|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 154
Location: USA
|
 Posted: Fri May 28, 2004 7:34 pm Post subject: |
|
|
| Partner1 wrote: |
| Me for my part didn't have any virusses, trojan horses or any other alerts. Furthermore, my NIS is paid for AND registrered so I don't see any similarity.. |
Oh, wouldn't expect you to have any viruses, trojans or worms, my man!  To the best of my knowledge, no one using NIS/NPF (any version) has gotten hit yet -- unless they got social engineered, and that's an entirely different subject!
To the best of my knowledge, there's yet to be any real exploit code posted for the vulnerabilities identified by eEYE save the DoS demo exploit code posted on BugTraq (and that's not going to penetrate your system, just DoS it). So, even the NIS/NPF 2002 users (or earlier) who simply did a RESTORE to the pre-May 12 situation should still be in fairly decent shape.
On the other hand, I do worry a bit about the NIS/NPF 2002 users that simply disabled their firewalls and continued to surf away merrily -- and I haven't heard from any of them lately -- while waiting for a credible fix to be released. 
Finally, there are indisputably a number of NIS/NPF 2002 users that simply got disgusted, uninstalled NIS/NPF 2002, and then installed another software firewall. (They're not here any more either, for the most part.)
Let's be honest about it (and I wish Symantec would be, also). Just how long can one expect these customers to persist with a non-functional software firewall before they look elsewhere? At best, it's a matter of hours or days, certainly not weeks.
Well, this group is a problem for Symantec (and many of these guys thought, at least, that they had active subscriptions to updates that should work). They're gone now, I don't expect them buying any more Symantec products in the future and I think it's quite likely that they are certainly not going to recommend any Symantec products to their family members, friends, neighbors, or business acquaintances. Well, that's Symantec's problem; not mine.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
 |
MegaScott
Trooper
Joined: May 28, 2004
Posts: 11
Location: Canada
|
| Posted: Fri May 28, 2004 7:42 pm Post subject: |
|
|
M. Morris,
You are absolutely right. I personally would not wair weeks for a piece of software to get back to normal. The only reason I filed for an account is to help my clients. This issue does not help the sale of Symantec software, even though they no longer "support" NIS 2002.
I remember Microsoft closing the door on Windows 98 support back in January only to come back and extend it's support until 2005 since many users were still using it and haven't yet migrated to Windows XP.
_________________
Computer Technician |
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 154
Location: USA
|
| Posted: Fri May 28, 2004 8:11 pm Post subject: |
|
|
| MegaScott wrote: |
| . . . Just to clear up the "registered" vs. "unregistered" comments, I know for a fact that all my clients who use "NIS 2002" are legal users. They all have their original CDs weather OEM or in the usual yellow boxes. Some and not "registered" simply because they do not want "spam" mail from symantec and want to keep their identy private on the net. My copy here is legal and registered. In fact I even have NIS 2003 and NIS 2004 (with a valid "Activation Key"). |
Not to worry. . . I assumed that was the case. I know a lot of people myself with precisely the same attitude. Still, after reading Reese's rather convoluted response over at BBR/DSLR Security, I have to wonder if Symantec also understands this position?
| Quote: |
| I prefer 2002 because it is "lighter" and has worked for me for the last 3 years without any major incidents. . . . |
Hell, I'll be blunt; I wouldn't touch NIS/NPF 2003/2004 with a ten-foot pole.
| Quote: |
| . . . . For the "NIS 2002 interface" yes it is usually slow even on my P4 3.1GHz system. However in the case of the "slow down" problem, the interface seams to freeze up the mouse for 3 seconds every second. It takes a lot of patience to wait and try to navigate to the "X" to close the app. |
Awww, . . . you guys are goin' to keep beatin' on me until I break down and reload NIS 2002, aren't you? 
| Quote: |
| . . . I read in some other thread someone mentioning that one of the NIS 2002 programs would take up 100% of the CPU, causing indredibly slow performance. Apperently it was cleared up in a LiveUpdate over 2 years ago. I wonder if this might be the case again. |
For those who can monitor it (in NIS/NPF 2002) I understand that this has been attributable to symproxysvc.exe.
| Quote: |
| Obviously, at that slow performance and locking up the mouse temporarily, something relating to the NPF must be preoccuping the CPU big time. |
Not QUITE so sure you should jump to that conclusion. I just had something like that happen here and it (inexplicably) was associated with MSIE. All I was hitting at the time was security forums and reputable news websites. Now, symproxysvc.exe is, first and foremost a PROXY server that is pre-processing downloads. So, if something would hang MSIE without symproxysvc.exe, then it seems likely to me that it could also hang symproxysvc.exe if it were in the loop.
| Quote: |
| Question is what and why. Does any one know a way to graph a CPU usage of the services under Windows 98, like we can do on XP? IE: PROCESSES: filename.exe - 98% . . . , |
Actually, there are a number of options here. What I was using when this happened to me was Process Explorer from SysInternals. This is a freeware app, but has different downloads depending on which OS you're using. It's an interesting program in and of itself (for reasons that you are only likely to fully appreciate after you've played with it for awhile).
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
Randy_Bell
Symantec
Premium Member
Joined: Mar 13, 2004
Posts: 53
Location: USA
|
| Posted: Fri May 28, 2004 10:15 pm Post subject: |
|
|
| MegaScott wrote: |
| Does any one know a way to graph a CPU usage of the services under Windows 98, like we can do on XP? IE: PROCESSES: filename.exe - 98% |
TaskInfo 2003
http://www.iarsn.com/taskinfo.html
|
|
| Back to top |
|
|
astroc
Trooper
Joined: Jan 30, 2004
Posts: 24
Location: USA
|
| Posted: Fri May 28, 2004 10:32 pm Post subject: |
|
|
| Thank You Joseph Morris for spending endless hours eversince I started this thread about the NIS 2002 problem. I am still here lurking but not jumping the gun on the Live Update. Read your other thread at DSL Reports Forum...certainly seems like Symantec Rep is stepping up finally on this issue and you were right in pointing out to him that he didnt really see the big picture on 2002...he was addressing 2003 and 2004. Glad you are on our side the smaller consumers. Thanks again. I am watching threads on a regular basis....A Legal User of NIS 2002...Regars, Astroc |
|
| Back to top |
|
|
feersumenjiin
Cadet
Joined: May 27, 2004
Posts: 9
Location: USA
|
| Posted: Sat May 29, 2004 4:55 pm Post subject: |
|
|
| My system was back to normal yesterday, now it's back to snail pace browsing and it makes no difference if I disable the firewall now. WTF is Symantec playing at?? Soon as it is fixed my auto update is getting switched off for good. I'm getting really pissed off with Norton especially as I am a legit owner who pays a subscription to get this kind of treatment.. |
|
| Back to top |
|
|
astroc
Trooper
Joined: Jan 30, 2004
Posts: 24
Location: USA
|
| Posted: Sat May 29, 2004 6:20 pm Post subject: |
|
|
| May be what you have to do is do what I did to uninstall and reinstall norton totally....then update all the updates till mid May and hold off on remaninder of updates....That was what I finally did and run my system that way. Do remember which updates you do not want to download whenever you go back to Live Update to avoid repeating the problems you are having now. Wait it out and hope Symantec or someone can come up with a finally fix to this problem....Good luck, astroc |
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 154
Location: USA
|
| Posted: Sat May 29, 2004 7:51 pm Post subject: |
|
|
| feersumenjiin wrote: |
| My system was back to normal yesterday, now it's back to snail pace browsing and it makes no difference if I disable the firewall now. WTF is Symantec playing at?? Soon as it is fixed my auto update is getting switched off for good. I'm getting really pissed off with Norton especially as I am a legit owner who pays a subscription to get this kind of treatment.. |
From the BBR/DSLR Security Forum thread, may I suggest that you open msconfig.exe and DISABLE SNDMON.EXE from running at startup of your system? Many people have indicated that this, and this alone, quickly resolves the 'snail pace' problem.
