Author Topic: Symantec Caught in Norton 'Rootkit' Flap  (Read 1514 times)

RadioFreeSeaLab

  • friend
  • Senior Member
  • ***
  • Posts: 3,200
Symantec Caught in Norton 'Rootkit' Flap
« on: January 12, 2006, 02:31:15 PM »
Hmm.  Sony, now Symantec.
Take note, when kids and hackers do this kind of thing, it's a felony.  When a large corporation does it, they issue an apology.
http://www.extremetech.com/article2/0,1697,1910217,00.asp
Quote
Symantec Corp. has fessed up to using a rootkit-type feature in Norton SystemWorks that could provide the perfect hiding place for attackers to place malicious files on computers.

The anti-virus vendor acknowledged that it was deliberately hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk.

Symantec, of Cupertino, Calif., is the second commercial company caught in the flap over the use of rootkit-type techniques to hide files on computers. Rootkits are programs that are used to give a remote user access to a compromised system while avoiding detection from security scanners.

Music company Sony BMG faced a firestorm of criticism after anti-rootkit scanners fingered the use of stealthy rootkit-type techniques to cloak its DRM scheme. After malicious hackers used the Sony DRM rootkit as a hiding place for Trojans, the company suspended the use of the technology and recalled CDs with the offending copy protection mechanism.

A spokesman for Symantec referenced the Sony flap in a statement sent to eWEEK, but downplayed the risk to consumers. "In light of current techniques used by today's malicious attackers, Symantec re-evaluated the value of hiding the [previously cloaked] directory. Though the chance of an attacker using [it] as a possible attack vector is extremely slim, Symantec's update further protects computers by displaying the directory," the spokesman said.

He explained that the feature, called Norton Protected Recycle Bin, was built into Norton SystemWorks with a director called NProtect that is hidden from Windows APIs. Because it is cloaked, files in the NProtect directory might not be scanned during scheduled or manual virus scans.

"This could potentially provide a location for an attacker to hide a malicious file on a computer," the company admitted, noting that the updated version will now display the previously hidden directory in the Windows interface.

Read the rest of this eWEEK story: "Symantec Caught in Norton 'Rootkit' Flap"
Copyright (c) 2006 Ziff Davis Media Inc. All Rights Reserved.

Standing Wolf

  • friend
  • Senior Member
  • ***
  • Posts: 2,978
Symantec Caught in Norton 'Rootkit' Flap
« Reply #1 on: January 12, 2006, 06:18:20 PM »
I pulled the plug on all Symantec products when the "new" version of Norton Utilities for Macintosh turned out to be the old version with a new nameand still didn't work.
No tyrant should ever be allowed to die of natural causes.

Guest

  • Guest
Symantec Caught in Norton 'Rootkit' Flap
« Reply #2 on: January 12, 2006, 11:39:53 PM »
Quote
"This could potentially provide a location for an attacker to hide a malicious file on a computer," the company admitted, noting that the updated version will now display the previously hidden directory in the Windows interface.
It sorta looks like these anti-virus companies are running a bit of a "protection racket". Yeah, we just completely compromised your machine, keep your subscription up to date and nothing bad will happen.

brimic

  • friends
  • Senior Member
  • ***
  • Posts: 14,270
Symantec Caught in Norton 'Rootkit' Flap
« Reply #3 on: January 13, 2006, 04:47:44 AM »
Quote
It sorta looks like these anti-virus companies are running a bit of a "protection racket". Yeah, we just completely compromised your machine, keep your subscription up to date and nothing bad will happen.
I don't really understand the tech talk in the original article, but I've always been suspicious of commercial antivirus programs. How exactly do they come out with antivirus updates shortly after or before a virus is discovered?  I have the feeling that hackers and Norton/McAfee are the two sides of the same coin. Sad
"now you see that evil will always triumph, because good is dumb" -Dark Helmet

"AK47's belong in the hands of soldiers mexican drug cartels"-
Barack Obama

280plus

  • friend
  • Senior Member
  • ***
  • Posts: 19,131
  • Ever get that sinking feeling?
Symantec Caught in Norton 'Rootkit' Flap
« Reply #4 on: January 13, 2006, 04:54:38 AM »
Quote
have the feeling that hackers and Norton/McAfee are the two sides of the same coin.
That's what you call job security.
Avoid cliches like the plague!

garrettwc

  • friend
  • Senior Member
  • ***
  • Posts: 870
  • Tell me what I want to know and the pain will stop
Symantec Caught in Norton 'Rootkit' Flap
« Reply #5 on: January 13, 2006, 05:47:01 AM »
Linux plug coming in 5..4..3..2.......

RadioFreeSeaLab

  • friend
  • Senior Member
  • ***
  • Posts: 3,200
Symantec Caught in Norton 'Rootkit' Flap
« Reply #6 on: January 13, 2006, 08:02:05 AM »
Way ahead of you, man Smiley

tjy2001

  • New Member
  • Posts: 17
Symantec Caught in Norton 'Rootkit' Flap
« Reply #7 on: January 13, 2006, 08:44:52 PM »
Must...not...post...Linux...link....

oh, just forget it.

www.ubuntu.com Cheesy