[IP] Symantec announces Norton Public Relations Nightmare 2006

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Symantec announces Norton Public Relations Nightmare 2006
From: David Farber <dave@xxxxxxxxxx>
Date: Thu, 12 Jan 2006 16:33:48 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx

http://blogs.siliconvalley.com/gmsv/2006/01/_after_the_sony.html#comments




Symantec announces Norton Public Relations Nightmare 2006

By JOHN PACZKOWSKI

After the Sony rootkit debacle, you'd think we would have heard thelast of reputable software companies creating hidden directories inWindows systems (see "Sony reconsiders policy on hiring 'reformed'hackers," "Sony DRM: You can look but you can't touch," "Sorry aboutthose secret files; what we meant to install were these secretfiles," "Quoted," "Find out who programmed the rootkit DRM and sendQrio to kill him," "Rootkits -- serves those Windows losers ri ...hey, what the ...?," "And we would have gotten away with it if itweren't for you meddling kids" and "Sony inducted into FUBAR Hall ofFame," "Sorry, we thought "rootkit" was Finnish for 'congratulationson your DRM scheme'," and "Sony BMG's new corporate anthem: BennyHill Theme").

But no. Symantec just admitted that the "Norton Protected RecycleBin," or "NProtect" feature of Norton SystemWorks, deliberatelyconceals a directory from Windows APIs to protect the files fromaccidental deletion. A commercial security vendor using rootkittechnology? Unbelievable. Symantec explained its thinking in asecurity bulletin. "When NProtect was first released, hiding itscontents helped ensure that a user would not accidentally delete thefiles in the directory. In light of current techniques used bymalicious attackers, Symantec has re-evaluated the value of hidingthis directory. We have released an update that will make theNProtect directory visible inside the Windows Recycler directory.With this update, files within the NProtect directory will be scannedby scheduled and manual scans as well as by on-access scanners likeAuto-Protect."

An embarrassing turn of events for Symantec, more so because thecompany -- which bills itself as "a world leader in providingsolutions to help individuals and enterprises assure the security,availability, and integrity of their information" -- didn't realizeits misstep until Mark Russinovich, the Sysinternals researcher whodiscovered Sony's controversial DRM rootkit, alerted them to it."It's a bad, bad, bad idea to start hiding things in places where itpresents a danger. I'm seeing it more and more with commercialvendors," Russinovich said in an interview with eWEEK. "When you userootkit-type techniques, even if your intentions are good, the userno longer has full control of the machine. It's impossible to managethe security and health of that system if the owner is not in control."

Comment on this post


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on Bank loses tape with personal information on 90,000 customers
Next by Date: [IP] Symantec Rootkit revealed
Previous by thread: [IP] more on Bank loses tape with personal information on 90,000 customers
Next by thread: [IP] Symantec Rootkit revealed
Index(es):
- Date
- Thread