Print this article  |  E-mail this article  |  Comment on this article

Symantec Found Using Rootkit Feature

By Nate Mook, BetaNews

January 11, 2006, 8:30 PM

Symantec is cleaning up a feature in Norton SystemWorks that uses a rootkit-like technique to hide a system folder from Windows. The technology works similar to Sony BMG's controversial rootkit DRM in the way it masks files and makes them invisible to the operating system.

The Norton Protected Recycle Bin feature adds a directory called NProtect, which stores temporary copies of files that users delete. The idea was to supplement the standard Windows Recycle Bin and enable users to recover files they removed accidentally.

However, hiding a directory from Windows can open the door to vulnerabilities, as the Sony DRM rootkit debacle exposed. Malware authors were able to write viruses and worms that hid in the cloaked directory, effectively preventing scanning software from discovering their existence on a PC.

Symantec notes that on-demand scanners, including Norton AntiVirus, would discover the malware when it is loaded it memory. Still, the company isn't taking any chances after Sony's PR disaster and has issued an update to make the NProtect directory visible in the Recycle Bin.

"The NProtect directory will continue to function as it always has, and users will continue to have the ability to enable or disable the feature through the Norton Protected Recycle Bin user interface," the company said in a security advisory.

Users of Norton SystemWorks can download the patch now through LiveUpdate. "Symantec is not aware of any attempts by hackers to conceal malicious code in the NProtect folder. This update is provided proactively to eliminate the possibility of that type of activity."

The rootkit-like activity was discovered by Mark Russinovich of Sysinternals, who first released details on the Sony XCP software. Symantec also thanked the F-Secure Blacklight team for their assistance in resolving the potential problem.

Add a Comment (100 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By maniakmx3

posted Jan 13, 2006 - 3:04 PM

BOYCOTT SYMANTEC!!!!!

Score: 0

By Jaymil

edited Jan 13, 2006 - 10:09 AM

I have deleted everything that had Norton or Symantec from my computer so I cannot us the Live Update. What would the address be to this hidden folder. I have a small program I got from your site called Force Delete. It will delete anything even if not allowed by the system.

Thank you

Score: 0

By p3t3rb0na

posted Jan 12, 2006 - 11:26 PM

Resource Hog turning into a Mole

Score: 0

By landfish

posted Jan 12, 2006 - 3:44 PM

come on you guys, Symantic stuffed up in a big way there is no excuse for a security company making such a blunder, I can picture you all on the Titanic pleading that it's unsinkable as it slips below the surface. Remember this is a companey supposed to be fighting virus and trojan writers not helping them by installing tools they can use.
Symantic is, always was, and will aways be garbage and now rottern garbage!!!!! :-))

Score: 0

By gawd21

posted Jan 12, 2006 - 7:36 PM

Thank You!!! Some people feel that just because you kill someone and say, "I am sorry that I killed your mom", that is makes it all better. Well it doesn't! You screw people over and KNOW that you are doing it and after you are caught say you are sorry doesn't change the fact that you were in the wrong 100% before you were caught. Does it? NO!

Score: 0

By landfish

posted Jan 12, 2006 - 8:38 PM

Hey Gawd, your earlier posting summed it up -"So what if they fixed it, it should NEVER have been there!" I don't understand why people are making excuses for them, and they didn't come clean about it, as some people are saying, it was discovered by some one else. OK they bought Norton and now feel offended by the critisism, well its Nortons they should be offended by.

Score: 0

By Metshrine

posted Jan 12, 2006 - 10:03 PM

Why should it not have been there? Neither of you has explained that. It has worked for years and until the sony incident, wouldnt have harmed anyone as it didnt hide folders or files with a certain text string in their name, it didnt allow backdoors into your pc, all it did was protect files that were deleted from a pc in case the user wanted to undelete them. What exactly about it should not have been there?

Score: 0

By wincement

posted Jan 12, 2006 - 7:39 PM

You're right, but did Norton's rootkit actually cause any damage?

Nope. And it's fixed now.

Score: 0

By gawd21

edited Jan 12, 2006 - 9:42 PM

No, but neither did the poison that someone put in the Tylenol that got discovered before it was released.

EDIT: Here you go, in simple easy to understand terms: You are lucky that you didn't get HIV from her while having intercourse. It happens all of the time, but you were one of the few lucky ones!

Score: 0

By Metshrine

posted Jan 13, 2006 - 10:29 AM

Few lucky ones huh? So far, in the years that norton protected recycle bin has been out, there has not been a single exploit against it. Why? It doesnt hide files or folders with a certain text string like Sony's root kit did. That is the big difference. The only thing symantec is guilty of is using a feature that is LIKE a root kit, but really isnt since it doesnt allow virus exploitation. So please, show me stats where someone was hurt by the NPROTECT folder, please.

Score: 0

By gawd21

posted Jan 13, 2006 - 1:06 PM

Then why did they remove it?

Score: 0

By Metshrine

posted Jan 13, 2006 - 1:38 PM

To avoid being accused of having a root-kit like feature, as is stated in the article, if you bothered to read it ;-) And they didnt remove the feature, they just UNHID the folder that it utilized c:\nprotect

Score: 0

By gawd21

posted Jan 13, 2006 - 2:59 PM

Do you have any idea about anything? If it wasn't what it is why would they have to worry about it?

If it wasn't a liability they would never have removed it, just because someone might say that it's a root kit. No company would spend the time and money to do that.

Score: 0

By Metshrine

edited Jan 13, 2006 - 4:47 PM

"The rootkit-like activity was discovered by Mark Russinovich of Sysinternals, who first released details on the Sony XCP software. Symantec also thanked the F-Secure Blacklight team for their assistance in resolving the potential problem."

Notice the words POTENTIAL PROBLEM. There was no problem with the feature, and there was no message stating that it was somehow being exploited, they removed it to prevent a POSSIBLE exploitation of the feature.

Also read

""Symantec is not aware of any attempts by hackers to conceal malicious code in the NProtect folder. This update is provided proactively to eliminate the possibility of that type of activity.""

Notice, the update is only provided because they want to eliminate the CHANCES of it happening, not because it has happened.

Score: 0

By Metshrine

posted Jan 12, 2006 - 5:34 PM

Umm, I dont know if you noticed, but they removed the hidden functionality and the update is on liveupdate as of this morning. I dont care how much you hate them, they stepped up and fixed the issue before it got widely hit like the sony style root kit issue.

Score: 0

By Adrian79

posted Jan 12, 2006 - 1:43 PM

nod32, besides that i have no further comment!

Score: 0

By norton user

edited Jan 13, 2006 - 10:45 AM

nod32 is no better than any of the rest, actually nod32 has had many problems reporting infections where there are none. no one is perfect and everyone makes mistakes. do any of u honestly think you could have even made halfway equivalant software. dont think so. ya its kinda funny when someone trips, but your not supposed to point and laugh.

Score: 0

By gawd21

posted Jan 12, 2006 - 1:24 PM

*Shakes head* First they make it almost impossible for the average person to remove their junkware and then we find out about rootkits. I think it's time that people are told about companies like this, on a large scale and that it is put in every newspaper and on every News station, group, and forum. The people that are suppose to protect you are the same as the ones trying to hurt you. Disgraceful!

Score: 0

By giwo

posted Jan 12, 2006 - 11:50 AM

The differences here are plain.

1) Symantec products (specifically SystemWorks) aren't stuffed down your throat, even the pre-installed NAV versions can easily be removed. Sony's software was installed without letting the user know, and was unable to be removed (easily, if at all).

2) People WANT an anti-virus solution on their computer (even if some feel Norton's is a bad one), they don't want DRM software.

3) Symantec is quickly working to fix the problem, Sony stated that people are too dumb to realize it IS a problem.

Overall, continued work on finding these sorts of security issues are welcome. This won't be the fiasco for Symantec it was for Sony, but as I mentioned, there are substantial differences that made it a PR nightmare for Sony.

Score: 0

By Metshrine

posted Jan 12, 2006 - 5:35 PM

Amen, now if only people like gawd21 would read this and realize that not everything symantec or any other company they love to hate does is bad. They fixed the issue already and very quickly

Score: 0

By gawd21

posted Jan 12, 2006 - 7:20 PM

So what if they fixed it, it should NEVER have been there!

Score: 0

By Metshrine

posted Jan 12, 2006 - 9:42 PM

Why not? It prevented the user from seeing it, not knowing what it was, and deleting it. The purpose of the feature was to allow a user to delete stuff that was removed from the recycle bin. It didnt have any sort of root kit functionality like sony's kit that hid all folders with a certain character sequence, it simply was hidden. Thats it. So why exactly should it not have been there? You're bad mouthing a company for adding a feature that worked in every way intended on both the user side and by the dev. I bet if eset made some sort of sec suite that did something similar, it would be praised because of course, it is eset and not symantec. Again, get off your symantec hating horse and stop trying to bad mouth everything every company you hate does.

Score: 0

By gawd21

posted Jan 12, 2006 - 9:49 PM

So what you are saying is that if a virus withe the same name got on yoru computer, that is ok , because Symcraptec used that name? Get a grip!

Score: 0

By Metshrine

posted Jan 12, 2006 - 9:51 PM

Umm, do you post just to see yourself type? Your reply made absolutely no sense. The feature has been there, and been used by users, for several years. Symantec simply decided to avoid any bad publicity of being accused of having root-kit like functionality and removed it before they could be accused of such.

Score: 0

By gawd21

posted Jan 12, 2006 - 10:32 PM

Umm, they were accused that is why the removed it!

Score: 0

By mtsuguitar

posted Jan 12, 2006 - 1:56 PM

Amen brother!

Score: 0

By joeshmoe7

posted Jan 12, 2006 - 11:14 AM

Systemworks... i... oh man forget it. I'm not even going to go there. Just take a damn sledgehammer to a PC it's a lot cheaper.

Score: 0

By joeshmoe7

posted Jan 12, 2006 - 11:15 AM

damn, i went there. Couldn't resist.

Score: 0

By robmanic44

posted Jan 12, 2006 - 10:24 AM

Just yesterday I had a eMachines support person who wanted to upgrade my antivirus from F-Prot to Norton. That, unfortunately, is the attitude of many PC manufacturers. Once you have Recycler on your desktop, it's very difficult to get off. And it continues to eat resources.

Score: 0

By joeshmoe7

edited Jan 12, 2006 - 11:06 AM

yeah most support people are morons, f-prot is good i wouldnt trade that for norton any day. It was probably a support guy in india with good english lessons and a headset.

i said "most", i know a few who are actually geniuses.

Score: 0

By mjm01010101

posted Jan 12, 2006 - 10:20 AM

Seems pretty straight forward. Unlike Sony, Symantec worked directly with those who discovered it, the problem was fixed pronto. No complaints here.

Score: 0

By PC_Tool

posted Jan 12, 2006 - 9:34 AM

LAME.

1. It's been there forever. Hell, Windows has Hidden folders...Hidden folders != rootkit.

2. It's Norton, people. Who *really* cares?

3. Mark did good on Sony's thing.. Can he not distinguish between something doing what the user *and* programmer intended, and something *not* intended by the user?

Any AV program will catch viruses in hiddenfolders. (system restore folders, anyone?)

This just looks like a pathetic attempt by Mark to try and get back some of that temporary fame he got for the Sony thing.

Score: 0

By compm375

posted Jan 12, 2006 - 9:42 AM

There is a big difference between files that can be seen when you check "Show hidden files and folders" in Folder Options and files that are hidden to Windows itself. The latter is a kind of rootkit.

Score: 0

By PC_Tool

posted Jan 12, 2006 - 2:15 PM

Want me to go back and replace "hidden folders" with NPROTECT? Same damn thing. yes, it's not the "Hidden" attribute. But it's also *not* a rootkit.

Score: 0

By citizen420

posted Jan 12, 2006 - 8:12 AM

in what way is this an issue, or news. ive been using NSW for sum time now, NProtect folder isint anything new, nor is it that well hidden. then again, im not the average xp user:)

Score: 0

By rijp

posted Jan 12, 2006 - 9:20 AM

Its not an issue. But keep using NSW, forever if you like. I can guarantee, you have a virus right now. You have a trojan right now. So keep using NSW to your hearts content, its false security. Its not a problem until you using something else that indentifies the REAL threat on your computer.

The recycle bin hidden like features isn't a problem perse, its added to the list of OTHER problems with Symantec products. The product line SUCKS! plain and simple. You are using something that's popular and that HAS been known as good, its not on the top list of products any longer, so why use something that isn't the best?

Score: 0

By GoodThings2Life

posted Jan 12, 2006 - 10:20 AM

You can make no such guarantee, and you are incredibly NUTS if you think you can.

I've run Symantec products for years and have never had a virus on my system. I know this because I'm not a complete idiot... which is to say that I keep it up-to-date DAILY, and I keep subscriptions active, and I am intelligent enough to not download or install anything I don't trust or haven't thoroughly read the documentation for it.

Score: 0

By crosscut

edited Jan 12, 2006 - 10:02 AM

You guarantee he has a virus huh? So you are guaranteeing my parents have a virus? They prefer norton systemworks, and guess what, I've done scans with various a/v's on their system even with this product installed and never had one virus detected that norton didnt pick up. Just because you hate norton doesnt mean it doesnt work. Get off your norton hating horse and, unless you can provide some stats that shows a virus WILL ALWAYS get through the product, keep quiet and dont post. I hate these anti-INSERTCOMPANYNAMEHERE zealots, they bad mouth anyone who even says they've used a product by INSERTCOMPANYNAMEHERE

Score: 0

By PC_Tool

posted Jan 12, 2006 - 9:37 AM

Because millions of folks use it, and when a problem is found, it gets taken care of? I personally use NOD32 for virus scanning, but you have to admit...a lot more testing is done...even by 3rd-party security firms, on NAV than on NOD32.

Score: 0

By Gerwin

posted Jan 12, 2006 - 7:38 AM

Norton is bad, so is windows. OSX is good. Now go away.

Score: 0

By GoodThings2Life

posted Jan 12, 2006 - 7:11 AM

The NProtect folder has existed since the original release of Norton SystemWorks for Windows 95... It has always been marked as a "Hidden" directory, but then again, so is the "Recycle Bin" folders in any version of Windows. Anyone who shows "all hidden files" in Explorer would see it. Symantec has also always displayed the configuration options to disable NProtect both on the Recycle Bin Properties and in the SystemWorks interface.

Personally, I think Mark Russovich is a great guy and very bright security analyst... and I think Symantec has done the right thing to issue an update that modifies this function.

But I also think those of you with paranoid delusions about the security risks of this particular issue are just stirring up trouble where none exists.

All this being said, I'd rather see Symantec spending time on fixing their Installer/Uninstaller issues than fixing a feature that isn't a problem.

Score: 0

By athome

edited Jan 12, 2006 - 12:04 PM

Personally, I think they have done a great job by bringing this to light. Only in that it would be a matter of time that some idiot exploited this feature in order to get the lime-light of "bringing Symantec down."

The reasons behind the hidden attributes don't fall under the same heading as SONY has done with theirs. Can you imagine if someone had exploited Norton and the PR that they would have to do to dig themselves out of a hole. The right thing is to acknowledge the "similarity" to Sony, but issue a fix as to whether or not the customer will change the feature.

Personally, I stopped using Symantec some years ago because even though they were to find trojans on my computer(even updating regularly), they couldn't remove them. I often wondered if it had to do with them taking GAIN to court a while back? Never did hear what the results were about that. They were a great product, but have become very doggy(mem hog) on the machines I service as well as my own. I certainly don't put them above anyone when it comes to virus removal.

IMO

Score: 0

By rijp

posted Jan 12, 2006 - 9:17 AM

Even showing "hidden" attributes, the recycle folder isn't always visible.. and when it is visible, you can delete the contents. Removing all traces of Symantec Products (using their uninstall) doesn't even remove it..

And you don't see that as a problem?

Score: 0

By GoodThings2Life

posted Jan 12, 2006 - 10:18 AM

You are absolutely, positively... WRONG, rijp.

When you enable both "show all files" options in Windows Explorer (My Computer) > Tools > Folder Options > View tab... ALL files are shown with the following 3 exceptions:

1) The "file" that Windows uses as the MFT (Master File Table), which per se, isn't a file at all, but nevertheless.

2) The contents of the "System Volume Information" folder on 2000 and XP has permissions set on it that prevent any user except the System account from accessing it. The folder is used to store the System Restore backups as well as the Index Manager's index.

3) You have an NTFS partition in which permissions are set on a folder that explicitly denies you access to the folder. The most common sign of this is in XP Home edition where you must be logged in as Administrator in Safe Mode to see the contents of other user's profiles.

The Recycle bin is shown as C:\RECYCLER\S* where S* is the Windows Security ID Number representing your account. Prior to NT/2K/XP, it was just plain C:\RECYCLER.

Furthermore, in my testing, uninstalling Symantec through its own uninstaller doesn't remove half the product... that's obvious, because they release SYMNRT to compensate for it. SYMNRT does in fact remove all files, folders, and settings so far as I can tell.

Score: 0

By crosscut

posted Jan 12, 2006 - 10:00 AM

Just removed it fine for me

Score: 0

By gawd21

posted Jan 12, 2006 - 1:48 PM

Go look in your program files and registry. Unless you spent the past 45 minutes + or used a third party program to remove it, then you did not get it all out of your computer.

Score: 0

By Metshrine

edited Jan 12, 2006 - 5:37 PM

OH NO!, 23 registry keys that will never be touched, MY COMPUTER IS DOOMED! I know many many other programs, to include OSS programs, that dont remove every key either. And yes, every file is gone and no I didnt use some special uninstaller, I used the one that came with the program.

Why dont you stop trying to think you know everything about everything ;-)

Score: 0

By gawd21

edited Jan 12, 2006 - 6:33 PM

Bah, it has nothing to do with knowing everything. Norton's sucks and it does leave files and Reg entries on your computer, so NO, it doesn't remove them all. So why don't you learn something and then post.

EDIT: I hate fanboys/girls that will over look murder if it supported what they wanted.

Score: 0

By Metshrine

posted Jan 12, 2006 - 6:41 PM

You obviously didnt read my post, I search my registry in vmware for symantec and norton and came up with 23 registry keys and NO files. Why dont you try reading :) So what if it leaves 23 registry keys that serve no purpose in your system? Other apps do this too

Score: 0

By gawd21

edited Jan 12, 2006 - 7:31 PM

Dude you are just stupid. There are more than just NORTON and SYMANTEC reg entries there and your reg doesn't contain files. DUH. The registry doesn't contain file, but "directions" or " instructions" as to what a file should do or find. Seeing how you are still in high school, I will over look this, but point out that you must not have ever tried to remove Norton AV from your computer or anyone else's for that matter. Norton is the second top reason computers come to me in need of repair for performance issues! Most have used the standard Add/Remove and still have vast performance issues directly related to Norton not completely uninstalling!

EDIT: P.S: I don't feel or think I know anything about everything, that is why I don't post on every topic or story that BN lists. I only speak about what I do know and from time to time I have been wrong, but not about this or that MACs have yet to prove they are better.

Score: 0

By Metshrine

edited Jan 12, 2006 - 9:52 PM

Dude, are you not reading what I am saying. I HAVE REMOVED VARIOUS NORTON PRODUCTS IN ORDER TO PERFORM A CLEAN UPGRADE ON OVER 200 PCS AT MY JOB PRIOR TO THE MILITARY. HOW MUCH MORE CLEAR CAN I MAKE THIS!! I know the registry doesnt contain files. I said there were 23 keys left over IN THE REGISTRY, which is nothing dangerous. I have run programs that do a side by side comparison of registry images before and after an activity, and those are the only ones left after a removal of norton systemworks. Yes, some users have had files left behind that require a special cleaning tool, but guess what, I have done this via the add/remove programs applet, and it only left those 23 keys with NO FILES ON THE HARD DRIVE, NOT REGISTRY, being left over.

So why dont you stop trying to think you know what I have/have not done. And again, you think you know everything, because you seem to think I am still in high school (obviously, as you say)? Is that why I am married, have a kid, and have 2 years in the US Army? Why dont you try posting something of intelligence instead of trying to insult or belittle me.

Score: 0

By gawd21

posted Jan 12, 2006 - 9:59 PM

"because you seem to think I am still in high school (obviously, as you say)? Is that why I am married, have a kid, and have 2 years in the US Army? Why dont you try posting something of intelligence instead of trying to insult or belittle me." Well when you act this way, people are prone to believe this. You have yet to show that you are older then 12, but I was trying to be nice and say high school.

Score: 0

By Metshrine

posted Jan 12, 2006 - 11:49 PM

Well, for one, it is not my place to prove anything about myself. Unless you have info that proves I am lying, the burden of proof is on you, the accuser, just like in any court case. So, until you have proof otherwise, I would appreciate you stop attempting to belittle me until you have proof that I am other than what I claim to be

Score: 0

By gawd21

posted Jan 13, 2006 - 12:09 AM

Well, hmm, lets see; When the installer/uninstaller isn't written to remove the program completely and you claim that it did for you, I am not the one that needs to prove that you are lying, as that is a given.

Score: 0

By gawd21

posted Jan 12, 2006 - 9:56 PM

A computer should never hide anything from the user, nor should it do any action without the user's concent!

Score: 0

By Metshrine

posted Jan 12, 2006 - 10:01 PM

OK, so by your logic, microsoft is wrong in hiding the system volume information folder. Lets leave that open for all users to see, and then when they delete it and cant restore their system using the system restore feature, they can come to you with their complaints. The fact is, some stuff on a pc should be hidden, norton protected recycle bin was hidden and the user agrees to it when they hit YES I AGREE on the norton license agreement screen. So please, tell me where the user doesnt give their consent. Sony was wrong, because they didnt give you any choice in the matter, microsoft and symantec both have clauses in their EULA that state that the program will hide these folders.

Score: 0

By gawd21

posted Jan 12, 2006 - 10:34 PM

Show me a cpy of the EULA that says that they will HIDE content on your computer that name be used to also hide viruses!

Score: 0

By gawd21

posted Jan 12, 2006 - 9:55 PM

"Yes, some users have had files left behind that require a special cleaning tool, but guess what, I have done this via the add/remove programs applet, and it only left those 23 keys with NO FILES ON THE HARD DRIVE, NOT REGISTRY, being left over. "

You just tell lies! It isn't that simple or everyone would have the same results that you have and NO ONE does. Stop your BS! If in fact you do work with/in the army they need to move you to a place that wouldn't cause harm to them, as you do if you think that is all Norton does. You are under educated and need to grow up as well as go back to school to learn what a computer should and shouldn't do without someone telling it to do as the user is concerned. Met, my not so friend, you are lost and are wrong or a liar!

Score: 0

By Metshrine

edited Jan 12, 2006 - 10:12 PM

You mean I need to go back to school to learn what YOU think a computer should and shouldnt do without you telling it what to do. You see, I rest my case, you simply try and insult me. You post no relevant data to the article or my posts and seem to think you know everything about me. You insult me because you cant do anything but that, you havent done anything to prove your case. I never said it was that simple, I said that I have never had a problem uninstalling their product. Nowhere did I say that no users have had that problem.

Score: 0

By gawd21

posted Jan 12, 2006 - 10:04 PM

You are still posting babel as to what you think you have when in fact the rest of the world has something different. Now if you are one in a million that have tried a purple sucker and said that your mouth didn't turn purple, that means either you lied or you just didn't look in the mirror. That is the same thing that is going on here. You are one of 1 out of a million that doesn't have the problem with Norton uninstalling, that means you are either to stupid to find it, refuse to admit it, or just lying!

Score: 0

By Metshrine

edited Jan 12, 2006 - 10:13 PM

Again, you resort to insulting me. Can you do anything but that? Your posts have nothing to do with the topic at hand and your logic seems flawed. Again, I NEVER CLAIMED ALL USERS HAD THE SAME RESULTS AS ME, I said I HAD THESE RESULTS, I never asked you to accept them, I merely put them out there. But you instead have this thing out for me because I have a view and result that differs from what you like or expect because its of a product from a company you hate. So, your insulting me for posting MY PERSONAL RESULTS, is very childish and I think you need to reasess where you point the finger because I dont think it is me that needs to go back to school.

Also,
"You are still posting babel as to what you think you have when in fact the rest of the world has something different. "

How can the rest of the world have something different when I am posting what is happening on my pc? Does the rest of the world have my pc? Are they magically able to look at my pc and see my results? If so, I would love to see how.

Anyways, you have fun replying because I am through with your kiddish replies and your nonsensical posting and lame use of insults due to your lack of knowledge on any of the topics at hand. I understand you hate a company and their products, but if you feel like posting, please post some results of your own, or some website that shows stats or something even remotely relevant to this topic. So have fun posting, I am out :)

Score: 0

By gawd21

posted Jan 12, 2006 - 10:39 PM

No, you keep saying that you didn't go and delete the information yourself or use a third party program to do it that you used the add/remove to remove it. Well, lets put it this way the code isn't there to remove that information, so it is still there or you removed it yourself. Either you lie or you removed it and forgot, assuming that it in fact was removed form your computer. Stop and read what you are saying. You are saying that your computer is magic and removes code that it isn't told to remove, just because you think it should. That isn't how it works in this day in age!

Score: 0

By Metshrine

posted Jan 12, 2006 - 11:43 PM

Again, I dont care if you believe what I have written, I know what I have done with my pc and with the PC's I've worked on. Until the day you can prove otherwise with said pc's, I suggest you stop claiming to know what has gone on in my results. So please, cease from replying to this, as my patience with you and your all knowingness has drawn to a closure. I am done.

Score: 0

By gawd21

posted Jan 13, 2006 - 12:07 AM

The INSTALLER/UNINSTALLER isn't written to remove all of the Norton file or reg entries. What do I need to prove? You are only showing that once again you lie and that everyone else that knows anything, will know that you are just full of it! The Only way the files were removed is if you did it yourself and you ahev said that you didn't, so again, either you are lying and removed it yourself, used a third party app to remove it, or it's still there.

Score: 0

By netwiz562

posted Jan 13, 2006 - 4:52 AM

This flame-war seems quite humerous.

One thing you both may want to compare before you continue this stagnant debate is version numbers/editions...

Anyways I can't say who is right as I have not bothered to waste the time to test the uninstaller my self, but I can say it is fairly common for an uninstaller to leave behind files. One thing you may want to check gawd21 is whether these are signifant executable files or just configuration and log files which may have been left for many reasons.

In addition, regardless of whether you are completly correct about this or not gawd21, I have to say some of your posts make you look like a hating idiot. Don't bother trying to argue that, its just my opinion and I will not reply.

Score: 0

By gawd21

posted Jan 13, 2006 - 1:09 PM

You are right, I do hate idiots, even if you were saying that I looked like the idiot.

Score: 0

By landfish

posted Jan 12, 2006 - 5:51 AM

I think some of you guys are missing the point here. Granted there was nothing underhand or malicious in what Symantic did and in fact it looks like their motives were to help the user, but the very fact a security company placed something on computers that in theory could be used by third parties for malicious use is to say in the least, very naive and doesn't speak highly of the company.

Score: 0

By deadmonkey

posted Jan 12, 2006 - 5:10 AM

This is just something that was done with the best intentions (unlike the Sony BMG rootkit) that wasn't the best of ideas. Symantec have acted responsibly and made this optional (and I am hoping defaulting to off?). There is not much more Symantec can do IMHO. They realised they had made a mistake and learnt from others. What more can you ask for?

While I am not a fan of the Symantec home user software suite I hope that they do not get slated over this, it is an honest mistake which they have held their hands up to and fixed before it became an issue.

Score: 0

By hmemcpy

posted Jan 12, 2006 - 3:42 AM

I just love people who don't have a slightest clue about how Windows API work and write scaldalous comments about how "Symantec's Rootkit" is evil. Pathetic.

Score: 0

By rijp

posted Jan 12, 2006 - 9:05 AM

evidently you don't know how Windows API works, because this is the same method that a rootkit uses. They aren't saying its a problem, all they are saying is resembles the same features that a rootkit would utilize to expose windows vulnerabilities.

If its a problem, its a problem, I don't care who does it.

