Topic: Norton 'Rootkit' (Read 2353 times)

Nemesis · « **on:** May 28, 2006, 10:17:15 am »

Quote

Symantec Corp. has admitted to using a rootkit-type feature in Norton SystemWorks that could provide the perfect hiding place for attackers to place malicious files on computers.
ADVERTISEMENT

The anti-virus vendor acknowledged that it was hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk.

Symantec, of Cupertino, Calif., is the second commercial company caught in the flap over the use of rootkit-type techniques to hide files on computers. Rootkits are programs that are used to give a remote user access to a compromised system while avoiding detection from security scanners.

Article 2

Quote

"This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will," said eEye Digital Security spokesperson Mike Puterbaugh.

Link to online discussion of the issue

One of the posts is quoted below.

Quote

I loved nortons products till we switched to win98/fat32

I loved McAfee av till 6.0

Both have become obnoxious and opressive to run.

but then... "as security threats have evolved, so have we. You can either hand control over to US(who have YOUR best interests at heart) or THEM." Sound famailiar? I'm not buying that, and I'm not buying from them, either.

Javora · « **Reply #1 on:** May 28, 2006, 04:56:56 pm »

Just one more reason for me not to use Norton.

*Shakes Head*

Bonk · « **Reply #2 on:** May 28, 2006, 05:50:32 pm »

Yup, saw this a few days back. Only affects Symantec Corporate AV v10 as I understand it.

http://www.symantec.com/avcenter/security/Content/2006.05.25.html

http://www.eeye.com/html/research/upcoming/20060524.html

http://www.cnn.com/2006/TECH/internet/05/25/antivirus.flaw.ap/index.html

http://www.eweek.com/article2/0,1895,1967941,00.asp

Haven't checked back at Symantec or eEye yet for any news on fixes.

The discussion of it at slashdot was quite interesting, many share my opinion that AV software is more of a problem than viruses themselves.

Bonk · « **Reply #3 on:** May 29, 2006, 12:24:30 pm »

Fix posted May 27^th: http://www.symantec.com/avcenter/security/Content/2006.05.25.html

Just plain old Punisher · « **Reply #4 on:** May 30, 2006, 05:38:24 pm »

I don't use symantec products. I hate all those lame "Always running' utilities. Damn resource hogs they are!

Strat · « **Reply #5 on:** May 30, 2006, 06:12:30 pm »

Do you know I was like you...

Until I got the tenga virus about 2 weeks ago that totally screwed up my PC. It messed up and EXE Archived files, and just a million little problems making me have to reformat.

After losing YEARS of data (yes, I had a lot of backups in EXE archive format), I decided that not playing Dynaverse, and for a little slower PC (NOD32 actually has a hardly noticable ipact of performance and takes nil on the RAM), I leave AV going all the time.

It also almost spread to all my other PCs but Imamged to do damage control and save the others. It spread by infecting any EXE and spreading on shares. I feel like I got caught with my drawers down.

I also contamplate removable storage for backups now. I've never had a virus in all my years, but let me tell you, it only takes one to ruin years of data.

I know someone gonna say something like, "I opened a bad email or something so its my fault" or some similar, but I have an entire family that uses the computer. I simply can't take chances with thier IT skills. lol

Javora · « **Reply #6 on:** May 30, 2006, 07:39:22 pm »

I've been using removable hard drives for back up for a couple of years now and I'm really happy with it.

Strat · « **Reply #7 on:** May 30, 2006, 08:00:45 pm »

Yeah I was looking at those.. And they have some really nice deals on them now..

Virus can't kill a HD not hooked to a computer.

Just plain old Punisher · « **Reply #8 on:** May 30, 2006, 08:01:51 pm »

Quote from: Strat on May 30, 2006, 06:12:30 pm

Do you know I was like you...

Until I got the tenga virus about 2 weeks ago that totally screwed up my PC. It messed up and EXE Archived files, and just a million little problems making me have to reformat.

After losing YEARS of data (yes, I had a lot of backups in EXE archive format), I decided that not playing Dynaverse, and for a little slower PC (NOD32 actually has a hardly noticable ipact of performance and takes nil on the RAM), I leave AV going all the time.

It also almost spread to all my other PCs but Imamged to do damage control and save the others. It spread by infecting any EXE and spreading on shares. I feel like I got caught with my drawers down.

I also contamplate removable storage for backups now. I've never had a virus in all my years, but let me tell you, it only takes one to ruin years of data.

I know someone gonna say something like, "I opened a bad email or something so its my fault" or some similar, but I have an entire family that uses the computer. I simply can't take chances with thier IT skills. lol

No one, but me, uses my computer. That's the key issue. If you got important stuff on your computer, then only you use it =)

Strat · « **Reply #9 on:** May 30, 2006, 09:41:09 pm »

And buy another PC for them? Javora's solution is much more cost effective. :p

Just plain old Punisher · « **Reply #10 on:** May 31, 2006, 02:24:51 pm »

Quote from: Strat on May 30, 2006, 09:41:09 pm

And buy another PC for them? Javora's solution is much more cost effective. :p

Eh, I know I may be pickey, but years ago I learned the hard way to never let people use my computer unless I was directly supervising them...and even with that said I never let people install anything. I hooked up a finger print reader so it's pretty much impossible for anyone to log onto windows unless it's me.

Javora · « **Reply #11 on:** May 31, 2006, 03:42:58 pm »

Quote from: Punisher NCC-2000 on May 31, 2006, 02:24:51 pm

Eh, I know I may be pickey, but years ago I learned the hard way to never let people use my computer unless I was directly supervising them...and even with that said I never let people install anything. I hooked up a finger print reader so it's pretty much impossible for anyone to log onto windows unless it's me.

Just make sure that is not your only line of defense, last time I heard some of fingerprint scanners could be hacked with just a piece of tape. Also some of the fingerprint scanner programs doesn't encrypt the fingerprint itself making the program easily pickings for a hacker.

Javora · « **Reply #12 on:** May 31, 2006, 04:02:08 pm »

Since the subject of removable hard drives was brought up I'd like to add that I use my removable drives as a off site back up for my data. That way if something ever happens to our house (knock on wood) I won't lose my information. Then every so (about once every two months) often I'll go and grab the hard drive back up the new stuff to it and then take the drive back. The drive is only connected to the system for about a hour, so the drive should last years given that most drives can last about three years with continuous use. Actually I'm more worried about the IDE standard becoming obsolete then I am the drive failing.

If people are worried about people using their computer then I would suggest looking into Microsoft Vista. The OS itself IMHO will be a lame WinXP make over but the new user controls itself will be worth the upgrade. I mean sure you could build a new computer for other people in your family or buy a hard drive for each family member with Windows installed but I think Vista will be much easier to manage.

News: