Norton turns into mental lipstick-wearing false-positive pig

Davey Winder
Thursday, 11 December 2008 16:43

Your IT - Home IT

Back in September when Symantec launched Norton Internet Security 2009, the Vice President of Consumer Business told the press in Madrid that "people shouldn't tolerate a security product with poor performance." Does going mental and warning that sites such as iTWire, CNN and Reddit are trying to attack your network count?

While still in Madrid, just an hour or so after the launch of Norton Internet Security 2009, I posted a story here at iTWire which asked if NIS 2009 was just lipstick on a pig.

At the time I concluded that no, it probably wasn't. My opinion did not change after I returned to the office and put one of the long standing Norton issues to the test, that of clean uninstallation.

I was shocked to discover it actually worked, Norton actually removed itself without leaving a ton of horse crap behind on my system. In fact, I was so pleased with it that I ended up installing NIS 2009 on one of my main workhorse laptops.

Everything was fine, until yesterday. Until Norton Internet Security 2009 insisted that iTWire was trying to attack my network. To be honest, I doubted this very much. What with being a writer for them and all, and knowing the people who run the place, I was pretty sure that was not the case.

Yet there in front of my eyes was the evidence: the Norton screen telling me that it had blocked an intrusion attempt by iTWire.

To be precise, it accused iTWire of trying to download a suspicious PDF file download which matched the signature of a known attack.

A quick bit of research at the Symantec support site suggested that there were no known cases of false positives associated with this signature, and that the attack risk level was high. Of course I let the iTWire admin guys know so they could investigate further.

Was iTWire trying to attack my network, and if not what the heck was going on? Find out on page 2.

CONTINUES