Security - eWeek

Page 2 - Some Rootkits Are Worse Than Others

	LATEST STORIES
	- Secunia Survey Finds 98 Percent of PCs Have ... - LinkedIn, MTV Tap Spring to Develop Core App... - Drive Developers to Windows Embedded SPARK C... - Zoho CloudSQL Expands SMB Cloud Computing Op... - LG Elec Sees Slight Handset Sales Growth in ...

	eWEEK EDITORIAL CALENDAR
	For a list of what eWEEK is covering this year, go to our editorial calendar.


	NAC 2.0: A New Model For A More Secure Future from Sophos PBX Buyer's Guide from VoIP-News Giving Service Companies a Fast Start from SAP See All Resources >


	Server Virtualization The Windows Server Virtualization Platform Hardware virtualization introduces significant new hardware requirements and new management, support, and licensing challenges. Join presenters from Unisys on December 10 as they outline the hardware virtualization software that Microsoft offers, looks at the tools Microsoft provides for managing virtualized servers, and examines licensing and support implications of deploying hardware virtualization. Register Now!

Security

Some Rootkits Are Worse Than Others

By Larry Seltzer
2006-01-12

Article Views: 1505
Article Rating:

/ 0

Table of Contents:

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

Some Rootkits Are Worse Than Others - ' How Did They Come '
( Page 2 of 2 )

To This?">

Its a shame in a way. I was a customer of the earliest, original Norton Utilities. (I actually wrote fan mail to Peter Norton and he wrote back!) The applications had universal appeal, but it was very techie-oriented software. In later versions, trying to appeal to a larger audience, Symantec (which had bought out "Peter Norton Software") essentially dumbed down the software, and this directory hiding stuff is a part of that.

How far back does the feature go? Its an important question, and one I posed to Symantec. Until last spring I was using a copy of SystemWorks 2002 on one of my computers. I could have upgraded, but there was never anything new and better in new versions of SystemWorks. If I were still using it, would I have an update available? What about 2001, 2000 and so on? According to Symantecs advisory the 2005 and 2006 versions are vulnerable, but Symantec tells me that it works for earlier versions as well, at least for 2002.

Microsoft looks to zap Sonys DRM "rootkit." Click here to read more.

By the time security became a serious mainstream issue and malware writers became competent, the Norton Protected Recycle Bin was basically a legacy feature skating along from version to version, probably with little attention being paid to it. But Symantec, being a security company, should have caught this one many years ago, instead of being notified by a third party (once again we have F-Secure to thank for this, a competitor of Symantecs, and Mark Russinovich of Sysinternals).

I dont think theres much reason to worry about it. Ive never heard of any malware that tried to hide itself using this feature, and any that did would quickly be detected. Furthermore, its safe to assume that Norton SystemWorks users are much more likely than the average user to have anti-virus protection on their computers, and therefore to have some protection against any malware that attempted to utilize the hidden directory. Some versions of SystemWorks actually come with Norton Antivirus bundled.

So Im hoping that Symantec gets proactive with their users and reaches out to them to push out the update that unhides the directory, but Im not going to worry about this one. On the other hand, I hope it sends a signal through the industry to analyze your products for techniques like this that could be abused. Better to deal with it proactively than to be the subject of the next expose.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

MOST READ SECURITY STORIES
PAST 7 DAYS

1 - Intel Arms Lenovo ThinkPad Laptops with New Anti-theft Technology (4334)
2 - It's Time to Sign the Root Zone Already (3156)
3 - How to Strengthen Your Enterprise Wireless Network Security (2473)
4 - Wireless Security: A Partial Glossary of Wireless Security Terms (2440)
5 - Apple Anti-Virus Advisory Overhyped (2193)
6 - Enterprise Security Requires Shared and Privileged Account Password Management (1657)
7 - Secunia Survey Finds 98 Percent of PCs Have Vulnerable Program (403)

Videos Sponsored by:

EWEEK E-MAIL NEWSLETTERS bring you reliable, timely information to stay on top of the business of technology -- and technology in business -- and get more out of the Web. Make your choices and start your subscriptions today!

EWEEK RSS NEWS FEEDS contain a daily feed of our latest stories from over 30 different categories including Enterprise Apps, Business Intelligence, Security, VOIP and more!

Subscribe to our RSS feeds today for free...

	Issue Index \| Contact Us \| About \| Advertise \| Magazine Customer Service \| Site Map
	Security: Enterprise Security Network Security Infrastructure Security How To: Data IT Security News Cheap Hack Blog Security Watch Blog Storage: Data Storage Cloud Storage Storage Virtualization Network Access Storage Storage Reviews Data Storage News How To: Storage Storage Station Blog Computing: Apple OSX Linux Systems Windows Vista Managed Print Services Cloud Computing PC Reviews Microsoft Watch Blog Apple Watch Blog Google Watch Blog Communications: VoIP Solutions Wireless Technology Messaging Software Web Services Mobile Applications Wireless News Mobile Reviews Apps & Development: Application Development SAAS Search Engines Database Software Web 2.0 IT Project Management Emerging Tech Blog CIO Insight Blogs CIOs
	Vertical Markets: Federal Government IT Health Care IT Finance IT Mid-Market Channel Partners Careers Blog Value Added Resellers More eWeek Links: Green Computing Center Tech Knowledge Center Tech Newsletters Tech RSS Feeds White Papers Tech Podcasts Tech Videos eWeek Magazine Subscriptions Enterprise Websites: ZDE Home Baseline Channel Insider CIO Insight eSeminars eWeek Mid-Market Publish Online Web Buyers Guide Developer Websites: Dev Shed DeveloperShed ASP Free MS DevSource SEO Chat Codewalkers Tutorialized Scripts.com Dev Mechanic Dev Articles Web Hosters Dev Hardware Technology Websites: Device Forge Desktop Linux Linux Devices Windows for Devices iGrep Search Engine PDF Zone Linux Watch
	Use of this site is governed by our Terms of Use and Privacy Policy Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. eWeek is your best source for the latest Technology News. ZDE Cluster 4 hosted by Hostway.