Symantec uninstaller may not finish the job

Home

WinFind

Reviews

Polls

Contact

Past issues

Upgrade

Prefs

Unsubscribe

Windows Secrets Newsletter • Issue 139 • 2008-02-07 • Circulation: over 275,000

Contents
TOP STORY: Symantec uninstaller may not finish the job
KNOWN ISSUES: Positive reviews for Norton raise readers' ire
WACKY WEB WEEK: Nuts — a little dab'll do ya
INSIDER TRICKS: Don't let social-networking viruses bite you
WOODY'S WINDOWS: WinBubble is the best free TweakUI replacement
PERIMETER SCAN: Make use of advanced Process Monitor features
YOUR SUBSCRIPTION: How to change your address or unsubscribe

For links to every topic in this issue, scroll down to the Index

ADS

Your PC doesn't have to be that slow

Your PC doesn't have to be that slow
The more you use your computer, the slower it will get. Run the all-new, free PC Pitstop PC Optimize 2.0 scan now and in just minutes receive a custom report showing you how to keep your PC running like new. Run the FREE scan now!
www.pcpitstop.com

Backup your data with ZipBackup

Backup your data with ZipBackup
Finally, a backup program that's easy to use. ZipBackup's Wizard makes backups a snap for beginners. Filtering, scheduling, and disk spanning make it a powerful tool for experts. For a limited time, Windows Secrets readers receive 25% off.
www.zipbackup.com

Get your product seen by 275,000 readers

Get your product seen by 275,000 readers
Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 275,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
www.WindowsSecrets.com

See your ad here

TOP STORY

Symantec uninstaller may not finish the job

Scott Dunn

By Scott Dunn

Like most Windows software, Norton security products, published by the Symantec Corp., come with an uninstall option to remove the software from your computer.

Unfortunately, neither Symantec's bundled uninstaller — nor a little-known, special utility from the company — removes every single thing.

Incomplete removal poses a risk to users

My Jan. 24 round-up on reviews of security suites reported that Symantec's Norton Internet Security 2008 had garnered Editors' Choice awards from PC Magazine and PC World — more top prizes than any competing suite. Soon after my article appeared, dozens of readers wrote in to complain about their experiences with Symantec software. Among other problems, they cited the difficulties they've had uninstalling Norton security products.

In addition, a number of sources confirm that security software in general, and the Norton product line in particular, do a poor job of removing their products.

Why are incomplete uninstalls a problem? In addition to leaving useless data on a customer's machine, such Registry entries may in some cases cause conflicts for other software.

For example, self-described industry guru Dave Taylor warns that "the presence of uninstalled security software in the Registry can conflict with newly installed security software and cause system freezes."

Mark Hasting, creator of a site known as PC Hell, reports hearing from many users who want to remove Norton products. "I've even received mail from computer users trying to install an antivirus product," he explains, "and they are told to uninstall Norton before they can proceed, even though it appears Symantec products are not running on the system."

Hasting, it should be noted, makes an identical claim about McAfee's antivirus and security products.

To examine the problem for myself, I used a test computer to analyze the uninstall process of the full version of Norton Internet Security 2008. I also tested a trial version of that product and Norton 360, a related, all-in-one security package.

In every case, I found that one .dll file (symlcrst.dll) and a few other other files and folders were not removed by Symantec's uninstall routine. Also, the Windows Registry still showed numerous references to the removed products.

That a wide range of Symantec products are difficult to completely uninstall is suggested by the Symantec support site itself. The site offers a free Norton Removal Tool. Although the Symantec Knowledge Base claims the tool is only for failed installations or damaged products, the company continues to update the utility to remove a host of its products. This include_once Norton 360, Norton Ghost, Norton Save & Restore, pcAnywhere, WinFax, and any Norton Internet Security product dated 2003 through 2008.

