Justin Wood (Callek) wrote:
Hey Guys,
So I have to say, I am quite annoyed with Symantec/Norton at the moment.
Our Beta 2, which has been out for ~ a week, and I submitted the
whitelist request to Norton ~12 hours before the *DAY* of our release,
still is not complete.
With the release cadence we have/need, the turnaround time on their
whitelisting is completely unacceptable/bad. It completely hurts our
ability to get meaningful data for betas, and hurts our ability to keep
our release users up to date with latest stability/security updates.
My proposal:
* No longer wait for Symantec to indicate that the whitelisting is complete
* Mention it on our known-issues page that Norton can interact badly
with us on occassion
* Specifically list the .dll's [by name] it thinks are viruses on our
known-issues page as "ok" and "Norton's fault"
* Continue to submit whitelisting requests ASAP
* Continue to move forward with getting signed builds out [`may` help
with this]
* Continue to *try* getting a human contact at Norton to see if/when we
can speed up their process or fix this misidentification, and how.
The key point is this *will* be a pain point for windows users who have
Norton, where the most-logical solution for those users is to *disable*
their Virus Software during the duration of SeaMonkey use. And is
specifically manifests in the following ways:
* Quarantines 1-or-2 dll's
* The dll's affect our cryptography ability, in such that them missing
may/could break some https sites from functioning/cause crashes etc. (I
haven't witnessed it, but I also have avoiding us ever shipping in this
case)
* Restoration of the dll's seems to sign/modify them slightly such that
partial updates fail for these users, and end up having to download
updates twice (the second download being our full 20ish MB download).
I am literally treating this as a proposal for the community, we have no
sane way to detect the presence of Norton and delay JUST those updates.
This is not a vote, and I will take on the final call [unless the
SeaMonkey Council think that they as a whole should make the final
call]. So reasons for/against are appreciated, including "me toos", or
"please no" though I'd appreciate reasons for any of those mails.
With *myself* as a Symantec user as well [in my case because it came
pre-installed on my computer, and I decided to just register/subscribe
rather than fight and try to remove/switch] it is a bad situation to
have to be in, but I feel this is a decision I need community input on,
rather than decided that some subset of our users will have to suffer
due to a larger companies issues.
I see no reason that all Windows users should be penalized with slow
updates because some users choose to use a bloated and buggy antivirus
program. Perhaps if it causes them enough pain they will either
complain to Symantec enough that they will fix their algorithm or they
will switch to another antivirus program. It's not like there aren't
alternatives available particularly since Microsoft Security
Essentials is free.
On the corporate side, where end users have no choice about their
antivirus product, I don't know if Symantec's corporate products
detect the false positive or not. But even if they do I doubt that
many large companies are using SeaMonkey as their standard browser and
the individual users that may be running it are probably knowledgeable
enough to deal with it, particularly if they are told about it in the
release notes and known problems.
--
Jim
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
