Symantec Using Sony Drm-like Rootkit? Norton Protected Recycle Bin Exposure

[sparx 0]

Link here


Symantec has released an advisory saying that the Norton Protected Recycle Bin which is used to recover deleted files as an added safety net underlying Windows' Recycle Bin will now display the NProtect sub-folder in the Recycled folder.

The NProtect directory is used to store temporary copies of files that the user has deleted or modified. This feature supplements the Windows Recycle Bin, creating a temporary backup of certain types of files that the Windows Recycle Bin does not back up. The Norton Protected Recycle Bin allows the user to recover these protected files if they are accidentally deleted.
NProtect is hidden from the Windows FindFirst/FindNext APIs. Since the hidden directory is not visible to Windows, files in the directory might not be scanned during scheduled or manual virus scans. Files in the NProtect directory are scanned by on-access scanners like Symantec's Auto-Protect, and by the on-access scanners of other vendors' products.

When NProtect was first released, hiding its contents helped ensure that a user would not accidentally delete the files in the directory. In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory. We have released an update that will make the NProtect directory visible inside the Windows Recycler directory. With this update, files within the NProtect directory will be scanned by scheduled and manual scans as well as by on-access scanners like Auto-Protect.

The NProtect directory will continue to function as it always has, and users will continue to have the ability to enable or disable the feature through the Norton Protected Recycle Bin user interface.

All you need to do is run LiveUpdate, download the new version of the Symantec Common Event Driver (less than 300 KB) and reboot. This affects Norton Systemworks 2005/2006 including the Premium versions.

Basically, they're just insuring themselves against possible public outcry following the discovery of Sony's DRM rootkit install and the hoopla surrounding that bad decision

BTW, the above two links point to one of the funniest tech comic strips available online - Userfriendly by J.D. "Illiad" Frazer

[Khymnon 0]

Great business sense on Symantec's part. Thanks, sparx.Actually, the NProtect folder has always been shown when you accessed the Recycle Bin directory under DOS. Naturally since almost no one had used DOS in eons except perhaps for experimental reasons, this fact isn't widely known.Plus, I remember seeing my anti-virus scanning the Norton protected files before. I can't be sure, though. Well, either way, Symantec covered themselves against the *hoopla.* :-)