Saturday, December 13, 2008

PC SECURITY - Norton AntiVirus Update Failures

This article is addresses install failures/errors when you run Norton (aka Symantec) AntiVirus LiveUpdate in WinXP, but should also apply to Vista.

When LiveUpdate runs and you get a error stating that the update could not be installed, this MAY mean that the current or previous Definition Update was corrupted. This is most likely to happen if an update download or install was interrupted (as in you rebooted before the process completed).

To check, use Explorer to navigate to the folder shown in the below screenshot.
click to enlarge



You should see the entries for ONLY 2 Definition Updates, the current + previous. The definfo.dat file is a text file that shows you what the files should be. The actual Definitions Update data are contained in the folders with the matching numeric-names.

You will know you have a problem when:
  1. You see MORE than 2 Definition Update folders
  2. There are filename.tmp files listed

Open definfo.dat with NotePad and see which 2 Definition Update folders should be kept (you may want to print this).

THE FIX:

The following is from Symantec Support, but in (what I hope) is a more clear presentation.

In summery, what you have to do is delete the EXTRA Definition Update folders AND any filename.tmp files. The problem is you cannot do this from your Win Desktop because the files are "in use" at the time, which is why just trying to run LiveUpdate again does not fix this problem.

What you do is to reboot your system and key [F8] just as POST ends AND Windows starts. For "speedway" fast systems just keep keying [F8] as your system boots.

This brings up the Windows Boot Option screen, select to boot to the Safe Mode (no Internet, no command prompt).

After getting to the Safe Mode Desktop, use Explorer to navigate to the folder shown in the screenshot. Now you can:
  • Check what definfo.dat file lists (got printout?) as the Definitions you should keep
  • Delete the Definition Update folders NOT listed in definfo.dat
  • Delete ALL filename.tmp files

Now reboot your system and recheck the VirusDefs folder again. It should look similar to the screenshot.

You may want to manually run LiveUpdate at this time.

Also, personal preference suggestion: I prefer the Classic LiveUpdate (found in "C:\Program Files\Symantec\LiveUpdate\LUALL.EXE") that has a dialog with a listbox that shows you the process so you actually can see error messages, if any. Also suggest you set the LiveUpdate Configuration in Control Panel as shown in the following screenshot.

click to enlarge



Another option:

You can download Symantec's Intelligent Updater, the latest_version-i32 file, and SAVE to your hard drive, then run it from there.

The best way to use this option is to delete EVERYTHING in C:\Program Files\Common Files\Symantec Shared\VirusDefs BEFORE you run the updater.

Friday, December 5, 2008

COMPUTERS - Hard Drives

Technically, what are hard drives in the computer world?

The generic category is Storage Device, but this applies to more than hard drives. Example, a USB Flash Drive is also a Storage Device.

HARD DISK DRIVE

A hard disk drive (HDD), commonly referred to as a hard drive, hard disk, or fixed disk drive, is a non-volatile storage device which stores digitally encoded data on rapidly rotating platters with magnetic surfaces. Strictly speaking, "drive" refers to a device distinct from its medium, such as a tape drive and its tape, or a floppy disk drive and its floppy disk. Early HDDs had removable media; however, an HDD today is typically a sealed unit (except for a filtered vent hole to equalize air pressure) with fixed media.

Read the full Wikipedia article for more info

HOW HDDs RECORD & TRACK DATA

First, HOW HDDs physically do what they do is a hardware issue. Your Operator System (OS) only deals with how file-data is written to the HDD and the OS has its own way of tracking the files.

Your OS gets the physical address references from your HDD(s), essentially:
  • The physical address of each drive from BIOS (HDD0, HDD1, etc.)

  • The HDD physical addressing scheme is called LBA (Logical Block Addressing)
  • For each HDD, the Master Boot Record (MBR) located on Platter 0, Track 0, Cylinder 0 (aka LBA0)

Among other things, the MBR contains the Primary Partition Table (PPT).

IMPORTANT NOTE: The MBR is written to a special DOS FAT partition. What makes is special is that it MAY be a non-standard DOS size. The minimum DOS FAT size is 512kb (this is what Floppies are formatted in) and multiples (514/1024/1536/etc), but this special MBR sector MAY be less than 512kb. This sector could also include (example) "EISA Configuration" using 47mb DOS FAT.



The MBR is written when your OS formats the drive. The PPT is how your OS keeps the data on ALL drive partitions on your system. Each HDD gets its own PPT that tells the OS how that drive is partitioned. The simplest is, of course, a single partition.

But if a HDD has been partitioned to (example) 2 partitions, there would be 2 entries in the PPT with the data on each partition. This includes if the other partitions are for a different OS. Example; 1st partition WinXP and 2nd partition Vista (aka you have setup a Dual Boot system).

Physically HDDs are divided into Platters, Tracks, and Sectors.
  • Platters: Disks that have 2 sides (upper/lower) with a magnetic coating that data is written/read

  • Tacks: Concentric circles where data is written/read

  • Sectors: Think pie wedges, this divides each track

Since each Platter has 2 surfaces (upper/lower) Tracks are referred to as Cylinders (like a tin can). All upper tracks align with all lower tracks; and on HDD with more than one Platter, all upper tracks align with all lower tracks, on all Platters.



The HDD keeps track (has a physical address or LBA) of each location on the HDD by Platter/Track/Cylinder. It is this address that is passed to your OS. There are reserved HDD addresses, such as LBA0 where the MBR is located. It is the LBA that is passed to your OS to track HDD contents.

SIDE NOTE: This deals with the term "Partition" when use for HDD vs how the term is used in Mainframe Computers.
  • In Mainframes the term "Partitions" refers to how HARDWARE RESOURCES are allocated. In this context, a Partition can refer to a number of processors used, how many memory DIMMs are used, how many of the Storage Devices are used, how many Network Cards are used, etc.


  • The Storage Devices usually mean "packages" or sets of individual HDDs. Multiple HDDs can be "partitioned" to function as a single Logical Hard Drive (LHD), make 5 HDDs = 1 LHD. Note that when Windows refers to C: this is the LHD alias for HDD0, 1st Partition.

I will post about the NTFS (NT File System) use by WinXP & Vista later.