Windows 7: NIS 2011 Troubles

I posted the following on the Norton forums and have not heard any replies yet...
________________________________________________



Let me begin by saying that I was really surprised to find my PC acting funny yesterday. I get a large number of spammy emails and Norton will maybe only filter out 1 or 2 of them. I do mark the rest it doesn't filter but I shouldn't have to be doing that all the time! A business that I recommended Norton to called me yesterday to say that their computer was compromised through the Norton Firewall. They were using Norton IS 2010. When I arrived, I could not open NIS 2010 interface nor could I initiate a full system scan. I upgraded them to the 2011 of NIS so that I could view some of the system history but didn't really see anything too much out of the ordinary. However, they were saying that when they were running NIS 2010, there were a few occasions where they would startup in the morning and after they saw the Windows logo, the screen would go blank. The system would not go to the login screen nor did it show any signs of wanting to go. They also said the computer was slow at times with performance going from fast to slow. I did run my diagnostic tools to look for viruses and other malware that was present on the computer and didn't find any. I did notice while I was on scene that the computer's performance was fast and slow. The Task Manager's CPU level would jump from 100% to 50% and so on in between. If Norton has a firewall and it IS updated, why is it not blocking any of these attempts? Being that the 2010 interface would not open up tells me that there indeed was something going on.

And now, on my personal PC it is also acting strange. As I said, I get maybe 30-60 pieces of spam a day and Norton only filters out about 1-2 messages at the most. Yesterday, I noticed that when I would tell Internet Exploer to close by clicking the red X in the right top corner of the screen, IE would close and then say that it automatically quit and was looking for a solution but never found one. I did do a restart of the system and that did not help. Then I started having problems with my email. I use MS Outlook 2010. When it would launch, it would show the opening logo and then go to my inbox. After about 2-3 seconds, the window would turn white and it would say Outlook automatically quit and was looking for a solution. It never did find one. I ran my diagnostic tools on my PC and found nothing as well. I did a full scan with my Norton IS 2011 and it found tracking cookies - nothing else!

Then, a few days ago on one of my other PCs, Norton let in a nasty rogue called Adware Professional. Norton flagged the download safe and flagged the program as safe. This rogue was a little different from others because it did not tell me I was "infected". Instead, it pounded the machine in the background with malware, adware and other junk. SONAR never picked up on this which in my opinion it should have. I have never heard of such a thing happening like this! All of the people that I have helped are now calling me complaining of being infected because of Norton.

What's going on??? Either Norton or SONAR is slipping up some where...
I am really thinking of not renewing my subscription after it's up. The business who also called me complaining of being hacked has already said they are NOT renewing.

Hi,

I've been using NIS2010 and eventually NIS2011 on my system (incl. Outlook 2010) for a while now and have not come across any of the symptoms you describe.

Keep us updated if you hear anything - it will be intresting to see what develops.

regards,
Golden

UPDATE:
Follow any updates here.

Thanks. I'll keep checking back from time to time.

First of all people's computers are not becoming infected because of Norton Internet Security, but because the systems are being attacked and more often than not the users are complicit. Perhaps that's obvious, but I believe how the problem is framed is important. That said I take your point that NIS is not intercepting these attacks and that's a legitimate concern. I don't know why, but many general spectrum AVs do not successfully block fake AV malware and rootkits. It is necessary to use additional tools, such as MBAM, SAS, and HitmanPro to deal with these. I also now regularly scan with Kaspersky TDSSkiller when cleaning systems. In my experience NIS can detect and flag the TDSS rootkit, but it cannot remove it. If there is another AV/Suite that can reliably deal with rogues and rootkits I would definitely test and ultimately switch to it, but so far none of them do AFAICT. I'm open to suggestions though. Meanwhile I like that Norton Internet Security is light on system resources, installs and uninstalls very quickly and does a good job of automating protection to reduce user participation to near zero (where it needs to be).

I agree that there are some key components when looking at IS software. However, NIS 2010 seemed solid and I was surprised when I got the call saying that attempts to get through the firewall were being allowed. If a firewall is going to do that, then what's the point of having one if it's gonna let you down when you need it most - ESPECIALLY when it's a small business who are trying to protect every aspect possible. The one thing that did tip me off was that NIS 2010 would not open its interface. From there, I knew something was wrong.