Symantec owns up to ‘rootkit’

Symantec went public with its own use of rootkit-like technology this week, offering users a fix and saying the bug posed only a "low" risk.

Norton SystemWorks and SystemWorks Premier both contain a feature called the Norton "protected recycle bin" inside the Windows "recycler" directory. Within the bin, there is a directory called NProtect, hidden from Windows application program interface, which may not be examined during virus scans.

The directory could provide a nest for malicious files to be hidden on a PC, Symantec said in a security advisory posted Jan. 10.

"When NProtect was first released, hiding its contents helped ensure that a user would not accidentally delete the files in the directory. In light of current techniques used by malicious attackers, Symantec has reevaluated the value of hiding this directory," the company said on its website. "We have released an update that will make the NProtect directory visible inside the Windows Recycler directory. With this update, files within the NProtect directory will be scanned by scheduled and manual scans as well as by on-access scanners like auto-protect."

Symantec said Mark Russinovich of Sysinternals and the F-Secure Blacklight Team assisted with the issue. The company advised users of their software to run a manual update, which requires a system reboot.

In recent months, Sony-BMG Entertainment faced a public relations nightmare following the exposure of rootkit-like Extended Copyright Protection (XCP) and MediaMax technology on its CDs.

Sony has agreed to give customers who purchased an affected disc either cash, a replacement CD or downloadable music. The settlement was in response to a handful of lawsuits filed against the music giant late last year.

The media firestorm erupted in November over the data management applications, forcing Sony to recall CDs containing XCP technology, made by London-based First4Internet. The company recently said it will also stop making CDs containing the similar MediaMax, which is created by Phoenix-based SunnComm.

Both MediaMax and XCP have been found to install software on PCs without warning the user.

Sony's legal troubles worsened in the waning days of 2005, when Texas expanded its lawsuit against the recording company to seek damages caused by MediaMax as well as XCP. State Attorney General Greg Abbott had initially sued Sony in November for its use of XCP, claiming it violated the state's recently enacted anti-spyware law. Private attorneys had also sued Sony on behalf of consumers.

The Electronic Frontier Foundation and Sony jointly announced a software update for MediaMax last month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.