Tutor Tips from ... the Computer Tutor

26 August 2005

Norton AntiVirus

As most of you are quite aware, my preference for antivirus software has always been Norton AntiVirus by Symantec. Part of this has to do with liking Peter Norton and disliking John McAfee. My distain for John McAfee goes back to 1992 when he sparked a full-scale panic regarding the Michelangelo virus with the help of gullible reporters and clueless pseudo-experts. You can read about the “worldwide Michelangelo virus scare of 1992” on the Vmyths Web site (http://vmyths.com/fas/fas_inc/inc1.cfm).

No antivirus program will protect your computer, if you fail to keep it up to date. Norton AntiVirus can be (and is, by default) set to automatically update your virus definitions. However, you should periodically check to see that the program, indeed, is updating. There are viruses and worms that will attack antivirus programs and disable them. A disabled antivirus program provides as much security as a color-coded terrorism alert system.

Norton AntiVirus Status
Manually Update Your Norton AntiVirus Program
Manually Run Live Update
Full System Scan
Repairing Infected Files
How to Boot into Safe Mode

Norton AntiVirus Status
When you open the program – by double-clicking the Desktop icon or system tray icon (down by the clock), or by clicking on Start, All Programs (Programs in Windows 98), and Norton AntiVirus – you will see the Status screen. If Norton AntiVirus (NAV) is part of an integrated package, such as Norton Internet Security or SystemWorks, you will have to click on the AntiVirus button to show its status.

Norton AntiVirus will tell you the status of the following:

  • Auto-Protect - Keep Auto-Protect turned on (enabled) at all times to prevent viruses from infecting your computer. Auto-Protect works in the background, without interrupting your work.
  • Internet Worm Protection (NAV 2005 or higher) – Keep Internet Worm Protection turned on (enabled) at all times to protect your computer from worm attacks and other threats that originate from the Internet. Internet Worm Protection's default settings for basic inbound port blocking and network monitoring provide reliable network protection against worms and other malicious Internet activity.
  • E-mail Scanning – Keep E-mail Scanning on at all times. Norton AntiVirus stops infections in incoming and outgoing e-mail. For maximum protection, and to prevent you from spreading virus-infected e-mail to your friends and colleagues, Norton AntiVirus scans your outgoing messages for viruses.
  • Full System Scan - When you installed Norton AntiVirus and completed the Information Wizard, you were given the option to schedule a weekly full system scan as part of post-installation tasks. If you made that choice, the scan is scheduled automatically for you. After installation, you can always review and modify the scheduled scans in the Norton AntiVirus Scan for Viruses pane or create new scheduled scans. If Auto-Protect is enabled and the Norton AntiVirus options are set at their default levels, you normally would not need to scan manually. However, if you choose, you can scan your entire computer, or individual floppy disks, drives, folders, or files.
  • Virus Definitions - Virus Definitions status warns you if your virus definitions are out of date and displays the definition file date on your computer. Virus definitions are files containing specific signature information that allows Norton AntiVirus to detect and protect you against virus and malicious code threats.
  • Virus Definition Subscription Renewal Date – Subscription status tells you when your antivirus subscription service expires. A valid antivirus subscription service is required for you to receive virus definitions from Symantec. Your Symantec product includes a complimentary, limited-time subscription for virus definition services. Your subscription status is displayed in the Service Status area of the Norton AntiVirus main window. Symantec no longer supports NAV 2003 and earlier. This means you cannot update your subscription without first updating your program version.
  • Automatic Live Update – You should have Automatic LiveUpdate turned on to ensure that Norton AntiVirus has the latest virus definitions and program updates. Virus definitions are files containing virus information that allow Norton AntiVirus to recognize and alert you to the presence of a specific virus. To prevent new viruses from infecting your computer, you must update your virus definitions frequently. Program updates are enhancements to Norton AntiVirus that are periodically issued by Symantec. Program updates usually contain changes to the inner workings of the program. After installing program updates, you won't necessarily see a difference in the way Norton AntiVirus works. By default, Automatic LiveUpdate checks for updates to Norton AntiVirus virus definitions every four hours when your computer is connected to the Internet.

Green ticks mean that the status of the item is good. A yellow exclamation point will indicate that you need to do something about the item soon. A red “X” indicates that you should have done something about the item a while ago and it would behoove you to address the issue immediately.

 [ Back to top ]

Manually Update Your Norton AntiVirus Program
 When new updates become available, Symantec posts them on the Symantec Web site. If you can't run LiveUpdate or if you need to obtain an update immediately, you can obtain them from the Symantec Web site at http://securityresponse.symantec.com. Here you will find:

  • Latest Virus Threats
  • Security Advisories
  • Virus Definitions
  • Security Updates
  • Virus/Worm Removal Tools

Follow the links to obtain the type of update that you need.

Manually Run Live Update

  1. From the Norton AntiVirus status screen, click the LiveUpdate button. You will see one of three different dialog boxes. Do one of the following:
    • If the dialog box is titled "Welcome to LiveUpdate," click Next.
    • If the dialog box is titled "Welcome to LiveUpdate Express," click Start.
    • If the dialog box is titled "Select Updates," you are running an older version of LiveUpdate. Make sure that all available updates are checked, and then click Next.
  2. Wait for LiveUpdate to get any updates. Then do one of the following, depending on what happens:
    • If you see one of these messages:
      "Thank you for using LiveUpdate. All of the Symantec products and components are currently up-to-date. . ."
      - or -
      "All of the Symantec products and components are currently up-to-date. Remember to check for new updates frequently. LiveUpdate session is complete."

      You already have all available updates and virus definitions. Click Finish. Run LiveUpdate again in a few days.

    • If you see a list of updates or virus definitions: Click Next to download and install the updates. Once the updates are downloaded and installed, click Finish. Run LiveUpdate again in a few days.
    • If LiveUpdate appears to download updates and you see a box titled "Welcome to LiveUpdate Express": Click Close. LiveUpdate is running in Express Mode. LiveUpdate will run in the background and not need your attention. It may take a few minutes for LiveUpdate to install the updates that it just downloaded.

 [ Back to top ]

Full System Scan

  1. From the Norton AntiVirus status screen, click Scan for Viruses.
  2. In the Scan for Viruses pane, under Task, click Scan my computer.
  3. Under Actions, click Scan. When the scan is complete, a scan summary appears.
  4. When you are done reviewing the summary, click Finished

Files that could not be deleted appear in the Scan Summary window with a status of at risk or delete failed. There are varieties of reasons why some files cannot be deleted: a file may be in use, could be part of a larger program, or could be an infected file associated with a process in memory. Norton AntiVirus recommends that you click the threat name to review the information from the Internet and determine the appropriate action.

Repairing Infected Files
The Repair Wizard can perform five tasks:

  • Fixes an infection - Removes the virus from the file or deletes the file if the threat is a worm or Trojan horse
  • Quarantines an infection - Makes the file inaccessible by any program other than a Symantec antivirus program
  • Deletes an infection - Removes the virus from your computer by deleting the file that contains the virus, worm, or Trojan horse
  • Removes an infection - Lists infections that Norton AntiVirus is unable to automatically remove, but that you can remove manually
  • Use the Scan Summary - Shows how many viruses were scanned, detected, repaired, quarantined, deleted, or excluded during the scan

If Norton AntiVirus found any viruses or worms, it is imperative that you run the scan again in Safe Mode. Many forms of malicious software will protect or reinstall themselves constantly if they are allowed to start in the first place. These programs will situate themselves in one of the many autorun locations in the Windows registry and file structure. When Windows is started normally, so is the offending software, running as a process in the background. When you start the PC in Safe Mode, these autorun locations are not used and no software is started automatically. This can allow Norton AntiVirus the opportunity to remove the malicious software completely.

 [ Back to top ]

How to Boot into Safe Mode

  1. Start the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
  2. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu (Windows XP) or the Startup menu (Windows 98) appears. If you see the Windows splash screen, you’ve proceeded too far. Press the reset button or power off the computer and try again.
  3. Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.
  4. As the system boots into Safe Mode you may see some unusual lines of text appear (Windows XP). Ignore them.
  5. At the Windows XP or 2000 start screen, log in as yourself or as Administrator.
  6. When Windows warns you that you are running in Safe mode, acknowledge it

 [ Back to top ]

Review Tutor Tip "Norton AntiVirus: How to Properly Scan for Viruses" for additional information.