Gripes about Norton AntiVirus 2003

Norton Gets a Bit Less Secure by Sarah Lacy in Business Week magazine. December 1, 2005. Quoting: "Hackers, bored with attacking Microsoft, are going after Symantec, whose Norton products are the first line of defense on 50 million PCs worldwide ... hackers are bypassing or disabling Symantec software in their efforts to access personal information or spread viruses and worms." Printer Friendly version

Uninstalling

January 6, 2005. Windows 2000 SP4. I walked away from NAV 2003 today and it was hard. I started with the the uninstall function for Norton Anti-virus which ran fine and required a reboot after which I checked the Add/Remove Programs applet in the Control Panel. There were still entries there for Live Update and Live Reg (whatever that is). Removing Live Reg took only a second but it required another reboot.

After this second reboot, I tried to remove Live Update but was warned that there were Symantec products currently registered with Live Update that should be removed prior to removing Live Update. The only Symantec product on the computer was Norton Anti-virus. So far the un-install has failed to remove three other Symantec products. A scan of the list of installed programs turned up the Norton WMI update (which is what?). Uninstalling this required yet another reboot.

January 15, 2005. I used the same computer for a long time with NAV 2003 installed and thus had a good feel for how fast the machine ran. After un-installing NAV, I went a month or so before installing new anti-virus software. During this time, I noticed that opening Word documents was noticeably faster without NAV doing its virus scan automatically (it has an Office integration feature that I had been using). The machine in question was a Celeron 1.2 GHz with 640 MB of ram.

March 11, 2005. Yet more leftover junk from un-installing NAV 2003. A favorite program of mine is BHODemon which reports on the BHO programs installed on your computer. NAV uses a BHO program called NavShExt.dll. BHODemon found traces of this program in the registry after NAV 2003 was uninstalled. Quoting from BHODemon: "Although this BHO has entries in the Registry, the file itself () cannot be found. Possibly, this is the result of the file getting deleted during an attempt to remove the BHO. Since they are usually harmless, you can let these 'orphaned' Registry entries remain or you can have BHODemon remove these 'orphaned' Registry entries." I let BHODemon remove the registry entries.

NAV Disabled

January 4, 2005. Windows XP SP1 with all recent bug fixes applied, except for Service Pack 2. A couple days ago, Windows Update was run and it installed about nine bug fixes.

Networking

December 12, 2004. Again today, out of the blue Common Client CC App wanted Internet access shortly after booting windows. This on a computer where nothing had changed. I denied it access and could not do email. I check multiple email accounts on multiple email servers from multiple ISPs. None of them worked. Every attempt to read email results in an entry in the ZoneAlarm log that program ccApp.exe was blocked. The strange this is that this program has full Internet access permissions in the ZoneAlarm rules. I shut down ZoneAlarm (v5.1.011), re-started it and all was well. This may be a ZoneAlarm gripe, I'm not sure.

September 23, 2004. I don't use the automatic update feature of Live Update, instead opting to run it manually. ZoneAlarm today said that Common Client CC App was trying to access the Internet (to get to the DNS server of my ISP). The program was ccApp.exe. I allowed the connection and now the program is listening on port 1033. The remote address is my computer at port zero.

Windows XP SP2

August 26, 2004. With the recent release of Windows XP Service Pack 2, I checked with Symantec to see if Norton Anti-Virus was affected. There is an SP2 FAQ which says: "Installing Service Pack 2 will not affect Norton AntiVirus. The Windows Security Center will be aware that you have Norton AntiVirus installed, but it will not be able to determine its working status due to Symantec's tamper-protection technology."

To paraphrase Symantec's position: we're fine, Microsoft is not up to snuff. Interestingly, Microsoft says the exact opposite.

I believe Microsoft both because they have no motivation to fudge the truth and because if the Security Center does not correctly report the status of Norton AntiVirus, I believe the fault lies with NAV for not reporting it's status correctly to the Security Center. The Security Center is not a detective, it only reports what it is told.

Old Virus Definitions

July 26, 2004. Twice in the last few days someone I know was sent a virus as an attached file to an email message. Norton AntiVirus, both the corporate and the home edition did not detect the virus even with the latest virus definition updates (which were five days old at the time, even after running Live Update). The email messages were very obviously fraudulent, so I saved the attached file on my hard disk and scanned it using Trend Micro's online Housecall service. Trend Micro (the company behind PC-cillin) detected the virus in each case (one was a Bagel variant, the other a new flavor of MyDoom).

Just to make sure I was comparing apples to apples, I also ran the Symantec online anti-virus scan. It is inferior to Trend Micro's Housecall in two regards. First, Housecall is able to scan a single folder on your computer which is what I did in this case. The online virus scan thus ran very quickly. With Symantec there are no choices or options. The online virus scan just starts and doesn't even tell you what it is going to scan. Will it scan my D disk, E disk? In my case, I had to wait for it to scan my entire C disk before I knew if it detected the virus or not.

Second, the virus definitions that Symantec's scanner loaded were dated five days ago. This must be true because it failed to detect the virus that Trend Micro found.

By the middle of the afternoon, Symantec had updated their virus definitions and it now detects the virus. By this time, I had been sent it also, as had another person I know. One person was a Hotmail user and although Hotmail scans messages for viruses it did not pick up this one.

August 25, 2004. 9AM ET. My virus definitions are dated August 18th and manually running Live Update resulted in no new virus definitions. Seven days seemed like a long time between virus definition updates, so I checked Symantec's Latest Virus Threats page. New virus definitions were created on August 20, 21 and 24.

Administrator Userid Required back to top

May 11, 2004. You have to be logged on to Windows as an Administrator class user in Windows 2000 and XP to run Live Update.

It's not clear to me after reading this KB article whether Live Update can be scheduled using the Windows 2000/XP scheduler to run as an Admin user and run correctly even though the currently logged on Windows user is a restricted user. This KB article does not discuss the Windows scheduler at all. It also doesn't mention running a full virus scan, but I think that for this too, you also have to be logged on to Windows as an Administrator class user.

A reader of this page wrote to say that under Windows XP, while logged on as a restricted user, programs NDETECT.EXE and NAVWNT.EXE fail to run via the Windows scheduler. Everything works fine on his computer when logged on as an Admin user. I haven't tried to duplicate this. He claims to have dealt with Symantec tech support by email many times, even running tests for them and submitting Task Scheduler logs. To date, he claims not to have received any useful responses from Symantec. One work-around for Windows XP is to log in as an Administrator and then use user-switching to let a restricted user log on the the computer while the Admin user remains logged on. The relevant KB articles (thanks Karl) are:

Two More Live Update Problems back to top

Update: A reader of this site wrote to say that a gripe I had with NAV 2004 also applies to NAV 2003. When Live Update is running in the background, the main NAV window does not indicate this. You only find out by clicking on the Live Update button and getting an error that it can't be run manually while it also running on its own in the background. November 8, 2004.

April 26, 2004. Microsoft Patch Fixes Norton AntiVirus by Scot Finnie in his newsletter. For about two years Mr. Finnie struggled with an intermittent problem with Norton AntiVirus that has, at times, driven him to try competing products. The problem was that Automatic Live Updates would stop working. Symantec managed to fix this in Norton AntiVirus 2003 for a time, but the problem returned and persisted in Norton AntiVirus 2004.

February 8, 2004. Windows 2000 SP4. For years when using NAV (including earlier versions) the date of the virus definitions that is displayed in the main window, would get updated as soon as Live Update finished. Recently this stopped working. Now, after running Live Update, I have to close NAV 2003 and open it again to see the new date for the virus definitions.

February 9, 2004. I found that clicking on the Options button causes a refresh of the virus date.

February 17, 2004. I shut down the main NAV user interface window and then opened it again. At first it showed the old virus definition date. Then, about 10 seconds later, it showed the new date without my having done anything.

March 6, 2004. This time I just waited and watched the main NAV user interface window after having downloaded new virus definitions with Live Update. After about 15 or 20 seconds, the date of the virus definitions updated itself.

March 17, 2004. Still more debugging. This time I happened to have Task Manager running and noticed a spike in cpu usage, after Live Update said it was done and finished. The cpu spike was from program LUCOMS~1.exe, which I'm fairly sure is part of Live Update. In other words, Live Update lies. It is not done with it's work when the user interface shows that it is done. For some reason, a child's taunt comes to mind: Liar, Liar pants on fire.

Accessing the Internet back to top

February 3, 2004. I couldn't take the constant queries from ZoneAlarm so I told it never to allow program NAVW32.EXE to access the Internet. So far so good.

