X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Why does the most recent firefox update want to turn my norton virus protection plugin off?

Posted

I'm running Firefox 21.0, and the Firefox update wants to turn my Norton protection plugin off. Note that I'm not talking about the Norton toolbar, I don't use toolbars. Why does firefox fail to coordinate updates with the community of antivirus vendors? Releases that impact user security in a negative way like this should be avoided. My Norton is completely up to date.

I see that this question comes up frequently, I see it for 15.x, 18.x and unspecified versions. The most common answer talks about the toolbar, but don't answer this question with more toolbar solutions.

What is wrong with 21.0 that needs to be fixed, at the expense of giving up the protection I have in Norton to stop scripting attacks?

And I'm not running Norton just because of the name... In my mind Norton products have earned a strong negative reputation. Each year I evaluate Antivirus packages, and Norton finally came out ahead in the evaluations. My 2011 evaluation winner started to stink in 2012. I haven't done a 2013 evaluation yet, but I'm starting to wonder if my loyalty to Firefox needs to be reevaluated on a regular basis as well.

To be clear, this is a problem with release management not taking into account the security needs of the users and a failure to coordinate with critical third party add-on providers. I manage a software QA lab, and it appears that Firefox is not doing a good job of interoperability testing with critical third party components, and/or failing to coordinate interop issues with the third party stakeholders.

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.7 r700
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0

More Information

David241 4 solutions 75 answers

Windows is simply trying to speed up the browser. Any add on or other item that slows the start up of a browser by .20 seconds triggers the message at the bottom of the screen. It is windows that causes that message to appear. click on choose what to disable, I think a windows window opens, not a Firefox window, then do not disable anything. Usually the message at the bottom of the screen will not reappear. Avast.com offers a free antivirus, if you register the free version by sending them your email address it is 100% free for a year. It is very good, evaluate it. I honestly believe the problem you are experiencing is caused by windows not Firefox.

I double checked it is windows. Go to control panel > network & internet > internet options > manage browser add-ons > manage add-ons      a list of all browser add-ons appears you can enable or disable them from this location.

Send me a reply if I can assist you further.

Modified by David241

Question owner

Uh, no, no and no.

I'm not getting any message at the bottom of the screen.

I have never seen anything like what you describe. And ass for the .2 second slowdown, I'm fairly sure I don't see that issue either... I have a high-speed raid10 array of fast SSD's for my filesystem that is 10 to 100 times faster than normal filesystems, and it is running on a high-end workstation-class system. Firefox is snappy, and I never get any speed-up warnings.

And I'm not talking about a message that comes at browser startup anyway. I'm talking about a warning window I get when attempting to update Firefox to 22.0 from 21.0. Before the upgrade starts firefox warns with a popup window:


Software Update

Incompatible Add-ons Found

Some of your add-ons won't work with this update, and will be disabled. As soon as they are made compatible, Firefox will update and re-enable these add-ons:

Norton Vulnerability Protection 11.3.0.9-5


The issue is Firefox updates are not being coordinated with critical third party vendors, so Firefox wants to turn off my Antivirus add-on. What *should* be happening is the Firefox developer team should be communicating with antivirus vendors, and other "important" third parties so that the third party vendors are in the loop when things in Firefox will be incompatible, so that the third party vendor can release updates in a timely manner. What has happened is FF22 was changed at the last minute, so that the version of Norton that was developed for FF22 is incompatable, even though it was created specifically for FF22. Firefox changed FF22 at the last minute, breaking the work that Norton did to release promptly. So despite the fact that Firefox communicated with Norton, there was a fail because Firefox changes something in FF22 without sufficient notice.

What I am looking for is an answer that specifically addresses this issue. Does Firefox software quality assurance test Firefox with the third party add-ons? What exactly caused the incompatibility at the last minute, and was it important enough to allow it to be released before the third party vendors were ready? Why does a third party developer, who is tracking the Firefox versions to stay in lock step, suddenly find their product to be incompatible at release time? When the final changes to FF22 were made, how much time did Norton have to catch up? Which is a safer browser, a FF21 with Norton turned on? Or FF22 with Norton turned off? What are my risks?

I have one and only one add-on.

So are you telling me that Firefox only supports Avast as a third party antivirus vendor? Avast has never made the cut in my antivirus evaluations. There was a time when Norton was at the bottom of the pile, well below Avast. But the 2012 version of Norton put them on top. Before I ditch Norton, I need a lot more justification than this.

Modified by georgew3

David241 4 solutions 75 answers

I want you to understand I have a small home computer. I make no connection between avast and firefox. You are in a whole different league. I think you know the answer before asking the question. For the small home user I prefer avast to norton. Norton uses more system resources and is always trying to back up files I do not need backed up.

I believe you need to try to contact the firefox 22.0 developers, I do not think you can reach them thru the forum. I have been trying to help other small home computer users like myself.
Tyler Downer
  • Administrator
  • Moderator
1165 solutions 6639 answers

Helpful Reply

David, your answers are way off base.

George, Basically Norton has been having an issue updated the vulnerability protection plugin for Firefox 22. They are currently fast-tracking a fix and it will be released any day. Until then, I still suggest that you update to Firefox 22. Firefox 21 has over a dozen publicly disclosed security holes than have been fixed in Firefox 22. Also, updating to Firefox 22 doesn't disable your virus protection, it's still running in the background. It only disabled certain Norton "features" in Firefox that are already replicated in Firefox. You should update to Firefox 22, and keep running Norton live update until they release their update (hopefully next week sometime).

Tyler Downer
  • Administrator
  • Moderator
1165 solutions 6639 answers

Helpful Reply

Also BTW, third-party devs are responsible for keeping their programs up to date. Firefox has an every 6 week release schedule that is published years in advance. Third-part devs like Norton could make their program update before firefox releases a new version, test it against the beta, and avoid this issue altogether, but they have failed to do so. While we encourage them to, there is only so much Mozilla can do to ask third-party devs to reduce the impact on their users when Firefox updates.

David241 4 solutions 75 answers

Hi Tylerdowner,

I know that my answer is way off base. I am just a rookie with all of 16 or 17 answers under my belt. I am determined to keep that little kitty cat logo by my username until I find one solution. No one else had tried to answer Georgew3's question so I took a chance. Bit off more than I could chew - meow !
jscher2000
  • Top 10 Contributor
2365 solutions 20922 answers

Hi georgew3, Norton is one of the very best vendors when it comes to updating add-ons in time for new Firefox releases. However, they aren't perfect. In this case they indicated on their support forums that some unexpected changes during the beta of Firefox 22 delayed the NVP update.

Latest status:

Re: Norton Vulnerability Protection and Firefox 22.0
07-11-2013 12:12 PM
...development is ongoing as QA is ongoing, and back and forth we go with different bugs that come up for a patch. So yes, testing has begun, but it began once the first builds for the update were code complete.
... We want this fixed too, we're working hard to get it resolved. It won't be today or even tomorrow, but it will be soon.
Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation

Question owner

David, Sorry to have been a bit snippy... I was a bit fed up because other people posting the same question were getting irrelevent answers regarding the Norton toolbar and other unrelated things.

Question owner

Thanks for helpful answers Tyler and Tony.

I understand the development cycles are scheduled, but usually there is a RC release that should be released early enough to test against that gives the third parties time to do final testing in time for release.

In this case the FF22 beta that Norton was testing against didn't turn out to be close enough to the release version to make the schedules mesh together. I guess it is my expectation that changes to the RC should be blocked, except where there is an extreme issue, and in that case the release date itself should be pushed out. But if I'm hearing what I think you are telling me, the published FF21 vulnerabilities were egregious enough to go forward with the changes OR the release schedule is not designed to accommodate the release date deltas that might exist with the third party vendors. I would imagine that there are a lot of third parties, so a policy of sticking to the release data might exist, even if the RC changes may have an impact.

Of course if the protections in Firefox and Norton's add-on are redundant, the only thing I'm loosing in turning Norton off is protection from any new vulnerabilities that crop up between the FF22 release, and the date Norton's update is shipped.

Tyler Downer
  • Administrator
  • Moderator
1165 solutions 6639 answers

A few misconceptions:

There are over 6000 addons on Firefox's add-on website (Addons.mozilla.org), and there are literally millions of third-party addons that have users ranging from 1-2 to tens of millions. We do not have the ability to fully test even a small subset of the most popular of these add-ons and make sure they work 100%, nor is it our responsibility. From the beginning of Firefox and add-ons it has been understood that Add-on makers assume the responsibility for making sure their add-ons work in the latest version of Firefox. Mozilla will try to make sure we don't break add-ons, and we will make sure that any breaking changes to add-ons are published well before a release, but if an add-on does break it isn't our responsibility. We will also test certain extremely popular add-ons and work with developers to make sure their add-ons work with the latest.

Developers have around 12 weeks to test their Add-ons against the latest version of firefox, 6 weeks in Aurora, and 6 weeks in Beta. The last few weeks in beta are pretty much release code, with only critical changes being accepted. We don't hold releases for add-ons for the reasons listed above. This was a fail on Norton's side.

jscher2000
  • Top 10 Contributor
2365 solutions 20922 answers

By the way, here's is Symantec's support article: Message: "Norton Vulnerability Protection is incompatible with Firefox 22.0" after I install the Firefox update:

You are still proactively protected from the browser-based and web-based attacks through the multi-layer protection technologies in Norton solutions including the Symantec Intrusion Prevention, Download Insight, and SONAR.

David241 4 solutions 75 answers

To georgew3 only - if anyone else receives this message please disregard it.

You have no reason to apologize to me. I am profoundly sorry for misinterpreting your problem. I was and am not qualified to answer the question you posted. This taught me to not answer questions too quickly or assume I know the answer, for that lesson I am grateful.