Norton screwup - anyone seen this before ?

Liam Byrne

I've got a web site developed that works almost identically across all browsers (a few minor sizing/positioning things to finalise)

BUT despite this, the client still couldn't see it properly on their computer!

We've finally copped that it is because she has Norton Internet Security installed, and it's completely ballsing up the site's code as delivered to her.

I asked her to do "view source" and send it to me "as received by her browser" and it turns out that Norton is wrapping the <html> </html> code with other crap - OUTSIDE the <html> tags!

Which means that the page that she gets is screwed, both from a CSS and an element scripting point of view:

What she gets is:

<div class="moz-text-flowed" style="font-family: -moz-fixed"><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
:
:
THE REST OF MY HTML
:
:
</html>

<script language="JavaScript">
<!--
var SymRealOnLoad;
var SymRealOnUnload;

function SymOnUnload()
{
window.open = SymWinOpen;
if(SymRealOnUnload != null)
SymRealOnUnload();
}

function SymOnLoad()
{
if(SymRealOnLoad != null)
SymRealOnLoad();
window.open = SymRealWinOpen;
SymRealOnUnload = window.onunload;
window.onunload = SymOnUnload;
}

SymRealOnLoad = window.onload;
window.onload = SymOnLoad;

//-->
</script>

</div>

How the hell is a site supposed to display correctly if Norton is screwing up like this ? And more importantly, is there a way around this ?

Ph3n0m

is she viewing the files locally or on a server?

DJB

I had a similar problem with Norton removing images and links from a clients website because norton assumed they were "internet ads". I had to distort the default image size so that it tricked norton to think otherwise. Pain in the arse. Took me ages to find it out and included a trip to the home of a client of my client, to discover it was norton in the first place.

Who in the hell gave Norton permission to change websites? It sure as hell wasn't the users of Norton because they never know it is happening!!! It's like testing in another browser! I wonder how the site looks with Norton turned on and ad blocking enabled???? FFS!!!!

Anyway, possible short term solution is to ask your client to turn off norton or ad blocker and try and narrow down why it is happening exactly. This will allow them to see the site as intended. As a long term solution, you'll need to dig deeper with a lot of googling to make sure people with Norton installed can view the site as intended.

Sorry I can't be of further help but I hope that points you in the right direction at least.

Rgds, Dave

Oh, just did a quick google for "SymRealOnLoad" and found a few posts on it. Here's a good answer:

its generated by your symnantec internet security software, and no not really going to have an effect on the document or the users, the only way it would effect your page is if you were using the window.open function as part of a javascript, the script you see makes any window.open function return false so they wont work

That should help!

Liam Byrne

The SymRealOnLoad isn't an issue - I've seen/dealt with that before....

The issue is the <div> tag that's wrapping the entire content - OUTSIDE the HTML tag :mad: !!

The site is actually live on a web server.

ron_darrell

When you say she can't see the page what exactly do you mean? Does she get nothing at all? Is she getting part of what you are looking to display? Is it displaying incorrectly? The code you provided above would not seem to cause any significant changes to any included html provided it was DOM and W3C compliant (apart from blocking pop-up windows). Can you explain further the problem your client is experiencing and perhaps provide some of the HTML code that is being affected?

-RD

P.S. With regards the suggestion that you ask your client to turn off Norton to get your page to display, I would suggest that that is a very bad idea akin to saying "only use IE6.0 or it won't work". Properly designed code should be able to handle most of the quirks that multiple browser types, AV types and OS types throw at you. Taking shortcuts by telling your users only to do certain things to allow them to view your pages is a very bad idea as you cannot control what all your users will do and by attempting to do so you reduce the usability and therefore usefulness of your site.

DJB

ron_darrell wrote:

P.S. With regards the suggestion that you ask your client to turn off Norton to get your page to display, I would suggest that that is a very bad idea akin to saying "only use IE6.0 or it won't work". Properly designed code should be able to handle most of the quirks that multiple browser types, AV types and OS types throw at you. Taking shortcuts by telling your users only to do certain things to allow them to view your pages is a very bad idea as you cannot control what all your users will do and by attempting to do so you reduce the usability and therefore usefulness of your site.

I suggested this as a short term solution so they could get the client to see the work as intended. For a long term solution, I also suggested, that he needed to dig a bit deeper.

In addition, how can we support every single AV or add on to a browser out there? We can't!!! We, as designers, are expected to get our sites working on a certain number of browsers on a certain number of operating systems. Having to also test what happens when stupid companies like Norton add crap code to our site for stupid reasons is beyond reasonable. In this case, Norton are obviously throwing in an extra line of code at the start of the page before the doc declaration, which confuses the browser and doesn't know what way to use the css.

I had another example of this come up recently. On one client site, I had a link to a sponsors page. I was walking through the site with the client on the phone and asked them to click the Sponsors link. They said it wasn't there. I got them to copy the source over to me. I had a feeling Norton was up to it's old tricks. I asked the client to disable adblocker and refresh. Link appeared. We then did a test of what was causing the link to be treated as an "ad" and therefore hidden by Norton! With a few title, name and link changes with the client refreshing, we got down to the root of the problem. It was the fact that the page that was being linked to was called www.asdf.ie/page/sponsors/ so we changed it to www.asdf.ie/page/clubsponsors/ and it tricked Norton. Short term and long terms solution in reality!

If users report this as a problem or the client reports it, it should be addressed but it should not be tested as the norm, IMO. Anyone else think so or should we be all buying a copy of Norton Internet Security and double testing all our sites with and without it turned on??? C'mon, get realistic!!!! Norton should not be given the ability to change the code as it was intended to be displayed... simple as that!

Liam Byrne

Yeah, ran into an ad issue before, but this one is definitely different since it's adding a div tag outside the <html> tags.

I've made a few tweaks to make it pass the validator (those were in the pipeline AFTER I'd sorted out the final few cross-browser positioning tweaks) and I'll get her to check it again on Monday...

It's a real PITA, though.....I don't want to give her the impression that I'm trying things on-the-fly.....the site is working almost 100% across every browser that I have...including IE5.5 (apart from one or two minor CSS positioning/sizing issues that I need to tweak) and there's no way Norton should balls that up :mad:

ron_darrell

With respect DJB, while I can see your point of view, it is not a good idea to think in this way. Norton are not 'out to get' programmers and where they have come up with solutions, such as the one above, it is to reduce the impact of unscrupulous programmers whose sites are intended to cause harm and inconvenience. Knowing that certain words are likely to trigger an auto-immune response why use them?

Norton are one of the worlds leading AV suppliers and generally if they have come up with a solution other AV companies will not be long in following. Coding to cope with their solutions means that you have coded to cope with the majority of AV solutions.

Yes, it is annoying when a site does not display as intended but if it keeps the clients PC safe we are all the better for it. This idea that 'well s***w them, I'm doing it my way' was half the trouble caused during the browser wars. If you must blame anyone blame those who build sites with endless pop up windows, phishers and trojans.

The vast majority of Norton fixes will not affect non-malicious W3C compliant code. Just a thought.

-RD

Liam Byrne

ron_darrell wrote:

...it is to reduce the impact of unscrupulous programmers whose sites are intended to cause harm and inconvenience. Knowing that certain words are likely to trigger an auto-immune response why use them?

Maybe because once we (and the other advertisers and the more unscrupulous site owners) know them, there's no point in blocking them anymore, because no-one will be using them ? Just a thought.

Norton are one of the worlds leading AV suppliers and generally if they have come up with a solution other AV companies will not be long in following. Coding to cope with their solutions means that you have coded to cope with the majority of AV solutions.

This idea that 'well s***w them, I'm doing it my way' was half the trouble caused during the browser wars.

With respect, ron, those two statements are at odds.....replace "Norton" with "Microsoft" and the second statement reflects what you rightly complained about in the first. And there is no aspect of "well s**w them, I'm doing it my way" with the site in this case - the code in question is compliant and passes the online validation check (which doesn't invoke Norton) but Norton's addition of the <div> element OUTSIDE the html is causing the scripting to act oddly, with links on an overlay element causing the page to scroll down to an empty part of the page.

If you must blame anyone blame those who build sites with endless pop up windows, phishers and trojans.

Agreed - the main fault is with those scumbags, but Norton are being paid well for a remit which includes (a) protecting their clients' computers while (b) letting them visit the web.....the payment is for their expertise in that balancing act, not for merely protecting the computer and thereby preventing access to legitimate sites - that's only half the job.

