I don't know and neither do most of the security experts in world. But Symantec has confessed to doing it with the Norton Systemworks software. Symantec said they did it as a way of deliberately hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files.
Symantec said the feature, called Norton Protected Recycle Bin, was built into Norton SystemWorks with a director called NProtect that is hidden from Windows APIs. Because it is cloaked, files in the NProtect directory might not be scanned during scheduled or manual virus scans. They also said that this could potentially provide a location for an attacker to hide a malicious file on a computer, although they believe that this is a very low risk.
In light of this controversy, Symantec has released an updated version for Norton Systemworks that unhides the NProtect directory. According to Symantec's website, this issue only affects Systemworks 2005 and 2006. Symantec is "strongly" recommending that SystemWorks users update the product immediately to ensure greater protection.This is an embarrassing turn of events for Symantec, more so because the company, which bills itself as "a world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information," didn't realize its misstep until Mark Russinovich, the researcher who discovered Sony's controversial DRM rootkit, alerted them to it.
"It's a bad, bad, bad idea to start hiding things in places where it presents a danger. I'm seeing it more and more with commercial vendors," Russinovich said in an interview. "When you use rootkit-type techniques, even if your intentions are good, the user no longer has full control of the machine. It's impossible to manage the security and health of that system if the owner is not in control."
No comments:
Post a Comment