Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
TekSavvy
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Symnantec rootkit fuss

p2p news / p2pnet: Sony BMG isn’t the only firm that’s partial to rootkits.

Symantec also admits it’s been using a "rootkit-type feature" in Norton SystemWorks, says eWeek.

"The anti-virus vendor acknowledged that it was deliberately hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk," says the post.

However, this isn’t new and in fact, "We were the ones that discovered this issue and informed Symantec about it last year," says F-Secure, pointing out that a Symantec advisory acknowledges this.

"But we want to be clear on this: what Symantec was doing here was not nearly as bad as what Sony was doing with their rootkit," says company research director Mikko Hyppönen. The main difference between the two is ideological, he says, going on:

"Symantec’s rootkit is part of a documented, useful feature; it could be turned on or off and it could easily be uninstalled by the user."

Unlike Sony’s DRM spyware rootkit which was planted secretly on users’ computers via music CDs they’d bought.

The Norton Systemworks feature is Protected Recycle Bin, designed to allow users to undelete otherwise unrecoverable files, says F-Secure.

The files are stored in a folder usually called C:\Recycler\Nprotect and, "this folder is hidden with rootkit-like techniques".

The only problem is, "any malware already running on the system can copy itself to that particular folder and Systemworks will hide it completely from the user and from all known on-demand antivirus scanners (except from F-Secure Internet Security 2006, which will see it because it integrates the BlackLight rootkit detection technology)," states Hyppönen.

But having said that, he notes that F-Secure hasn’t seen any malware which, "would even attempt to do that".

(Thanks, Kelly)

Also See:
eWeekSymantec Caught in Norton ‘Rootkit’ Flap, January 11, 2006
F-SecureThe "Symantec rootkit", January 12, 2006

This entry was posted on Thursday, January 12th, 2006 at 3:10 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 3102 times

« previous The Leftsetz awards
Chirac on p2p file sharing next »

2 Responses to “Symnantec rootkit fuss”

  1. Reader's Write Says:
    January 13th, 2006 at 11:37 am

    “But having said that, he notes that F-Secure hasn’t seen any malware which, “would even attempt to do that”.”

    Untill now! Now that story is out every script-kidie will try to exploit it…

  2. Reader's Write Says:
    January 13th, 2006 at 8:41 pm

    They’ve released a patch to make the folder visible to Windows. Hopefully they take their rootkit out and put Windows back the way it was. Rootkits are just one more thing to go wrong and we don’t need any of them. There’s enough problems just making computers work.

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
MP3Rocket


Remove Spyware with AntiSpyware for Windows®