Score: 0

By crosscut

posted Jan 12, 2006 - 10:12 AM

And, if you read, the problem is now fixed. All users have to do is run liveupdate

Score: 0

By doctorsmith

posted Jan 12, 2006 - 2:14 AM

I always thought Nortons was a virus, it's just as hard to get out of your computer. The best all round AV app is Avast! by far.

Score: 0

By rijp

posted Jan 12, 2006 - 9:07 AM

Norton Has been a bane to my existence for years, now I have more information to keep people from using it.

I like Avast, but I keep switching from that to Kaspersky and Eset, I just can't make up my mind..

Score: 0

By Comit

posted Jan 12, 2006 - 1:38 AM

Norton? Rootkits? Oooo, here's the begining of another chapter of corporate drama *buckles up* :P

Score: 0

By iamtux

posted Jan 12, 2006 - 2:23 AM

oh get real,there was no malicious intent in this case... they were just trying to add an extra layer of protection for the user...

Score: 0

By Comit

posted Jan 12, 2006 - 2:19 PM

I was referring to it causing unintended computer problems, given the mass distribution Norton products recieve. Rootkits are difficult to properly script.

Score: 0

By rijp

posted Jan 12, 2006 - 9:09 AM

Intent, maybe not, have you tried to remove and reinstall Norton? Its a major pain. whether it was intended or not, Norton is getting worse and worse to deinstall. I quit using it since 2003. Also there are multiple sites on the net with the same problems and issues with Symantec products, its a growing problem. This is just one that has finally reared its ugly head.

Score: 0

By crosscut

posted Jan 12, 2006 - 10:04 AM

WHY DO YOU KEEP REFERING TO THIS, why dont you keep on topic with what the above reviewer was saying. We realize, You've had problems uninstalling their products. I, on the other hand, with the 200+ pc's i've uninstalled it from to upgrade, have not. So please, again, get off your norton hating horse and keep on topic with other reviewers

Score: 0

By drumcat

posted Jan 12, 2006 - 1:29 AM

Ya; it's a feature. Granted it's touchy, but it seems that it's being handled properly. This is a relevant story, but miles from deceptive and Sony-like.

Oh, and to those that were thinking about switching to AVG for virus protection, it's a definite winner. AVG free is as solid as anything on the market, and has a small footprint. Oh, and it's free. It gets no better. Thanks AVG; you guys rule!

Score: 0

By Kramy

posted Jan 12, 2006 - 1:37 AM

I really like avast! since it chokes the holes into your computer and blocks stuff entering. I haven't had to run a scan yet, despite the large number of viruses that do try to get in.

Score: 0

By No Beer For You

posted Jan 12, 2006 - 2:10 AM

avast is definitely better than AVG. Purely because it scans incoming files.
That feature has saved me on numerous occasions!

I definitely wouldn't use any product with "Symantec" or "Norton" in its title.
Been there, done that.

Someone needs to start a sweepstakes to see which company comes out of the closet next...

Score: 0

By rijp

posted Jan 12, 2006 - 9:09 AM

hahaha.. Damn that was funny.

sweepstakes.. good one.

Score: 0

By spiked

posted Jan 12, 2006 - 12:09 AM

There's a huge difference between hiding a directory which is being used by a well-publicized feature which the user can easily enable/disable at will, and hiding a directory being used by secret DRM which was not disclosed to the purchaser and which clearly violates common privacy principles.

I personally don't like NProtect nor anything else in SystemWorks, but this is really a minor oversight which was corrected promptly. There is never going to be such a thing as perfect software made by humans, so the most we can expect is good faith efforts, which Symantec seems to have made in this case.

Score: 0

By kgruber

posted Jan 11, 2006 - 11:57 PM

Symantec Antivirus is by far the best anti-virus engine around. It's unfortunate that it's not available through retail channels, forcing consumers to use bloated retail version. I've used this product for the last 5 years and haven't gotten a virus yet.

AVG is great if you don't mind letting viruses creep in your system.

Score: 0

By varsity

posted Jan 12, 2006 - 12:29 AM

You must be refering to the corporate version? I've heard it's an exceptional product, but at USD $51.60, it's a bit expensive for the average joe. As I stated below, I'm not fond of their personal security suites; it seems since 2002, they've gone downhill. I used the 2003 and 2004 Internet Security suites and found them both to be unmittigated nightmares, though I've heard some positive feedback regarding the 2005 & 2006 Antivirus Personal apps.

Score: 0

By netwiz562

posted Jan 13, 2006 - 4:58 AM

I use the coporate version on one of my systems (originally because no other version would install as I run Win 2k3 server) and it is much much much much better than the consumer product. No bloat, low footprint, auto-updates, works great. Nothing like the bloated consumer product.

Score: 0

By wincement

edited Jan 11, 2006 - 11:56 PM

That's not too upsetting. At least this feature was meant to provide a safeguard for the user.

