Rootkit-like Feature Found in Norton Systemworks

GenieGenieGenie writes "eWeek reports a rootkit-like 'feature' in Symantec's Norton Systemworks, discovered by the Mark Russinovich, who was also responsible for blowing the whistle on Sony's DRM rootkit. The cloaked directory is intended to prevent users from accidentally deleting important files, but could compromise a system by serving as a hiding place for malware, as was the case with Sony's rootkit. Russinovich says Symantec had good intentions, but they were right to post an update to fix this hole."

Before the flame wars start...

[thepotoo]

Lets get one thing clear.
This is not the Sony rootkit. It's just a directory that's not scanned by antivirus/antispyware.

And, now that it's potential vulnerability has been exposed, Symantec is releasing a new version without the protected recycle bin.
In other words, too bad they had to have their wrists slapped to fix it, but there was no malicious attempt.

Re:Before the flame wars start...

[GenieGenieGenie]

I guess the point about this whole story is not the intended malice of Symantec, but rather that ye-old first principle of medical science: If you're a doctor, trying to keep a system healthy, primum non nocere . First of all, do not harm.

From this point of view, Symantec is actually worse than Sony, because the latter never claims to protect your system (not that I'm saying Sony are angels). True, the reaction by Sony was just before they had a gun pointed at their company's head, but how serious can you take a security-software company that has a rootkit in their software, acknowledges that due to developments in hacker-tech this has become a serious vulnerability (is this news at Symantec?), but still waits for some external source to publish their hole in order to fix it?