats when the workaround and virus def are available and the patch is forthcoming? Uninstalling NAV vs. using the available workaround and virus definition is "throwing out the baby with the bath water."
  The Symantec-bashing that has transpired in a variety of threads since this problem arose is also unwarranted. NAV is a good product. I've used it for years and recommend it. I have no financial relationship with Symantec: I simply like the product, use it, and I recommend what I use.
  ClamXav and the underlying ClamAV engine are also good products and I recommend ClamXav for those who can't afford NAV or prefer an open source product. But the ClamAV engine has also had similar exploits found in its code, so it also has an imperfect track record.
  As software complexity increases, finding all of the potential exploits in the design or testing phase is increasingly difficult. All software installations are a matter of trust as to if the developers did the best job they could to ensure a product free of defects, including security exposures.
  Good luck!
  Dr. Smoke
  Author: Troubleshooting Mac® OS X

• Code 10: Norton AntiVirus Error

  Each time I restart my iMac 24 I begin with a red stop sign w/exclamation point bubble titled "Norton AntiVirus Error." The entire message reads: "Norton AntiVirus Auto-Protect could not continue. Please run LiveUpdate or reinstall Norton AntiVirus and restart. (Code 10)"
  I do not use Norton AntiVirus. Spotlight searches for "Norton" or "AntiVirus" or "Auto-Protect" under Applications or my entire Hard Drive do not locate any reference/mention to any such program. I can find nothing to delete or trash.
  Anyone have ideas as to how to get rid of this constantly repeating message? Thanks.

  When I transferred to this iMac a year ago my previous pre-Intel chip iMac was running Norton AntiVirus. In transferring programs some Norton apps may have initially come over, but my Norton for Mac was for the pre-Intel models and did not apply. I've never run Norton on this computer but have a vague memory of deleting/trashing some Norton files after the transfer. But I have not been able to find or locate any traces remaining other than this Code 10 message that appears whenever I restart the computer.

• Can Firefox (which apparently has antivirus protection) be used on a computer with a Norton antivirus program already installed?

  I've been told I can only have 1 antivirus program on my computer at a time. Since firefox has antivirus capabilities, can I install it on a computer which already has a Norton antivirus program?
  == User Agent ==
  Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)

  Firefox doesn't include anti-virus protection, you need a separate anti-virus program such as Norton.

• How do I get my Norton Antivirus Protection gadget back onto the Mozilla toolbar?

  I have the Norton Antivirus and before I downloaded the new Mozilla Firefox 4, I had a Norton gadget. It would tell me whether or not my searches were safe and etc.

  Did this  screen ever pop up
  If your Windows has low resolution, some functional will not appear, so must set it high at least 1024 x768. or else
  Can you Re-install iTunes, I  think some plug-ins has affected the iTunes functionality. You might have to do a thorough removal of iTunes, if you are using Windows.

• Start=Norton AntiVirus load failure/Restart = Norton AntiVirus load success

  Hi,
  My primary hard drive failed, so now I'm using my back up drive as my main drive. Everything works okay except Norton Anti-Virus does not load correctly. When I start the computer, I get three messages (see at very bottom).
  Strangely, though, if I just restart, it loads without any problem.
  This sequence happens the same way every time.
  Start = problem.
  Restart = no problem.
  Have already uninstalled and reinstalled Norton Anti-Virus twice.
  Seems like an operating system issue?
  Any suggestions on what's happening would be greatly appreciated.
  Thanks, Peter
  System: Mac G5 - OS X 10.4.11 - Dual 2 GHz PowerPC - 3GB
  Error
  Vulnerability Protection engine has
  been corrupted and could not be used
  *System extension cannot be used*
  System/Library/Extensions/SymInternetSecurity.kext
  was installed improperly and cannot be used
  *System extension cannot be used*
  Library/Application Support/Symantec/
  Intrusion Prevention/CurrentEngine/symIPS.kext
  was installed improperly and cannot be used

  Norton Antivirus has a very long and illustrious reputation for mangling Mac OS X systems, sometimes to the point where a complete reinstall is necessary. Among other things, it installs kernel extensions which are known to cause kernel panics and system freezes; it contains known and documented bugs which can silently corrupt Adobe Photoshop and Adobe InDesign files, destroy a user's ability to authenticate as an administrator, and (on PPC systems) can cause Classic to stop functioning; and Symantec has on at least two occasions now released flawed .dat file updates which erroneously report certain critical Mac OS X files as "viruses." (Deleting these "viruses" causes damage to the system that in some cases renders it unbootable.)
  Norton Removal Tool (Symantec Uninstaller):
  http://www.versiontracker.com/dyn/moreinfo/macosx/22098
  But also read this:
  http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007661309063498
  You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Privacy, useful:
  http://discussions.apple.com/thread.jspa?threadID=1764179&tstart=0
  Regarding MacScan, First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - [email protected]
  Security of OS X generally:
  http://www.apple.com/macosx/security/
  http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf

• Norton Antivirus blocks printing to Airport Express-attached printer

  I have my HP Photosmart C4480 ("the free printer") set up with my airport express base station and it works fine, but only if I disable the portscan vulnerability protection in Norton Antivirus (11.0.1). Does anyone know if there is a better way to use the Airport Express print server? Am I exposing my network to portscan attacks?

  You may have not been aware that you need to have an AirPrint compatible printer to be able to print directly from the iPhone or iPad.
  Unfortunately, your Epson R230 is not on the list of compatible devices. See the link below for more information about AirPrint compatible devices. 
  http://support.apple.com/kb/ht4356
  You might want to check with Epson Support to see if they may have an updated driver for download that would allow this, or whether they plan to make an update available in the future for your model.
  If no luck there, a possible workaround would be to install an application like Printopia on your Mac. There is a free trial for the Printopia software, so you will know in a few minutes whether this might work for you. Your Mac must be running for this to work.
  Printopia - AirPrint to Any Printer - Print from iPad - Print from iPhone ...

• Mount scan problems with Norton AntiVirus 10.1

  Autoscan freezes when I mount iPod in dock, connected to my iMac via a firewire connection. Autoscan will not respond to eject or cancel scan. When I eject the iPod in iTunes, the iPod screen continues to read "Do Not Disconnect".
  Any similar experiences of solutions?

  Open Norton Antivirus prefs and turn off scanning of the iPod.
  Auto-Protect Mount Scan Preferences do not work as expected when mounting an iPod® using a USB port

• Norton antivirus says my licence have expired when switch my computer on for the first time.

  I just bought new touchsmart 520-1002 ru (LN649EA). It had norton antivirus preinstalled when i started it for the first time. After few hours of working antivirus informed me that the licence have expired. But before it was like 60 days. What to do? I'm affraid of sirfing the web without antivirus protection. So i'm using iphone. May be i should return it and buy second hand mac?

  Hello Karuser:
          Welcome to HP's forum  and your new computer. Nothing to worry about. That was a trial verson. What ever time limit they gave it has expired. I think you miss read it It flashes a reminder all the time. You can still use your computer. Until you purchase or install an anti virus software. The only thing Norton will not do is up date it's self but it will still scan your computer when you open it up and click scan. Try to get anti  virus software. Titanium Maximum 2012, McAfee, and Norton are the top choices to choose from. Try to stay a way from the real cheep ones like Kerpsky that will not protect your computer. My freind installed Kerpsky asked to fix his lap top. Well I did fix it first thing I did was get it on line and run Trend House Call it found over 250 different virus. Some of the worst ones I had to manually removed. Trend House call is a free scan. Trend.com are the one who make Titanium Maximum Security 2012.
           You just bought this computer Mac's are great computers but you are very limited to what you can do on them. This one will last you for a very long time ounce we get the bugs out it. My Touchsmart 600-1050 is going strong going into it's third year now. Just had it's frist full recovery done now my computer runs faster and much better then when I first bought it. Yes I had some minor issues fixed on it at first like anything you buy today is not perfect HP covored it all during the one year warranty. My recovery was performed because I picked up a new virus that no anti virus on the market could delete it had to be manually delete it but to much damaged was caused in the operating control software. Otherwise I would be still using Oginal set up.

