ID:2202396
 
(See the best response by MrStonedOne.)
Hello.
When I tried to start up BYOND today, I got a warning message from Norton that BYOND was trying to access my computer via TCP Port 20002, which carries the Trojan AcidkoR, which technically creates a tunnel for malicious software to enter my computer with ease. What should I do about this?
Best response
a port number is basically the internet version of a phone extension for your computer (with your ip address being the phone number)

Byond randomly picks what phone extension to use when it starts (you can change this)

There are only 65k extensions in computer networking, almost every single one of them has been used by a virus at some point.

You can scan for viruses to make sure, but its unlikely this warning means anything in byond's case.
Okay, thanks.
It's also possible the message meant it was trying to contact port 20002, which is one of the hub ports. That's legit also. Tell Norton this hit was a false positive.

TBH I think it's incredibly stupid for an antivirus program to freak out about a port being accessed, if it's known for a certain Trojan, without finding actual evidence of that Trojan. Raising a red flag and checking the situation out in more depth is called for, but that should all happen behind the scenes and the program should at that point be able to figure out it's not dealing with anything malicious.
Literally every port has been used by a trojan at one point or another, this behavior of "if its not something 40% or more of users do, it must be bad" only serves to do more damage then the viruses do in the big picture.


Also, when will people stop giving norton money. I've had nothing but issues with their products.
I actually think I've made more money from fixing the problems Norton causes than Norton has actually made from anyone who actually buys the annual "protection".