Over a period of about two weeks now. We have been experiencing a pattern of computers coming in with similar symptoms regarding “inability to browse the internet.” At first we assumed it was probably an improperly configured browser or even firewall/networking configuration issue.
Quickly we realized that all installed, even newly installed, browsers were showing the same problems. Background network activity such as email, software and even anti-malware are blocked, and were not able to download needed updates. However basic networking such as ping commands and trace-routes are unaffected. At this point we would assume this to be a sign of a virus or trojan program, choking communications to service its own malicious activity.
After running several scans with numerous programs; including combofix; and having no malicious software found. We had to go back to the drawing board.
When troubleshooting networking issues the first step is to disable the firewall. This will show if any security protocols are blocking any networking activity.
After we diagnosed the problem further, our results were shocking. The systems all had Norton Security Suite installed, the trend being that the subscriptions had all expired. Digging around a bit further we realized that we couldn’t close or even manually shutdown the Norton services. To top it off we couldn’t even update the subscription because Norton couldn’t connect to its update server!
Leaning more toward Norton causing the problem, the software was removed. (After having to download the “removal tool” because the uninstall process would fail) Completing the removal process, restored connectivity and we were able to browse, receive email, and download updates.
How did this happen? Well apparently the latest Live update caused Norton to block traffic due to the subscription expiration. Whether this being a programming flaw or a security apparatus to protect an unsubscribed system, this brought the host system to its knees. Norton had basically held up your system until you handed over your wallet, and in a business environment this can be disastrous.
Similar to the epic McAfee failure we recently posted, consumers are pressured by fear tactics to purchase big name software to protect them. Nine times out of ten failing, assuming no liability, and allowing malicious software on the host computer anyway.
As we’ve recommended in the past, there are various FREE anti-virus and anti mal-ware programs out there, such as Avira antivirus (www.free-av.com), and malwarebytes (www.malwarebytes.org), that from tried and true experience, perform much better, run automatically in the background, and don’t slow down your system.
Using only a handful of free programs and coupling that with a dash of good judgment while browsing are the only preventative steps you need to have a clean, well tuned PC.
-Jon