Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rootkit-like Feature Found in Norton Systemworks

Posted by Zonk on from the i'm-helping-i'm-helping dept.

GenieGenieGenie writes "eWeek reports a rootkit-like 'feature' in Symantec's Norton Systemworks, discovered by the Mark Russinovich, who was also responsible for blowing the whistle on Sony's DRM rootkit. The cloaked directory is intended to prevent users from accidentally deleting important files, but could compromise a system by serving as a hiding place for malware, as was the case with Sony's rootkit. Russinovich says Symantec had good intentions, but they were right to post an update to fix this hole."

5 of 221 comments (clear)

  1. Before the flame wars start... by thepotoo · · Score: 5, Insightful
    Lets get one thing clear.
    This is not the Sony rootkit. It's just a directory that's not scanned by antivirus/antispyware.

    And, now that it's potential vulnerability has been exposed, Symantec is releasing a new version without the protected recycle bin.
    In other words, too bad they had to have their wrists slapped to fix it, but there was no malicious attempt.

    --
    Obligatory Soundbite Catchphrase
    1. Re:Before the flame wars start... by GenieGenieGenie · · Score: 5, Insightful
      I guess the point about this whole story is not the intended malice of Symantec, but rather that ye-old first principle of medical science: If you're a doctor, trying to keep a system healthy, primum non nocere . First of all, do not harm.

      From this point of view, Symantec is actually worse than Sony, because the latter never claims to protect your system (not that I'm saying Sony are angels). True, the reaction by Sony was just before they had a gun pointed at their company's head, but how serious can you take a security-software company that has a rootkit in their software, acknowledges that due to developments in hacker-tech this has become a serious vulnerability (is this news at Symantec?), but still waits for some external source to publish their hole in order to fix it?

  2. Wow, now with fewer holes! by frostfreek · · Score: 4, Insightful

    "...Symantec's update further protects computers by displaying the directory,"

    That's great! Our product is now better, because we turned off something bad we were previously doing!
    Now that's a nice spin!

  3. Re:Who needs Symantec? by Ilgaz · · Score: 4, Insightful

    Their target for SystemWorks is not Slashdot posting people like you and there are people who actually DELETE these files making their system unusable.

    System admins use Symantec corparate solutions which has NOTHING TO DO with the stuff mentioned here.

    But keep bashing Symantec. It is number 2 favorite target of geeks after real networks.

    I bought it as a gift to a pure newbie computer user who is really busy with stuff rather than dll and registry hunting manually, he is happy to this day.

  4. Re:Uninstalling Norton can be very time consuming by F_Scentura · · Score: 4, Insightful

    "They're really complicated!" is no excuse for not following the conventional uninstall procedure and requiring that a separate uninstall program be downloaded separately from the internet.