Symantec Support Gone Rogue? 268
DigitalDame2 writes "PCMag Security Analyst Neil Rubenking has always praised Symantec's tech support. Lately, though, a number of readers have reported problems with chat support, so he investigated. Rubenking was trying to install Norton 360 version 3.0 on a malware-infested system when the computer crashed with a blue screen error. He connected with Symantec tech support and was told that they could fix the problem, but for a fee of $100! (Here is the transcript and screen-captures of the chat.) Even more, Symantec support suggested that he use a malware-removal tool that wasn't even made by Symantec."
FAIL! (Score:2, Informative)
Generally speaking, unless you are an expert at killing malware, the LAST thing you want to try to do is install new antivirus software on an already infected machine.
Seriously, its completely idiotic and a waste of time.
Professional services cost money (Score:5, Informative)
Re:Professional services cost money (Score:5, Informative)
If you RTFA, what he needed to run at the point when he was being upsold on a services package (and told that no other option was available) was a freely-available utility to remove previously-installed Symantec tools.
Moreover, Symantec's management acknowledged that they were in the wrong, and indicated they would be addressing this -- hardly indicative of the no-fault scenario you proclaim.
Windows too infected to install antivirus.... (Score:5, Informative)
There are scads of free options.
Try a linux alternative [lmgtfy.com]
Like this. [bitdefender.com]
Or this. [avast.com]
Hell even an online scan may work well enough, http://housecall.trendmicro.com/ [trendmicro.com]
Re:Windows too infected to install antivirus.... (Score:3, Informative)
Wait, Symantec support has EVER been useful? (Score:3, Informative)
I had to reinstall Windows twice to get it to work.
Malwarebytes Anti-Malware might be better (Score:5, Informative)
Re:Symantec has never been useful after-the-fact (Score:5, Informative)
His complaint was not the use of a non-Symantec tool, but the claim (in chat) that the non-Symantec tool was in fact a Symantec product.
Taking credit for other peoples' work is Not Cool.
Malwarebytes is NOT free! (Score:3, Informative)
Malwarebytes has a trial offer that is free, but the full product is not...
Re:Malwarebytes is NOT free! (Score:3, Informative)
Re:Malwarebytes is NOT free! (Score:4, Informative)
Re:Professional services cost money (Score:3, Informative)
His idea of boot media with disinfection software on it has been implemented in various forms for what seems like a couple of decades, and the entire point of the restoration software is not to trust ANYTHING in the compromised partition anyway. This protected mode buzzword bullshit is irrelevant if you are not even using the same file system drivers as the compromised system.
Re:Uhm...? (Score:2, Informative)
Re:lol (Score:2, Informative)
Makes sense (Score:4, Informative)
Re:It could be worse (Score:3, Informative)
decent?
offer free download
- install
- run - shows you a gazillion of "red" things
- wants you to "register" with email address, do so
- click next
uups - asks to pay up $ 40 (- $ 0.05) plus
Yes, Include Active Protection for Only ($9.95) Recommended
Yes, Include ErrorSmart($39.95 Only $9.95) Recommended
- remove software
- install again & run ... you still have a gazillion of "red" things on your computer
comes up immediately with
Result:
- not a clean uninstall
- no clear disclosure of service terms up front (payment required)
ergo: as much a sucker as so many there are out there... not a trace of decency
more proof of skullduggery! (Score:1, Informative)
Symantec Support claims $99.00 for cleaning up the toolbar that was actually installed as part of regular update. Daylight robbery?
http://safeweb.norton.com/reviews/18936
Seriously, why bother? (Score:2, Informative)
I mean, viruses used to be a problem way back when people installed Windows natively on their machines. But today, you can simply run your Windows inside of a virtual machine you backup regularly. If you notice some odd behaviour you can simply roll back to the old version. Or you can roll back daily.