Salesman: "Sir - we've fitted an alarm to your car. You can now be safe in the knowledge that absolutely no-one can get in".

Me: "Great. Erm - one thing....can I get in now ?"

Salesman: "No, sir. In fact, you can't get in either. That wouldn't be 100% secure"

The vast majority of Norton fixes will not affect non-malicious W3C compliant code. Just a thought.

I don't like the implication, however unintended.....the thoughts that Norton views my code as malicious is almost defamatory, and I would certainly be afraid that it would give the client a similar impression and damage my reputation.....particularly as I need to contact her repeatedly to "try if" the site is working.

If the cops came around each housing estate each night at 2am with sirens blaring, it might get rid of the criminals, but it would introduce a new problem that in itself would make life hell.....that's similar to what Norton is doing, at least in this case.

ron_darrell

Liam Byrne wrote:

With respect, ron, those two statements are at odds.....replace "Norton" with "Microsoft" and the second statement reflects what you rightly complained about in the first.

First things first I don't work for Norton, but I have been very impressed with their software since I first started programming. Secondly, I could be going out on a limb here but you seem pretty anti-norton. What's the prob? We've all had issues with various pieces of software, I even have a crib with norton and the way it turns off the web-server on Outlook Express every so often and replaces it with 127.0.0.1 but this seems a bit more? Cad and scéal é?

Liam Byrne wrote:

Agreed - the main fault is with those scumbags, but Norton are being paid well for a remit which includes (a) protecting their clients' computers while (b) letting them visit the web.....the payment is for their expertise in that balancing act, not for merely protecting the computer and thereby preventing access to legitimate sites - that's only half the job.

Half the job? I'm sure if you check, Norton are not the only ones who have decided that only those who know what they're doing should be allowed play with all the pretty toys. Microsoft also default disallow certain actions unless otherwise requested by the client (e.g. opening attachments in mail clients, running web-servers, viewing the c: drive etc.)

Let's be honest here, every day malicious web-programmers (and a point in passing, I am by no means saying or insinuating that you are one of these. We all suffer for the crimes of these others here. They make all our lives more difficult. If you have taken my statements to mean this then I apologise.) try and find new ways to circumvent the latest AV fix. As with biological viruses and the body's immune system, AV can only react to the latest attack they cannot predict what it will be. With web pop-ups et al the only true way to protect is to prevent.

While most people are becoming more IT savvy, a lot of people when prompted with a button that says 'click here' will click first and ask 'should I do that?' later. To protect such clients (and Norton as any other business) has to think of the majority of it's customers (while allowing for those who are more IT literate) the only way to protect them is to come up with something like the workaround above that prevents pop-up windows.

Liam Byrne wrote:

I don't like the implication, however unintended.....the thoughts that Norton views my code as malicious is almost defamatory, and I would certainly be afraid that it would give the client a similar impression and damage my reputation.....particularly as I need to contact her repeatedly to "try if" the site is working.

Wow why are you making this personal? Did the client press the link and in big, bold, red, flashing writing it said 'Liam Byrne is a c**p programmer and his code is malicious' ? No it didn't. Why? Because it's not true. Anymore than if this code way affecting my site would it say 'ron_darrell is a c**p programmer and his code is malicious'

Might I suggest though that you get a copy of Norton to test the site before releasing it. This is not a snide suggestion or a smart alec comment but if you know there might be a problem why not check it out before hand. An awful lot of people use Norton as their AV (as it comes pre-installed with most PC's and laptops in the Republic these days). Do you really want to alienate that large a potential market?

Liam Byrne wrote:

If the cops came around each housing estate each night at 2am with sirens blaring, it might get rid of the criminals, but it would introduce a new problem that in itself would make life hell.....that's similar to what Norton is doing, at least in this case.

Not an exact analogy. A better analogy would be a curfew. And your suggestion would probably reduce thefts but you'd need lots of gardai!

-RD

ron_darrell

Liam Byrne wrote:

With respect, ron, those two statements are at odds.....replace "Norton" with "Microsoft" and the second statement reflects what you rightly complained about in the first.

First things first I don't work for Norton, but I have been very impressed with their software since I first started programming. Secondly, I could be going out on a limb here but you seem pretty anti-norton. What's the prob? We've all had issues with various pieces of software, I even have a crib with norton and the way it turns off the web-server on Outlook Express every so often and replaces it with 127.0.0.1 but this seems a bit more? Cad and scéal é?

Liam Byrne wrote:

Agreed - the main fault is with those scumbags, but Norton are being paid well for a remit which includes (a) protecting their clients' computers while (b) letting them visit the web.....the payment is for their expertise in that balancing act, not for merely protecting the computer and thereby preventing access to legitimate sites - that's only half the job.

Half the job? I'm sure if you check, Norton are not the only ones who have decided that only those who know what they're doing should be allowed play with all the pretty toys. Microsoft also default disallow certain actions unless otherwise requested by the client (e.g. opening attachments in mail clients, running web-servers, viewing the c: drive etc.)

Let's be honest here, every day malicious web-programmers (and a point in passing, I am by no means saying or insinuating that you are one of these. We all suffer for the crimes of these others here. They make all our lives more difficult. If you have taken my statements to mean this then I apologise.) try and find new ways to circumvent the latest AV fix. As with biological viruses and the body's immune system, AV can only react to the latest attack they cannot predict what it will be. With web pop-ups et al the only true way to protect is to prevent.

While most people are becoming more IT savvy, a lot of people when prompted with a button that says 'click here' will click first and ask 'should I do that?' later. To protect such clients (and Norton as any other business) has to think of the majority of it's customers (while allowing for those who are more IT literate) the only way to protect them is to come up with something like the workaround above that prevents pop-up windows.

Liam Byrne wrote:

I don't like the implication, however unintended.....the thoughts that Norton views my code as malicious is almost defamatory, and I would certainly be afraid that it would give the client a similar impression and damage my reputation.....particularly as I need to contact her repeatedly to "try if" the site is working.

Wow why are you making this personal? Did the client press the link and in big, bold, red, flashing writing it said 'Liam Byrne is a c**p programmer and his code is malicious' ? No it didn't. Why? Because it's not true. Anymore than if this code way affecting my site would it say 'ron_darrell is a c**p programmer and his code is malicious'

Might I suggest though that you get a copy of Norton to test the site before releasing it. This is not a snide suggestion or a smart alec comment but if you know there might be a problem why not check it out before hand. An awful lot of people use Norton as their AV (as it comes pre-installed with most PC's and laptops in the Republic these days). Do you really want to alienate that large a potential market?

Liam Byrne wrote:

If the cops came around each housing estate each night at 2am with sirens blaring, it might get rid of the criminals, but it would introduce a new problem that in itself would make life hell.....that's similar to what Norton is doing, at least in this case.

Not an exact analogy. A better analogy would be a curfew. And your suggestion would probably reduce thefts but you'd need lots of gardai!

-RD

Ph3n0m

Liam Byrne wrote:

The SymRealOnLoad isn't an issue - I've seen/dealt with that before....

The issue is the <div> tag that's wrapping the entire content - OUTSIDE the HTML tag :mad: !!

The site is actually live on a web server.

Hold on - is this issue cause the page to be messed up somehow? Or is it just a "cant be validated issue"?

Liam Byrne

Guys - I'm aware that I've come across as very anti-Norton; there's nothing untoward in that - it is simply that I am very pissed off that they are causing a working site to fail and, having repeatedly try to fix - or, I should say, re-fix it, the client is presumably getting fed up with the fact that it's not working....hence, it reflects on me and my work, even though the code on the website is 100% working and 100% compliant.

I have no other bone to pick with Norton; yes, it slows down machines a little too much for my liking and yes, I've seen it miss a few viruses that NOD32 caught, but these things are swngs and roundabouts - it is quite possible that it caught stuff that another one wouldn't.....as for the speed, it's not me that's using it here, so I don't care.....all I care is that it doesn't screw up my website.

Anything else that you mentioned, ron, is internal, and doesn't show up to a client, and advanced stuff (like viewing a c: drive or an ActiveX control) would be nice, but certainly isn't part of a standard website and is not budgetted in the troubleshooting.

Ph3n0m - the site validates (of course it does, since checking it on the w3 site bypasses Norton). The issue is that the addition of the external div (a) adds scrollbars and (b) according to the client* causes some of the JavaScript links to behave oddly, scrolling down the page.

