PDA

View Full Version : Symantec Admits Rootkit Usage in SystemWorks



Rhino
1/12/2006, 03:18 PM
Symantec Admits Rootkit Usage in SystemWorks (http://www.realtechnews.com/posts/2478)
By Michael Santo (http://technologyexpert.blogspot.com/)
Contributing Writer, RealTechNews

You would think that the Sony BMG rootkit (http://www.realtechnews.com/posts/2053) would be the last rootkit (http://en.wikipedia.org/wiki/Rootkit) we would see from a reputable software company, wouldn’t you? Apparently not, since Symantec fessed up today that it had been using a rootkit-type feature in Norton SystemWorks.
The anti-virus vendor acknowledged that it was deliberately hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk.


A spokesman for Symantec referenced the Sony flap in a statement sent to eWEEK, but downplayed the risk to consumers. “In light of current techniques used by today’s malicious attackers, Symantec re-evaluated the value of hiding the [previously cloaked] directory. Though the chance of an attacker using [it] as a possible attack vector is extremely slim, Symantec’s update further protects computers by displaying the directory,” the spokesman said.


He explained that the feature, called Norton Protected Recycle Bin, was built into Norton SystemWorks with a director called NProtect that is hidden from Windows APIs. Because it is cloaked, files in the NProtect directory might not be scanned during scheduled or manual virus scans.


“This could potentially provide a location for an attacker to hide a malicious file on a computer,” the company admitted, noting that the updated version (http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html) will now display the previously hidden directory in the Windows interface. Source: eWeek (http://www.eweek.com/article2/0,1895,1910077,00.asp)
We Say: Er, Symantec had to be warned by security experts? To most consumers, Symantec is a security expert. And despite assertions that the risk was low, how long did it take people to figure out how to use the Sony BMG rootkit features (http://www.realtechnews.com/posts/2112) to their malware (http://en.wikipedia.org/wiki/Malware) advantage? Not long. Come on, Symantec, I would expect a security vendor to do better than this!

GottaHavePride
1/12/2006, 03:23 PM
I'm glad I switched to TrendMicro.

SoonerWood
1/12/2006, 03:31 PM
Symantec has been crap for about 10 years.

yermom
1/12/2006, 03:54 PM
i'm been telling you guys Symantec is the devil

49r
1/12/2006, 05:16 PM
http://safety.live.com

mdklatt
1/12/2006, 05:33 PM
When I saw the thread title I thought, "Hmmm, that sounds like something would Norton would do."

Norm In Norman
1/12/2006, 10:12 PM
Wait. So they created a folder that can't even be scanned by their own AV software? That's priceless.

proud gonzo
1/12/2006, 10:35 PM
i don't know anything at all about computers and even I can tell that's retarded.

soonerboomer93
1/13/2006, 12:14 AM
I switched from system works several years ago, and when i had it, i never enabled the protected recycle bin.


I've used trend since then, I get a 3 computer upgrade every year for less then a single computer upgrade for norton internet security, it's much more stable, has faster, better updates that come more frequently (when i left, symantic was only doing 1 update a week).