There are other issues and these are currently under discussion (specifically for NIS/NPF 2002 users) in the thread at http://www.dslreports.com/forum/remark,10357746~mode=flat . Specifically, I would advise you to look at the posts today (29 May) that address 'files found' (and look at the attachments also, so you'll know what is being discussed). We think we've got the fundamental problem down to three files. I know that thread gets a bit detailed, but until Symantec decides to come right out and identify the problem, that's the best we have.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 154
Location: USA
|
| Posted: Sat May 29, 2004 7:57 pm Post subject: |
|
|
| astroc wrote: |
| May be what you have to do is do what I did to uninstall and reinstall norton totally....then update all the updates till mid May and hold off on remaninder of updates....That was what I finally did and run my system that way. Do remember which updates you do not want to download whenever you go back to Live Update to avoid repeating the problems you are having now. Wait it out and hope Symantec or someone can come up with a finally fix to this problem....Good luck, astroc |
astroc,
Could you throw up (here) a set of what you currently find for your NIS/NPF files along the same lines as those being discussed at BBR/DSLR Security Forum? I know a lot of people don't like to go to forums that they don't normally frequent, but something like this may help the guys here.
For those who may be wondering why I don't do this, the answer is simple: I personally have not been running NIS since late Jan 2004 -- I'm just trying to solve a problem for people who still are.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
feersumenjiin
Cadet
Joined: May 27, 2004
Posts: 9
Location: USA
|
| Posted: Sat May 29, 2004 10:20 pm Post subject: |
|
|
Thanks for the tip jvmorris, I will let you know what happens when I boot back up tomorrow.
I am still being constantly attacked by IP's emanating from Ohio and seem to have the same ISP as mine through tracking them.
How do I go about copying and pasting logs from NIS so I can email their ISP?
Thanks! |
|
| Back to top |
|
|
astroc
Trooper
Joined: Jan 30, 2004
Posts: 24
Location: USA
|
| Posted: Sun May 30, 2004 12:06 am Post subject: |
|
|
Hey Joseph...I did a search and I do have all three of those files as listed below....
Sndmon.exe....resides in C:\Program Files\Symantec\Live Update 87184 bytes..created 5/18/04 modified 5/21/04
Sndsrvc.exe....resides in C:\Common Files\Symantec Shared 193760 bytes..created 5/13/04 modified 5/13/04
Symnetic.dll.....resides in C:\Winnt\System 32 505056 bytes...modified 5/13/04....cannot find when it was created since I cannot find this particular file directly to look at the properties
I also pull up my LiveUpdate Log for your browsing. Remember I reloaded my NIS NAV completely and left out the two latest updates
NIS Security auto config file size 1176.2KB and the troubling download for me NIS Program 2002 update file size 102.2KB. My system is running smoothly without the 102.2KB update which I previously reported caused my system to run like molasses.
I hope this helps. Thanks JV Morris. Regards, astroc |
|
| Back to top |
|
|
MegaScott
Trooper
Joined: May 28, 2004
Posts: 11
Location: Canada
|
| Posted: Sun May 30, 2004 3:16 pm Post subject: NIS 2002 on Windows 98SE - The Slow Down |
|
|
I had a chance to return to my father's computer (1 of the 14 PCs having the slow down problem) and did some tests and analysis. He has NIS 2002 and Windows 98SE, both in US English.
I started by verifying with LiveUpdate that all the updates have been applied (as of May 29 2004).
This may or may not be a key issue: I have noticed in the "FireWall" logs of NIS 2002 multiple lines saying "29/05/04 20:47:11 Supervisor Firewall configuration updated: 122 rules". This occurs about every .33 seconds:
---===---
Norton Internet Security Version 4.0
29/05/04 8:47 PM (Eastern Standard Time)
Firewall Event Log
29/05/04 20:47:11 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:11 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:10 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:10 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:08 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:08 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:08 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:08 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:06 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:06 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:05 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:05 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:04 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:03 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:03 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:03 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:01 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:01 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:01 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:47:00 Supervisor Firewall configuration updated: 122 rules
29/05/04 20:46:59 Supervisor Firewall configuration updated: 122 rules
ETC...
---===---
If NIS 2002 was caught in an endless "configuration" loop, it may explain why it is so slow in treating other commands, such as surfing the Internet.
Since M. Reese from Symantec stated that there were failed updates (some products were not properly identified), I decided to uninstall and flush out everything having to do with NIS 2002 and Symantec from the machine. IE: Uninstalling NIS 2002, LiveUpdate, and LiveReg. I also erased various folders such as Symantec and LiveUpdate from the Windows/All Users/Application Data/Symantec/... where LiveUpdate catalogs and downloads are stored.
I reinstalled the product after a reboot. Everything was fine and quiet (including extremely rapid response times). The only thing in the Firewall log:
---===---
Norton Internet Security Version 4.0
29/05/04 09:19 PM (Eastern Standard Time)
Firewall Event Log
29/05/04 21:18:57 Supervisor NDIS filtering is enabled
29/05/04 21:18:57 Supervisor Firewall configuration updated: 79 rules
---===---
Then I proceeded to LiveUpdate the entire thing. Now it's back to square one. Slow and staggery navigation both in NIS 2002 screens and Internet Explorer. The firewall notices began again:
---===---
Norton Internet Security Version 4.0
29/05/04 11:18 PM (Eastern Standard Time)
Firewall Event Log
29/05/04 23:18:41 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:41 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:40 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:40 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:39 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:39 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:38 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:38 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:37 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:37 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:36 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:36 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:34 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:34 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:34 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:34 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:32 Supervisor Firewall configuration updated: 99 rules
29/05/04 23:18:32 Supervisor Firewall configuration updated: 99 rules
ETC...
---===---
Anyone else observe this?
Also, now NIS 2002 refuses to detect Applications that access the Internet properly. I must manually configure the apps. I have seen it before, and to solve it I had to uninstall everytthing again, to into the registry and erase everything having to do with NIS, Symantec, and Norton. Then reinstall everything.
Perhaps if M. Morris could relay this information to M. Reese over at "LiveUpdate - Did they break it?" on Broadband. It may or may not help everyone's issues for NIS 2002.
Thanks to all! |
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 154
Location: USA
|
| Posted: Sun May 30, 2004 5:16 pm Post subject: |
|
|
| astroc wrote: |
| May be what you have to do is do what I did to uninstall and reinstall norton totally....then update all the updates till mid May and hold off on remaninder of updates....That was what I finally did and run my system that way. Do remember which updates you do not want to download whenever you go back to Live Update to avoid repeating the problems you are having now. Wait it out and hope Symantec or someone can come up with a finally fix to this problem....Good luck, astroc |
Well, for what it's worth, you can find my latest speculations at http://www.dslreports.com/forum/remark,10377388~mode=flat . (Took me the better part of a day to go through everything and put that one together!)
Disable sndmon.exe (if it's installed), that's in memory and also in the startup list of msconfig.exe. Check for the presence of symids.sys/vxd (depending on your OS) and symidsco.sys/vxd. I think you need to have both installed and they need to have the same version/build information -- probably 5.3.1.54, maybe more recent now.
symfw.sys/vxd should be either 5.3.1.54 or possibly 5.3.1.55 (if you installed the 23 May LiveUpdates).
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
Nightblade
Trooper
Joined: May 17, 2004
Posts: 10
Location: France
|
| Posted: Sun May 30, 2004 7:41 pm Post subject: |
|
|
When i had NIS 2002 installed and faced this problem , i noticed that huge amount of entries in the log , that were similar to the one reported
| Quote: |
29/05/04 20:47:11 Supervisor Firewall configuration updated: 122 rules
|
I suspected at first that it was the cause of the heavy slowdown i noticed in internet browsing. But as it was not reported anywhere, i forgot about this. But now , as MegaScott saw that strange log content too , maybe there is a part of the answer there.
I monitor some security forums to watch the progresses on this NIS 2002 heavy problem despite i no longer use or even want to use it , and i noticed your work jvmorris.
I want to congratulate you for the time you invested in that "centralization" of the problem reports, i appreciate it, really.
You have my deep respect.
|
|
| Back to top |
|
|
astroc
Trooper
Joined: Jan 30, 2004
Posts: 24
Location: USA
|
| Posted: Mon May 31, 2004 1:09 am Post subject: |
|
|
Good to see you again Nightblade...hope ZA is doing a good job for you. NIS 2002 is still doing a job for me minus the couple of latest Live Updates as I stated previously.
Message to Joseph Morris...Keep up the good work...I dont know how you can keep all this stuff straight with inputs from this and other security forums...you are the man!! I uploaded my Live Update Log for your info about 5 or 6 posts before this one. Hope you find it helpful. Regards, astroc |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
