RSS
Twitter
You Say Rootkit, I Say Tomato
from the double-double-speak-speak dept
Symantec is denying the assertion made earlier in the week that its Norton SystemWorks product installs a rootkit. Although the company acknowledged its existence, it denies it's a rootkit, calling it instead a "hidden folder". F-Secure, whose software picked up the rootkit hidden folder, says that the difference between what Symantec is doing and the Sony BMG rootkit is "ideological", and isn't anywhere as malicious since it can be turned off or uninstalled by the user. Symantec now says it's working with some trade bodies to try to develop a definition of rootkit, and that the changing nature of malware makes hiding files no longer a viable option. All this talk still clouds the fact that the hidden folder could be used to cloak malicious files on someone's PC -- the exact sort of thing security software is supposed to prevent.
Reader Comments
(Flattened / Threaded)
Ummm...
I would think that as a protective countermeasure, anti-virus/malware software would want to keep some of its files hidden, making them a bit more impervious to deletion/blocking by clever crapware....
I'm probably wrong.
(reply to this comment) (link to this comment)
Re: Ummm...
I actually though that Symantec was 'clever crapware' ...
(reply to this comment) (link to this comment)
Big Deal
Wow... Big Deal, Systemworks installs a "hidden folder" that is easily found with the "show hidden folders" setting in view file types. This is nowhere to the point of %blah% that hides the folder from everything including cmd.exe. The whole intent was to hide nortons working, as lately there have been a slew of virii and malware programs that disable things (Microsoft Update, Adaware, AV's, etc). Its quite easy for Systemworks to implment the hidden folder, so if a new virus was to expose it, whats to say another virus cant simply just make its OWN hidden folder!
(reply to this comment) (link to this comment)
Re: Big Deal
That's incorrect. It is not simply a normal "hidden folder" that can be viewed by enabling "show hidden folders." It is hidden from the Windows FindFirst/FindNext API that scans a directory, probably by patching those those Windows API functions.
(reply to this comment) (link to this comment)
hidden files
If I pay for virus detection software or any software , then I should have the right to see any or all files or changes that the software makes to my computer. All changes or files added, register changes, etc... to your computer during a software add or change should be printed or available for you to see in either a hard copy or file format.
Is this to much to ask ?
(reply to this comment) (link to this comment)
Re: hidden files
I guess you dont write software, In short answer YES. However I agree that an uninstall procedure should remove ALL remnants of the software.
(reply to this comment) (link to this comment)
Re: hidden files
is it too much to ask for a choice of "to install software" or "not to install software"?
Symantec only installs if you choose to have the active features installed.
Sony's software installs itself even if you tell it NOT to install anything at all -- no matter if you do or do not agree with the EULA.
Symantec's directory does not "Call Home" without you first asking it to -- and in that case, it is doing what you have instructed it to do -- it's "LiveUpdate" checks for newer version of the symantec software you choose to install.
http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html
Sony's software calls home and reports information about what is on your hard-drive -- no matter who's IP that data on your hard-drive belongs to.
(reply to this comment) (link to this comment)
Re: hidden files
On the subject of "calling home" -
I wonder why Symantec/Norton Systemworks calls home every time I defrag or use the other functions of the software. They might say they just want to be sure I have the latest version of the component before I use it.
I say baloney. I can use Live Update or manually update it IF I want to. Calling home caused the software to boot very slowly while it phoned home.
I stopped it with my free Zone Alarm firewall, and everything Norton works just fine, and boots much faster.
It's really not that big a deal. It's the principle of the thing. It's none of their damn business!!
Consumers are treated like prey.
(reply to this comment) (link to this comment)
Re: hidden files
Uh, Stu, hate to break it to you:
Customers are prey. Didn't you get the memo?
(reply to this comment) (link to this comment)
Re: hidden files
Is this to much to ask ?
Please, people... for the love of god, PLEASE learn how to use to, too, and two correctly. While you're at it, learn lose and loose. No, they're not interchangable.
(reply to this comment) (link to this comment)
Re: hidden files
OH NO! NOT THE GRAMMAR POLICE!!!!! PLEASE DONT TAKE US TO ALPHABET JAIL!
(reply to this comment) (link to this comment)
Re: hidden files
HAhahaahaa alphabet jail, I may be a bit out of the loop having not heard that before, but that's hillzzzarious man.
1 point for you!
(reply to this comment) (link to this comment)
Re: hidden files
OMGWTFPWNED by the grammer police.
