Hidden directory now seen as a risk
By Joris Evers
Published: 12 January 2006 08:15 GMT
Symantec has released an update to its popular Norton SystemWorks to fix a security problem that could be abused by cyber criminals to hide malicious software.
In the PC-tuning application, a feature called the Norton Protected Recycle Bin creates a hidden directory on Windows systems. The feature is meant to help people restore modified or deleted files but the hidden folder might not be scanned during scheduled or manual virus scans, Symantec said in an advisory released on Tuesday.
The security giant said: "This could potentially provide a location for an attacker to hide a malicious file on a computer," adding it is not aware of any attempts by hackers to conceal malicious code in the folder. "This update is provided proactively to eliminate the possibility of that type of activity," it said.
Symantec's alert has echoes of Sony BMG Music Entertainment's recent PC security fiasco. The record label was found to be shipping copy-protected CDs that planted so-called rootkit software on the computers that played them. The rootkit technology also offered a hiding place for malicious software.
When the recovery feature was first introduced, hiding the directory helped ensure a user would not accidentally delete the files in it, Symantec said.
The company said in its advisory: "In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory."
Security monitoring company Secunia rates the issue "not critical". Symantec itself deems the risk impact "low".
Symantec credits Mark Russinovich, the Sysinternals researcher who also investigated the Sony rootkit, and F-Secure, a Finnish security company that has a rootkit detection product, for helping it address the SystemWorks issue.
The Norton update will display the previously hidden "NProtect" directory in the Windows interface, which will allow it to be scanned by antivirus products, Symantec said. The new version is available through the Symantec LiveUpdate service. Installing the software will require a system reboot.
Joris Evers writes for CNET News.com
You should have experience in diagnosis and networking, VBscript, Powershell, batch files and deployment Server and Symantec Ghost. VBscript, ...
Symantec Security Consultant / Engineer (Symantec SEP, SEE) required urgently for pivotal role within an award winning IT security company who are ...
IT Security Engineer / Network Security Consultant (Symantec SEP, SEE, SAV) Our client is an award winning single supplier of all IT security ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Is Your Enterprise Architected for Tomorrow's Growth?
Improving IT service delivery through an integrated approach to software asset management...
TechRepublic Resource Guide: Software as a Service (SaaS) for Small and Midsize Businesses...
Download a Free Trial of SmartDraw: Learn why SmartDraw is the ideal alternative...
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy