Version: 2008
  • On TV.com: Julie is HOT (and so is TV in a FLASH)
advertisementGet Smart about Business Spending

January 11, 2006 5:20 PM PST

Symantec closes off hiding place for hackers

By Joris Evers
Staff Writer, CNET News

  • 20 comments
Related Stories

Sony settles 'rootkit' class action lawsuit

 December 29, 2005

New Sony CD security risk found

 December 6, 2005

Sony sailing past rootkit controversy

 November 21, 2005

What makes a rootkit?

 November 21, 2005

FAQ: Sony's 'rootkit' CDs

 November 11, 2005

Sony CD protection sparks security concerns

 November 1, 2005
Symantec has released an update to its popular Norton SystemWorks to fix a security problem that could be abused by cybercriminals to hide malicious software.

In the PC-tuning application, a feature called the Norton Protected Recycle Bin creates a hidden directory on Windows systems. The feature is meant to help people restore modified or deleted files, but the hidden folder might not be scanned during scheduled or manual virus scans, Symantec said in an advisory released Tuesday.

"This could potentially provide a location for an attacker to hide a malicious file on a computer," Symantec said. The Cupertino, Calif., security provider is not aware of any attempts by hackers to conceal malicious code in the folder. "This update is provided proactively to eliminate the possibility of that type of activity," it said.

Symantec's alert has echoes of Sony BMG Music Entertainment's recent PC security fiasco. The record label was found to be shipping copy-protected compact discs that planted so-called rootkit software on the computers that played them. The rootkit technology also offered a hiding place for malicious software.

When the recovery feature was first introduced, hiding the directory helped ensure that a user would not accidentally delete the files in it, Symantec said.

"In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory," the company said in its advisory.

Security monitoring company Secunia rates the issue "not critical." Symantec itself deems the risk impact "low."

Symantec credits Mark Russinovich, the Sysinternals researcher who also investigated the Sony rootkit, and F-Secure, a Finnish security company that has a rootkit detection product, for helping it address the SystemWorks issue.

The Norton update will display the previously hidden "NProtect" directory in the Windows interface, which will allow it to be scanned by antivirus products, Symantec said. The new version is available through the Symantec LiveUpdate service. Installing the software will require a system reboot.

See more CNET content tagged:
Symantec Corp., rootkit, malicious software, Norton SystemWorks, hacker

Add a Comment (Log in or register) (20 Comments)
  • prev
  • 1
  • next
This is getting to be hilarious.
by Macsaresafer January 11, 2006 6:18 PM PST
Remember the good old days when those poor Windows users
could go more than a day or two without some new security issue?
Reply to this comment
Apple Users are Not Smart Either
by kubasic January 11, 2006 11:20 PM PST
If Mac is so secure, why does Apple has to release security patch for OSX?
View all 2 replies
Depends where you watch
by aabcdefghij987654321 January 12, 2006 9:29 AM PST
I watch Bugtraq where I see security bugs on all sorts of systems being noted daily. Don't be so smug, your system may be compromised too if you aren't careful.
you know it's BS
by The user with no name January 12, 2006 11:02 AM PST
to say, imply, or otherwise mislead as if ONLY windows has issues. C/net just had an article about security updates for Linux... and no...I'm not providing a link cause I dont have it and not spending the time to find it for you. You're obviously a smart little PC user so I'm sure you know how to google for an article...
This is getting to be hilarious.
by Macsaresafer January 11, 2006 6:18 PM PST
Remember the good old days when those poor Windows users
could go more than a day or two without some new security issue?
Reply to this comment
Apple Users are Not Smart Either
by kubasic January 11, 2006 11:20 PM PST
If Mac is so secure, why does Apple has to release security patch for OSX?
View all 2 replies
Depends where you watch
by aabcdefghij987654321 January 12, 2006 9:29 AM PST
I watch Bugtraq where I see security bugs on all sorts of systems being noted daily. Don't be so smug, your system may be compromised too if you aren't careful.
you know it's BS
by The user with no name January 12, 2006 11:02 AM PST
to say, imply, or otherwise mislead as if ONLY windows has issues. C/net just had an article about security updates for Linux... and no...I'm not providing a link cause I dont have it and not spending the time to find it for you. You're obviously a smart little PC user so I'm sure you know how to google for an article...
this is a symantec issue
by techguy83 January 11, 2006 7:38 PM PST
As I will not use their products I do not have this issue.