• Norton Antivirus 11.0 for Mac

  Scheduled scan using Norton Antivirus 11.0 for Leopard crashes after exactly one minute after it starts. Norton's log says: " Virus 'Did not have permission to scan.'" (Everything on my Intel iMac and Norton is up to date.) The Mac's log file says this:
  12/26/07 6:12:30 AM com.apple.launchd[1] (com.symantec.Sched502-12.plist[225]) Stray process with PGID equal to this dead job: PID 226 PPID 1 scheduledScanner
  Norton's support is of no help. They said to exclude compressed files. Same result. Manual scan, by the way, works perfectly, even when including the compressed files. Any ideas (other than the fact that I probably shouldn't be using Norton)??
  Jerry Kirkpatrick

  Bottom Line: You don't need virus protection on a Mac.
  I have come from the PC world and have dealt with Symantec's products. Norton Antivirus is a virus in and of itself. In the PC world if you try to remove those products, they leave traces of themselves all over the place and the only way to clean up is to remove all traces from the Windows registry. Symantec's products are junk. I always say "Norton Antivirus is a virus in and of itself."
  Please don't waste your money. If you can, return the product to wherever you bought it and never think about it again. Macs simply don't need Antivirus software no matter what the so called "security experts" tell you. Security experts that says we need these products for Macs are simply voices for the sellers of these products and, therefore, will tell us anything to get us to buy them.

• Mac OS 10.5.7 and Norton Antivirus 11.0.2 conflicts?

  Since downloading 10.5.7 Norton antivirus does not auto-protect when external drives are attached and console notes "exited abnormally, abort trap". Files were sent to the library "crash report" log. I tried de-installing the anti-virus software and re-installing to no avail. Any known issues? Advice welcomed. Thanks.
  Hope

  Hi hschr;
  You asked any known issues with Norton. I would say if you had done a search you would have found that it is a foregone conclusion that it is more of a problem then a solution. It is known to take far more resources and impact performance much more then is called for by any tool.
  There is no need for a virus tool on Mac OS X. If you feel you need to install one any way then I highly recommend a free one such as ClamXav instead of Norton.
  Allan
  Message was edited by: Allan Eckert

• Norton Antivirus for Mac update?

  My Norton Antivirus subscription has had its year and needs updating - ie more money! There's been so much talk on this site about how useless and how NV can even be damaging, is it worth updating??
  If I don't, presumably the old outdated software will still be installed but ineffective?

  *Mac OSX and Viruses*
  There are currently no real viruses that affect OS X users. There are very small number of things that can cause virus-like behavior that can affect Macs under special circumstances. These are:
  1) [AppleScript, ASthtv05|http://www.theregister.co.uk/2008/06/23/mac_trojan>
  2) DNSChanger Trojan [http://www.f-secure.com/v-descs/trojanosxdnschanger.shtml]
  From MacWorld, January 10, 2008:
  SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
  [http://www.securemac.com>
  The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X. Called DNSChanger Trojan and also known as OSX.RSPlug. A Trojan Horse the software attacks users attempting to play a fake video file.
  Upon attempting to play the video, the victim receives the following message:
  “Quicktime Player is unable to play movie file.
  
