Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Symantec forced to fix rootkit-style flaw

U-turn over hidden directory.

Article comments

Symantec has got caught up in the controversy surrounding "rootkit" technology that allows companies to hide programming elements from the computer they are installed on.

The anti-virus company has had to fix a flaw in Norton SystemWorks that could allow an attacker to hide malicious code in a hidden directory used by the product.

The problem itself is in the company’s Norton Protected Recycle Bin, a feature that allows Windows users to restore file types not stored by Windows’ own recycle bin after deletion.

It uses a hidden folder, NProtect, which anti-virus scanners - including the company’s own - does not monitor during scheduled or manual scans. Although the directory is scanned during on-access directed scans, the blind spot makes it a potential hideaway for malware, the company has admitted.

The directory was hidden in the first place because Symantec wanted to ensure that users couldn’t accidentally delete its contents.

"In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory," an advisory on its website stated. Symantec has released an automatic update via its LiveUpdate, which makes the directory visible during all types of scan.

The practise of hiding directories from Windows is superficially reminiscent of Sony’s notorious rootkit-like use of its XCP copy protection, which turned into a PR disaster inNovember. The issue was also brought to Symantec’s attention by Mark Russinovich of, who discovered and publicised what Sony was doing with XCP.

The issue in SystemWorks is not as significant, Symantec will argue with justification, because there was no intention to deceive the user for ulterior purposes. "Symantec is not aware of any attempts by hackers to conceal malicious code in the NProtect folder. This update is provided proactively to eliminate the possibility of that type of activity," the advisory concludes.

However, despite the company having come clean, it is hard to escape the impression of thoughtless and complacent software design in the past. This is an issue that could have caused problems had it not been noticed by third parties before it was noticed by malware writers.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *