Symantec forced to fix rootkit-style flaw

By Derek Sooman on January 12, 2006, 2:19 PM
Symantec has been forced to fix a flaw in Norton SystemWorks that could allow an attacker to hide malicious code in a hidden directory used by the software. The problem in question is in the Norton Protected Recycle Bin, which allows users to restore file types not stored by Windows’ own recycle bin after deletion. It utilises a hidden folder called NProtect, which (yes, you guessed it!) is not scanned by anti-virus software during scheduled or manual scans. This makes the location a potential hideaway for malware.

"In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory," an advisory on its website stated. Symantec has released an automatic update via its LiveUpdate, which makes the directory visible during all types of scan.




User Comments: 19

Got something to say? Post a comment
nathanskywalker said:
[quote]The directory was hidden in the first place because Symantec wanted to ensure that users couldn’t accidentally delete its contents.[/quote]Well, that kind of played agains them in the end, did it not?[url]http://securityresponse.symantec.com/avcenter/venc/
ata/w32.nimda.a@mm.html[/url]is that the problem they were talking about? huh[url]http://blogs.washingtonpost.com/securityfix/2006/01/
ymantec_fixes_.html[/url]
Cartz said:
Great, First they release the abomination that is 'internet security' and now symantec is also hiding stuff from us on our own systems.Two rootkits in as many months, anybody else wondering what else is hiding on our computers??
vigilante said:
"anybody else wondering what else is hiding on our computers??"I found WINDOWS on mine, I was so mad. :)One wonders just why Microsoft built into the OS such secritive ways of hiding things in so many fasions. One wonders if they planned or plan, or ARE using these themselves...
Race said:
I've never been a fan of using the 'whole package' regardless of whether it's Symantec or one of the many other brands (ie..Security Suites) available.I continously here from other users about problems with email not working, conflicts, errors, crashes, etc. Much more often than not, it's related to their installed 'all in one' security package.Granted, for some this might be the easiest way to go, but only if they have taken the time to educate themselves as to the use and configuration of the software. This will only help, but I suspect it won't save them from some issues.As for myself.....I prefer a single anti-virus program, a single software firewall program, and a couple of select anti-spyware programs. Oh yeah....and a hardware NAT firewall router.Just my two cents worth....
mentaljedi said:
Well Race, most of these deals are for the average user who can't be bothered to find out what NAT stands for. I guess they got caught in with their pants down and have angry consumers to answer to... like me!
PUTALE said:
that's quite smart way of exploiding the software I think. I am using norton but it seems like their product is getting less secure lately, which is quite unfortunate.
cyrax said:
I'm sitting here pondering this disturbing trend thats spreading like wildfire throughout the industry. DOn't these people know that when they put stuff like this in software no one will EVER trust them?
howard_hopkinso said:
As far as I`m concerned. This just another reason to get rid of that Symantec/Norton crap bloatware.You only have to look through the Techspot forums, to see how many problems that substandard software causes.End of rant.Regards Howard
PanicX said:
^^ Thats the truth.[b]Originally posted by PUTALE:[/b][quote]that's quite smart way of exploiding the software I think. I am using norton but it seems like their product is getting less secure lately, which is quite unfortunate.[/quote]Lately?I understand the need to make things simple for the user that can't be bothered. But how can you expect to make things easy when they can get infected by a virus your own scanner hides from itself? I feel nothing but satisfaction for each company/person I get to switch from Symantec.
Eleventeen said:
Well, after everyone saying how bad Symantec is, and after promising myself to get a new AV, I finally chose Kaspersky. I don't know how good it is, hence I'm still downloading it (Dialup). Apparently people have told me it's much better than just about anything. This problem with Symantec only motivated me to do this more. I'm really sick of worrying about all the new bugs and whatnot that antivirus keeps having. Hopefully Kaspersky will do what it is supposed to.
exscind said:
I understand people's frustration with Norton softwares. I too, experience such at times. Yet I am still using Norton, why? First, it's free (just got to take advatange of holidays). Second, I know the company won't belly up one of these days. And most importantly, third, just because Norton did something like this, will not drive me away from their products. After all, how many times have we (me included) complain about Windows? How many of us are still using Windows now? For those that switched to Linux or whatever, I congratulate for having the cajones. Yes it is unfortunate Norton did not anticipate their Norton Protected Recycle Bin was going to be abused by hijackers, and yes the NP bin is stupid and flawed, but at least they realized this and fixed the problem. I think this is just along the lines of Windows in that some people only complain because Norton is a big company and if it's a smaller company people would not even raise an eyebrow.Now having said all that, Norton is seriously flawed in many ways. The one that always gets me is their "kiddy" protection. Meaning, they dumbed all of their programs down so even the "average joe" can use their softwares. That's great, but like AOL, it ultimately restricts the freedom to customize different settings (the ones Norton have now are rediculous). I wish Norton asks a question pre-configuration like, "Do you know what CAS Latency is?" If you answer correctly, you get full access to all the features. If not, you get the Kindergarten version. It would really boost the flexibility of Norton's softwares. Another thing they could fix is not let Norton be the king of the hogs and kill resources like it's a massacre. Norton likes to have their programs hover in the background and monitor who knows what. It'd be nice to have the option of killing the ones you don't need.Edit: And oh, another thing that bothers me (which is not exclusive to Norton only) is how after some programs update themselves and need to restart, they don't give you an option to restart now or later. It simply states, "Press the OK button to restart your computer." But I guess this is just an example of Problem #1 described above.[Edited by exscind on 2006-01-12 19:46:51]
