Norton 360 Now Comes With a Cryptominer

[Maxstar]

NortonLifeLock began offering the mining service in July 2021, and early news coverage of the program did not immediately receive widespread attention. That changed on Jan. 4, when Boing Boing co-editor Cory Doctorow tweeted that NortonCrypto would run by default for Norton 360 users.

Source: Norton 360 Now Comes With a Cryptominer – Krebs on Security

 

[x BlueRobot]

Another reason for users to install Windows Defender and avoid most third-party AV programs.

 

[FreeBooter]

Another reason for users to install Windows Defender and avoid most third-party AV programs.

I agree!

 

[Gary R]

Norton is a program that I've recommended people to uninstall for a very long time, this just adds another reason for me to continue doing so.

 

[xrobwx71]

Another reason for users to install Windows Defender and avoid most third-party AV programs.

A lot of people are still stuck on the past when MS first implemented Defender. It sucked, bad.

Today, it's the best for the Windows OS. It's a very robust full-featured AV, AntiMalware, Anti-Rootkit and is also integrated into the OS. Malwarebytes as a per need scanner is fine but it's redundant IMO.

Yes, it has false positives. They all do.

 

[Maxstar]

And many users believe the "expert reviews" from affiliate based websites which criticise Windows Defender, to persuade users to buy one of the paid AV programs.

I noticed that ESET detects Norton's cryptominer as a PUA.

C:\Program Files\Norton Security\Engine\22.21.6.53\NCrypt.exe a variant of Win64/CoinMiner.RH potentially unwanted application error while cleaning (Access denied)

 

[Digerati]

A lot of people are still stuck on the past when MS first implemented Defender. It sucked, bad.

I don't agree that "It sucked, bad". It just wasn't as good, in laboratory comparisons, as some of the others on the market. And even then, most "legitimate" complaints were not about detection, but rather scanning speed or the occasional false positive. Detection criticisms typically were with malware that would never be seen out "in the wild" but only in a controlled ["artificial", "simulated real-world"] laboratory environments. Actually it's biggest problem was it sported the Microsoft brand and that's what people were, and often still are stuck on.

I never understood the complaints about scanning speeds anyway. The "true facts" are manual, on demand scanning is not needed with internal drives - not when "real-time" scanning is enabled, scanning everything coming in and in memory in real time. Manual scanning is really just for peace of mind.

When Defender first came out as Microsoft Security Essential (MSE) for Windows 7, I was wrestling with AVG, which, IMO, was on a steady decline. So like many of my clients, when I migrated all my systems to Windows 7, I went with MSE. Yes, it was a little "clunky" but none of my systems or the 30 or so that I was responsible for at the time, got infected. Why? Because we kept our systems current, we avoided risky behavior and practiced safe computing - the exact same practices needed regardless our security solution of choice.

It was the same deal with IE when FF came out. MS haters would relentlessly bash IE, extolling how unsafe it was, and how everyone needed to migrate to FF. And if they didn't, they were fools or careless and would get infected. Well I guess I was a careless fool. But I never got infected.

When I got fed up with the bashings and insults, it was simple to put a stop to it. I simply asked those FF fanboys, "So you stopped getting infected simply by switching to Firefox?"



Or as they say today, "crickets".

The typical response, was either they weren't getting infected before or, in the process of switching away from IE, they also installed ZoneAlarm Firewall, AV, anti-spyware, and anti-this and that (since separates were all we had back then).

I saw the exact same thing happen with MSE and then Windows Defender with W8/W10. People would complain how bad it was. But when questioned and asked if they "stopped" getting infected when they switched away from it, sure enough, they were not getting infected before - or, and this is most typical, they never used it before.

The problem was, and still is, is people (including those in the IT press) put too much (or all of their) stock in laboratory results instead of real world results. If MSE/WD was so bad, where were the 10s and 100s of millions of infected users?

And many users believe the "expert reviews" from affiliate based websites which criticise Windows Defender, to persuade users to buy one of the paid AV programs.

^^^This^^^

***

Way way WAY back in DOS days, long before Windows, there was a great utilities program called PC Tools. Now this is not to be confused with PC Tools, the anti-malware program, that came around later. Different program. But it was the original PC Tools that Peter Norton's Norton Utilities later competed with. Norton Utilities was also a great program. Soon Symantec bought Norton and greed took over. Then Symantec bought PC Tools to stifle their competition. And as Symantec always does, they then terminated PC Tools - creating a monopoly for that category of utilities.

After that, Symantec made a brilliant business deal with the big PC makers. They pre-installing Norton Security on factory made computers, got new computer users hooked on the program, made it nearly impossible to uninstall , and then, with intimidating scare tactics convinced those hooked users that they would get infected if they allowed that trial period to expired, coercing them into buying Symantec's expensive, bloated program that required them to renew, renew, and renew again. McAfee soon followed suit.

Malwarebytes as a per need scanner is fine but it's redundant IMO.

I agree. I have Malwarebytes Premium on this and two other systems here. But sadly, Malwarebytes has gone to a subscription licensing "scheme" too that requires users to pay, and pay again. Who wants another "bill"?

The ONLY reason I have the 3 Premium versions is because I took advantage of the discounted "Lifetime" licenses they offered years ago before they moved to that recurring renewal scheme. Without that "lifetime" license, I would just use the free version, as I do on all my other machines.

And FTR, I recommend all users have a secondary scanner for double-checking - regardless their primary scanner of choice.

BTW - since I migrated to MSE back in 2009 when Windows 7 first came out, I have used Malwarebytes as a "2nd opinion", just to make sure me (as the user and ALWAYS weakest link in security) or MSE/WD didn't let anything slip by. Going back to my assertion that MSE/WD did not "suck" and were not "bad", Malwarebytes never, not once found that anything malicious did get past them. The most they found were a couple "wanted" PUPs.

 

[Gary R]

As all here are aware, it's a User's browsing habits that are the main contibutor to the likelihood of them contracting an infection. Choice of AV comes a long way behind that.

IMO all the major brands do a good job as long as you respect their limitations. None will protect you if you do not. I've been pulling Malware off people's machines for a long time now, and from machines with every kind of AV (and combination of AVs) imaginable installed. So clearly it's not been their choice of defensive programs that's been the problem.

As for Microsoft Defender, well it does as good a job as any paid for product, and since it's already integrated into Windows, and developed alongside it, then to me it seems pointless to use a 3rd party program.

 

[xrobwx71]

You can go into the deeper setting of Windows Security and toggle various things and in a sense, make the machine darn near unusable to the outside internet. But from a security point of view, it's gold.

 

[Digerati]

As all here are aware, it's a User's browsing habits that are the main contibutor to the likelihood of them contracting an infection.

^^^This^^^

As noted above, the user, is, was, and likely always will be the weakest link in security. We can have the absolute best, most fool-proof security possible, and still simply get infected by opening the door and inviting the bad guy in.

This is why my business model (for my clients, as well a friends and family who come to me for technical advice) included heavy doses of "security awareness" training. This became more important when the bad guys realized socially engineered methods of malware distribution (tricking the user to click on some very innocent and legitimate "looking", but malicious link) very often succeeded, and be very lucrative.

"Villains Who Twirl Their Mustache Are Easy To Spot. Those Who Clothe Themselves In Good Deeds Are Well-Camouflaged."

-Captain Jean-Luc Picard

 

[Corday]

The original PCTools mentioned earlier allowed us geeks to do things that amazed the clients. A real time saver.

 

[Maxstar]

NortonLifeLock has also added the cryptominer to Avira as - a service called Avira Crypto.

500M Avira Antivirus Users Introduced to Cryptomining – Krebs on Security

 

[Maxstar]

Way way WAY back in DOS days, long before Windows, there was a great utilities program called PC Tools. Now this is not to be confused with PC Tools, the anti-malware program, that came around later. Different program. But it was the original PC Tools that Peter Norton's Norton Utilities later competed with. Norton Utilities was also a great program.

The good old days, Norton Utlities was a nice toolkit. One of my other favorites was TBAV, but I don't know if this AV - is just as well known as e.g. HijackThs that is made by an other Dutchie?