(reply to this comment) (link to this comment)
Re: hidden files
Uh, sir, I'm going to have to cite you for misspelling 'grammar'.
(reply to this comment) (link to this comment)
Spyware/ Virus/ Malware
All of this can be easily defeated. Everyone go and download your FREE copy of linux. There are no pop-ups, viruses, or malware for linux. So stop living in fear and do something about it without spending money on "anti-virus".
(reply to this comment) (link to this comment)
Re: Spyware/ Virus/ Malware
Okay, go to
http://sarc.com/avcenter/enterprise/vinfodb.html
in that search field in the middle, type the word Linux and see how much malware shows up.
(reply to this comment) (link to this comment)
Re: Spyware/ Virus/ Malware
drkkgt ftw
Malware/adware/viruses/whatever can be written just as easily for Linux as for Windows (yes Macs too). If it's a string of 1s and 0s, it can be manipulated; I don't care if it's harder, easier, or just not as common, the security holes of any OS be exploited.
Granted, Linux isn't as targeted as Windows, but the guys out there are targeting Windows because it's Windows. If Linux was a pay-to-license, non-open-source OS and had as much market share as Windows, you better be damn sure people would target it just as much.
.02
(reply to this comment) (link to this comment)
Re: Spyware/ Virus/ Malware
Hey Travis,
I was replying to Mecc, sorry for any confusion.
(reply to this comment) (link to this comment)
Re: hidden files
Hey dumbass.
you do, MS hides files all the time, hence the "show hidden files" selection.
If they didn't show the files after that selection was checked,then there would be an issue.
Maybe you should have the frame of mine to actually FIND your answers instead of asking someone to searve it up on a silver platter for you.
(reply to this comment) (link to this comment)
Re: hidden files
Microsoft Windows creates hidden folders... Nobody complains about that :)
(reply to this comment) (link to this comment)
Re: hidden files
*** Post removed for linking to potentially dangerous website. ***
(reply to this comment) (link to this comment)
Re: hidden files
You are so right. Microsoft has files that are hidden and REMAIN hidden even when you select the 'show hidden folders' option. Check this link if you don't believe it!
Do NOT click the above link from "Dogstar", it takes you to "http://fuckmicrosoft.com/" and will attempt to install several cookies and a virus onto your computer.
obviously "Dogstar" knew that and this is why he hid the URL by using a free forwarding service in his phishing-style attempt to get you to visit his anti-productive website.
(reply to this comment) (link to this comment)
Whats the problem here
Whats the problem here really. It's completely obvious that this feature is not for malicious purposes and its also obvious that you can DISABLE the feature and any time. Quit yer bitchin and quit being so paranoid.
(reply to this comment) (link to this comment)
Addressing the issues.
I don't know how many people have had this problem over the past few years and it's become anusiance. I am really glad to see that people are stepping up to the plate and trying to keep these things from being in their systems.
(reply to this comment) (link to this comment)
You don't even know what the folder was doing
This folder was used in the protected recycling bin in Norton System Works. It was not malicious, it was not ever used for any virus or trojan attacks, it was completely harmless. It was that it was hidden to the user so that they didn't delete the backup data accidently, but the files within the folder were still accessible through the system works application. Don't get me wrong, I absoluletly hate rootkits, but this doesnt come close to qualifying as one. Additionally, they have already released a patch which corrects the problem. The potential for any exploits or security threats has been eliminated, because the problem has ALREADY BEEN FIXED. Sony went seriosly wrong, but don't take that as an opprotunity to jump on other corporations without first knowing at least the basics of whats going on.
(reply to this comment) (link to this comment)
Too all the grammar loosers
When it is illegal to use poor grammar, only illegals will use grammer poorly.
(reply to this comment) (link to this comment)
Re: Too all the grammar loosers
I dont kayr abowt grammer all thatt much. Itz just thet win peepel kommyunikait onlee in fonetix it mayks them look lyke reetardz.
So screw up your sentence structures all you want, just use the right friggin WORD. If I needed a heart transplant, but the doctor told me I needed a Hartz Trains Plant, even if it was in an email, i would find a new doctor.
(reply to this comment) (link to this comment)
I see a pig.
You can put lipstick on a pig, but it does not make it beautiful. You just make a pig look stupid.
(reply to this comment) (link to this comment)
No Subject Given
IMO rootkit = something that modifies the OS kernel in memory
(reply to this comment) (link to this comment)
Add Your Comment