cost center versus profit center (Score:5, Informative)
I have worked in the antivirus industry for about nine years (with about another nine years doing networking things), starting with the technical support department at McAfee Associates (now McAfee). Even in the late 1980s and early 1990s, there were times when we had to run other companies tools to assist in detection or removal of computer viruses, or to obtain a sample. Peter Norton Computing's Norton Utilities Disk Editor and Sybex' Teledisk come to mind, as do various Microsoft MS-DOS utilities (DEBUG, FDISK with its then-undocumented
A few years ago, I re-entered the anti-virus (or anti-malware, as classic replicating infectors account for a few percentage points of what is seen these days) industry and it was and is not uncommon for our technical support people to help people remove rootkits, various Trojan downloaders and other pieces of malware that are either not detected or detected and not properly removed by our own software. One thing we make sure of is to get copies of any objects like files and registry entries so that our virus lab can add detection (or removal) in a new virus signature database update.
Sometimes, customers do get upset when they are sent download links to a third-party tool to assist with removal because they assume that one tool will protect them against all threats, however, with the shear number of unique pieces of malware being released every day by organized criminal businesses no one tool is going to prevent, detect or remove every piece of malware, every time, even with the best heuristics and generic detection technology. This is something which all anti-virus companies have to deal with, not just Symantec. On the plus side, we just started deploying our own supplmentary tools to detect and remove threats that the mainline products do not, and that will help wean our dependence on third-party programs.
That is pretty much how things stand with recommendations for the use of third party software by anti-virus vendors, now.
As far as selling support goes, well, fifteen years ago it was not unusual to sell support contracts or service level agreements to enterprise customers offering them priority round-the-clock access to technical support. Free, unlimited support via telephone, fax, electronic means (email, BBS, CompuServe, et cetera) was provided, but it was on a first-in-line basis. That started to change in the mid-1990s when the anti-virus companies started to generate substantial revenue and get taken over by professional business people instead of engineers, but when a company becomes publicly-traded, it switches from being technology-focused to being focused on maximizing stakeholder value every quarter, and that means looking at things which cost money like having to pay salaries for support engineers and turn them into things which generate revenue. At that point, I was leaving the company, and really did not care what they did with my department. I have been told by a couple of people who stayed on after me said that Bill Larsen used to give motivational speeches like, "I would fire you if I could." and "I don't understand why we have to provide support to customers, after all, we've got their money." to the support staff, but even if they are not actual quotations, they certainly are reflective of the culture at that time. At a publicly-traded company, loyalty to the shareholders usually takes precedence over loyalty to the customers. Some companies figure out that customer loyalty actually translates into more value for shareholders in the form of increased revenue from license renewals, customers who purchase new products or services from the company, et cetera, but it seems there are plenty who are unable to make this evolutionary leap in understanding how their business works.
These days, my current employer does provide free, unlimited technical support via phone and electonic means and
I remember when Norton provided a good product.. (Score:3, Informative)
Norton disk doctor and norton speedisk where both fantastic compared to the Microsoft alternatives under DOS 5/6/6.22 (my era) speedisk used to do a real, thorough defrag of the drive, sure it took a hell of a long time but it totally sped things up, especially logging disks in ztree.
Over the years it became worse and worse, I think the first one or two windows revisions were somewhat decent but it's been a good 6 or 7 years since I'd ever even consider installing their stuff on my machine anymore.
FWIW I found a tool called "Ultimate defrag" it's got a ghastly interface and looks like it was designed by someone with 'my first developement toolkit' but the underlying defrag technology it uses is actually pretty damn slick, it really will do the old school Norton style "full with file re-order" and actually does move what you want, where you want it, scope it out.
(No I don't work for them)
Re:Uhm...? (Score:2, Informative)
No he wasn't cutting and pasting and he was paying very close attention to what he was doing. I've worked support before and I can tell this was a CYA step. If a complaint came back he point at this statement and say the customer was warned.
