Posted by: Ed Tittel
Last Thursday, right after applying the second MS12-078 patch to my production Windows desktop machine, Identity Safe in Norton Internet Security 2013 quit working. I didn’t have time to deal with this until the weekend, and worked around the loss of access to my password vault because I’m lucky enough to have memorized all of my really important passwords for my most frequently-accessed password-protected Web assets. The basic symptom was as follows: every time I tried to access Identity Safe, I first had to login to my online Norton account, but each such login attempt would end unsuccessfully with an error message that the software was unable to access the Internet. This, despite my ready ability to login directly to my Norton account online, and actually see the contents of the Identity Safe/Vault with my own eyeballs.
A little quick Web research showed that hundreds, if not thousands, of other Norton users have suffered from the same problem, some as far back as this summer. Thus, although my symptoms didn’t manifest until Thursday, December, 20, the day that the second coming of MS12-078/KB2753842 occurred, it’s not at all necessary that those two events be related to each other. After trying various fixes and workarounds from the Support pages and from advice dispensed to other fellow sufferers, I got exactly nowhere.
So, yesterday I finally took the time to open an online chat with Norton Tech Support and ask for some professional help. It turns out that a remove-and-replace operation on NIS 2013 was necessary to restore Web-based access to the password vault. But somehow during the remove-reinstall maneuver, my original database of account and password information got trashed. The Norton tech support pro valiantly tried to restore the contents of the vault using the local backup file that the program creates in the C:\Program Data\Norton\<<SID>>\NIS_188.8.131.52\IdentitySafeDataStore folder every day, but the Import operation on that file returns the error “file unreadable or corrupt.” I jumped in to help out, and started using Acronis True Image Home to mount images for backups going into late November, but each had the same results: no luck. After about 90 minutes on the phone, we decided to give up and I was faced with having to rebuild all 243 of my accounts and password manually. Ouch!
Later that afternoon, running an errand with the family, I had an idea: Why not dig further back into my backup trail, and find an identity safe snapshot that predated my adoption of the Norton Vault (Web-based technology that superseded local disk-based Identity Safe stuff)? Sure enough, I found a file named IDDStor2.dat in the same folder dated July 5, 2012, and was able to import it into my current Vault environment without difficulty. And then, in looking at the directory structure of the afore-cited Program Data director for Norton stuff, I observed a pattern that probably indicated why our import efforts failed:
I have to believe that the folder names represent some kind of unique ID or hash value, and that the reason the import failed is because the ID or hash value is used to decrypt the contents of the locally-stored vault information. That’s because the 8d2… folder name represents where vault stuff lived when the previous NIS 2013 installation was active, but the 5e0… folder took over when the latest installation occurred. By my reckoning, the error that caused all this grief was the failure to export the local vault contents to a more readable file format before reinstalling NIS 2013 and breaking the link that permitted the vault to be properly decrypted at runtime. Thus, I’m adding a manual export of that data to a file on another drive to my weeky list of system maintenance chores. I hope it’ll keep me out of hot water for the foreseeable future.
I’m lucky: I only lost a couple dozen pairs of account-password information when I reverted by to July’s vault snapshot. I also keep my logins and account information in a special email folder (the welcome messages that follow new account setups don’t always provide all the necessary details but they do make it possible to recover them) so I’ve been able to keep up my daily routine without losing too much time or effort to get back to where I started. Other folks who face this kind of problem may not be so lucky, however. For them, some time and effort — and possibly even heartbreak — might be involved in returning to status quo. So, to all who use the online Norton Vault, I strongly recommend making an occasional export of the Vault contents. That way, you’ll never lose more than what occurs between the time of the snapshot and the time at which you lose access to your current vault contents.
I asked the Norton Tech Support rep who helped me out to communicate to his superiors that it’s not acceptable to create an environment wherein complete loss of important data can occur, especially for something as important as an account-password store. I sincerely hope they come with a more foolproof way to protect such information in the event of software problems or failures, and that this kind of situation isn’t allowed to persist.