Besides, Symantec's security and such have been getting worse and worse since 2000.

Long live Avast and AVG.
Reply to this comment
Peter Norton
by January 11, 2006 9:08 PM PST
Maybe they should employ Peter Norton. Maybe he could improve these software.

I have completely abandon Norton Antivirus. It has turned into such piece of crap. Talk about a resources hog.
this is a symantec issue
by techguy83 January 11, 2006 7:38 PM PST
As I will not use their products I do not have this issue.

Besides, Symantec's security and such have been getting worse and worse since 2000.

Long live Avast and AVG.
Reply to this comment
Peter Norton
by January 11, 2006 9:08 PM PST
Maybe they should employ Peter Norton. Maybe he could improve these software.

I have completely abandon Norton Antivirus. It has turned into such piece of crap. Talk about a resources hog.
Norton UN-Protected Recycle Bin
by sadchild January 12, 2006 11:29 AM PST
Norton UN-Protected Recycle Bin sounds like a more appropriate name.
Reply to this comment
Norton UN-Protected Recycle Bin
by sadchild January 12, 2006 11:29 AM PST
Norton UN-Protected Recycle Bin sounds like a more appropriate name.
Reply to this comment
Need help? Pay money!
by pjcamp January 15, 2006 12:28 PM PST
What I have not seen mentioned in any of the news items on this issue, and that I think deserves broader play, is the fact that Symantec's fix is only for the 2004 through 2006 versions of their utility suite. 2003 and earlier suffers from the same problem but if you want to fix that, you are out of luck. First you have to pay for an upgrade and then apply the patch. But I have a better idea. Out of curiosity, I downloaded Zone Alarm's antivirus suite and scanned with it. I found 8 infections that Norton had let past, 6 of them hiding in the NPROTECT folder. This is curious since I have never used Norton Protection for my recycle bin. Apparently, it is installed whether you want it or not and all you can do is toggle whether or not it is actually used. So let's see the score: Norton is slipshod about preventing infections, it provides a cozy hiding place for them that they are now using, and if you want to destroy that hiding place, you have to pay money to Symantec for the priviledge. I think uninstalling is a far better idea.
Reply to this comment
Need help? Pay money!
by pjcamp January 15, 2006 12:28 PM PST
What I have not seen mentioned in any of the news items on this issue, and that I think deserves broader play, is the fact that Symantec's fix is only for the 2004 through 2006 versions of their utility suite. 2003 and earlier suffers from the same problem but if you want to fix that, you are out of luck. First you have to pay for an upgrade and then apply the patch. But I have a better idea. Out of curiosity, I downloaded Zone Alarm's antivirus suite and scanned with it. I found 8 infections that Norton had let past, 6 of them hiding in the NPROTECT folder. This is curious since I have never used Norton Protection for my recycle bin. Apparently, it is installed whether you want it or not and all you can do is toggle whether or not it is actually used. So let's see the score: Norton is slipshod about preventing infections, it provides a cozy hiding place for them that they are now using, and if you want to destroy that hiding place, you have to pay money to Symantec for the priviledge. I think uninstalling is a far better idea.
Reply to this comment
(20 Comments)
  • prev
  • 1
  • next
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Symantec (1.66%) 0.29 17.71
Dow Jones Industrials (2.03%) 203.52 10,226.94
S&P 500 (2.22%) 23.78 1,093.08
NASDAQ (1.97%) 41.62 2,154.06
CNET TECH (2.03%) 31.21 1,569.61
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET