Tag Archives: fraps

Overzealous malware hunter: Norton Internet Security 2010

I‘m a happy user of Norton Internet Security 2010 (referrred to as NIS 2010 henceforth). I have never been infected with any nasties primarily due to a combo of taking common-sense precautions (like not downloading “free ringtones”, “sexy videos” or any “codecs” to view said sexy videos), being aware of my internet surroundings and having NIS take care of things when I’m lax. However, NIS 2010 has issues that I need to vent about.

NIS 2010 has this nifty feature called Insight Network Scan where Norton consults its community/database on a file it’s not sure about. By default, it appears that if a file has been used by less than 10 users (not sure how they can definitively say this because they may be counting only systems with Norton Internet Security 2010 installed, who knows?), Norton classifies the file as a risk, specifically as WS.Reputation.1 or Reser.Reputation.1. Here are some specific and notable instances of Norton Insight ensnaring ‘innocent’ files:

  1. Wireshark x64 v. 1.2.6: On the 28th of January 2010, I downloaded the 64-bit version of Wireshark and I got alerted that the file was Suspicious and the risk it posed was called “Reser.Reputation.1”. After complaining on Norton’s Facebook page, some updates were pushed out and the “Reser.Reputation.1” classification was removed.
    wireshark.png
  2. FastPicture Viewer Codec Pack v. 2.1R3: On 26th of May 2010, I purchased this Codec Pack and downloaded the file. Norton complained and deleted the file after calling the risk “WS.Reputation.1”. This case was actually interesting because I contacted the developer via email to verify that their software hadn’t been somehow tampered with and I got a semi-humorous lecture about my use of internet security software. πŸ™‚ They assured me their software was fine, provided me with VirusTotal links, etc. I also went ahead to notify & they instructed me on how to submit a false positive report.
    fastpicture-nortonissue-flattened.png
  3. Fraps (paid version) v. 3.2.3: On the 16th of June 2010, I learned of a new version of Fraps via Neowin and I went to download this latest copy. Norton deleted this file because it was *gasp* a risk, having been used by less than 10 people in the Norton “community”. This time, the Fraps file’s risk was termed “WS.Reputation.1”. I wasn’t even given the opportunity to whitelist the particular executable that I downloaded. Eventually, I had to temporarily pause Norton’s “antivirus protect” service just so I could download and install the file! As usual, I notified @NortonOnline and filed a false positive report.
    fraps.png

Now, up till now, my impression of the “xx.Reputation.1 risk” classification has been that it’s a minor disturbance. Everytime this happened with a file I cared about (Wireshark, Fraps, etc), I notified @NortonOnline (their official twitter account) and filled out a dispute form on their site. and I can certainly appreciate why this feature was put in place, but clearly the feature is becoming a little too trigger-happy. So far, the files that have been caught in this dragnet have been files I downloaded from the internet. However, today (06/27/2010), Norton Internet Security 2010 went too far.

I learned that Firefox 3.6.6 had been released via Twitter and I quickly went to upgrade my install of Firefox from 3.6.4 to 3.6.6. NIS 2010 didn’t complain about the upgrade and I got the standard post-install welcome page from Mozilla about the successful upgrade. Fast forwarding to about ~ 4.20pm (EST) today, I got a prompt from NIS 2010 that I had never seen before:
nortonprompt.png

I was surprised because I hadn’t even received notification of a suspicious file being found. So, I reviewed the “Recent History and found out that NIS 2010 had slapped the “WS.Reputation.1” tag on 3 .dll files in Mozilla Firefox‘s install folder on my C: drive (freebl3.dll, softokn3.dll and nssdbm3.dll). From the NIS 2010 interface when reviewing the history, it’s not readily apparent on how to “reverse” any decisions the Insight engine has made so I reluctantly restarted my computer.
ffdlls.png

Since restarting my computer at ~7.30pm (EST), Firefox refused to start and crashed every single time.
ffcrashes-06272010.png
I’m pretty sure it wasn’t happy that those 3 .dll files were deleted by NIS 2010. In fact, those files are pretty important to Firefox (duh). Anyway, after getting tired of having IE 8 as my default browser and feverishly updating NIS 2010 definitions, I reinstalled Firefox 3.6.6. and *knock on wood* it hasn’t mysteriously decided that certain dll files are suspicious.

