Re: Microsoft Anti-Spyware Deleting Norton Anti-Virus
- From: "Jupiter Jones" <jones_jupiter@xxxxxxxxxxxxx>
- Date: Wed, 15 Feb 2006 00:40:16 GMT
That was fixed almost immediately withg an update 5807.
That issue is also nonexistant with the Beta 2 release of Windows Defender
which was just released, the successor of Microisoft AntiSpyware.
An unfortunate false positive.
--
Jupiter Jones
http://www3.telus.net/dandemar
http://www.dts-l.org
"Sparky Spartacus" <Sparky@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:iOiIf.1412$ny.70@xxxxxxxxxxx
FYI
---------------------------------------------------------
Security Fix
Brian Krebs on Computer Security
Microsoft Anti-Spyware Deleting Norton Anti-Virus
Microsoft's Anti-Spyware program is causing troubles for people who also
use Symantec's Norton Anti-Virus software; apparently, a recent update to
Microsoft's anti-spyware application flags Norton as a password-stealing
program and prompts users to remove it.
According to several different support threads over at Microsoft's user
groups forum, the latest definitions file from Microsoft "(version 5805,
5807) detects Symantec Antivirus files as PWS.Bancos.A (Password
Stealer)."
When Microsoft Anti-Spyware users remove the flagged Norton file as
prompted, Symantec's product gets corrupted and no longer protects the
user's machine. The Norton user then has to go through the Windows
registry and delete multiple entries (registry editing is always a dicey
affair that can quickly hose a system if the user doesn't know what he or
she is doing) so that the program can be completely removed and
re-installed.
I put in calls to Microsoft and to Symantec on this issue, but am still
waiting to hear back from both companies.
Microsoft said it is shipping updates that fix this problem, but judging
from the growing number of other threads on this in that forum, this is
shaping up to be a pretty big issue for companies that have deployed
Microsoft's free anti-spyware product inside their networks. It's a good
idea to keep in mind that Microsoft's Anti-Spyware product is in beta
mode: The company's product page explicitly says that Microsoft
Anti-Spyware should not be deployed in production systems. I'm not
apologizing for Redmond in any way; it just seems like too many people
ignore warnings about beta products.
Update: 10:58 p.m. ET: I heard from Microsoft, and they say the problem is
limited to customers running Symantec Antivirus (SAV) Corporate Edition
versions 7, 8, 9 or 10 or Symantec Client Security (SCS) versions 1, 2 or
3 in combination with Windows AntiSpyware Beta 1. "The beta software will
prompt and allow the user to remove a registry key containing subkeys
belonging to these Symantec products. The deletion of these registry keys
will cause all versions of the SAV and SCS software to stop operating
correctly. No files are removed in this situation, only registry keys."
The rest of the statement Microsoft sent me says: "Once this issue was
discovered, Microsoft quickly released a new signature set (5807) to
remove this false positive. Both companies are working jointly together to
identify the number of affected customers, which we believe to be very
limited. Microsoft and Symantec are working jointly on a solution to
restore normal operation of the Symantec software. Until this solution is
available, customers can utilize System Restore in Windows XP to restore
to an earlier point prior to the removal of the registry keys, or
reinstall their client software."
By Brian Krebs | February 11, 2006; 01:42 PM ET
TrackBack
TrackBack URL for this entry:
http://blog.washingtonpost.com/cgi-bin/mt/mtb.cgi/4708
.
- References:
- Microsoft Anti-Spyware Deleting Norton Anti-Virus
- From: Sparky Spartacus
- Microsoft Anti-Spyware Deleting Norton Anti-Virus
- Prev by Date: Re: SCRAPPING MY DELL
- Next by Date: Is the Dell site down?
- Previous by thread: Re: Microsoft Anti-Spyware Deleting Norton Anti-Virus
- Next by thread: Re: Dell notebook harddrives
- Index(es):
Relevant Pages
|
