|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
BigSlick
Cadet
Joined: May 12, 2004
Posts: 3
Location: USA
|
 Posted: Wed May 12, 2004 8:07 pm Post subject: Symantec Web site block |
|
|
I can't navigate on any site that has Symantec in the URL
There is some sort of block on the Symantec site. Needless to say (even though I am) I can't do updates or get any other information off of the site.
Any idea how to fix it.
The problem was noticed after I used Symantec to remove the SasserB worm |
|
| Back to top |
|
 |
k027
1st Responder
Joined: Aug 25, 2003
Posts: 1259
Location: USA
|
| Posted: Thu May 13, 2004 1:11 am Post subject: |
|
|
Hello BigSlick,
Try checking your Hosts file for Symantec entries. Remove any that you find.  |
|
| Back to top |
|
|
BigSlick
Cadet
Joined: May 12, 2004
Posts: 3
Location: USA
|
| Posted: Thu May 13, 2004 9:31 am Post subject: |
|
|
| Where is the Hosts file located? |
|
| Back to top |
|
|
k027
1st Responder
Joined: Aug 25, 2003
Posts: 1259
Location: USA
|
| Posted: Thu May 13, 2004 1:29 pm Post subject: |
|
|
Windows 95/98/Me c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts |
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 159
Location: USA
|
| Posted: Thu May 13, 2004 3:39 pm Post subject: |
|
|
I agree.
This sounds very much like you got hit (and I have no idea how at this point) with some of the malware that modifies the hosts file in order to block your access to the websites of popular AV/AT/PSF vendors. For example, when you try to access the website, it 'reflects' you back to 127.0.0.1 (which is your own machine), so you can't connect to the website you're trying to reach (and it doesn't have to just be 127.0.0.1, incidentally).
_________________
Regards,
Joseph V. Morris
'The man who was not there" |
|
| Back to top |
|
|
AndyHelliwell
Lieutenant
Joined: Feb 18, 2004
Posts: 159
Location: Netherlands
|
| Posted: Sun May 16, 2004 9:33 am Post subject: Re: Symantec Web site block |
|
|
| BigSlick wrote: |
I can't navigate on any site that has Symantec in the URL
There is some sort of block on the Symantec site. Needless to say (even though I am) I can't do updates or get any other information off of the site.
Any idea how to fix it.
The problem was noticed after I used Symantec to remove the SasserB worm |
If you use the security check function on the Symantec web site,NIS
thinks that it is being attacked and it adds Symantec to the Auto Block
if you have it enabled.Maybe somewhere along the line your security
system has unwittingly blocked Symantec.
|
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 159
Location: USA
|
| Posted: Sun May 16, 2004 9:54 am Post subject: Re: Symantec Web site block |
|
|
| AndyHelliwell wrote: |
| . . . If you use the security check function on the Symantec web site,NIS thinks that it is being attacked and it adds Symantec to the Auto Block if you have it enabled. |
Yes, if AutoBlock was enabled, NIS would block the Symantec probe site, just as it would if you were to run the firewall tests from GRC, PCFlank, BBR/DSLR, or even from here at Computer Cops.
That's why the firewall test sites should be added to the Exclusions List accessible on the page where AutoBlock is enabled. (Myself, I disabled AutoBlock, because I wanted to see the details of multi-probe attacks in my logs and AutoBlock makes that impossible.)
Also, last time I checked, AutoBlock only remains in effect for about 30 minutes.
| Quote: |
Maybe somewhere along the line your security
system has unwittingly blocked Symantec. |
Yes, this is another possibility (in addition to the Hosts file issue). In this case, I would think would be in the NIS list of IPs and URLs in the NIS Restricted Zone listing. (That's the NIS Restricted Zone, not the Internet Explorer Restricted Zone.) Sites listed in the NIS Restricted Zone would be permanently blocked. (And if this is what has happened, somebody needs to let Symantec know, because that's not supposed to be feasible other than through the program interface itself.)
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
AndyHelliwell
Lieutenant
Joined: Feb 18, 2004
Posts: 159
Location: Netherlands
|
| Posted: Sun May 16, 2004 10:15 am Post subject: Re: Symantec Web site block |
|
|
| jvmorris wrote: |
| AndyHelliwell wrote: |
| . . . If you use the security check function on the Symantec web site,NIS thinks that it is being attacked and it adds Symantec to the Auto Block if you have it enabled. |
Yes, if AutoBlock was enabled, NIS would block the Symantec probe site, just as it would if you were to run the firewall tests from GRC, PCFlank, BBR/DSLR, or even from here at Computer Cops.
