Endpoint
10/25/2012
08:16 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Court To Notify Current And Former Norton Customers About $10 Cash Refunds For Antivirus Software Upgrades And Renewals

Products included in the settlement are Norton AntiVirus, Norton Internet Security, Norton 360, Norton Personal Firewall, and Norton SystemWorks

SAN FRANCISCO, Oct. 25, 2012 /PRNewswire/ -- A notification program began today, as ordered by the United States District Court for the Northern District of California (the "Court"), to alert people who purchased Norton antivirus software from Symantec Corporation ("Symantec") about a proposed class action settlement.

This settlement resolves a lawsuit over whether Symantec Corporation

("Symantec") improperly charged customers for the automatic renewal of a prior Norton software subscription after they purchased another Norton product.

Eligible claimants may receive a $10 cash refund or two-month Norton subscription extension for each eligible pair of Norton purchases. The settlement also provides that Symantec will make certain website disclosures and other changes to its business practices.

The following products are included in the settlement: Norton AntiVirus, Norton Internet Security, Norton 360, Norton Personal Firewall and Norton SystemWorks ("Eligible Products").

The Settlement Class includes all individuals, businesses and other entities in the United States who between October 1, 2005 and May 23, 2012: (a) purchased an Eligible Product, and (b) enrolled in Norton's automatic renewal service for that product, and (c) purchased (or renewed) a second Eligible Product either during the term of a subscription to the first Eligible Product or within 60 days after being charged an automatic renewal charge for that first Eligible Product, and (d) installed the second Eligible Product on the same computer as the first Eligible Product, and (e) have not received a refund of the automatic renewal charge. Each pair of product purchases is an "Eligible Transaction."

Class Members who submit valid claims by May 6, 2013, may receive a $10 cash refund or two-month Norton subscription extension for each Eligible Transaction.

Claims for a single Eligible Transaction do not require proof from the claimant--the claim is based on their knowledge and recollection. Claims for multiple Eligible Transactions require that the claimant provide proof-of-purchase documentation. Class Members can request a Claim Form, Detailed Notice and postage prepaid envelope by calling the toll free number or visiting the website. Claims may be submitted by postal mail, email or fax.

Notices will be sent to potential Settlement Class Members and are scheduled to appear in nationwide print and online media leading up to a hearing on April 4, 2013, when the Court will consider whether to grant final approval to the settlement.

The Court has appointed the law firms of The Law Offices of Thomas M. Mullaney in New York, NY, and Larry D. Drury, Ltd., in Chicago, IL, as Class Counsel to represent the Settlement Class.

Those affected by the settlement can ask to be excluded from, or object to, the settlement and its terms. The deadline for exclusions and objections is February 26, 2013.

A toll free number, 1-877-853-3045, has been established in the case known as Marolda v. Symantec Corp., Case No. 08-5701 (EMC), along with a website, www.NortonSettlement.com, where the notice, claim form and other information may be obtained. Those affected may also send an email to info@NortonSettlement.com or write to Norton Upgrade Settlement, P.O. Box 3170, Portland, OR 97208-3170.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.