Update: March 12, 2004. This has worked so far. NAV still wants to get out to the Internet, but ZoneAlarm does not allow it. The rest of NAV has worked just fine in the 5 or so weeks since I made this change. In the ZoneAlarm log, it shows many blocks of the Norton AntiVirus Scanner module. It has also blocked Word for Windows from accessing the net (trying to get to the DNS servers of my ISP on port 53). I don't often use Excel, but when I did today, ZoneAlarm showed that it too wanted to access the Internet to get to crl.verisign.com (at 64.94.110.12 port 80) once and to my DNS servers once (both from a single invocation of Excel). There are also many instances of Windows Explorer trying to get to the Internet (again my DNS server) which, I suspect, is part of the same issue.

Update: May 18, 2004. Still no problems. ZA is still blocking program navw32.exe from accessing the Internet but, interestingly, this program does not appear in the ZoneAlarm log any more.

Update: May 21, 2004. A reader of this page mentioned this KB article: Dial-up networking attempts repeatedly to connect during startup and shutdown after installing Norton AntiVirus. It turns out that the reason a dial-up connection might repeatedly prompt you to connect to the Internet is that Norton AntiVirus uses a Certificate Revocation List to ensure that the digital signatures attached to NAV files have not been compromised. I mention this here, because the CRL apparently is also to blame for this problem. Quoting from this KB article:

Update: July 10, 2004. A reader of this page running Norton System Works 2003 used the Windows XP netstat command to see that before his computer connected to the Internet there was a connection made to crl.verisign.com. An additional parameter causes netstat to also report on the owning process ID which can be matched, using the tasklist command, to a program. In his case, the program was ccApp. After connecting to the Internet the connection disappears. I can't verify this.

Live Update Bug back to top

Symantec slams the door on LiveUpdate flaw January 13, 2004, CNET News.com. Symantec, fixed a problem in LiveUpdate - a vulnerability that could allow malicious users to gain unauthorized administrator access rights to an affected PC. A new version (2.0) of LiveUpdate is now available for download. It is 4MB.

Windows XP Shut Down Problem back to top

January 12, 2004. You cannot log off, restart, or shut down Windows XP your Windows XP-based computer from Microsoft. When you try to log off, restart, or shut down your Microsoft Windows XP-based computer, the screen may flash, and computer does not log you off, restart, or shut down. This behavior occurs if you install some versions of Norton Antivirus 2003. The ccApp.exe program causes this behavior.

No Right Click back to top

January 8, 2004. Windows 2000 SP4. NAV 9.05.15. I updated NAV today with both virus definitions and an update to LiveReg. Also installed today were a new Java VM from Sun Microsystems, Flash and Shockwave. A number of new problems started.

January 9, 2004. A reader of this site emailed to say that there are several posts on the Symantec users' tech support forum about a corrupt Live Update that went out on January 7th. In my case, since I installed a lot of software at once, there are many possible culprits for my problem.

January 9, 2004. Another reader emailed to say he has experienced the same anomaly on various machines running NAV 2001 - 2003 or System Works. The machines were running Windows 98se, XP Pro SP1 and Win2000 SP4. Unlike me, he only downloaded the newest LiveReg updates and virus codes making LiveReg the likely culprit. He had no problems on machines where he only updated the virus definitions, but did not update LiveReg. I too had no problems on a machine where I declined the LiveReg update. Finally, he noted that machines with NAV 2004 were not effected.

January 9, 2004. The next after turning off the computer and re-booting, it seemed fine.

Symantec: VeriSign at fault in Norton glitch January 12, 2004, CNET News.com. Symantec blamed VeriSign for problems with its software products that left users' PCs unresponsive and unstable. The problems caused a flurry of angry posts to the Symantec area of support forums Some users of the Norton products reported that their PCs locked up or slowed down after downloading the latest virus definitions after January 7, 2004.

Virus Definition Date back to top

October 22, 2003. Windows XP Home Edition SP1 with all bugs fixes applied as of October 21, 2003. NAV was version 9.05.15.

A picture of this gripe pretty much speaks for itself. On the main UI window, NAV did not know the date of the virus definitions it was using. The "updating" is wrong, I waited a bit and it never changed. Running Live Update and getting new virus definitions fixed this.

Common Client back to top

October 9, 2003. There was a problem with Live Update and the Symantec Common Client Updates as shown here at the right. I saw this on two different computers running NAV 2003. The error at the bottom is "LiveUpdate could not determine if there is an update for this product because the update list for this product is.." Ooops, I forgot to write it down.

The problem cleared itself up in a couple days.

