Slashdot Mirror


Rootkit-like Feature Found in Norton Systemworks

GenieGenieGenie writes "eWeek reports a rootkit-like 'feature' in Symantec's Norton Systemworks, discovered by the Mark Russinovich, who was also responsible for blowing the whistle on Sony's DRM rootkit. The cloaked directory is intended to prevent users from accidentally deleting important files, but could compromise a system by serving as a hiding place for malware, as was the case with Sony's rootkit. Russinovich says Symantec had good intentions, but they were right to post an update to fix this hole."

1 of 221 comments (clear)

  1. Nprotect = 25%+ of hd by Anonymous Coward · · Score: -1, Redundant

    I used the automatic, self-uninstall program for Norton on a handme down computer of my wife's that she brought home from work. But I was surprised to see a number of months later jdisk report showed a bloated nprotect folder was occupying 13gb of a 40gb hd. It was no problem to delete before booting into Windows but what a system hog if that's how Norton intended for their program to operate.