It is no secret that I am not a big fan of Norton Antivirus. The huge resource drain and the invasive "protection" it offers has never appealed to me. Well, my dislike grew even more on Friday night.
The Case
This past Friday at 5:00pm I was thinking about the weekend activities, getting together with friends, time with the kids, etc. when I got an IM from Lisa in the support department who had a GiftWorks user on the line that was experiencing an error that peaked my curiosity. The nature of the error message, "Stack Overflow", did not give me good feelings so I thought I should follow this up quickly.
The Culprit
Maggie uses a product called Norton Antispam. This product tries to protect users from pop-ups and the effects of spam. To accomplish this, it employs an approach that I had not heard of previously. Whenever Maggie would download a webpage (something.htm) Norton Antispam would inject code into the page in an attempt to protect her from errors.
The Code
If you are not aware, we use HTML give GiftWorks a rich look and feel. As I looked through the GiftWorks HTML pages on Maggie's machine, you can probably understand my concern when I discovered the following code (which is not our code):
1: function SymError(){return true;} 2:
3: window.onerror = SymError;
4:
5: var SymRealWinOpen = window.open;
6:
7: function SymWinOpen(url, name, attributes) {return (new Object());} 8:
9: window.open = SymWinOpen;
10:
11: var SymRealOnLoad;
12: var SymRealOnUnload;
13:
14: function SymOnUnload()
15: { 16: window.open = SymWinOpen;
17: if(SymRealOnUnload != null)
18: SymRealOnUnload();
19: }
20:
21: function SymOnLoad()
22: { 23: if(SymRealOnLoad != null)
24: SymRealOnLoad();
25: window.open = SymRealWinOpen;
26: SymRealOnUnload = window.onunload;
27: window.onunload = SymOnUnload;
28: }
29:
30: SymRealOnLoad = window.onload;
31: window.onload = SymOnLoad;
32: </script>
The Cause
I soon put 2 and 2 together. The pages that were "corrupted" on Maggie's machine were pages that we had updated remotely through our Content Update mechanism. Whenever a user starts GiftWorks, we instruct GiftWorks to go to a remote server and determine if any minor updates are available. These minor updates are bug fixes, content corrections, or small enhancements that we can transparently push down to the user. In the process of downloading these updates, Norton Antispam injected their code into our pages which eventually caused Maggie to get the errors that she did.
The Cure
I made some changes to our Content Updater to bypass the Norton Antispam effects and was able to get Maggie up and running again.
A couple hours later that night, I felt much better that Maggie was working and I learned something new and hopefully GiftWorks and our customers will benefit.
I still got together with friends that night.