That's why the firewall test sites should be added to the Exclusions List accessible on the page where AutoBlock is enabled. (Myself, I disabled AutoBlock, because I wanted to see the details of multi-probe attacks in my logs and AutoBlock makes that impossible.)
Also, last time I checked, AutoBlock only remains in effect for about 30 minutes.
| Quote: |
Maybe somewhere along the line your security
system has unwittingly blocked Symantec. |
Yes, this is another possibility (in addition to the Hosts file issue). In this case, I would think would be in the NIS list of IPs and URLs in the NIS Restricted Zone listing. (That's the NIS Restricted Zone, not the Internet Explorer Restricted Zone.) Sites listed in the NIS Restricted Zone would be permanently blocked. (And if this is what has happened, somebody needs to let Symantec know, because that's not supposed to be feasible other than through the program interface itself.)
|
Letting Symantec know anything is close to impossible,I even reported a
security bug that I found but they never contacted me,their customer
service is almost as bad as MCcrappy''s.
I found a way of sending personal information that is suposed to be
protected by NIS over the internet,NIS did not even notice when I
sent the info.I just tried it again to confirm that Symantec has not fixed
the bug,I added the words "Joey Ramone" as personal data to NIS,this
should have prevented those words from being sent out of my computer
by accident or theft..........Not a chance I still managed to send and
receive the words without NIS even noticing.
You can alter the length of time that auto block blocks an IP adress,up
to 48 hours if you want.After a time on Yahoo messenger I check the
autoblock window in NIS,sometimes there are several entries,if you
wanna get attacked to check your firewall out get a Yahoo messenger
account.
|
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 159
Location: USA
|
| Posted: Sun May 16, 2004 11:13 am Post subject: Re: Symantec Web site block |
|
|
| AndyHelliwell wrote: |
| jvmorris wrote: |
...
| Quote: |
| Maybe somewhere along the line your security system has unwittingly blocked Symantec. |
... Sites listed in the NIS Restricted Zone would be permanently blocked. (And if this is what has happened, somebody needs to let Symantec know, because that's not supposed to be feasible other than through the program interface itself.)
|
Letting Symantec know anything is close to impossible,I even reported a
security bug that I found but they never contacted me,their customer
service is almost as bad as MCcrappy''s.
|
Well, there are a number of people -- here, at BBR/DSLR Security Forum, and at Wilders, to name only a few of the more popular Security Forums -- who can easily reach Symantec people via private e-mail (or even via phone in some instances, presuming they actually return from Cancun this weekend.  ) But any sort of explicit feedback (other than possibly acknowledging receipt of your notification of a problem) is admittedly almost impossible to obtain. Indeed, eEYE's hard-nosed approach seems to be one of the few that actually gets an acknowledgement.
But, all of this begs the question in the current instance (and in the context in which I made the above statement). To wit, does someone have evidence of a situation in which entries in the NIS Restricted Zone (or even worse, the Trusted Zone!) have been subverted? If so, we need to know, so that at least some attempt could then be made to communicate this to Symantec.
| Quote: |
| I found a way of sending personal information that is suposed to be protected by NIS over the internet, . . . |
Quite frankly, I'm rapidly coming to the conclusion that their LiveUpdates are likely to break something about as often as they fix something. Too many people are finding their LiveUpdates render a NIS/NPF installation (and sometimes a NAV installation) inoperative with no warning whatsoever. To me, this smacks of a lack of rigorous testing prior to release.
| Quote: |
| You can alter the length of time that auto block blocks an IP adress,up to 48 hours . . . . |
Thanks, I wasn't aware of that, having stopped with NIS 2002.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
AndyHelliwell
Lieutenant
Joined: Feb 18, 2004
Posts: 159
Location: Netherlands
|
| Posted: Sun May 16, 2004 11:38 am Post subject: Re: Symantec Web site block |
|
|
prior to release.
| Quote: |
| You can alter the length of time that auto block blocks an IP adress,up to 48 hours . . . . |
Thanks, I wasn't aware of that, having stopped with NIS 2002.[/quote]
Live update does not seem to work this year for my NIS,I have to update
manually,if I forget I get a warning that the virus definitions need updating.