To test the effectiveness of this utility, I ran the Norton Removal Tool after doing a normal uninstall of Norton Internet Security 2008. I then restarted the computer. Although the tool did remove some Registry entries and delete some stray folders on the hard disk, it still didn't do a thorough job. For example, key Registry entries, such as

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec

remained, as well as a .dll in the Program Files\Common Files folder.

Symantec products aren't the only security software that present uninstall challenges. The tips-and-hints site PC Hell provides instructions for removing well-known products from McAfee, Avast, AVG, and AntiVir. It also includes links to special uninstall utilities provided by McAfee and Avast, in addition to a Registry cleaner from AntiVir.

I installed and uninstalled the latest trial version of McAfee SecurityCenter on a test machine running Windows XP Pro. The results, while not perfect, seemed less troublesome than the Norton examples. McAfee SecurityCenter's uninstaller left behind three small data files (with .txt, .bak, and .dat extensions). It also left a handful of Registry entries, but these appear to be harmless artifacts of the product.

Symantec clarifies its uninstall approach

Symantec spokespeople defend the behavior of its install and uninstall routines. According to Jody Gibney, senior product manager for the Norton Internet Security product line, the install and uninstall process has undergone a major overhaul since the 2006 versions. "Between Norton Internet Security 2006 and Norton Internet Security 2008, we've managed to reduce the number of Registry entries left behind," she said in a telephone interview.

Gibney acknowledges that one DLL is intentionally left behind. This is a DRM (digital rights management) component intended to protect the company against a person installing a trial version multiple times to avoid paying for the product. Symantec does not remove any Registry entries related to this component.

If a user has installed multiple Norton products, all of which use the Norton LiveUpdate utility to install patches and virus definitions, Gibney points out that the uninstaller for one product will not remove that component — even if that product was the first to install the files. Naturally, if someone forgets or doesn't know that they other Norton products are still installed, the presence of LiveUpdate may appear to indicate an incomplete uninstall.

In my tests, the Add or Remove Programs control panel displayed separate uninstall options for Norton Internet Security 2008 and LiveUpdate. Uninstalling the Norton product also removed the LiveUpdate component, apparently because no other Norton products still remained on my test machine.

Gibney advises against using the Norton Removal Tool as an uninstall method. Instead, she recommends using the product's Uninstall command (found within Windows' Start menu) or the Add or Remove Programs control panel. "Only use the Norton Removal Tool if you have a problem," she says. Otherwise, you may cause problems for Norton Ghost or other Norton products you may have installed.

"We've put a ton of effort into Norton Internet Security 2008 and will do the same for Norton Internet Security 2009," says Gibney. "People who have a valid subscription are entitled to a 2008 update," she adds, indicating that this will eliminate most uninstall problems.

How to remove Norton products from your system

Fortunately, if you need to remove a Norton security product from your system, a number of Web resources exist to help you do so. The correct approach varies, depending on whether you're removing only one of several Symantec products or all of them:

Removing only one Symantec product when more than one is installed

Open the Control Panel and use the Add or Remove Programs applet (in Windows XP) or the Programs and Features applet (in Vista) to see the number of Symantec programs that may be installed. If several are present, and you wish to uninstall only one, run that program's uninstall function to remove it.

Removing all Symantec products, however many are installed

Whether you have only one Symantec product or several installed, if you're removing them all, open the Control Panel and use the same applet described in the previous paragraph to find them. Uninstall each program in turn. If the LiveUpdate utility still shows up in the Control Panel applet, select the option to remove it.

After you've uninstalled all Symantec products, including the LiveUpdate utility, you can clean up your Registry further by following the instructions at the Symantec support site. This involves running the Norton Removal Tool for your particular product.

As noted above, however, even the Norton Removal Tool will not remove every trace of Symantec programs. You may find leftover Symantec folders under your Program Files\Common Files folder, the Documents and Settings folder (in XP), and the Users folder (in Vista). Don't use Registry tools to simply delete every reference to Norton or Symantec. Many of these entries are completely harmless (for example, when the name turns up in an MRU or "most recently used" list).

For the most thorough removal, the Dave Taylor support site provides detailed instructions for removing Symantec files and Registry entries from an XP system. Users of Vista shouldn't have much difficulty translating the same steps for that operating system.

Software publishers expect users to agree to and obey restrictive license agreements. In return, customers have every right to expect developers to create products that leave a system completely free of that software when uninstalled.

Makers of security software, in particular, have a responsibility to make sure that removal of a product doesn't compromise security further by making it difficult for other security products to be installed.

Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here's How section of that magazine.

KNOWN ISSUES

Positive reviews for Norton raise readers' ire

By Scott Dunn

I wrote on Jan. 24 that Norton Internet Security 2008, a Symantec product, now has the greatest number of Editors' Choice awards of any security suite, and therefore has replaced the ZoneAlarm suite in the WSN Security Baseline.

This story touched a nerve for a significant number of readers, who have had bad experiences with Symantec and its products in the past.

Some readers revolt against Symantec products

After the story was published, many readers wrote in to voice their criticism of Symantec software. Many, who say they're disappointed with Symantec's customer service and technical support, asked that we consider these factors in making our choices.

Unfortunately, Windows Secrets does not have its own test lab to scrutinize antivirus and firewall solutions, and we also don't have the resources to conduct surveys on customer support. Instead, we analyze the test results of respected labs and let you know which products have received top ratings from the greatest number of reviewers. We publish the WSN Security Baseline as a way for individual and small-business PC users to see at a glance the minimum they need to protect their systems from hackers.

Whatever problems Symantec software has had in the past, the situation is that two major publishers, PC Magazine and PC World, have given their top awards to the latest version of Norton Internet Security. No competing product currently holds more than one Editors' Choice award from major test labs. We felt it was important to pass that information on to you.

Having said that, one of our best sources of information is your e-mail messages, which form the basis of this week's top story on problems with Symantec uninstaller programs. I promise to continue to investigate stories that you propose in the tips you send in.

Many feel suites don't provide best protection

Several other readers questioned the value of recommending suites in the Security Baseline. IT manager Rob Devereux put it this way:

"I think one of the conclusions that most IT professionals are coming to now is that you will never have best of breed in a security suite, and your findings seem to bear this out with Symantec failing in some surveys, and ZoneAlarm in others, in areas where they have weak products.

"By their very nature, these suites are often the result of one manufacturer who does one job well buying another smaller company or companies to do another security job or jobs and then getting their developers to write the rest and bolt the applications together. For example, Norton started out doing hardware and software diagnostics, went into antivirus, and then bought companies to add in spyware and other functionality.

"The result, all too often (and Norton is a good example), is a product that has one exceptional component (often the thing that the company did well at first), two mediocre ones, and another one or two awful ones that don't work well (for instance, the Parental Advisor in the Norton security suite). I have certainly seen a downgrading in the usefulness and reliability of Norton Anti-Virus since they made it part of a suite.

"The point I am trying to make is that picking and choosing to get the best-of-breed antivirus, the best-of-breed [anti]spyware, the best-of-breed firewall, and so on, can be a far more beneficial and secure way to work than buying a security suite that forces you to have bad products along with good."

Windows Secrets merged the categories of software firewall, antivirus, and antispyware in the Security Baseline back in 2006, when test labs found that security suites could adequately deliver all three functions. A unified suite can offer simplicity to individual PC users and harried small-business techs. Almost any suite that's available today provides better protection than an having no security software installed — or having malware signatures that are out-of-date — if multiple products, which can conflict, prove to be too complex for end users to juggle.

IT professionals should, by all means, read the full test results that the Security Baseline links to, and determine for themselves whether a combination of products from different vendors would better serve their company's needs. In most cases, the same labs that test suites also publish results for each vendor's separate firewall, antivirus, and antispyware products. We consider the Security Baseline to be only a starting point for those who want to do their own research.

Reader Devereux will receive a gift certificate for a book, CD, or DVD of his choice for sending comments we printed. Send us your tips via the Windows Secrets contact page.

TELL A FRIEND

How you can share this information

We love it when you send your friends links to our articles. But please don't forward your copy of our e-mail newsletter to people, which subjects us to spam complaints. Instead, simply suggest that your friends visit this issue's permanent Web address, shown below. A complete index at the bottom of the Web page provides you with hyperlinks to any article you'd like to recommend.

The address of this issue is http://WindowsSecrets.com/comp/080207

EDITOR'S BOOKSHELF

Windows Vista Secrets

Get the tips you need about Windows Vista
The all-new Windows Vista Secrets helps novices and experts alike understand Microsoft's latest operating system. "To really appreciate what is in Vista, you almost need to read through the leading book on the product, Windows Vista Secrets, by Brian Livingston and Paul Thurrott," writes Rob Enderle, principal analyst of the Enderle Group, in TechNewsWorld. "It's 595 pages of things you can do with this product — most of which you probably wouldn't have discovered for some time, let alone right at first." Check the book out now for tips you can use.
More information: United States (B&N) / Canada / Elsewhere

Spam-Proof Your E-Mail Address, 2nd Ed.

Spam-Proof Your E-Mail Address, 2nd Ed.
This 32-page e-book by Brian Livingston gives you step-by-step instructions that can prevent 97% of the spam that would otherwise clog an e-mail account. You could call it "Livingston's Spam Secrets." The PDF e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can make your e-mail addresses invisible to spammers, not just battle an ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info

WACKY WEB WEEK

Nuts — a little dab'll do ya

Planters commercial

Maybe there's something in the air. Maybe it's just the raw, animal attraction that comes with a unibrow. Whatever it is, the star of this 30-second Planters Peanuts commercial has it and is turning heads.

For those of you who watched the Super Bowl for the football and left during the commercials, here's the best of what you missed. Play the video

INDEX

The following topics appear in the free version

TOP STORY	Symantec uninstaller may not finish the job
	Incomplete removal poses a risk to users
	Symantec clarifies its uninstall approach
	How to remove Norton products from your system

KNOWN ISSUES	Positive reviews for Norton raise readers' ire
	Some readers revolt against Symantec products
	Many feel suites don't provide best protection

WACKY WEB WEEK	Nuts — a little dab'll do ya

You get all of the following in the paid version
INSIDER TRICKS	Don't let social-networking viruses bite you
	ActiveX bugs expose users to silent infection
	Tiny, user-friendly program eliminates the risk
	Admins should let Group Policy do the work

WOODY'S WINDOWS	WinBubble is the best free TweakUI replacement
	Lack of new TweakUI spawns six Vista twiddlers
	Why WinBubble hit the sweet spot in my tests
	Where the heck did the name "Bubble" come from?

PERIMETER SCAN	Make use of advanced Process Monitor features
	Watch out, Process Monitor can crash Win 2000
	How to monitor a busy Windows process
	Process Monitor looks scary, but it's not

Paid subscribers can access all old and new paid newsletter content Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for you at least once every calendar quarter. To upgrade, simply make a contribution of any amount you choose. If you do this by Feb. 13, 2008, you'll instantly be sent the full, paid version of today's newsletter. To upgrade to the paid version of the Windows Secrets Newsletter, please visit our upgrade page. Thanks in advance.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, plus the week of Thanksgiving and the last two weeks of August and December.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Editor-at-Large: Fred Langa. Associate Editor: Scott Dunn. Contributing Editors: Susan Bradley, Mark Edwards, Woody Leonhard, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Administrative Assistant: Raef Harrison.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period. Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,

Visit our Unsubscribe page.

Copyright © 2008 by WindowsSecrets.com LLC. All rights reserved.