*I've gotta say this, because I haven't seen it......

The only thing different (she's even using the same version of IE as me) is that the "View Source" that she's sent me contains A DIV TAG OUTSIDE THE HTML - which breaks compliance and therefore must be causing the problem.

Ph3n0m

Liam Byrne wrote:

Ph3n0m - the site validates (of course it does, since checking it on the w3 site bypasses Norton). The issue is that the addition of the external div (a) adds scrollbars and (b) according to the client* causes some of the JavaScript links to behave oddly, scrolling down the page.

*I've gotta say this, because I haven't seen it......

The only thing different (she's even using the same version of IE as me) is that the "View Source" that she's sent me contains A DIV TAG OUTSIDE THE HTML - which breaks compliance and therefore must be causing the problem.

Ok you are not responsible for any third party software installed on a clients PC/MAC - you can only code a site to meet certain standards/criteria, etc that works on any given browser, as is. There is nothing you can do to prevent Norton from adding this code in - therefore make sure your code is valid before passing to the client. Anything added in afterwards by any third party software, is not controlable by you, therefore "unfixable" (and before anyone says anything, it would be like trying to code a site to work on a browser, no matter what the user has installed/plugins used, which is near impossible to predict)

The only suggestion I can make is fix the javascript that is causing the issue, and accept the fact that Norton will make your site non-valid (and I am pretty sure its not the only site that it happens too)

(a) adds scrollbars - well is there anything you can remove to prevent these scrollbars appearing?
and (b) according to the client* some of the JavaScript links to behave oddly - define oddly, unfortunately "oddly" is not enough to help fix the issue. You really need a screenshot of any visual problems, and/or a description as to what this "oddly" behaviour is.

DJB

Why not deliberately add the code the client sent to you to the actual page so you can see what it is happening with it in there! This will help you do debug maybe. Also, you may want to read this post from last year that discussed a similar issue:

http://www.boards.ie/vbulletin/showthread.php?t=2054970619

Liam Byrne

OK, just so I'm not perceived to be slandering Norton....

The client had 3 toolbars installed - Google, Yahoo & Norton.

I got her to switch them off and the tag disappeared, so I got her to switch them on one by one, and then in pairs........still no dodgy <div> tag.....

But guess what.......when we switched all 3 on together again......still no dodgy <div> tag.....problem solved!

Who said that computers were predictable ? :frust:

As for not being responsible as to how plugins screw up websites - very true, but the area of concern is the probability that other people (those viewing the site) might have the same plugin(s) installed.....in this case, it seems like all 3 together had the effect, and the chances of someone having all 3 installed are relatively slim, but it is a grey area.....this site passed validation (because the validation check is a server-to-W3-server request, bypassing any misbehaving plugins) but the potential for it to be screwed up was still there.

But again, to clarify......Norton may have been a factor in this, but it seems like it was some weird combination of the 3 that did the screwing up.....the addition of the dodgy outside div tag caused unnecessary vertical and horizontal scrollbars to appear; these screwed up the calculation of the available screen real-estate - despite the dimensions being 100% width - and the unexpected horizontal scrollbar lost us a few pixels, and then the JavaScript (working off 100% of the "available height") caused the browser to scroll to fit the screen.

One for Mulder and Scully, methinks, but off the radar for now (phew!)

DemonOfTheFall

ron_darrell wrote:

First things first I don't work for Norton, but I have been very impressed with their software since I first started programming. Secondly, I could be going out on a limb here but you seem pretty anti-norton. What's the prob?

Sorry, what? You are quite literally the very first person I have ever seen call Norton a good piece of software, let alone impressive.

All Nortan AV and Firewall products are dire pieces of crap. They absolutely hog resources in a way that no other Internet Security product I've ever seen does. They constanty pop up retarded dialogs to things that you've told them before not to ask about anymore. Their definition files are bloated compared to other AV's definition filese, just to cover the same viruses. They have individual conflicts with numerous games, internet apps, and just everything in general.

I really am shocked that someone thought Symantec can produce anything other than a turd

Mike...

Norton screwing up????????

There's something new.......

*Sorry for my sarcasm I really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really really HATE NORTON