Windows XP and MSN Messenger back to top

September 18, 2003. Windows XP Home Edition with all the patches as of September 2003. Norton AntiVirus 2003 also with all known bug fixes applied. Task manager showed spikes in cpu usage even when the machine was idle, with no one typing anything at the keyboard. While the machine is being used, the mouse pointer often changed to indicate it was busy. ZoneAlarm showed that it was blocking hundreds of outbound requests from "Messenger". This turned out to be MSN Messenger as the Messenger service had been disabled. MSN Messenger had been configured not to run automatically at boot time (Tools ->options ->preferences). Task manager often showed program msmsgs.exe using processor cycles when the machine was idle.

I found the answer at the Windows XP forum of annoyances.org. The problem was NAV 2003 which was set to monitor MSN Messenger (Options -> Instant Messenger). Turning off the checkbox got rid of the cpu spike and constant attempts at establishing an outbound connection and program msmsgs.exe no longer appeared in Task Manager.

Renewing Subscription back to top

September 1, 2003. To continue getting new virus definitions, you have to pay Symantec every year. O.K. Twice recently I was setting up computers for other people. Both machines came with NAV 2003 pre-installed and each also had a three month subscription. Both machines were being given to non-technical users so I wanted to renew the subscription ahead of time to save them the inevitable confusion.

I have renewed subscriptions before and knew the period was a year. However, this raised the question of whether renewing three months before the current subscription expired would leave me with 12 months or 15 months worth of virus updates. I searched and searched and could not find the answer. I looked everywhere there was to look and eventually, on the first machine, gave up. I tried emailing Symantec but this is not possible. I left them a "comment" and never got an answer.

By the time I was faced with this question a second time on another machine a few weeks later, I had given up. Whether I lost the time remaining on the current subscription or not, I wanted to re-up for another year.

At least I couldn't figure out how. All the automation for paying for another year is tied into the current subscription running out. There is no way, that I could find, to renew early.

Automatic Live Update back to top

September 1, 2003. If you opt for automatic live update when does it run? Once a day? Every other day? Every hour? Must be none of our business because nowhere in the user interface does NAV 2003 tell you the schedule it uses. Neither is there a log of its activity.

Those of us running firewalls, need to know the name of the program ALU uses to check for new virus definitions and bug fixes. This program needs to be granted access to the Internet. NAV does not say what the program is. I don't use Automatic Live Update, but when I turned it on a bit for a test, ZoneAlarm warned that the Symantec NetDetect program wanted to access the Internet.

The help does say that for ISDN users it checks every four hours for virus definitions when your computer is connected to the Internet. It does not say how often it checks for bug fixes to NAV itself.

Checking the Windows 2000 scheduler turned up the fact that NetDetect runs every five minutes!! It is not the program however that checks for updates. The next day, NAV told me that there were pending updates but ZoneAlarm had not asked about NetDetect accessing the Internet. Another computer, running Windows XP Home Edition also had NetDetect running every 5 minutes via the Windows scheduler.

Symantec has a Knowledge Base article: What is NetDetect? Quoting from the version last modified June 19, 2003: "NetDetect is a Symantec program that checks for an active Internet connection. Automatic LiveUpdate uses it. After NetDetect has found an active Internet connection, it attempts to connect to the LiveUpdate server. If successful in connecting to the server, it checks for available updates."

The article says that we get to configure a time for Automatic Live Update. This is not true. It also says the five minutes is only used if it can't connect to a Live Update server.

Full System Scan back to top

May 26, 2003. Version 9.05.15. What does a full system scan scan? This should be trivial question to answer, but NAV 2003 does not tell you, either beforehand or afterwards. After running a full system scan (which takes so long no one would watch it run) the summary does not say what was scanned. Did it check the D disk and E disk? The only hint is the total number of files scanned. The NAV help does not say what gets scanned. The activity log also, does not say which drives were scanned, only the total number of files examined.

Program nmain.exe and Firewall back to top

April 10, 2003. NAV 2003 Version 9.05.15. Windows 2000 SP3. When I started NAV 2003, my firewall (ZoneAlarm version 3.7.143) warned me that program nmain.exe wanted to access the Internet. I said not to allow it and things seem to work. Although the NAV user interface took a long time to start up, I was able to run Live Update and download new virus definitions, despite not allowing this program to access the Internet.

The program is identified as Symantec Integrator version 6.00.17. It was trying to get at my DNS server, which I suspect means that it was really trying to access a computer on the Internet by name (DNS servers translate from computer names to IP addresses). What computer was it trying to access? Why? I don't know. The ZoneAlarm alert log, showed that program nmain.exe made 11 attempts to access the Internet (all were blocked by ZoneAlarm). This is likely why the user interface took so long to start up.

