Re: After SP2 and the LU Patches Norton Products Still Have a Panopoly of Problems
From: Chris H. (winxpnews_at_hotmail.com)
Date: Wed, 11 Aug 2004 12:04:49 -0700
Seems to work for a lot of other people after SP2 is installed, Chad. I
suggest you contact Symantec or Norton with your specifics.
-- Chris H. Microsoft Windows MVP/Tablet PC Tablet Creations - http://nicecreations.us/ Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone "Chad Harris" <firstname.lastname@example.org> wrote in message news:OZ0maM9fEHA.1188@TK2MSFTNGP11.phx.gbl... > Chris-- > > I appreciate the Live Update patch came out with their FAQ. One problem > is that *SP2 breaks Live Update* whether you uninstall Norton and install > SP2 (as virtually every Microsoft document on SP2 tells you to do) or > leave Norton/Symantec in. The bottom Line is after a lot of game playing > and clicking successive links on Live Update, tripping through multiple > Norton KBs one leading to the next, you have a *LU 1812 error*, whose > final move is to uninstall NSW or NAV manually and meticulously, and after > you have exhuasted it's remedies, it won't fix with SP2 RTM period. > > The only way they are delivering the compatibiilty patches for SP2 is > through Live Update. SP2 whether Norton is installed before or after > breaks Live Udpate and you can't get the patch. > > http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2003082911090713?OpenDocument&src=_mi&product=LU&version=2.5&language=english&module=LU&error=1812&build=Symantec > > The part left out on the KB is to install any other antivirus > product--many will work with SP2. > > They are not making any other means avialable to patch Norton other than > Live Update. If it's broken, and their KBs to fix it often don't, you're > stuck with scan not working, booting up and having to turn on Auto Protect > with a right click (minor) and often uninstall problems with Norton > products. Microsoft tells you to install SP2 first (uninstall NAV) and > Norton/Symantec tell you to wait until they are updated (in some cases 8 > weeks from now for Enterprise Products according to their enterprise FAQ I > linked before) before installing SP2. > > Microsoft tells you to turn their Windows Firewall on; Norton 2005 > products on the last box before you click finish will tell you in a single > explicit box to turn it off. NAV 2005 has a piece of NPF or NIS billed as > "worm protection." How much of a piece and what it actually does compared > with the Windows firewall that has been criticized with respect to > outbound traffic still after SP2 RTM is hard to define. Many people are > finding that the Windows firewall leaves much to be desired right now, as > you know, but I'm sure it will be a different story come Longhorn in > 2007. > > http://www.symantec.com/techsupp/sp2/faq.html > > The answers from Symantec on this FAQ just issued just aren't true in some > cases. There is the paradox that for many, Live Update doesn't work with > SP2 and Norton has elected not to deliver their update patches any other > way. They aren't making them available on their site now. That was a > goofy choice to say the least. The patch to fix what's broken can't be > obtained because you are required to use what's broken to get it--that's > not only ironic and paradoxical--you ain't gonna be able to fix what's > broken. > > Microsoft wants you to put in SP2 before Norton, and if you put in Norton > first and patch it, SP2 can still break Norton a number of ways. Norton > 2005 seems to work pretty well with SP2 until you boot 3 times, and then > you have refresh freezing on all categories on the Norton Integrator or > gui interface, i.e. you can't tell what's on. You can see that email > scanning is working. The important thing of course, is that Auto Protect > is enabled, because in fact Auto Protect includes adequate email scan and > script blocking to the point you could turn the other two off and be just > fine according to every Symantec engineer I talked to--so you have to be > able to determine that Auto Protect is up and running. > > I reproduced this and so did others about 25 times. > > Sometimes but not all that can be fixed by reregistering jscript.dll, and > downloading and reinstalling Scripten or the Microsoft Windows Script > package including the Windows Script Host 5.6 since IE has to function > correctly to read the Norton interface. > > http://www.microsoft.com/downloads/details.aspx?FamilyID=c717d943-7e4b-4622-86eb-95a22b832caa&displaylang=en > > This KB applies to any version of NSW or NIS through 2005 with Windows > versions past 9X. Often Norton doesn't update KBs in version name for > Windows version, but the Norton/Symantec KB will do the job. > > http://service1.symantec.com/SUPPORT/nsw.nsf/0f75ab1a9982283d88256c250066dc94/9918704bb68cedfe882568040070e925?OpenDocument&src=bar_sch_nam > > The FAQ says: > > "Installing Service Pack 2 will have no affect on Norton Personal Firewall > or Norton Internet Security." > > Some of the FAQ's are vague to the point of covering anything that will > happen,--I like this one because it avoids saying SP2 can break things > that are Norton/Symantec and it does. > > "How will installing Service Pack 2 affect the Symantec Products I have > already installed?" > A. "This varies on the Symantec [Norton as well] products you own." > Right. Many break. > > On many boxes, installing SP2 any build will outright break > NIS/NPF any version. It will put up a box that says "You're not the > Norton > supervisor" and when you put up the Norton Integrator (the box that shows > what it does with NAV added you can see it but you can't do anything with > it). You'll not be able to uninstall NIS or NPF from Add/Remove, and > you'll > have to use a Norton KB that involves 30-45minutes of using a Norton > removal tool, thendeleting several GUID keys and other registry keys, > multiple folders, every Norton file you can track down in ectopic places. > > > "With Service Pack 2 installed, do I even need my Symantec antivirus and > firewall products? Absolutely." > > Norton explicitly tells you to turn the Windows Firewall "*off*" in their > 2005 products about to release. I wouldn't run two software firewalls or > more at once, and I don't have data comparing their abilities like > stateful > inspection head on with say, ZA, and that info isn't easy to come by now. > What they didn't say in the FAQ is that when you load Norton or Symantec > anything, it's going to tell you to turn your Windows Firewall in SP2 > off--last box before "Finished Install." > > "Installing Service Pack 2 will have no affect on Norton Personal Firewall > or Norton Internet Security" Just not the case. SP2 can make it > difficult to install, and particularly to uninstall Norton products. I > don't know the numbers in 10,000 boxes for this. > > > I've found this to be totally *untrue* and reproducable that the firewall > can and will break. Norton also tells you on installation of any 2005 > product to *turn off the Windows firewall*. It's the last box before you > click "Finish" on the install of the Norton/Symantec 2005 AV, PF, or NIS. > > Norton anti-spam is hype and whatever it does can be spelled a dozen ways > without it. > > Norton Go Back reconfigures the Windows Master Boot Record, and I'd just > as > soon have someone playing with my elevator lift on the way up the Empire > State Building--it often has the same effect and unhooking Go Back from a > botched Windows boot strap mechanism is simply impossible--their tech > support will tell you they have no clue how and so will MSFT personnel. > In > a high percentage of cases, Go Back will destroy partitions in the Windows > Operating System and you won't be seeing that particular OS again ever. > It's refractory to Recovery Console moves or commands and a repair/upgrade > or parallel install will get nowhere. > > SP2 can destroy scans in Norton System works, the ability to make it run > after boot, and Live Update the same as in Norton Antivirus. > > On some people's boxes the security center will monitor it, but how many > people need the Security Center (none here) need the Security Center to > tell > them where Technet is, how to get to Help and Support, or whether their AV > or Firewall are all. Very few individuals who install a Norton product > don't adjust it at the Norton product or who are going to be working with > the Windows Firewall as it evolves and gets better toward Longhorn are > going > to be relying on the security center to check on the firewall. My point > is > that there are 3 things that happen with multiple versions of NAV that > don't > work with SP2--sometimes with the patch update. There are fixes for them, > and sometimes they don't work. System scans, booting up with Auto Protect > Off (it usually can be turned on but sometimes can't--and Auto Protect is > key because it does script blocking/scanning and email scanning--even if > you > had them both turned off (they are duplication in Norton/Symantec) auto > protect will cover that functionality. Live Update will often not work > with > SP2 and for those people, they can't update to the patches anyway, because > Norton has chosen not to make the patches available any alternative way > which is goofy to say the least. > > *Contradiction of Instructions by Microsoft and Symantec/Norton on SP2* > > There is also the direct contradiction between Microsoft's instructions > and > Norton's. Every place MSFT has an SP2 article at Technet, MSDN, the XP > Expert Zone or any place on MSFT's site, you are told you should uninstall > AV to install SP2. > > Symantec and Norton explicitly tell you to wait to install SP2 until you > have updated NAV--and in the case of Symantec patches for enterprise > security, AV, and firewall products there is a vague timetable projecting > 8 > weeks out from now for release toward the end of September. > > When you install a Symantec or Norton 2005 product, it tells you > explicitly > to *turn off the Windows firewall--something I know the Networking team > and > SP2 team did not strive to have done. NAV 2005 has a piece of their NIS > 2005 firewall, so-called "Worm Protection" although how much a piece is > impossible to quantify unless you are a Symantec engineer who has the > code. > > I do know that Microsoft is definitely developing Microsoft Antivirus > products, but that the publicity campaign for them is non-existent. I > would > bet on Microsoft to produce a superior product to Symantec/Norton in a > number of ways, including the ridiculous necessity to read 10 Norton KBs > to > do a cascade of work arounds to make a product work. Live Update is a > great > example. Scans that fail are another. Clicking a plus to go to a drop > down > to get a link to get the 5th KB you've used for one Norton problem is like > a > childeren's game. Those come into play with SP2. > > I personally hope Microsoft puts Norton and Symantec out of business and > gets their AV product up and running rapidly. I guarantee Symantec is > looking over their big floundering shoulders. > > Best, > > Chad Harris > _________________________________ > > > > "Chris H." <email@example.com> wrote in message > news:%23Ledkh6fEHA.3348@TK2MSFTNGP12.phx.gbl... > Between your post last night, Chad, and early morning (PDT), I'm seeing > reports of Live Update now downloading the proper fix so the Norton > Internet > Security 2004 is now compatible with SP2, and Norton Antivirus is now > properly reporting to the XP Security Center its status. > -- > Chris H. > Microsoft Windows MVP/Tablet PC > Tablet Creations - http://nicecreations.us/ > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > > > "Chad Harris" <firstname.lastname@example.org> wrote in message > news:Omrhpw2fEHA.3048@TK2MSFTNGP09.phx.gbl... >> Unfortunately, Chris, Norton didn't come out with anything yet for home >> and small business users on their site and have thus far refused to >> specify the degree of backwards compatibility that the promiesed and not >> yet delivered patches for *Norton* products would entail. Although there >> are go arounds to make SP2 work with any version of Norton product, and >> some a little bit Byzantine--the routine where you read one Norton KB and >> click on an icon in Live Update to reveal the next KB to read, followed >> by a hyperlink in the error message to read the 3rd KB--they all end with >> uninstalling Norton appropriately I belive and should add to install a >> product from another company. >> >> The webpage that didn't deliver from Norton that has been up all week is >> this one: >> >> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2004080212383739?Open&src=ivr_na_con >> >> They plan whenever this happens (it didn't happen on August 10 as the web >> page has been announcing all week, to deliver a patch in two parts, the >> second after a reboot. >> >> The importance of SP2 working for enterprises and home was in Microsoft's >> press release: >> http://www.microsoft.com/presspass/press/2004/aug04/08-06WinXPSP2LaunchPR.asp >> >> >> "With the proliferation of viruses and other broad threats on business >> and >> consumer desktops, I can think of no higher priority than trying to >> ensure >> the security of personal computers," said Rob Enderle, principal analyst >> for >> the Enderle Group. "Whether the customer is a large enterprise, a small >> business or an individual, Windows XP Service Pack 2 is critical because >> it >> addresses today's exposures in a comprehensive fashion. For anyone >> currently >> using Windows XP, my advice is to apply it at your earliest opportunity." >> >> The disingenuous comment by Symantec Senior Vice-President Stephen Cullen >> is here: >> >> "With the proliferation of viruses and other broad threats on business >> and >> consumer desktops, I can think of no higher priority than trying to >> ensure >> the security of personal computers," said Rob Enderle, principal analyst >> for >> the Enderle Group. "Whether the customer is a large enterprise, a small >> business or an individual, Windows XP Service Pack 2 is critical because >> it >> addresses today's exposures in a comprehensive fashion. For anyone >> currently >> using Windows XP, my advice is to apply it at your earliest