| By Scott Dunn |
Like most Windows software, Norton security products, published by the Symantec Corp., come with an uninstall option to remove the software from your computer.
Unfortunately, neither Symantec’s bundled uninstaller — nor a little-known, special utility from the company — removes every single thing.
Incomplete removal poses a risk to users
My Jan. 24 round-up on reviews of security suites reported that Symantec’s Norton Internet Security 2008 had garnered Editors’ Choice awards from PC Magazine and PC World — more top prizes than any competing suite. Soon after my article appeared, dozens of readers wrote in to complain about their experiences with Symantec software. Among other problems, they cited the difficulties they’ve had uninstalling Norton security products.
In addition, a number of sources confirm that security software in general, and the Norton product line in particular, do a poor job of removing their products.
Why are incomplete uninstalls a problem? In addition to leaving useless data on a customer’s machine, such Registry entries may in some cases cause conflicts for other software.
For example, self-described industry guru Dave Taylor warns that “the presence of uninstalled security software in the Registry can conflict with newly installed security software and cause system freezes.”
Mark Hasting, creator of a site known as PC Hell, reports hearing from many users who want to remove Norton products. “I’ve even received mail from computer users trying to install an antivirus product,” he explains, “and they are told to uninstall Norton before they can proceed, even though it appears Symantec products are not running on the system.”
Hasting, it should be noted, makes an identical claim about McAfee’s antivirus and security products.
To examine the problem for myself, I used a test computer to analyze the uninstall process of the full version of Norton Internet Security 2008. I also tested a trial version of that product and Norton 360, a related, all-in-one security package.
In every case, I found that one .dll file (symlcrst.dll) and a few other other files and folders were not removed by Symantec’s uninstall routine. Also, the Windows Registry still showed numerous references to the removed products.
That a wide range of Symantec products are difficult to completely uninstall is suggested by the Symantec support site itself. The site offers a free Norton Removal Tool. Although the Symantec Knowledge Base claims the tool is only for failed installations or damaged products, the company continues to update the utility to remove a host of its products. This include Norton 360, Norton Ghost, Norton Save & Restore, pcAnywhere, WinFax, and any Norton Internet Security product dated 2003 through 2008.
To test the effectiveness of this utility, I ran the Norton Removal Tool after doing a normal uninstall of Norton Internet Security 2008. I then restarted the computer. Although the tool did remove some Registry entries and delete some stray folders on the hard disk, it still didn’t do a thorough job. For example, key Registry entries, such as
remained, as well as a .dll in the Program FilesCommon Files folder.
Symantec products aren’t the only security software that present uninstall challenges. The tips-and-hints site PC Hell provides instructions for removing well-known products from McAfee, Avast, AVG, and AntiVir. It also includes links to special uninstall utilities provided by McAfee and Avast, in addition to a Registry cleaner from AntiVir.
I installed and uninstalled the latest trial version of McAfee SecurityCenter on a test machine running Windows XP Pro. The results, while not perfect, seemed less troublesome than the Norton examples. McAfee SecurityCenter’s uninstaller left behind three small data files (with .txt, .bak, and .dat extensions). It also left a handful of Registry entries, but these appear to be harmless artifacts of the product.
Symantec clarifies its uninstall approach
Symantec spokespeople defend the behavior of its install and uninstall routines. According to Jody Gibney, senior product manager for the Norton Internet Security product line, the install and uninstall process has undergone a major overhaul since the 2006 versions. “Between Norton Internet Security 2006 and Norton Internet Security 2008, we’ve managed to reduce the number of Registry entries left behind,” she said in a telephone interview.
Gibney acknowledges that one DLL is intentionally left behind. This is a DRM (digital rights management) component intended to protect the company against a person installing a trial version multiple times to avoid paying for the product. Symantec does not remove any Registry entries related to this component.
If a user has installed multiple Norton products, all of which use the Norton LiveUpdate utility to install patches and virus definitions, Gibney points out that the uninstaller for one product will not remove that component — even if that product was the first to install the files. Naturally, if someone forgets or doesn’t know that they other Norton products are still installed, the presence of LiveUpdate may appear to indicate an incomplete uninstall.
In my tests, the Add or Remove Programs control panel displayed separate uninstall options for Norton Internet Security 2008 and LiveUpdate. Uninstalling the Norton product also removed the LiveUpdate component, apparently because no other Norton products still remained on my test machine.
Gibney advises against using the Norton Removal Tool as an uninstall method. Instead, she recommends using the product’s Uninstall command (found within Windows’ Start menu) or the Add or Remove Programs control panel. “Only use the Norton Removal Tool if you have a problem,” she says. Otherwise, you may cause problems for Norton Ghost or other Norton products you may have installed.
“We’ve put a ton of effort into Norton Internet Security 2008 and will do the same for Norton Internet Security 2009,” says Gibney. “People who have a valid subscription are entitled to a 2008 update,” she adds, indicating that this will eliminate most uninstall problems.
How to remove Norton products from your system
Fortunately, if you need to remove a Norton security product from your system, a number of Web resources exist to help you do so. The correct approach varies, depending on whether you’re removing only one of several Symantec products or all of them:
Removing only one Symantec product when more than one is installed
Open the Control Panel and use the Add or Remove Programs applet (in Windows XP) or the Programs and Features applet (in Vista) to see the number of Symantec programs that may be installed. If several are present, and you wish to uninstall only one, run that program’s uninstall function to remove it.
Removing all Symantec products, however many are installed
Whether you have only one Symantec product or several installed, if you’re removing them all, open the Control Panel and use the same applet described in the previous paragraph to find them. Uninstall each program in turn. If the LiveUpdate utility still shows up in the Control Panel applet, select the option to remove it.
After you’ve uninstalled all Symantec products, including the LiveUpdate utility, you can clean up your Registry further by following the instructions at the Symantec support site. This involves running the Norton Removal Tool for your particular product.
As noted above, however, even the Norton Removal Tool will not remove every trace of Symantec programs. You may find leftover Symantec folders under your Program FilesCommon Files folder, the Documents and Settings folder (in XP), and the Users folder (in Vista). Don’t use Registry tools to simply delete every reference to Norton or Symantec. Many of these entries are completely harmless (for example, when the name turns up in an MRU or “most recently used” list).
For the most thorough removal, the Dave Taylor support site provides detailed instructions for removing Symantec files and Registry entries from an XP system. Users of Vista shouldn’t have much difficulty translating the same steps for that operating system.
Software publishers expect users to agree to and obey restrictive license agreements. In return, customers have every right to expect developers to create products that leave a system completely free of that software when uninstalled.
Makers of security software, in particular, have a responsibility to make sure that removal of a product doesn’t compromise security further by making it difficult for other security products to be installed.
Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.
Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.