Symantec caught using rootkit technology
Sony BMG saga all over again?
Original News Story
vnunet.com 13 Jan 2006
Security vendor Symantec has admitted to using a rootkit-like technology in its Norton SystemWorks appliction.
The company admitted in a security advisory that the technology hides a directory from the user and the operating system.
"Files in the directory might not be scanned during scheduled or manual virus scans. This could potentially provide a location for an attacker to hide a malicious file on a computer," the vendor stated.
The technology aims to help the user recover files without running the risk of accidentally deleting them.
"In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory," the advisory continued.
The security vendor has published an update that can be downloaded through Symantec LiveUpdate. The update requires a system reboot.
The firm emphasised that it is not aware of any attempts by hackers or worm authors to exploit the feature.
Symantec credited fellow security vendor F-Secure and software developer Mark Russinovich with finding the vulnerability.
Russinovich disclosed late last year that Sony BMG had been deploying rootkit technology as part its XCP anti-piracy technology for audio CDs.
In this case the rootkit aimed to hide the software from the user, preventing it from being uninstalled. But security experts pointed out that malware could easily exploit the feature.
Amid an outcry from consumers and security experts, Sony was forced to recall the CDs and is now facing legal action.
The hiding of software is commonly performed by rootkits, causing the Sony BMG and Symantec cases to be closely associated with such hacker tools.
A rootkit, however, does more than just hide files, as it is primarily designed to provide an attacker with a backdoor into hacked computer system.
While the Sony BMG and Symantec technologies hide files, the Norton feature is far less severe than XCP, according to Mikko Hyppönen, chief research officer at F-Secure.
"The main difference between the Symantec and Sony rootkits is not technical, it's ideological," he wrote on F-Secure's blog.
"Symantec's rootkit is part of a documented, useful feature; it can be turned on or off and it can easily be uninstalled by the user. Unlike Sony's rootkit."
Sony BMG saga all over again?
Original News Story
vnunet.com 13 Jan 2006
Security vendor Symantec has admitted to using a rootkit-like technology in its Norton SystemWorks appliction.
The company admitted in a security advisory that the technology hides a directory from the user and the operating system.
"Files in the directory might not be scanned during scheduled or manual virus scans. This could potentially provide a location for an attacker to hide a malicious file on a computer," the vendor stated.
The technology aims to help the user recover files without running the risk of accidentally deleting them.
"In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory," the advisory continued.
The security vendor has published an update that can be downloaded through Symantec LiveUpdate. The update requires a system reboot.
The firm emphasised that it is not aware of any attempts by hackers or worm authors to exploit the feature.
Symantec credited fellow security vendor F-Secure and software developer Mark Russinovich with finding the vulnerability.
Russinovich disclosed late last year that Sony BMG had been deploying rootkit technology as part its XCP anti-piracy technology for audio CDs.
In this case the rootkit aimed to hide the software from the user, preventing it from being uninstalled. But security experts pointed out that malware could easily exploit the feature.
Amid an outcry from consumers and security experts, Sony was forced to recall the CDs and is now facing legal action.
The hiding of software is commonly performed by rootkits, causing the Sony BMG and Symantec cases to be closely associated with such hacker tools.
A rootkit, however, does more than just hide files, as it is primarily designed to provide an attacker with a backdoor into hacked computer system.
While the Sony BMG and Symantec technologies hide files, the Norton feature is far less severe than XCP, according to Mikko Hyppönen, chief research officer at F-Secure.
"The main difference between the Symantec and Sony rootkits is not technical, it's ideological," he wrote on F-Secure's blog.
"Symantec's rootkit is part of a documented, useful feature; it can be turned on or off and it can easily be uninstalled by the user. Unlike Sony's rootkit."