The tech support section of Symantec's web site says nothing about this. I searched for a number of possible keywords, but came up empty.

Live Update Problem 2 back to top

March 20, 2003. NAV Version 9.015.15. Live update showed there were two updates available. One for the virus definitions and a program update to NAV itself (about 2 MB). I opted to ignore the virus definition update and selected only the program update. I didn't get it. Instead NAV incorrectly said that I chose neither update. I got out of Live Update and re-invoked it. This time it only showed the virus definition update, the program update was gone.

Problem 3: October 29, 2003. After Live Update updated the common client program (no new virus definitions) it requires a re-boot. There is no choice to reboot later, you must reboot NOW.

Live Update Problem 1

After installing NAV 2003, Live Update would not run. The error was LU1814 Live Update could not retrieve the update list. For a full size screen shot of the error window click the thumbnail at the right.

The computer in question was connected to the Internet via a cable modem. There was no obvious way of telling Live Update to use the cable modem, LAN based net connection. It seemed intent on using a dial-up connection.

The machine could connect to the Internet just fine with IE 6 SP1. The OS was Windows 2000 SP3.

The Live Update configuration has an ISP tab that defaulted to "customized settings for live update" and was using a dial up networking connection definition. My first guess was to change this to internet options in the control panel, though the meaning of this is not clear at all. It didn't fix the problem.

Shutting down my firewall did not fix the problem.

For my default dialup connection, I changed it from "never dial" to dial when a connection is not present. No help. Then I tried the option to always dial my default connection. It failed too.

The Symantec tech support web site for NAV 2003 had a popular item called Error: "LiveUpdate could not get the list of updates. LiveUpdate could not retrieve the catalog file..." when running LiveUpdate. It says to connect to the Internet before running Live Update. I had. It says to get latest version of Live Update. I have it (v1.80.19.0) as per What is the current version of LiveUpdate and how do you obtain it

I also read the item How to configure LiveUpdate for your Internet connection which says that in the IE Connections tab to click the LAN settings button and turn on the auto detect option. This was already on.

It had instructions in How to delete a corrupted Settings.LiveUpdate file which can become corrupted, resulting in this error. I followed the instructions and deleted the file. The problem persisted.

The same KB article also had instructions for what to do if a Corporate Edition was previously installed which was, in fact, true in my case. It warned that there might be a file left over from that installation that points LiveUpdate to a network server rather than the Web-based Symantec Live Update servers. The name of this file is S32luhl1.dll and it should be deleted, if it exists. The readme file says: If Live Update finds the LAN transport file (s32luhl1.dll) in the same directory that it is being run from, it will search for a LAN entry in its settings file and use that transport instead on the FTP and HTTP transports. This sounded like a perfect fit for my problem, but it wasn't. My computer did not have this file.

In looking at the Live Update folder however, I found an old file: Liveupdt.hst.default with what appeared to be junk in it. I deleted this file, but the problem persisted.

The Readme file also says that Live Update stores all of its configuration and logging information in the following files:
   log.liveupdate - Log file
   product.catalog.liveupdate - List of installed Symantec products
   settings.liveupdate - Configuration settings
LiveUpdate will also keep backup copies of these files by adding a number to the beginning of the filename. The higher the number the older the file. These files are located in an 'Application Data' folder. I found the folder in
C:\Documents & Settings\all users\application data\Symantec\liveupdate
Live Update does not remove its configuration or log files when you uninstall it according to the ReadMe file. Sure enough, there seemed to be old files here from the corporate edition of NAV.

At this point I uninstalled Live Update, rebooted, deleted all the old files from the previous corporate edition and re-installed Live update. You uninstall it from Add/Remove Programs in the Control Panel. You re-install it by running LUSETUP.EXE on the NAV 2003 CD .

This certainly changed things. Now Live Update works, however, the only product it knows that is installed on the computer is Live Update itself. It no longer is aware of NAV. Live Update checks for updates to Live Update, finds none, and is very happy.

Next I uninstalled NAV, rebooted, uninstalled Live Update, rebooted and re-installed NAV 2003 which also re-installed Live Update. Problem fixed.

All the time I was debugging this, I could only think about how there is no free telephone technical support for NAV 2003. On the other hand, Symantec offers a 60 day money-back guarantee which would allow you to return the product should there be installation problems. November 2002.

