Welcome Guest ( Log In | Register )



 
 Reply to this topicStart new topic
> Symantec Using Sony Drm-like Rootkit?, Norton Protected Recycle Bin Exposure
sparx
post Jan 12 2006, 08:29 AM
Post #1


Premium Member
Group Icon

Group: Members
Posts: 243
Joined: 20-January 05
From: Bombay, INDIA
Member No.: 2,231
Link here


Symantec has released an advisory saying that the Norton Protected Recycle Bin which is used to recover deleted files as an added safety net underlying Windows' Recycle Bin will now display the NProtect sub-folder in the Recycled folder.

QUOTE
The NProtect directory is used to store temporary copies of files that the user has deleted or modified. This feature supplements the Windows Recycle Bin, creating a temporary backup of certain types of files that the Windows Recycle Bin does not back up. The Norton Protected Recycle Bin allows the user to recover these protected files if they are accidentally deleted.

NProtect is hidden from the Windows FindFirst/FindNext APIs. Since the hidden directory is not visible to Windows, files in the directory might not be scanned during scheduled or manual virus scans. Files in the NProtect directory are scanned by on-access scanners like Symantec's Auto-Protect, and by the on-access scanners of other vendors' products.

When NProtect was first released, hiding its contents helped ensure that a user would not accidentally delete the files in the directory. In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory. We have released an update that will make the NProtect directory visible inside the Windows Recycler directory. With this update, files within the NProtect directory will be scanned by scheduled and manual scans as well as by on-access scanners like Auto-Protect.

The NProtect directory will continue to function as it always has, and users will continue to have the ability to enable or disable the feature through the Norton Protected Recycle Bin user interface.


All you need to do is run LiveUpdate, download the new version of the Symantec Common Event Driver (less than 300 KB) and reboot. This affects Norton Systemworks 2005/2006 including the Premium versions.

Basically, they're just insuring themselves against possible public outcry following the discovery of Sony's DRM rootkit install and the hoopla surrounding that bad decision

BTW, the above two links point to one of the funniest tech comic strips available online - Userfriendly by J.D. "Illiad" Frazer
Go to the top of the page
 
+Quote Post
Khymnon
post Jan 12 2006, 10:36 AM
Post #2


Member [ Level 2 ]
Group Icon

Group: Members
Posts: 72
Joined: 1-January 06
From: Egypt
Member No.: 10,410
Great business sense on Symantec's part. Thanks, sparx.

Actually, the NProtect folder has always been shown when you accessed the Recycle Bin directory under DOS. Naturally since almost no one had used DOS in eons except perhaps for experimental reasons, this fact isn't widely known.

Plus, I remember seeing my anti-virus scanning the Norton protected files before. I can't be sure, though. Well, either way, Symantec covered themselves against the *hoopla.* :-)
Go to the top of the page
 
+Quote Post
« Next Oldest · Security issues & Exploits · Next Newest »
 

Fast ReplyReply to this topicStart new topic

Collapse

> Similar Topics

Topics Topics
  1. Keep Your Windows XP Protected(9)
  2. I Don't Want Norton To Delete My Viruses And Hacktools!(23)
  3. Sygate Still Secure?(4)
  4. Can Someone Get A Rootkit Certified?(1)
  5. Rootkit Revealer Locks Up My System(2)


 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

- Lo-Fi Version Time is now: 2nd December 2008 - 04:54 PM
Powered By IP.Board 2.2.1 © 2008  IPS, Inc.
Licensed to: Xisto Corporation