| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 65285 | 2006-01-13 01:47:00 | Why Not To Use Nortons - More Rootkits | pctek (84) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 420700 | 2006-01-13 01:47:00 | arstechnica.com New rootkit found in Symantec software 1/12/2006 10:59:22 AM, by Nate Anderson Security researcher Mark Russinovich, the man who alerted the world to the presence of Sony BMG's XCP rootkit, is at it again. Russinovich and a team from F-Secure have discovered another rootkit in a commercial piece of software, this time from Symantec, a company known for their own security offerings. Symantec's Norton SystemWorks includes cloaking technology that hides a particular directory from the Windows APIs. While the goal of the software was a worthy one (the hidden directory was designed to keep users from deleting key files accidentally as part of SystemWorks' NProtect feature), the use of rootkit technology has inherent weaknesses that can be exploited by malware authors. Since the hidden directory is cloaked from Windows, it is also hidden from most antivirus scans. Virus writers who know that the directory exists can use it to hide their own lethal payloads. While the exploit only poses a theoretical risk at this point, virus writers wasted no time in making use of Sony's rootkit once it became known. |
pctek (84) | ||
| 420701 | 2006-01-13 02:01:00 | **Free with every Dell** | Metla (12) | ||
| 420702 | 2006-01-13 02:03:00 | **Free with every Dell** :p |
pctek (84) | ||
| 420703 | 2006-01-13 02:24:00 | **Free with every Dell** Free with most brand name PC's / notebooks! |
CYaBro (73) | ||
| 420704 | 2006-01-13 02:44:00 | Free with most brand name PC's / notebooks! Free with Windows. |
vinref (6194) | ||
| 420705 | 2006-01-13 02:50:00 | Free with most brand name PC's / notebooks! Thats true, Though I remove it on first boot on any and every Laptop I sell, then they get Nod32. Lets hope that Nod32 can detect the Norton rootkit. |
Metla (12) | ||
| 420706 | 2006-01-13 18:55:00 | arstechnica.com New rootkit found in Symantec software 1/12/2006 10:59:22 AM, by Nate Anderson Security researcher Mark Russinovich, the man who alerted the world to the presence of Sony BMG's XCP rootkit, is at it again. Russinovich and a team from F-Secure have discovered another rootkit in a commercial piece of software, this time from Symantec, a company known for their own security offerings. Symantec's Norton SystemWorks includes cloaking technology that hides a particular directory from the Windows APIs. While the goal of the software was a worthy one (the hidden directory was designed to keep users from deleting key files accidentally as part of SystemWorks' NProtect feature), the use of rootkit technology has inherent weaknesses that can be exploited by malware authors. Since the hidden directory is cloaked from Windows, it is also hidden from most antivirus scans. Virus writers who know that the directory exists can use it to hide their own lethal payloads. While the exploit only poses a theoretical risk at this point, virus writers wasted no time in making use of Sony's rootkit once it became known. This is a completely seperate thing than the normal root kit or sony hiding of it's DRM software. This was actually serving a purpose that it was designed for. Allowing users to recover files they deleted or may have deleted and wanted back. This has been in use for many many years and not once has it ever been exploited and while a virus may have tried to hide in there the recover deleted files option of it shows exactly what is in there. And also symantec very quickly removed this to stop the exploit and not like sony who said the average user was too dumb. |
Big John (551) | ||
| 420707 | 2006-01-13 19:29:00 | Thats true, Though I remove it on first boot on any and every Laptop I sell, then they get Nod32. Lets hope that Nod32 can detect the Norton rootkit. I also remove Nortons from every computer that I sell. The difference in performance is amazing |
mxpress (6486) | ||
| 420708 | 2006-01-13 19:59:00 | This is a completely seperate thing than the normal root kit or sony hiding of it's DRM software. This was actually serving a purpose that it was designed for. Allowing users to recover files they deleted or may have deleted and wanted back. This has been in use for many many years and not once has it ever been exploited and while a virus may have tried to hide in there the recover deleted files option of it shows exactly what is in there. And also symantec very quickly removed this to stop the exploit and not like sony who said the average user was too dumb. Yes I know. Bit of an exaggeration. But still. It has been in use for ages as you say and while it may not have been taken advantage of - thats because the virus creators hadn't though of it. Since the Sony business its become more popular using this sort of thing. And while Symantec was business making tut tut noises about Sony - they didn't do anything about this - until it wasn't pointed out to them. And as for users and their files, the normal recycle bin allows retrival of files - without this thing. |
pctek (84) | ||
| 1 | |||||