Forum latest

Got Norton 'rootkit' Systemworks?
Written by Aidan   
Thursday, 12 January 2006 04:45

After all the fun of Sony's DRM software that acted as a fantastic rootkit, giving trojan/virus/malware writers somewhere to hide their nasty code, you'd think that other companies would be more sensible about it. Well, to a certain extent, but you'd expect Symantec to know better!

Norton Systemworks has a feature called "Norton Protected Recycle Bin". This works by hiding the files inside a directory from the Windows API thus preventing antivirus scanners (and the user) from seeing them. Whilst in Symantec's case this was originally designed to be a benefit to the user by helping prevent them deleting things they didn't want to delete, it is still possible for a malicious person to use this to hide files from anti-malware, viruses and trojans.

Unlike Sony, Symantec have released an update that disables this feature. Simply running Symantec LiveUpdate will download the patch that turns off the directory hiding.

 There's more information here!


Don't Click Here Don't Click Here Either