Symantec Caught in Norton 'Rootkit' Flap

[RadioFreeSeaLab]

Hmm.  Sony, now Symantec.
Take note, when kids and hackers do this kind of thing, it's a felony.  When a large corporation does it, they issue an apology.
http://www.extremetech.com/article2/0,1697,1910217,00.asp

Symantec Corp. has fessed up to using a rootkit-type feature in Norton SystemWorks that could provide the perfect hiding place for attackers to place malicious files on computers.

The anti-virus vendor acknowledged that it was deliberately hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk.

Symantec, of Cupertino, Calif., is the second commercial company caught in the flap over the use of rootkit-type techniques to hide files on computers. Rootkits are programs that are used to give a remote user access to a compromised system while avoiding detection from security scanners.

Music company Sony BMG faced a firestorm of criticism after anti-rootkit scanners fingered the use of stealthy rootkit-type techniques to cloak its DRM scheme. After malicious hackers used the Sony DRM rootkit as a hiding place for Trojans, the company suspended the use of the technology and recalled CDs with the offending copy protection mechanism.

A spokesman for Symantec referenced the Sony flap in a statement sent to eWEEK, but downplayed the risk to consumers. "In light of current techniques used by today's malicious attackers, Symantec re-evaluated the value of hiding the [previously cloaked] directory. Though the chance of an attacker using [it] as a possible attack vector is extremely slim, Symantec's update further protects computers by displaying the directory," the spokesman said.

He explained that the feature, called Norton Protected Recycle Bin, was built into Norton SystemWorks with a director called NProtect that is hidden from Windows APIs. Because it is cloaked, files in the NProtect directory might not be scanned during scheduled or manual virus scans.

"This could potentially provide a location for an attacker to hide a malicious file on a computer," the company admitted, noting that the updated version will now display the previously hidden directory in the Windows interface.

Read the rest of this eWEEK story: "Symantec Caught in Norton 'Rootkit' Flap"
Copyright (c) 2006 Ziff Davis Media Inc. All Rights Reserved.

[Standing Wolf]

I pulled the plug on all Symantec products when the "new" version of Norton Utilities for Macintosh turned out to be the old version with a new nameand still didn't work.

[Guest]

"This could potentially provide a location for an attacker to hide a malicious file on a computer," the company admitted, noting that the updated version will now display the previously hidden directory in the Windows interface.

It sorta looks like these anti-virus companies are running a bit of a "protection racket". Yeah, we just completely compromised your machine, keep your subscription up to date and nothing bad will happen.

[brimic]

It sorta looks like these anti-virus companies are running a bit of a "protection racket". Yeah, we just completely compromised your machine, keep your subscription up to date and nothing bad will happen.

I don't really understand the tech talk in the original article, but I've always been suspicious of commercial antivirus programs. How exactly do they come out with antivirus updates shortly after or before a virus is discovered?  I have the feeling that hackers and Norton/McAfee are the two sides of the same coin.

[280plus]

have the feeling that hackers and Norton/McAfee are the two sides of the same coin.

That's what you call job security.

[garrettwc]

Linux plug coming in 5..4..3..2.......

[RadioFreeSeaLab]

Way ahead of you, man

[tjy2001]

Must...not...post...Linux...link....

oh, just forget it.

www.ubuntu.com