opportunity." >> >> Actually in *several papers* available at Technetand MSDN, Microsoft >> urges people to uninstall the antivirus before installing SP2. There is >> a different story though, from Symantec who advises people to wait for >> their patches before installing SP2 on the webpage linked above. >> http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx >> >> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2004080212383739?Open&src=ivr_na_con >> >> "Symantec will release a product update to provide native support for the >> Windows Security Center status utility found in SP2. This update will be >> available worldwide over the coming weeks and will enable Symantec >> products to communicate their status to the Windows Security Center >> utility." >> >> Symantec asks you to wait, and in the case of their time table for >> enterprise editions for a vague range up to 8 weeks: >> >> FAQ Running Symantec Client Security >> http://tinyurl.com/6mfsy >> >> http://service1.symantec.com/SUPPORT/nsw.nsf/0f75ab1a9982283d88256c250066dc94/9918704bb68cedfe882568040070e925?OpenDocument&src=bar_sch_nam >> >> http://service1.symantec.com/SUPPORT/nav.nsf/docid/1999082515392606 >> >> "Symantec encourages its customers to install the product update prior to >> installing SP2 in order to avoid incorrect reporting from Windows >> Security Center." >> >> The "security center" for almost everyone who reads and contributes on >> these two groups is pretty moot, since they don't need that very basic >> thing to tell them where Technet security links are, or whether their >> firewall and AV are "on." But many Norton products require work-arounds >> to make a system scan work (can be obtained as well from any web site and >> sometimes will work from the command line with SP2 and for some people >> will not), to make "Live Update" for what it's actually worth work, and >> to boot up with auto protect on. >> >> Actually script blocking and email blocking are duplicative ancillary >> functions and hype in a Norton/Symantec AV product--not because those >> things aren't important--but because any engineer who works at Symantec >> will tell you that Auto-Protect does everything the other two do, and the >> other two could actually be turned off and you'd still get email scanning >> and script blocking. >> >> Norton Antivirus 2005 actually has a box telling people *explicitly to >> turn the Windows Firewall in SP2* off as does their Tech Support >> currently (I spoke with several of them yesterday)--the reason being >> because NAV 2005 has a little code from their "worm protection" or >> firewall which competes with the Microsoft Windows firewall. How much >> firewall is available in NAV 2005 is hard to determine (their new "worm >> blocking feature.") Obviously it isn't the whole NIS 2005. >> >> NAV 2005 for many people who have used it works fine with SP2 until the >> third boot, and then it has the well known freeze in refresh problem that >> is addressed sometimes by this Symantec KB which applies to Win XP RTM >> although it doesn't say so. A lot of Symantec/Norton KBs are labeled >> forone year's version but the same steps apply to versions of Windows and >> Norton after 9X. This is corrected by reregistering "jscript.dll" and >> downloading and reinstalling Windows Script Host 5.6 and other >> components. >> >> The more people they tick off by dragging their feet on compatibility to >> force sales of 2005 boxes, the better it may be for the new company, "the >> new security vendor on the block," Microsoft Antivirus. >> >> http://news.com.com/Security+vendors+face+new+kid+on+block%3A+Microsoft/2100-1016_3-5302920.html >> >> Best, >> >> Chad Harris >> _____________________________________________________________________ >> >> >> >> "Chris H." <email@example.com> wrote in message >> news:%2317WUfwfEHA.636@TK2MSFTNGP12.phx.gbl... >> The problem in some cases is (1) a previous version of the beta SP2 >> software >> has been installed, and a program installed during that existence, or (2) >> a >> software company hasn't updated their software to work with SP2 yet >> (example: Norton/Symantec, which is coming out today with an update to >> fix >> issues). Otherwise, it is very rare a program will fail. >> -- >> Chris H. >> Microsoft Windows MVP/Tablet PC >> Tablet Creations - http://nicecreations.us/ >> Associate Expert >> Expert Zone - www.microsoft.com/windowsxp/expertzone >> >> >> "KMO" <firstname.lastname@example.org> wrote in message >> news:Xns95416BD9E3EF4KMO@22.214.171.124... >>> "Mike Williams [MVP]" <mikew@Nospam]mvps.org> wrote in >>> news:#5FkhRmfEHA.2764@TK2MSFTNGP11.phx.gbl: >>> >>>> Some software is known to fail on SP2 due to new security settings. >>>> >>> >>> Well that doesn't sound very inviting! >> >> >