TheTerrorist_75 Posted January 12, 2006 Report Share Posted January 12, 2006 Sir Siddy posted this at PC Support. Users of Norton SystemWorks and SystemWorks Premier 2005/2006 are advised to update the product.Symantic Uses A Rootkit Too!Symantec Caught in Norton 'Rootkit' Flap Quote Symantec Corp. has fessed up to using a rootkit-type feature in Norton SystemWorks that could provide the perfect hiding place for attackers to place malicious files on computers.The anti-virus vendor acknowledged that it was deliberately hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk.A spokesman for Symantec referenced the Sony flap in a statement sent to eWEEK, but downplayed the risk to consumers. "In light of current techniques used by today's malicious attackers, Symantec re-evaluated the value of hiding the [previously cloaked] directory. Though the chance of an attacker using [it] as a possible attack vector is extremely slim, Symantec's update further protects computers by displaying the directory," the spokesman said.He explained that the feature, called Norton Protected Recycle Bin, was built into Norton SystemWorks with a director called NProtect that is hidden from Windows APIs. Because it is cloaked, files in the NProtect directory might not be scanned during scheduled or manual virus scans. "This could potentially provide a location for an attacker to hide a malicious file on a computer," the company admitted, noting that the updated version will now display the previously hidden directory in the Windows interface.Despite the very low risk of this vulnerability, Symantec is "strongly" recommending that SystemWorks users update the product immediately to ensure greater protection. "To date, Symantec is not aware of any attempts by hackers to conceal malicious code in the NProtect folder," the spokesman added. Quote Link to post Share on other sites
isteve Posted January 12, 2006 Report Share Posted January 12, 2006 I'm sure someday we'll find that many popular utilities install Rootkits. Rootkits have always been a good way to keep malware from disabling antivirus software. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.