Norton Internet Security Woes

[bstarz]

Hey guys. I am new here. Before I start my rant, let me first say that I really enjoy the Hak5 episodes. I definitely like the USB Switchblade. :D Anyway, on to the point. I am currently interning at a multiple listing company. We provide a place to list houses online for real-estate agents. Well, right now, we are currently running into some major issues. Our websites are extremely dated and are getting torn up by the many security programs out there. The main threat is Norton Internet Security.

NIS, as many people like to call it, decides to block the main buttons on the website, and also reject the pop-ups on another. Not only does Norton block the pop-ups, but also does not warn about doing so. The best thing that we can do right now is tell them to temporarily disable Norton, empty their temp internet files (yes, the site requires IE. :( ) and log back in. For some reason, Norton likes to lock the temp internet files, so if you try and clear them while NIS is on, it won't do anything.

We have tried configuring Norton to work with our site, allow the pop-ups and "ads" that they say we have. Still, we get callbacks with people already configured for it, and Norton still blocking it.

Is there anyway to write an active-x component that sits on IE and allows the traffic from our site and totally skips Norton and others? I know the site needs to change, but I have no decision in updating/upgrading it, so I am stuck on the phones repeating myself. Anything would be helpful. Thank you.

[melodic]

tell ur customers they shouldnt be using NIS it should be N(a)IS(ty)

[VaKo]

Sorry man, your site is to out of date to be usable anymore. Your going to need to talk to whoever is in charge and suggest a new site.

[Sparda]

NIS, as many people like to call it, decides to block the main buttons on the website, and also reject the pop-ups on another.

Do these buttons use VB script to work?

Not only does Norton block the pop-ups, but also does not warn about doing so.

Norton should not block wanted popups, if it is, I would say that your site is badly writen.

The best thing that we can do right now is tell them to temporarily disable Norton,

How about rewriting your site so it dosn't do any thing that would seem suspisious?

empty their temp internet files (yes, the site requires IE. :( ) and log back in. For some reason, Norton likes to lock the temp internet files, so if you try and clear them while NIS is on, it won't do anything.

It probably locks the temp files to prevent 'out side' tampering.

We have tried configuring Norton to work with our site, allow the pop-ups and "ads" that they say we have. Still, we get callbacks with people already configured for it, and Norton still blocking it.

Probably becasue your site acts like it's doing some thing suspisius.

Is there anyway to write an active-x component that sits on IE and allows the traffic from our site and totally skips Norton and others?

Insted of ActiveX either use AJAX or, if the 'web application' dose things that is far too complex for AJAX to handle, use Java.

I know the site needs to change,

yep

but I have no decision in updating/upgrading it

Too bad

so I am stuck on the phones repeating myself. Anything would be helpful. Thank you.

My surgestion:

Rewrite the site so it:

Dosn't use ActiveX

Dosn't open new browser Windows through user defined JavaScript functions

Dose as much work as posible server side. (Client side scripting = bad)

Doesn't display images using JavaScript

Follow thoughs guide lines and not only will NIS not stop it from working, but it should work on any and all browsers.

[bstarz]

What you guys are telling me is what I tell them. Once again, I have no choice but to use this software. The company is in a contract with the designers of the site. I have no access to the source code and will never. I have been trying to hack my way through the site, so I can build my own front end that fixes these issues. Since I am on tech support, I would love to have more time writing this then to be answering phone calls about setting up Norton right. Also, you guys sound like you are supporting Norton, the bloatware king. :roll:

This is my current situation, and I can not just go rewrite the source to my liking. This tech support job is hell on Earth. I am just glad I am an intern.

[moonlit]

Nope, I personally think Norton sucks BUT the point is that the site is out of date and, no matter how much I dislike it or how inefficient I think it is, it *is* doing its job.

[jool]

Norton is horrible and nobody should ever be forced to use it, it's just inhumane. And the site is obviously a pile of garbage barely recognizeable as markup. It's a lose-lose situation with you in the middle, I would feel sorry for you except that you came with the idea of using ActiveX to bypass a security application chosen by the user and that is just pure evil.

[bstarz]

I would feel sorry for you except that you came with the idea of using ActiveX to bypass a security application chosen by the user and that is just pure evil.

Why? I am just trying to make the situation better. You have no idea how it feels to tell someone over the phone that Norton is worthless. The people we mess with everyday are scared. Most of them go out and BUY Norton because it "makes hackers go away". I get yelled at all the time telling people to disable Norton for 5 minutes. They are scared that people from the Internet might jump right in. It's sad too, because I have run into a lot of occasions where people with Norton STILL get virii and spyware. Even configuring Norton correctly, it still fubars the site up.