Please click here to download new version of codec.”
  Upon running the installer, the user's DNS records are modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's DNS records stay modified on a minute-by-minute basis.
  SecureMac's DNSChanger Removal Tool allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
  There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac. A white paper has recently been published on the subject by SubRosaSoft, available [here|http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174]
  3) MacSweeper:
  From [Wikipedia|http://en.wikipedia.org/wiki/MacSweeper]:
  MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
  4) MS Office Macro viruses:
  An exception to the "no viruses" is the possibility a macro virus could be present in an Office document and you could help breed that virus if you execute an Office macro. I have my default on Office to run no macros, and always check what the macro will do before I run one (never had to in 10 years of using Office).
  5) It is possible to transfer a Windows virus to a Windows machine via a Mac if you copy the infected file and pass it on. [ClamXav|http://www.clamxav.com> is a free, open source virus scanner for Mac OS X that is designed to scan files that you will be sharing with Windows users to assist in making sure you don't pass on viruses to them.
  6) Some people have had virus-like behavior appear on web pages due to a service (DNS) supplied by their ISP having a security vulnerability. This isn't your computer but your ISP. Nonetheless, it is a security risk. If you experience strange page behavior (e.g., ads for things on sites where you wouldn't expect those kind of ads) try putting these numbers in Network>TCP/IP>DNS Servers:
  208.67.222.222
  208.67.220.220
  Click Apply. This is an alternate site for DNS which is patched against the vulnerability.
  7) If you are using an Intel Mac and run Windows on that computer (or run Windows on a PPC Mac with VirtualPC) you are subject to all the viruses that affect the PC world and should take all the precautions that a PC user would.
  [Dave Sawyer post about viruses on Macs|http://discussions.apple.com/message.jspa?messageID=8884756#8884756]
  [The Mac Malware Myth|http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth>
  [Should Mac Users Run Antivirus Software?|http://db.tidbits.com/article/9511]
  [Trojans in illegal versions of Mac software downloaded from torrents|http://discussions.apple.com/message.jspa?messageID=8892099#8892099]
  The tool below is supposed to remove these but commentors observe that only those downloading illegal software are vulnerable to these trojans.
  [iWorksServices.clix|http://rixstep.com/2/20090123,00.shtml] 2009-01-23
  The following 1198 byte download will rid your system of the iWorksServices trojan without your having to fumble with Terminal and the command line.
  [Related information|http://www.technewsworld.com/story/Warning-to-iWork-Pirates-Here-Th ere-Be-Trojans-65944.html]
  [Poker Game|http://www.macnewsworld.com/rsstory/63574.html]
  The Trojan is masquerading as a program for Mac OS X called "PokerGame." A shell script encapsulated in an application, it is distributed in a 65 KB Zip archive; unzipped, it is 180 KB, according to Intego, one of the security firms that flagged it.

• Norton AntiVirus 11, Time Machine, and Time Capsule

  When Time Machine starts Norton AntiVirus begins a scan of all 700k+ files on my Time Capsule. I cancel the scan but wonder if I am doing the right thing?

  Hi gumsie, I can include much more than a line about being vigilant.
  While there are no known viruses that attack Mac OS X at the present time, it is possible for spyware to get onto your Mac.
  So I go to lenghts to protect my user. A hosed system can be replaced but a compromised user folder is compromised forever. Along with all your important data like bank records, credit cards, ... I.e. your "identity" stolen.
  The best way to avoid that is by using your built-in firewall which is industrial strength and/or a hard wired router, downloading only from "trusted" sites, installing all security updates and being careful about what you give administrative power to. It is also recommended to run day to day tasks from a non-admin account.
  Don't use Limewire or any other P2P service to download your software, get it from reputable sources. In addition, always keep at least your users backed up, preferably a clone of your entire system on a separate disk. And put your sensitive passwords, bank accounts, credit card numbers in a "secure note" in a new keychain or in an encrypted folder.
  If and when a Mac virus does appear it will be headline news and you can download the AV software then. If you feel you have to run an AV program I'd suggest ClamXav a mac friendly freeware app that is very stable with Tiger. It will check for known virus signatures at any rate.
  Hope this allays your fears;-)
  -mj