That's a heck of a lot better than the spying Sony wanted to do. Their rootkit wasn't in the interest of the customer at all.

Score: 0

By Black-Wolf

posted Jan 11, 2006 - 11:06 PM

Unlikely going to happen.

And besides, NAV sucks... big time.

Use F-Secure!

Score: 0

By itanshi

posted Jan 11, 2006 - 10:39 PM

it was better, but i'm changing to AVG once my subscription is up

Score: 0

By rijp

posted Jan 12, 2006 - 9:13 AM

Doctor: You have early cancer, you need to quit smoking NOW!

Patient: I will quit smoking as soon as the year is up.

Doctor: The longer you wait, its already in early stages, your next cigarette could be your last.. and then the cancer will spread.

Patient: That's ok, as soon as I use my last 10 cartons of cigs, I will quit.

Doctor: So, your cigs are more imporant to you than your health? You should see another doctor, you aren't interested in preventing problems, you are just worried about the cost of cigarettes.

Patient: Fine, I guess I know more about my health than you...

Moral: You don't wait once a problem is evident, when a problem is found do something about it NOW!!!

Score: 0

By gawd21

posted Jan 12, 2006 - 1:36 PM

Friend. "You are using condoms that have pin holes in them, she wants to share something with you."

Other friend. "I will just use up the rest of these, then, and get some new ones."

Score: 0

By varsity

edited Jan 11, 2006 - 8:51 PM

This is a wise initiative by Symantec, rather than turning a blind eye to the problem and hoping no one notices. Doing so would severely impair their credibility. Clearly they learned from the Sony debacle.

Score: 1

By Orbitration

posted Jan 11, 2006 - 9:40 PM

Symantec doesn't have much credibility to me anyway.

Unfortunately, the best thing they had going was Norton Utilities in the DOS days.

Score: 0

By Electrick Gypsy

posted Jan 11, 2006 - 11:00 PM

I'm afraid I agree totally with Orbitration.
Symantec doesn't have much credibility with me either. I still have copies of my Norton Utilities from the DOS days . . still very effective for use in certain situations.

I've known about the NProtect folder for quite some time. Quite visible from Linux.

Score: 0

By bourgeoisdude

posted Jan 12, 2006 - 10:07 AM

Try their 2006 antivirus. Being the anti-Symantec guy I was, this version stunned me beyond words.

Score: 0

By rijp

posted Jan 12, 2006 - 9:14 AM

FixIt is better than Norton products...

Score: 0

By varsity

posted Jan 11, 2006 - 11:28 PM

They may not produce very good software, especially their security suites, but I believe they hold a very substantial share of the market - probably the largest - so they are very credible in the eyes of most, and that's all that really counts in their eyes. You guys and I know better, so we use a competitor's product (I use NOD32 and Outpost Pro fw) but the average computer user is too attracted by their long-established big name and the flashy golden colours of the software's interface. Only hardcore users realize there are better, albeit relatively unknown, products available.

Remember, once upon a time, the defacto antivirus software was Norton and McAfee. A very small percentage of the computer using population is even aware of products like NOD32, Kaspersky, F-Secure, and Bit Defender. These are some of the best antivirus products on the market, but they haven't really been able to establish themselves this way, since they don't spend the money required on advertising the way Norton and McAfee have. It does, however, seem that the freebies such as AVG and avast! have done rather well, though they are free and that clearly explains their popularity.

Score: 0

By gawd21

edited Jan 12, 2006 - 1:34 PM

I don't use the Avast Home, I use the Professional. I feel that they are a great AV company and that they are worth the money. I would rather pay them yearly than Synafeecrap.

Score: 0

By rijp

posted Jan 12, 2006 - 9:15 AM

Bingo! Well said.

Score: 0

By Kramy

posted Jan 11, 2006 - 8:44 PM

Wow...that was so much more skillfully handled than Sony.

Score: 0

Dec 4 - 11:47 AM ET The storm hits AT&T, with a five-digit headcount reduction

Dec 4 - 11:42 AM ET TV sports adopts Web coverage, plays with iPhones

Dec 4 - 11:24 AM ET Microsoft seeks 'community' help to make IE8 Standards Mode work out

Dec 4 - 10:43 AM ET Hitachi GST and Intel make a solid-state deal

Dec 3 - 11:36 PM ET Yahoo cedes Internet radio operations to CBS

Dec 3 - 5:54 PM ET Big BCS bowl game to land at CES 2009...in 3-D!

Dec 3 - 4:58 PM ET Songbird 1.0 music player makes a landing

Dec 3 - 3:41 PM ET Ted Rogers (1933-2008), giant of Canadian tech and media

Dec 3 - 2:27 PM ET Analysts: PC growth will slow, while notebooks remain a bright spot

Dec 3 - 1:58 PM ET RIM's third quarter outlook shouldn't shock, but does anyway