Uninstalling back to top

Much of this is a follow-up to the above problem. Un-installing Norton AntiVirus has been a constant problem, as shown by my experiences in the above problem, the reader comments below and the many Symantec KB articles on the subject (see below).

FYI: A reader of this web page wrote me recounting problems un-installing a copy of NAV 2003 where Live Update would not run. He ran Rnav2003.exe and removed registry items recommended by Symantec. Despite this it was not completely removed. He then used a registry cleaning program (JV16 Power Tools) to really clean out all traces of Symantec software from the registry. This worked. I can not verify this. February 7, 2003.

FYI: Another reader had problems with NAV 2003 under Windows XP and the problem did not go away with a simple un-install and re-install of either NAV or Live Update. He uninstalled NAV 2003, manually searched and deleted all liveup*.* files and folders, rebooted and reinstalled NAV 2003. This worked for him. July 28, 2003.

FYI: Still another reader wrote to tell me about his success in cleaning up a broken Live Update after having the typical un-install and re-install fail to fix the problem. This worked for both Windows XP and 2000. His error was: "LiveUpdate could not get the list of updates. LiveUpdate could not retrieve the catalog file...". The first thing he did was delete a corrupted Settings.LiveUpdate file. You can find this file by searching your hard disk for "Settings.LiveUpdate" and then deleting (or renaming) all such files. Then he downloaded and installed the most recent version of LiveUpdate from www.symantec.com/techsupp/files/lu/lu.html. The file is called Lusetup.exe. The next time you run Live Update, the settings file that was just deleted should get regenerated. September 13, 2003.

FYI: Another reader wrote about his dealing with an LU1814 LiveUpdate problem. Deleting the LiveUpdate settings files did not work. Downloading the latest LiveUpdate did not work. Uninstalling NAV2003, LiveUpdate and LiveReg, then rebooting and reinstalling them all, did not work. It turns out he had a Settings.LiveUpdate file hiding away in C:\Documents and Settings\All Users.WINNT\Application Data\Symantec\LiveUpdate which his earlier searches did not find. Getting rid of this Settings.LiveUpdate file fixed his problem. November 6, 2003.

FYI: Another reader had yet another reason for this error - a malware program (virus, worm, adware, etc.) had changed the Hosts file. This is how the bad program prevents your finding it and removing it. Programs that do this not only block all access to the Symantec web site, they also block access to the web sites of other AntiVirus programs. The location of the Hosts file varies with different versions of Windows. June 9, 2004.

Symantec KB article: How to uninstall Norton AntiVirus 2003 or Norton AntiVirus 2003 Professional Edition There is more than one way to uninstall Norton AntiVirus or Norton AntiVirus Professional 2003. Uninstalling from the Program list menu is the recommended method. If you cannot uninstall in the recommended way, then you can use the Rnav2003.exe removal utility.
Update: A reader of this page cleared up a NAV 2003 problem only after uninstalling, running the rnav program and then manually deleting all the files in the Symantec shared folders. (thanks Joe) May 18, 2004.

My Observations back to top

Perhaps the biggest ongoing gripe with NAV (true of many versions of the product, perhaps even all versions) is that the automatic Live Update only brings in new virus definitions. The user is responsible for manually running Live Update every now and then to get bug fixes (patches) to NAV itself. In addition, NAV does not even tell the user when there are available bug fixes waiting to be applied.

The ability to make and use Rescue Disks is limited to Windows 98, 98 SE, and Me.

The Readme file does mention whether you can install NAV 2003 on top of an older version of NAV or whether you should un-install an older version of NAV prior to installing the 2003 edition. However, the manual does cover this.

After installing the program, you are shown the Readme file with the usual gotchas and glitches. This should be done before installing the product. One of the gotchas effects Windows 98 with Office 2000 and Office XP, another has to do with dynamic volumes in Windows 2000 and XP. These things need to be known up-front.

The CD-ROM has a User Guide in Adobe Acrobat format. This user guide is not copied to your hard disk as part of the software install. It also has a lot of information on how to install the product and should be read prior to installing.

The CD that comes in the boxed version of NAV 2003 is wrapped in paper. Symantec opted not to protect it in a plastic jewel case.

Telephone technical support is a paid, not free service. Even help with installation related issues is not free. Speaking to Symantec about NAV 2003 costs $30 per "incident" and is only available during business hours on weekdays.

Mail Washer back to top

Norton Anti-Virus 2001 would not interfere with MailWasher (v1.32), but NAV 2003. does. MailWasher can be used to preview email messages. It offers a safe preview mode where messages are displayed only in plain text format and only the first 400 lines of a message. This worked great with NAV 2001. However, NAV 2003 seems to force MailWasher to read an entire email message so that it can scan the message for viruses.

