I'm not a fan of automatic update programs... I'm one of those idiots who has a computer that will do things automatically and I insist on doing it manually... that said... i really don't like automatic update programs.
However when it comes to virus definitions I leave norton's liveupdate on... so every so often it grabs a few 100kb instead of me having to download 3-4 MB files.
Anyway I was bored so I was watching connections in TCPView (I'm on medication that is suppress this urge) and I find lucom~1.exe connecting HTTP to a wierd IP... an Indian IP (yes I can magically look at IP addresses and tell which geographical region they're from.. you can gain access to the cool tutorial that teaches this by voting for us at alexa and writing a five star review).
I figured it wasn't that strange, maybe they have an Indian mirror for the liveupdates.. not that I like the idea of that, because you don't know how secure the mirror you're downloading from is. So I whois'd etc the IP..
It seems to belong to a company called Jasubhai ... all you Indians will know this must be Jasubhai Digital Media the people who publish Chip computer magazine in India...
I hit the webserver and it runs Akamai Ghost (Thats part of the Akamai cacheing system that lotsa big companies like microsoft uses isn't it ?) and the webserver doesn't understand normal HTTP requests...
While this is probably not a security issue, I'm very intrigued in figuring out the liveupdate session and its protocol.. I'm not in a position to capture packets (ppp connection woes ) If anyone has a capture of a liveupdate session I'd really like to have a look at it...
If you're from a different geographical region you could lemme know where your liveupdate connects to... if lots of people find regional IPs then I'll be much more at ease.
Sorry about the massive post, I'm just quite intrigued by this.
I'm not sure which IP mine is connecting to - where are you finding this?
I only let Live update for Norton work, as you need to make sure the viruses are updated NOW. Could be a problem if you do it manually and forget to do it.
But I don't automatically update anything else. I have been severely screwed before (happened with Sql Server 6.5 - where the update wiped out your data if you were on version 3, I believe). That was not fun. Never again.
Re: Norton Liveupdate musings
14 years 9 months ago #2089