Symantec confesses to using rootkit technology

[Steve]

see, one day you will start believing me that symantec / nortons is not a good thing to have on your computer!!!




http://blogs.zdnet.com/Spyware/index.php?p=747


Oh, dear. We're just getting over the Sony DRM rootkit ruckus and now we have a security company hiding software components from Windows APIs with rootkit technology. News.com reports that Symantec Corp.'s spokesperson admitted to using this rootkit type feature in Norton SystemWorks to hide a directory so customers wouldn't accidentally delete files. The problem was it could also provide a convenient hiding place for attackers to place malicious files. Due to the vulnerability, Symantec has issued an update for SystemWorks and is "strongly recommending" users update the software immediately. Link >> http://securityresponse.symantec.com...006.01.10.html


Mark Russinovich of SysInternals, along with security company F-Secure, was credited with discovering the rootkit feature in SystemWorks. Russinovich, the developer of rootkit scanner Rootkit Revealer, also discovered the SONY DRM rootkit. Russinovich is quoted as saying:

It's a bad, bad, bad idea to start hiding things in places where it presents a danger. I'm seeing it more and more with commercial vendors, […]

When you use rootkit-type techniques, even if your intentions are good, the user no longer has full control of the machine. It's impossible to manage the security and health of that system if the owner is not in control.

Russinovich is planning to publish more information about commercial vendors using rootkit technology according to eWeek. At spyware help forums like SpywareWarrior, we are advising users to run rootkit detection apps more frequently as a result of spyware infestations from threats like the AOL Instant Messaging worm. It will be interesting to see what other non-malware is found using rootkits to hide. Stay tuned for more on this unfolding situation