After upgrading to NAV 2003, when I try to read email with MailWasher, ZoneAlarm asks whether to allow Common client CC app to connect to the internet. If I say no, MailWasher fails. If I say yes it works. This is not a MailWasher program, it is a NAV program, sticking itself between my email program and my email server. NAV 2001 also checked incoming email for viruses, but did not interfere with the normal operation of MailWasher. I may be less safe now, because by reading the entire email message, I may be susceptible to a new virus, one that my copy of NAV 2003 has no defense against.

The program is ccapp.exe version 1.00.104 from August 19, 2002. ZoneAlarm says the product name is "common client". This only happens the first time I use MailWasher. If I close it down and restart it, the next time it checks mail I'm not asked any questions. When both NAV 2003 and Live Update were un-installed, MailWasher worked the way it always did. (November 26, 2002)

Another MailWasher problem: MailWasher never had connection problems prior to installing NAV 2003. Now it occasionally does producing error messages that are obviously not true, such as connection dropped (when it had not) and checking if the POP3 mail server really was a POP3 mail server (it is and has always been). There were also delays in authenticating to the mail server that never happened before NAV 2003. Twice while having connection problems I re-configured NAV 2003 not to scan incoming mail and each time the MailWasher connection problems disappeared immediately. The connection errors are not consistent, sometimes MailWasher can connect to my ISP's email server fine. But they are frequent enough to be annoying. December 14, 2002.

FYIs back to top

Windows XP SP2 and Symantec FAQ for Consumers says "The Windows Security Center will be aware that you have Norton AntiVirus installed, but it will not be able to determine its working status due to Symantec's tamper-protection technology"

The main tech support page for Norton AntiVirus is www.symantec.com/techsupp/nav/ from which you have to select a particular version of NAV.

The main technical support page for all Symantec consumer products is www.symantec.com/techsupp/consumer_cs.html. Here you have to select both the product and the version on this page.

Obtaining free technical support is not obvious. From either of the above pages click on anything in the section "top support issues and contact". You will want the "Contact". For example, click on either "Error message issues" or "Installation issues". On the next page, click on the yellow Contact tab. In the next page click on "Free online support". As of June 2004, this took you to https://support.ece.com/forms/symantec/contactsymantec.asp where a request can be entered for free technical support.

FYI: Symantec has an Automated Support Assistant that identifies the Symantec products installed on your computer and checks for known problems. It is an ActiveX program so it will only work from Internet Explorer. When I tried it for the first time today (just to see what it does), it generated a Security Alert (click thumbnail for full size image) before installing the ActiveX program. In other words, the program to help you detect problems, caused an error, even when there were no problems. May 18, 2004.

FYI: After having used NAV2003 for over a year on a Windows 2000 machine, the directory C:\Program Files\Common Files\Symantec Shared\VirusDefs was 32 megabytes. That seems like a lot for virus definitions. It may be keeping some old virus definition files by mistake. Not sure. December 4, 2003
Update: Five months later, the directory was up to 35 megabytes. May 9, 2004.

FYI: After installing NAV it adds itself to Windows Explorer. You can remove this with View -> Toolbars -> Norton AntiVirus.

FYI: Symantec Raises Subscription Rates Security company ups renewal rates by $5 across product line. PCWorld.com September 2, 2003

FYI: In case you haven't read the Readme file, it points out that there is a known bug with Windows 2000, Outlook Express and Outlook, which causes email to be sent slowly with Norton AntiVirus email protection enabled. As of the August 2002 Readme file, the fix for this exists as a hot fix that can be downloaded here. By now (October 2002), the bug fix may be in Windows Update or a Service Pack. I don't know.

FYI: If you use auto-update, it defaults to checking for new virus definitions every four hours.

FYI: If you are planning to upgrade from Windows 98/Me to Windows 2000/XP, you must uninstall Norton AntiVirus first and then reinstall after the upgrade is complete.

FYI: Scanning email for viruses only works with POP3 email. It does not work with IMAP, AOL, Lotus Notes, POP3 with SSL or web based email. Supported instant messenger clients are AIM 4.7 and later, Yahoo 5.0 and later, MSN Messenger and Windows Messenger 4.6 and later.

FYI: From the Symantec Knowledge Base Should I disable ccApp.exe from loading at startup? ccApp should not be disabled at startup. ccApp.exe is the common hosting application that is used by both NAV and NIS. It is responsible for calling the different program features in NAV and NIS.
Update: A reader of this site noted that his firewall reports that CCAPP.exe requests Internet access at boot up. Symantec's explanation does not cover
this behavior.

FYI: Contact Symantec with a NAV 2003 problem here I'm told (but have not confirmed) that Symantec's phone numbers are (408) 517-8000 and (800) 441-7334 and (800) 441-7234.

Other Opinions back to top

Quoting Ed Foster: "The last few months has seen the biggest wave of Symantec gripes since I started the Gripe Line. And that's saying something, because customers of Norton anti virus products have long been a particularly rich source of gripe fodder. But what is it exactly that has so many readers sick of Symantec at the moment? That's not going to be an easy diagnosis to make, because the symptoms are many." December 6, 2004.

Do you have gripes about Norton AntiVirus 2003? If so, leave a comment using my computer gripes blog.

Dealing With Symantec By Ed Foster August 17th, 2004

Rebates, copy protection, support ... the subjects vary considerably, but the stream of gripes about Symantec just keep coming. The one common thread seems to be that, when dealing with Symantec, it's hard to be sure just what deal you have.

Why I dumped Norton AntiVirus for McAfee VirusScan By Robert Vamosi. CNET Reviews. October 23, 2002. Quoting: "After years of using Norton AntiVirus, I was recently converted to McAfee's new VirusScan 7.0. Norton's current antivirus release simply fails to wow me the way McAfee's does...McAfee VirusScan 7.0 is a much better value: it includes firewall protection, uses fewer system resources (so you won't notice a big performance hit when running other apps), is smarter about ZIP scanning, and offers a free alternative to telephone technical support."
And, although not a gripe, the article also says: "For those of you who already use Norton AntiVirus, the 2003 edition doesn't offer much as an upgrade". (Alternate Link)

Scot Finnie has written about Norton Internet Security 2003 and NAV 2003 in his newsletter of November 8, 2002 and November 25, 2002 and December 9, 2002. In the first issue he said the best things about NAV2003 aren't new features, but improved operation. He also noted a bug in NAV 2003 (since fixed) where the inbound email scan deleted mail before it arrived in your mailbox. In the second issue, he says "People also complain vehemently about Symantec's tech support, and from my experience those complaints are justified". In the last issue he says "Symantec probably has the worst tech support of any major PC software company, and its website is impossible to find things on, so even do-it-yourself support is tough". (December 26, 2002)

In the January 20, 2003 issue of his newsletter, the Langa List, Fred Langa writes: "Norton has an annoying behavior ... A single email-borne virus can generate two separate warnings--- one from the email scanner and one from the all-files scanner. I don't know why Norton doesn't allow its two scanners to communicate with each other to avoid this needless duplication of alerts." He did not say which edition(s) of NAV do this.

What's wrong with today's antivirus apps. By Robert Vamosi, CNET/ZDNet Reviews. January 20, 2003. Much of the article is devoted to NAV 2003. You have to manually un-install an older version of NAV before you can install NAV 2003. The author says "It's not easy. The Windows uninstall process doesn't always remove all of Norton's various changes to the Registry, so ... you have to download a special Norton Antivirus removal tool from Symantec..."

Norton Antivirus 2003 Harbors Dreaded DRM Windows XP News Newsletter. February 18, 2003. We've been using Norton Antivirus (NAV) for years and always thought it a great product. It was only two weeks ago when we renewed the virus definition subscription for NAV 2002. But then it happened; Gus Higley (a sharp WinXPnews reader) gave us the heads up on NAV 2003 and DRM. You can imagine the horror! It was like finding out your spouse has become an ax murderer. NAV has always been high quality and reliable software. Now it's crippled by DRM. Now what? We can't recommend McAfee, because it causes more trouble than DRM.

Symantec Adds DRM To Norton Antivirus April 8, 2003 ExtremeTech. Symantec has begun adding digital-rights-management software to downloadable versions of Norton Antivirus 2003 in an attempt to foil software pirates. A pilot retail program will be starting soon. Symantec executives declined to reveal the DRM software being used, although a spokesman said that the software did not write information to the boot sector, as Macrovision's SafeCast products do. Symantec software has frequently been pirated, forcing their hand.

General FYIs back to top

The main tech support for Norton AntiVirus is here. You have to select a particular version of NAV. Symantec also provides an online knowledge base for current products and one for old products.

Norton AntiVirus 2003 Gripes