*That* was a mouthful. I’m sure I’ll have more of these false positives before the month is over. I’d rather NIS 2010 err on the side of caution every time, but they’re running the risk of me/users getting used to temporarily turning off the software just to install stuff. The end. πŸ˜›

In an automated email to me, Norton recommended:

  1. Digitally signing your binaries.
  2. Submitting your software to their Whitelist program here: https://submit.symantec.com/whitelist/

norton-rec.png

My blog’s existential crisis … sort of. :)

I have the lamest (yet valid) reason for not blogging in over a weekΒ  now: I didn’t know what to say. For the first time in awhile, I felt thoroughly jaded about writing yet another how-to or kvetching about the latest software/hardware fault. There are a ton of sites that I’ll defer to when it comes down to the technical nitty gritty of things, but I hope that my scribblings may have made sense of someone out there. It’s been over 2 weeks since I moved back to Vista and I must confess that I have forgotten what Ubuntu feels like. That sounds like a betrayal even to me, but some context is in order.

Before throwing up my hands in despair and wiping off Windows fromΒ  my laptop, my laptop had a lot of experimental (beta quality) software on it and had witnessed scores of uninstallations that clog disk performance. My computer was rapidly becoming as sluggish as my 3 year old XP desktop PC and I didn’t know how to fix it. I was not infected with any virii or rootkits that I knew of, but I had a lot of programs installed and I experimented a lot with my laptop. The final straw was when some of my personal files became corrupted after running a couple of diagnose-and-repair programs and I threw up my hands in defeat. I’d experimented a lot with virtual machines and was becoming rapidly enamored of the Ubuntu/Linux distribution. I backed up my personal and professional files in two places and said “hasta luego” to Vista. Imagine my giddiness when my computer booted up & was ready to roll in less than 1 minute! However, Ubuntu’s “downfall” at my hands came because of a single issue.

Fast forward to mid-March when I restored my laptop to its factory conditions with my recovery DVDs. I installed my essential programs which are:

  1. Microsoft Office Ultimate 2007 (everything except the Business Contact Manager or Office Accounting 2008) :- I love Office 2007. Eye candy and extremely functional.
  2. Adobe Acrobat Professional 8 :- I paid for this and it is worth its weight in gold! Of course, this was an educational version so it was less than $60.
  3. Microsoft Baseline Security Analyzer 2.1
  4. Acronis True Image 2009 :- Worth the money I’ve paid for it. I would purchase it again in a heartbeat!
  5. Acronis Disk Director 10 :- A master at slicing and dicing drives i.e. partitioning, etc
  6. Microsoft Expression Studio Suite :- Got this for free at Microsoft DreamSpark; The included Microsoft Expression Encoder 2 is one of the best converters for .AVI files i.e. AVI to WMV in high quality. I love it!
  7. Ultraedit Text Editor :- Fast and killer at handling huge text files. It’s mostly a Notepad replacement for me, but I wanted the best of the best and Ultraedit was the unanimous victor.
  8. Norton Internet Security 2009
  9. Secunia PSI :- For keeping tabs of programs that need updating or that have reached the end of life period.
  10. PC Wizard
  11. Fraps :- For high quality capture of games I’m playing or simply for recording the entire desktop by monitoring the desktop windows manager. Well worth the dough I dropped for it and it comes with free upgrades for life!
  12. Gizmo5 :- I love this program although the call quality could do with some work. I use this to communicate with my folks in Nigeria by buying Call Out minutes. I get the most bang for my buck that way.
  13. Imgburn :- this program lets the user be awesome as Kathy Sierra would say. It’s so easy to use that a cavewoman like me can use it without tearing out her hair!)
  14. Wireshark :- I fire this baby up whenever I’m out of my home network to monitor HTTP traffic leaving & entering my computer. I always use my SSH tunnel whenever I’m on public wifi or on an insecure/hostile network so I try to inspect my HTTP packets for any cleartext passwords, etc. Yes, I’m a tinfoil hat wearer. πŸ™‚
  15. Nmap :- I haven’t fully gotten the hang of this, but I know that I intend on tapping into its power.
  16. Camtasia Studio 6 :- THE name in creating awesome screencasts and I won a license of this fantastic program via a contest on Gottabemobile.
  17. Snagit 9 :- THE name in taking awesome screenshots of whatever you’re doing. πŸ™‚ I’ve paid for this baby twice because it’s that good.
  18. Netalyzer :- Every computer needs one of these. ‘Nuff said.
  19. 7-zip :- For unobtrusive unzipping & zipping needs, 7-Zip is the program to beat.
  20. FeedDemon :- I would be very lonely in the world without FeedDemon. πŸ™‚ I kid, but this program is a desktop RSS reader that backups up my subscriptions and has handled my feeds with minimal hiccups.
  21. Filezilla (and/or Winscp) :- The masters at FTP/SFTP/SSH connections.
  22. Putty :- For making SSH tunneling on my laptop possible. I heart you, Putty.
  23. Xobni :- the Outlook plugin
  24. Firefox :- bestest browser EVAR!!
  25. Cyberlink Youcam 2 (for whatever reason, this program won’t receive updates and I’m in the market for an alternative webcam program like Logitech’s Quickcam software for the Logitech Pro 9000)
  26. Speedcrunch :- This calculator is faster than the built-in calculator in Vista and has even more functionality. I love that it saves all calculations for me so it gives me a reason not to buy the latest shiny thing that catches my eye. πŸ™‚
  27. WinDirStat :- This nifty program tells me which folders are hogging up all my hard drive space. It’s thanks to this program that Nero 9 is not on my laptop anymore. I discovered several GBs in some folders created by Nero 9. I had no idea what those folders were for and I was too scared to delete them.
  28. TheSage dictionary :- Free dictionary that can search online (Wikipedia, Google, etc) from the application’s interface. I debated long & hard about replacing Wordweb Free with this program, but now, I have no regrets. The Sage is just as fast (if not faster) than Wordweb Free.