NIS is not as good this year in the way that it works,I am so very pissed
off with Anti Spam becauce it just ain't reliable,I hate the way that I have
512 mb of ram but it just ain't enough for NIS,I hate the way that stupid
bugs ruin the program.
Nowerdays software companies make a product thinking that 85% is
gonna work without a problem,it is cheaper for them to get rid of testing
and QA and just try and fix problems by bringing out patches.
I have MCcrappy Internet Security 2004,due to bugs it did not keep my
computer virus free,having to turn off the security in order to be able
to download my email was the problem,but MCcrappy have
still got my money.They should have de bugged their shite product
before they brought it out on the market.
Symantec are going the same way as MCcrappy,I am getting sick of
shoddy badly put together programs that are expensive. 
|
|
| Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 159
Location: USA
|
| Posted: Sun May 16, 2004 12:16 pm Post subject: Re: Symantec Web site block |
|
|
| AndyHelliwell wrote: |
| . . . Live update does not seem to work this year for my NIS,I have to update manually,. . . |
Out of curiosity, did you have to manually update LiveUpdate itself? (I know some people did.)
| Quote: |
NIS is not as good this year in the way that it works, . . .
I have MCcrappy Internet Security 2004, due to bugs it did not keep my
computer virus free, having to turn off the security in order to be able
to download my email was the problem, . . . |
NIS 2004? Have to turn off the security to download e-mail? Not good, not good at all.
I don't know what to tell you. I got nervous based on the first reviews I heard from knowledgable people who tried NIS 2003. That's why I never upgraded beyond NIS 2002 (v 4.0.x). And now we've got problems there with this last update.
All capabilities to document the product's basic configuration and detailed firewall rules had been eliminated (Albert Janssen's utilities no longer would work) and (until recently), even Sven Schaefer's NIS Log Viewer did not work. At that point, it became extraordinarily difficult to do any sort of diagnostics or trouble-shooting and that bothered me a great deal. Furthermore, there were a steady drizzle of complaints that strongly suggested to me that the internal security enhancements being made to the product (to protect the product itself) were being made in a manner that were now making it increasingly fragile and possibly unreliable (with no indication or diagnosis possible -- at least for some users). Subsequent events have largely confirmed my fears.
I've tried other software firewalls. I find some better in certain aspects (more protocol coverage in particular), but there are also functionalities that have been present in NIS for years that were still not well handled by the alternatives (and documentation of configuration, rules, and firewall events was definitely part of that). At the moment, I'm seriously considering regressing to either NIS 3.0 (2001) or NIS 2.55. I've got an enhanced NAT router out front now and I use a totally separate file authentication utility, so I could even go back to NIS 2.0 if it comes to that. I'd still have the ad-blocking, privacy control and user accounts functionality (and it sounds like the privacy might still be functional if I did that ), so I think that may well happen here shortly.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
| Back to top |
|
|
AndyHelliwell
Lieutenant
Joined: Feb 18, 2004
Posts: 159
Location: Netherlands
|
| Posted: Sun May 16, 2004 1:22 pm Post subject: Re: Symantec Web site block |
|
|
to download my email was the problem, . . . [/quote]
NIS 2004? Have to turn off the security to download e-mail? Not good, not good at all.
I don't know what to tell you. I got nervous based on the first reviews I heard from knowledgable people who tried NIS 2003. That's why I never upgraded beyond NIS 2002 (v 4.0.x). And now we've got problems there with this last update.
quote]
It was Mcafee's bucket of shite security program for 2004 that I had to
turn off to get my email,not Norton.
With NIS 2004 a sign comes up telling me that a program is trying to
connect to the internet,automatic configuration is not always an option,
I can choose Block,accept,or configure manually.Configure manually
goes ok but the settings that I choose never save,if I choose block
or accept those setting will save alright.
Some menu's have the same problems,accepting yes or no goes
alright,but manual configuring just does not always save.
NIS 2004 is just not as good as it should be,also I ain't got a job so I
ain't got any money,next year if I am not working I will be forced
anyway to try and get a decent free internet security system,and
Norton and Mcafee will just have to live with losing my custom. |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
