Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rootkit-like Feature Found in Norton Systemworks

Posted by Zonk on from the i'm-helping-i'm-helping dept.

GenieGenieGenie writes "eWeek reports a rootkit-like 'feature' in Symantec's Norton Systemworks, discovered by the Mark Russinovich, who was also responsible for blowing the whistle on Sony's DRM rootkit. The cloaked directory is intended to prevent users from accidentally deleting important files, but could compromise a system by serving as a hiding place for malware, as was the case with Sony's rootkit. Russinovich says Symantec had good intentions, but they were right to post an update to fix this hole."

8 of 221 comments (clear)

  1. Before the flame wars start... by thepotoo · · Score: 5, Insightful
    Lets get one thing clear.
    This is not the Sony rootkit. It's just a directory that's not scanned by antivirus/antispyware.

    And, now that it's potential vulnerability has been exposed, Symantec is releasing a new version without the protected recycle bin.
    In other words, too bad they had to have their wrists slapped to fix it, but there was no malicious attempt.

    --
    Obligatory Soundbite Catchphrase
    1. Re:Before the flame wars start... by GenieGenieGenie · · Score: 5, Insightful
      I guess the point about this whole story is not the intended malice of Symantec, but rather that ye-old first principle of medical science: If you're a doctor, trying to keep a system healthy, primum non nocere . First of all, do not harm.

      From this point of view, Symantec is actually worse than Sony, because the latter never claims to protect your system (not that I'm saying Sony are angels). True, the reaction by Sony was just before they had a gun pointed at their company's head, but how serious can you take a security-software company that has a rootkit in their software, acknowledges that due to developments in hacker-tech this has become a serious vulnerability (is this news at Symantec?), but still waits for some external source to publish their hole in order to fix it?

  2. Wow, now with fewer holes! by frostfreek · · Score: 4, Insightful

    "...Symantec's update further protects computers by displaying the directory,"

    That's great! Our product is now better, because we turned off something bad we were previously doing!
    Now that's a nice spin!

  3. steps by trandism · · Score: 3, Insightful

    Steps of action when joe six-pack brings me a windoz box: 1. Uninstall Norton 2. Install AVG 3. Delete all "e"'s from everywhere 4. Install Firefox 5. Install Opera 6. Delete all Outlook shortcuts 7. Install Thunderbird 8. Install VLC and associate all media with it 9. Teach the guy to right-click/scan with AVG everything he downloads from the internet It worked nice in most occasions My 2p

    --
    www.lemonodor.com A mostly Lisp weblog
  4. Re:Grant money well spent (not) by molnarcs · · Score: 3, Insightful
    I have always been suspect of Symantec. Me too. That's why I wrote this recently. Just a few weeks ago I removed yet another NAV install from a puter. This time it went well - uninstall worked fine it seems, needed just one reboot. But previously, with certain NAV releases, it was impossible to remove - or at least harder than removing spyware. Even after "uninstalling" it NAV left a lot of cruft on the system, that not only was "just there" but it loaded code at boot time. It was only possible to remove by switching to safe mode, cleaning up the registry, and removing some files manually. Symantic is EVIL!

    Add to this their track record: failure to detect SONY's malware, (and now they seem to have one of their own) and they are always the last to provide adequate means to remove fresh exploits (no data here, but I distinctly remember that whenever something crops up, f-prot, free-av, etc. works, and NAV comes trailing behind other antivir solutions.). Plus it is a serious resource hog - more than any antivir progs.

    The first serious breach of "Do no evil" of Google was their inclusion of a Symantec product in google pack :)))

  5. Re:Who needs Symantec? by Ilgaz · · Score: 4, Insightful

    Their target for SystemWorks is not Slashdot posting people like you and there are people who actually DELETE these files making their system unusable.

    System admins use Symantec corparate solutions which has NOTHING TO DO with the stuff mentioned here.

    But keep bashing Symantec. It is number 2 favorite target of geeks after real networks.

    I bought it as a gift to a pure newbie computer user who is really busy with stuff rather than dll and registry hunting manually, he is happy to this day.

  6. Re:Uninstalling Norton can be very time consuming by F_Scentura · · Score: 4, Insightful

    "They're really complicated!" is no excuse for not following the conventional uninstall procedure and requiring that a separate uninstall program be downloaded separately from the internet.

  7. Re:It's hard to uninstall Symantec software by tkrotchko · · Score: 3, Insightful

    I know they have that now, but they didn't at the time.

    Worse, I don't trust Symantec to really remove their software. Why doesn't uninstall remove the software? Why do I need to uninstall then run "really uninstall" to really uninstall it?

    --
    You were mistaken. Which is odd, since memory shouldn't be a problem for you