trimMail’s Email Battles · Symantec caught embedding rootkits

Carlo @ TechDirt: Norton AntiVirus maker Symantec admits that it planted a rootkit in SystemWorks to… pay close attention now… keep customers from accidentally deleting files. Really.

After sysinternals chief Mark Russinovich blew the whistle, Symantec decided that maybe, just maybe, the travesty wasn’t its best idea ever.

Aside from embedding the perfect hidey hole for malware, Symantec’s rootkit forms a perfect target for competitors.

Symantec’s Security Response Center has issued an alert characterizing the Risk Impact of the Symantec Norton Protected Recycle Bin Exposure as Low. The feature’s description:

Norton Protected Recycle Bin, which resides within the Microsoft Windows Recycler directory. The Norton Protected Recycle Bin includes a directory called NProtect, which is hidden from Windows APIs. Files in the directory might not be scanned during scheduled or manual virus scans. This could potentially provide a location for an attacker to hide a malicious file on a computer.

Symantec has released an update that displays the hidden items, and says:

In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory. We have released an update that will make the NProtect directory visible inside the Windows Recycler directory. With this update, files within the NProtect directory will be scanned by scheduled and manual scans as well as by on-access scanners like Auto-Protect.

The affected products are Norton SystemWorks and Norton SystemWorks Premier, 2005 & 2006.

Email Battles Backgrounder:

Hey, Aren’t You Supposed To Protect People From This Stuff?; Carlo; Techdirt; 11 January 2006.

Symantec Caught in Norton ‘Rootkit’ Flap; Ryan Naraine; eWeek; 11 January 2006.

Symantec Norton Protected Recycle Bin Exposure (SYM06-002); Symantec Security Response Center; 10 January 2006.

Full Story »

4 comments

Comments feed for this article

January 12th, 2006 at 2:56 am

Mike Masnick

Thanks for the link, but just to clarify, that post was done by Carlo, not me.

January 12th, 2006 at 4:14 pm

Seinfelled

GRRRRrrrrrr… Symantec!

September 24th, 2006 at 11:55 am

pete

I have just bought Norton Internet security 2007

I have nothing but problems with it since and frequent crashes

Symantec are s**t

I will never again buy one of their products and am taking this s**t back

Back to McAfee for now…..lol

December 14th, 2006 at 4:06 pm

GlaserCrew

No “Internet Security” all in one program keeps you safe like it says. They always open a back door so they can execute as needed. ow do you think they push their updates on your computer even if you dont have auto-update on?

Symantec is by far the worst for your system due to its nature of reducing your system performance by half. I NEVER use it unless customer requests it; even then I try to talk them out of it.

McAfee isnt bad but not all that much better.

Protecting your system takes much more than just an all in one, SADLY.

Symantec caught embedding rootkits

Network Tools

News Sections

Recent Comments

4 comments

About Email Battles

NewsBytes

Chase trashes Circuit City customers

Vista for 100 bucks?

Dropped iPod Leads to Terror Alert

Intel Wi-Fi update ate my CPU cycles

Email Battles down for the count

NewsWire

Log Buffer #71: a Carnival of the Vanities for DBAs

Zune 8-Gig Disassembled Live

Possible Hizbullah Mole Inside the FBI and CIA

US Mobile Operator Discounts for Developers, IT Pros and MSPP Partners

Computer Security Consultant Controlled 250,000 Compromised PCs

Other Resources