otmakus said:
Most of us are bashing Windows and still using it, because there aren't any worthy alternatives. Yes, there is Linux, but frankly, compared to Windows, it's like a child against an adult, especially in compatibility issue. How many games are there which are compatible with any version of Linux?But in security world, there are lots of products, which are far cheaper (or even free) than Norton, and they work much better, with a few updates per day (Norton updates itself about once per week), use far less resources, have a good firewall or none at all, to force u to use a full fledged, better firewall (unlike Norton, which has half-assed firewall), and don't have the habit of suddenly act in strange ways like Norton always does.Just look around in the Techspot forum, especially in security section. There u will find a whole lot of complaints from Norton users. Do urself a favor and use another AV.
MonkeyMan said:
Well, Software distribution by Symantec, has been criticized by almost everyone in the Internet security industry. With these flaws, being able to be executed through their software, it only adds to the consumer frustration, and disappointment, with Symantec's software. I am not unfairly criticizing Symantec, but its basically how the Consumers, and Industry feel about their software. I hope they get the bugs ironed out, and I wish them the best of luck.
Race said:
[b]Originally posted by exscind:[/b][quote] The one that always gets me is their "kiddy" protection. Meaning, they dumbed all of their programs down so even the "average joe" can use their softwares. That's great, but like AOL, it ultimately restricts the freedom to customize different settings (the ones Norton have now are rediculous). I wish Norton asks a question pre-configuration like, "Do you know what CAS Latency is?" If you answer correctly, you get full access to all the features. If not, you get the Kindergarten version. [/quote]From mentaljedi's post......"most of these deals are for the average user who can't be bothered to find out what NAT stands for".LOL...Maybe it should go a step further.....a built-in test, including some basic security topics, when you buy a computer. Pass it, and the machine is un-locked for use. Fail it, and you get no internet access.Ultimately, isn't the average user, whose computer is spreading exploits while their head is in the clouds because 'they couldn't be bothered', a significant part of the overall problem??(I realize this is a bit off the main topic, but I couldn't resist)[Edited by Race on 2006-01-13 02:07:12]
barfarf said:
I think Norton consumer products is a load of $$%%@. I had to deal several issues of Norton anti-virus or other buggy problems with their huge security suite. Which IMHO is bloated and slows down your pc too much. Now at work we use Systematic Anti-Virus Corporate edition which is great! The footprint for that is under 20megs and does not use that much money. Compared to the consumer line of Anti Virus the install base is over 100megs and for what??? Virus scanner engine technology really hasn’t change for many years. Also their marketing is evil in making consumers believe they should purchase a new AV product every year ie 2002,2003, 2005…editions. One of the best virus scanners on the market is called NOD32 and they only have been through two major revisions!! NOD32 has won many awards at detecting virus’s in the wild.On the positive note I think Symantec voluntary fixing their software without a lawsuit unlike Sony is the responsible thing to do. They monitor their products and fix them when they have vulnerabilities present themselves. That is what good software company should do. Props to them.
luismigilbert said:
i agree with exscind... but i prefer mcafee...i think it´s the fourth time i say this, but i use mcafee, keep it up to date, and no problems at all..i use microsoft antispyware too...believe me you won´t worry all time cause of viruses..
otmakus said:
[b]Originally posted by barfarf:[/b][quote]On the positive note I think Symantec voluntary fixing their software without a lawsuit unlike Sony is the responsible thing to do. They monitor their products and fix them when they have vulnerabilities present themselves. That is what good software company should do. Props to them.[/quote]It's not a positive side at all to fix the security hole in their security product. There shouldn't be security hole in the first place. Fail to catch a virus is one thing, but helping virus to infect their customer's PC is outrageous. And they didn't monitor their products and found the vulnerabilites. Others found the flaws for them, and then, to save their faces, they fixed them.
vigilante said:
I also wouldn't touch Symantec with a 10 foot pole.Just benchmark your system before and after install.The full suite uses nearly FIFTEEN startups and services to run. And if ANYTHING goes wrong with anything, what help do you get? It goes like this:you) some feature doesn't work. What do I do?them) hmm, try reloading the program.you) I reloaded it and ...REPEAT FROM TOPWhat difference does it make if Norton will "be around" in the coming years? Their software isn't. You won't buy any version that they will still support a few years later. Yes I suppose if people keep buying the new version every year, they can get away with still being in business.But that is a mute point, there are lots of AVs out there and if company goes belly up? Get a different one, really NOT a big deal.
Cy6erpuke said:
I agree with vigilante. So many alternatives, even free ones that aren't bad. Do you guys find McAfee good? I prefer it to Norton, but would love to know what you use.Back to the point of the aricle. I made money on callouts, so thanks Symantec.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.