Re:Maybe it wasn't Symantec Support??? (Score:1, Informative)
This kind of infections are pretty common for few months now and it is due to TDSS rootkit or its variants. No one knows for sure the rootkit's main objective but it opens a backdoor which causes the computer to be infected by other infections. And yes, they do have some thing in common - poisoned DNS pointing to a server in Ukraine and they'll have this rogue security software popping out claiming that his/her computer is infected.
A good effective way to remove this infection is to scan with the GMER tool -> disable the rootkit service -> restart -> clean the infections with a good AV program.
Re:I remember when Norton provided a good product. (Score:3, Informative)
Re:What we have here is a Failure to Communicate (Score:2, Informative)
Actually, the front line support tech did escalate the issue, and the second support person is the one which recommended the expert consulting service. In addition, there is a tool free for owners of the antivirus software which can be downloaded from norton's website and boots from CD.
When the customer contacted symantec later to complain, they confirmed that this was the appropriate course of action to take.
Re:I remember when Norton provided a good product. (Score:3, Informative)
Sorry, what? (Score:1, Informative)
How does this get modded +5 informative?
There are scads of free options.
Try a linux alternative [lmgtfy.com]
NoScript says: "Do not want".
Try a linux alternative
Like this. [bitdefender.com]
Dormant (see: Distrowatch [distrowatch.com]).
Or this. [avast.com]
$$, intended for corporate use, but thanks for the link, It might be worth the money in my repair business (I currently move the disks to a windows machine and scan from there if I can't clean in place).
Hell even an online scan may work well enough, http://housecall.trendmicro.com/ [trendmicro.com]
This might actually work, though I haven't tested it myself. Probably not as good as Malwarebytes, though.
Re:One cure (Score:3, Informative)
Nope. Not even an Apple can save you from Symantec [symantec.com].
Re:I remember when Norton provided a good product. (Score:2, Informative)
The problem isn't failure: its what happens after. (Score:3, Informative)
First of all, let's not resort to namecalling here.
Neil tested the the software on 12 different infected systems, and found that one resulted in an endless-loop problem requiring support, whereas it installed and worked properly on the others. That right there alone is a better than 90% success rate for Norton. That's hard data. What hard data have you come up with after your extensive testing of av products, Killall? Yeah, I didn't think so.
But this isn't a story about the program's performance (that's in the linked product review). This is a story about the failure of support and a support staff's overzealous attempts to make an extra buck from a desperate customer.
No one expects any free or retail software to clean out all problems all the time, but when you pay for a retail software package, a modicum of free support is part of the deal after a failure to install. Contrary to the tech's assertions, the purchase price include support to install a retail product. If the tech doesn't want to go through the hassle of installing AV products on infected systems via telephone or remote, then the tech should search for another line of work. (And I know - I did this sort of support for 5 years.)
If there were truly no free solutions (and it turns out there were) AT A MINIMUM the tech support person should have offered the option to refund the customer's money after establishing the software wouldn't install. That's not great "tech support," but it at least fair "customer support."
There's also the matter of the tech offering paid services rather than directing the user to free services offered by Norton themselves for just this sort of problem. Offering paid support services for free products is an established business model (SugarCRM anyone?), but ignoring free solutions offered by your own company in order to make an extra buck with a paid solution for a retail product is simply disrespectful to the customer, as is not offering a refund, and Neil called 'em on it. What is your problem with that again?
And finally, there's the little act of plagiarism where the tech represented a third-party free antispyware cleaner as a Symantec product. Also disrepectful, especially when Symantec has its own free tools that are supposed to do the job too. And again, Neil called 'em on it.
Most product reviewers just rewrite press releases without any real testing these days - Neil is one of the few that really tests these things out on banks of infected systems, and then goes through the trouble of pretending to be a normal customer going through tech support to see how it works. There just aren't that many tech reviewers doing that anymore. Personally, I can only think of one other, and modesty prohibits me from mentioning who.
So let's direct that anger to Symantec rather than the reviewer, eh? Symantec dropped the ball on this one.