After installing these 28 programs and installing their updates, I slowly “rolled” out more program installations while carefully monitoring the Performance Information and Tools monitor for any problem programs. One software tool is conspicuously absent and that is Nero 9 which I used to swear by. The reason I have kept Nero 9 off y computer lies in the fact that it is overkill for my purposes (as I’ve learnt the hard way). I don’t want this post to become a screed, but Nero 9 has actually gotten in the way of doing stuff instead of making stuff drop-dead easy. So, I went with Imgburn for its simple 1-click options.

As of today, I’ve added a lot more programs to my computer, but I’ve been discriminating in what I put on my laptop. These programs see less usage than the 21 above, but they are on my laptop because I want them there. They are:

  1. Windows Live Writer
  2. Microsoft Streets & Trips 2009 (with GPS)
  3. DVDFab
  4. ConceptDraw Professional 7 :- A worthy alternative to Microsoft Visio Professional 2007. For making neat drawings that would take forever in Word. πŸ˜›
  5. ConceptDraw MindMap 5
  6. Microsoft Math 3.0 :- Don’t ask. It’s not worth the 20 bucks I paid for it because it’s slower than molasses. I recommend SpeedCrunch if a vanilla calculator will suit your needs.
  7. GPG4Win :- Every now and then, I get this bee in my bonnet that I need to encrypt my email conversations. I’m not in cohorts with evil people so my paranoia is largely unjustified. However, if I did encrypt all my email, no one would be able to get in touch with me because my contacts are not tinfoil hat wearers like me!
  8. Quicktime 7 Pro and QuickTime MPEG-2 Playback Component :- I went Pro over 2 years ago and it’s definitely worth it. I purchased the MPEG add-on because at the time, I needed that capability. Worth it? Meh.
  9. Spacejock software :- You can’t beat free & high quality software. yBook is an e-Reader that simply works OOB (out of box). It is my alternative to the ~ $300 Amazon Kindle. Eat your hearts out, suckers! πŸ˜›
  10. Woopra :- A web analytics program
  11. Skype :- I have about 2 contacts on Skype (my husband and a friend of ours). πŸ™‚ However, I need Skype on the laptop because I can make video calls to my husband and when my husband is jamming with his friend (my 2nd contact), they call me via Skype and I can listen to their music.
  12. CCleaner :- This program is not on my must-have list because I already do a lot of the tasks it performs manually. I’ve been burned by mediocre “clean up” software (*cough* TuneUp *cough*) so I’m leery of such applications. However, CCleaner has a very good reputation so I’m comfortable with running this program once a quarter. πŸ™‚
  13. Bulk Rename Utility :- a free program by Jim Willsher for bulk renaming. It does what it does simply and fast. Tons of options to satisfy any needs (extension changes, sequential numbering, etc). A specialized tool, but not essential. It also has a dedicated 64 bit version.
  14. ColorPic :- Another specialized tool for when I’m optimizing my Adsense ads and I need to pick matching colors. πŸ™‚

Right now, my computer is humming right along with me when I click to open things, etc. I haven’t had the Performance Information and Tools monitor tell me that any issues have been documented by the computer. I haven’t had the computer bluescreen (BSOD) on me yet *knock on wood* although my experience with Windows tells me that even BSODs happen to the best of us.

I will be updating this post with links to the programs later so enjoy!