I know the website is garbage. I have no choice in changing/fixing it. I am secretly writing a new one and will end up giving it away for free, just to help. The company who designed the website has a contract on us, so change will not happen anytime soon. Not only that, but most of the actual designers/programmers of the site have left the company. We call this one lady everyday to try and get something fixed and she just gives us garbage reasons for why it is broken on our end. If I had 5 minutes with the source, I would have all the problems fixed. The site is so bad, that it's driving my boss insane. This job is all repetition. She has just gotten tired of it. If you think the Norton problem is bad, this company forces a "component upgrade" on all the machines. Not only does it stick a dll out there to check everything like if the browser is IE6 or not (checks the registry), but it sticks old versions of MSXML 3 and 4 on the computers. This "upgrade" was designed for IE6 when it first came out. We are now incountering problems where people can't log out with IE7. It's THAT bad. The situation already brought me towards a temp fix with an ActiveX control. I just want something to hold until I can put out something better.

Now, here is my plan. The interface on the newer version is not bad. The main issue is the pop-up windows. The windows were meant for multi-tasking, and I will tell you right now, most realtors dont even bother multi-tasking. What I was thinking is stealing the design so we wont have to reteach the site (yes, there is a class people take to learn how-to operate this POS of a site), but rework the frontend to be multi-browser compatible and to function in one window. I was able to find a debug menu and the site functions off of XML queries. What I was thinking is just reusing the XML and feeding it into PHP. I am fairly new with PHP and have no clue with AJAX, so any help is needed.

I was mainly asking for this quick fix to the problems because this site is actually quite bulky. It has a lot of features and will take a while to implement them all. Once again, any help would be welcomed.

[moonlit]

From what you say, the web design company is a sinking ship... persuade someone with a bit of weight to throw around to go see the legal people and get out of that contract. Take the loss - a bad website sucks ass and people will get pissed off will having to disable their anti-virus which they trust and to be honest, if I didn't know what I know and I called you for help and you said 'dable your avtivirus to make our site work' I'd get suspicious and say screw you...

Just a note, I've a feeling that enough of us here *have* had to tell enough people Norton sucks via whatever communicative model... be that phone, letter, face to face... ;)

[VaKo]

Out of interest, is this quite a big outfit your working for? If so, hacks might not be a workable solution in the long run. I honestly think that at this stage, you should do a report on the websites failings and take it to your boss. Explain to him that while you might be able to make this workable, in the long run it will need redoing by a company who knows what there doing. It almost seems like your site was designed for a company intranet, rather than the public internet its being used on. In a intranet, activeX is acceptable, even useful, on the public net, its not.

What database is running the backend of the site? I'm guessing its all running off of MS stuff. Re working activex to php & javascript and getting the same level of functionality isn't going to be easy.

I know this isn't the answer you looking for, but the site doesn't sound like it has much left in it. If the company won't take this issue seriously, i'd start work on your CV. Your obviously a smart guy, so find a company that will listen to you. As for telling people Norton is crap, i feel your pain. Its very hard to explain to people why this well known, respected software that cost them £50 (or local) is rubbish, especially when they aren't that clued up about firewalls et al.

So see if your boss will give you some time on the clock to look into a series of tempory fixes for the site, but impress on him the need to have a serious think about the direction of the company. If they don't want to fix this, people will go else where.

[cooper]

There are a couple of things you need to consider when you talk to your boss about this.

- He's got a contract with a company. I.e. he's got someone to scream at.

- When you create something new, who will keep it going once you're gone?

- He's invested in this site. Like any good business, he wants to milk every penny he can from it. So whatever you do, make sure to point out doing it your way will save him money, particularly in the long run.

- He uses the site to earn his cheddar. The last thing he wants is an all-or-nothing changeover to whatever it is you've made, and risk losing a day's production (or more).

So, since you say you've already started making something to replace the current stuff, investigate and dicuss with him ways to slowly move away from this web disaster by gradually replacing certain functions on the site. That way the idea of your code can grow on him, it can prove that it's better than what he's currently got, and he's not (yet) making significant bets on your software. Work really hard on how he's going to deal with the site when you're no longer around (not all bus drivers should have a license...).

The main point about your presentation should be how doing what you want will save him money. *THAT* is what matters most to him. All the rest will be gravy.