Symantec has utilized a feature in its system utility suite, Norton SystemWorks, that employs a technique similar to a rootkit to hide a system folder in Windows.
This technology operates similarly to the controversial DRM rootkit used by Sony BMG, in that it marks files and hides them from the operating system.
The Norton Protected Recycle Bin feature adds a temporary storage folder called NProtect, which stores files that users delete. This concept is meant to supplement the Windows Recycle Bin, allowing users to recover deleted files.
However, hiding a folder from Windows may create a “backdoor” to security vulnerabilities similar to those seen with the Sony DRM Rootkit collapse. Malicious actors could write new viruses and worms hidden within the folder to evade detection by security software.
“NProtect will continue to function as before, and users will be able to activate or deactivate this feature through the Norton Protected Recycle Bin management interface,” Symantec stated.
Users of Norton SystemWorks can download the patch via the LiveUpdate feature. “Symantec is not concerned about the potential schemes of hackers hiding malicious code within the NProtect folder. This update aims to mitigate potential risks,” they added.
This issue was discovered by Mark Russinovich of Sysinternals, who was the first to release details about the Sony XCP software. Symantec also expressed gratitude to the F-Secure Blacklight team for their assistance in addressing this matter.
Users can find more information here.
