Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Symantec uninstaller may not finish the job

Windows Secrets Newsletter • Issue 139 • 2008-02-07 • Circulation: over 400,000

Table of contents 
  • Top Story: Symantec uninstaller may not finish the job
  • Known Issues: Positive reviews for Norton raise readers’ ire
  • Wacky Web Week: Nuts — a little dab’ll do ya
  • Insider Tricks: Don’t let social-networking viruses bite you
  • Woody's Windows: WinBubble is the best free TweakUI replacement
  • Perimeter Scan: Make use of advanced Process Monitor features
 
Top Story

Symantec uninstaller may not finish the job

Scott dunn By Scott Dunn

Like most Windows software, Norton security products, published by the Symantec Corp., come with an uninstall option to remove the software from your computer.

Unfortunately, neither Symantec’s bundled uninstaller — nor a little-known, special utility from the company — removes every single thing.

Incomplete removal poses a risk to users

My Jan. 24 round-up on reviews of security suites reported that Symantec’s Norton Internet Security 2008 had garnered Editors’ Choice awards from PC Magazine and PC World — more top prizes than any competing suite. Soon after my article appeared, dozens of readers wrote in to complain about their experiences with Symantec software. Among other problems, they cited the difficulties they’ve had uninstalling Norton security products.

In addition, a number of sources confirm that security software in general, and the Norton product line in particular, do a poor job of removing their products.

Why are incomplete uninstalls a problem? In addition to leaving useless data on a customer’s machine, such Registry entries may in some cases cause conflicts for other software.

For example, self-described industry guru Dave Taylor warns that “the presence of uninstalled security software in the Registry can conflict with newly installed security software and cause system freezes.”

Mark Hasting, creator of a site known as PC Hell, reports hearing from many users who want to remove Norton products. “I’ve even received mail from computer users trying to install an antivirus product,” he explains, “and they are told to uninstall Norton before they can proceed, even though it appears Symantec products are not running on the system.”

Hasting, it should be noted, makes an identical claim about McAfee’s antivirus and security products.

To examine the problem for myself, I used a test computer to analyze the uninstall process of the full version of Norton Internet Security 2008. I also tested a trial version of that product and Norton 360, a related, all-in-one security package.

In every case, I found that one .dll file (symlcrst.dll) and a few other other files and folders were not removed by Symantec’s uninstall routine. Also, the Windows Registry still showed numerous references to the removed products.

That a wide range of Symantec products are difficult to completely uninstall is suggested by the Symantec support site itself. The site offers a free Norton Removal Tool. Although the Symantec Knowledge Base claims the tool is only for failed installations or damaged products, the company continues to update the utility to remove a host of its products. This include Norton 360, Norton Ghost, Norton Save & Restore, pcAnywhere, WinFax, and any Norton Internet Security product dated 2003 through 2008.

To test the effectiveness of this utility, I ran the Norton Removal Tool after doing a normal uninstall of Norton Internet Security 2008. I then restarted the computer. Although the tool did remove some Registry entries and delete some stray folders on the hard disk, it still didn’t do a thorough job. For example, key Registry entries, such as

HKEY_LOCAL_MACHINESOFTWARESymantec

remained, as well as a .dll in the Program FilesCommon Files folder.

Symantec products aren’t the only security software that present uninstall challenges. The tips-and-hints site PC Hell provides instructions for removing well-known products from McAfee, Avast, AVG, and AntiVir. It also includes links to special uninstall utilities provided by McAfee and Avast, in addition to a Registry cleaner from AntiVir.

I installed and uninstalled the latest trial version of McAfee SecurityCenter on a test machine running Windows XP Pro. The results, while not perfect, seemed less troublesome than the Norton examples. McAfee SecurityCenter’s uninstaller left behind three small data files (with .txt, .bak, and .dat extensions). It also left a handful of Registry entries, but these appear to be harmless artifacts of the product.

Symantec clarifies its uninstall approach

Symantec spokespeople defend the behavior of its install and uninstall routines. According to Jody Gibney, senior product manager for the Norton Internet Security product line, the install and uninstall process has undergone a major overhaul since the 2006 versions. “Between Norton Internet Security 2006 and Norton Internet Security 2008, we’ve managed to reduce the number of Registry entries left behind,” she said in a telephone interview.

Gibney acknowledges that one DLL is intentionally left behind. This is a DRM (digital rights management) component intended to protect the company against a person installing a trial version multiple times to avoid paying for the product. Symantec does not remove any Registry entries related to this component.

If a user has installed multiple Norton products, all of which use the Norton LiveUpdate utility to install patches and virus definitions, Gibney points out that the uninstaller for one product will not remove that component — even if that product was the first to install the files. Naturally, if someone forgets or doesn’t know that they other Norton products are still installed, the presence of LiveUpdate may appear to indicate an incomplete uninstall.

In my tests, the Add or Remove Programs control panel displayed separate uninstall options for Norton Internet Security 2008 and LiveUpdate. Uninstalling the Norton product also removed the LiveUpdate component, apparently because no other Norton products still remained on my test machine.

Gibney advises against using the Norton Removal Tool as an uninstall method. Instead, she recommends using the product’s Uninstall command (found within Windows’ Start menu) or the Add or Remove Programs control panel. “Only use the Norton Removal Tool if you have a problem,” she says. Otherwise, you may cause problems for Norton Ghost or other Norton products you may have installed.

“We’ve put a ton of effort into Norton Internet Security 2008 and will do the same for Norton Internet Security 2009,” says Gibney. “People who have a valid subscription are entitled to a 2008 update,” she adds, indicating that this will eliminate most uninstall problems.

How to remove Norton products from your system

Fortunately, if you need to remove a Norton security product from your system, a number of Web resources exist to help you do so. The correct approach varies, depending on whether you’re removing only one of several Symantec products or all of them:

Removing only one Symantec product when more than one is installed

Open the Control Panel and use the Add or Remove Programs applet (in Windows XP) or the Programs and Features applet (in Vista) to see the number of Symantec programs that may be installed. If several are present, and you wish to uninstall only one, run that program’s uninstall function to remove it.

Removing all Symantec products, however many are installed

Whether you have only one Symantec product or several installed, if you’re removing them all, open the Control Panel and use the same applet described in the previous paragraph to find them. Uninstall each program in turn. If the LiveUpdate utility still shows up in the Control Panel applet, select the option to remove it.

After you’ve uninstalled all Symantec products, including the LiveUpdate utility, you can clean up your Registry further by following the instructions at the Symantec support site. This involves running the Norton Removal Tool for your particular product.

As noted above, however, even the Norton Removal Tool will not remove every trace of Symantec programs. You may find leftover Symantec folders under your Program FilesCommon Files folder, the Documents and Settings folder (in XP), and the Users folder (in Vista). Don’t use Registry tools to simply delete every reference to Norton or Symantec. Many of these entries are completely harmless (for example, when the name turns up in an MRU or “most recently used” list).

For the most thorough removal, the Dave Taylor support site provides detailed instructions for removing Symantec files and Registry entries from an XP system. Users of Vista shouldn’t have much difficulty translating the same steps for that operating system.

Software publishers expect users to agree to and obey restrictive license agreements. In return, customers have every right to expect developers to create products that leave a system completely free of that software when uninstalled.

Makers of security software, in particular, have a responsibility to make sure that removal of a product doesn’t compromise security further by making it difficult for other security products to be installed.

Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.
 
Known Issues

Positive reviews for Norton raise readers’ ire

By Scott Dunn

I wrote on Jan. 24 that Norton Internet Security 2008, a Symantec product, now has the greatest number of Editors’ Choice awards of any security suite, and therefore has replaced the ZoneAlarm suite in the WSN Security Baseline.

This story touched a nerve for a significant number of readers, who have had bad experiences with Symantec and its products in the past.

Some readers revolt against Symantec products

After the story was published, many readers wrote in to voice their criticism of Symantec software. Many, who say they’re disappointed with Symantec’s customer service and technical support, asked that we consider these factors in making our choices.

Unfortunately, Windows Secrets does not have its own test lab to scrutinize antivirus and firewall solutions, and we also don’t have the resources to conduct surveys on customer support. Instead, we analyze the test results of respected labs and let you know which products have received top ratings from the greatest number of reviewers. We publish the WSN Security Baseline as a way for individual and small-business PC users to see at a glance the minimum they need to protect their systems from hackers.

Whatever problems Symantec software has had in the past, the situation is that two major publishers, PC Magazine and PC World, have given their top awards to the latest version of Norton Internet Security. No competing product currently holds more than one Editors’ Choice award from major test labs. We felt it was important to pass that information on to you.

Having said that, one of our best sources of information is your e-mail messages, which form the basis of this week’s top story on problems with Symantec uninstaller programs. I promise to continue to investigate stories that you propose in the tips you send in.

Many feel suites don’t provide best protection

Several other readers questioned the value of recommending suites in the Security Baseline. IT manager Rob Devereux put it this way:
  • “I think one of the conclusions that most IT professionals are coming to now is that you will never have best of breed in a security suite, and your findings seem to bear this out with Symantec failing in some surveys, and ZoneAlarm in others, in areas where they have weak products.

    “By their very nature, these suites are often the result of one manufacturer who does one job well buying another smaller company or companies to do another security job or jobs and then getting their developers to write the rest and bolt the applications together. For example, Norton started out doing hardware and software diagnostics, went into antivirus, and then bought companies to add in spyware and other functionality.

    “The result, all too often (and Norton is a good example), is a product that has one exceptional component (often the thing that the company did well at first), two mediocre ones, and another one or two awful ones that don’t work well (for instance, the Parental Advisor in the Norton security suite). I have certainly seen a downgrading in the usefulness and reliability of Norton Anti-Virus since they made it part of a suite.

    “The point I am trying to make is that picking and choosing to get the best-of-breed antivirus, the best-of-breed [anti]spyware, the best-of-breed firewall, and so on, can be a far more beneficial and secure way to work than buying a security suite that forces you to have bad products along with good.”
Windows Secrets merged the categories of software firewall, antivirus, and antispyware in the Security Baseline back in 2006, when test labs found that security suites could adequately deliver all three functions. A unified suite can offer simplicity to individual PC users and harried small-business techs. Almost any suite that’s available today provides better protection than an having no security software installed — or having malware signatures that are out-of-date — if multiple products, which can conflict, prove to be too complex for end users to juggle.

IT professionals should, by all means, read the full test results that the Security Baseline links to, and determine for themselves whether a combination of products from different vendors would better serve their company’s needs. In most cases, the same labs that test suites also publish results for each vendor’s separate firewall, antivirus, and antispyware products. We consider the Security Baseline to be only a starting point for those who want to do their own research.

Reader Devereux will receive a gift certificate for a book, CD, or DVD of his choice for sending comments we printed. Send us your tips via the Windows Secrets contact page.

 
Wacky Web Week

Nuts — a little dab’ll do ya

Planters commercial  Maybe there’s something in the air. Maybe it’s just the raw, animal attraction that comes with a unibrow. Whatever it is, the star of this 30-second Planters Peanuts commercial has it and is turning heads.

For those of you who watched the Super Bowl for the football and left during the commercials, here’s the best of what you missed. Play the video
 
Insider Tricks

Don’t let social-networking viruses bite you

Brian livingston By Brian Livingston

The foolish people who develop Web sites that only work in Internet Explorer, and users who still run IE instead of safer browsers, such as Firefox, repeatedly expose themselves to one hacker attack after another.

The latest example is an exploit that afflicts the social-networking sites MySpace and Facebook, in addition to the Yahoo Music Jukebox — but there’s an easy way to protect yourself.

ActiveX bugs expose users to silent infection

The SANS Internet Storm Center (ISC) published a report on Feb. 4 that six ActiveX controls used by several sites can be manipulated by hackers to silently infect PCs. These controls, including the Aurigma ImageUploader, are used by IE to upload photos to social-networking sites and perform other tasks. But the flawed controls can be turned against you if you happen to visit one of several hacked sites that are already taking advantage of the weakness, according to a Symantec alert.

US-CERT, an arm of the Dept. of Homeland Security, recommends that users of IE set the security level of that browser’s Internet zone to “high” to disable all ActiveX capabilities. Well-known Web sites that require ActiveX controls, such as Microsoft’s Windows Update site, can then be added one by one to the browser’s Trusted Sites zone, which permits ActiveX.

Most IE users, however, won’t be able to tolerate such a severe security setting. With IE’s Internet zone set to a “high” security level, the browser pops up an irritating series of dialog boxes — sometimes several per Web page — when visiting many sites that are harmless.

Antivirus vendors are already taking steps to block the new-found ActiveX attacks. But it’s safer for you to disable the affected controls entirely until patched versions are released.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Woody's Windows

WinBubble is the best free TweakUI replacement

Woody leonhard By Woody Leonhard

With Vista now officially one year old and toddling into its Terrible Twos, I’ve given up hope waiting for Microsoft to deliver an up-to-date TweakUI for the new OS.

Fortunately, six enterprising developers have rushed in where Redmond feared to tread, and I’ll tell you which is my favorite at goosing Vista in wondrous — and sometimes useful — ways.

Lack of new TweakUI spawns six Vista twiddlers

Microsoft’s old TweakUI, long a mainstay of advanced Windows users, covered a lot of ground. It helped you change settings buried deep inside the Windows Registry without getting your fingers dirty.

Although the ‘Softies have released a version of TweakUI for every flavor of Windows from Win95 up to and including XP, it looks like Vista customers will need to fend for themselves. (You can still get TweakUI for XP from Microsoft’s PowerToys page.)

Many of you have written in with your nominations for your favorite Vista tweaking utility. In recent weeks, I’ve worked with several utilities that slice and dice Vista, with decidedly mixed results.

• TweakVI from Totalidea Software may be the most popular Vista tweaker. It combines both interface tweaks and performance boosts in a single, easy-to-use package. From what I’ve seen, though, the free TweakVI Basic Edition doesn’t tweak as much as my favorite tweaker, and the two paid versions ($34.99 and $49.99 per year) cost more than I’m willing to spend.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Perimeter Scan

Make use of advanced Process Monitor features

Ryan russell By Ryan Russell

I continue today the coverage of Process Monitor (PM) that I started in my Jan. 17, 2008, column.

Last time, I just introduced the basics. This time, I cover more advanced uses and a “case study.”

Watch out, Process Monitor can crash Win 2000

Reader Richard Bellin brought a rather alarming problem with PM to my attention. The utility can potentially crash Windows 2000, instantly and thoroughly. This was news to me, as I’ve used the program on Win2K at least a couple of times. But even though I haven’t seen this behavior myself, he indicated that there’s a Sysinternals forum thread where several users have reported the same problem. So I believe it exists.

What isn’t completely clear is under what circumstances you might experience the problem, because not all users do. Furthermore, some users who have experienced the problem have been able to get it to stop by (1) disabling their antivirus software while using PM or (2) going back to PM version 1.0. Even if you take these steps, Windows 2000 users should exercise caution with this tool. Thanks to Richard for the warning.

If I had to guess, I’d say the problem is a conflict with some combinations of kernel drivers or other things that poke around in the kernel. Remember Microsoft indicating that it will lock some software out of the kernel in newer version of Windows? One presumes that this kind of problem with PM is one of the reasons why.

At the time of this writing, the problem has been under discussion for several weeks, and is still isn’t out of the research phase for a possible fix.

How to monitor a busy Windows process

Launching PM, I tend to let it log Windows activity for a period of time. I then glance through the events the utility has picked up.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb