Symantec Norton Protected Recycle Bin Exposure
January 10, 2006
Quote:
Norton SystemWorks contains a feature called the Norton Protected Recycle Bin, which resides within the Microsoft Windows Recycler directory. The Norton Protected Recycle Bin includes a directory called NProtect, which is hidden from Windows APIs. Files in the directory might not be scanned during scheduled or manual virus scans. This could potentially provide a location for an attacker to hide a malicious file on a computer.
Symantec has released a product update that will now display the previously hidden NProtect directory in the Windows interface.
http://securityresponse.symantec.com...006.01.10.html
January 12, 2006
Quote:
Symantec just admitted that the "Norton Protected Recycle Bin," or "NProtect" feature of Norton SystemWorks, deliberately conceals a directory from Windows APIs to protect the files from accidental deletion. A commercial security vendor using rootkit technology? Unbelievable. Symantec explained its thinking in a security bulletin. "When NProtect was first released, hiding its contents helped ensure that a user would not accidentally delete the files in the directory. In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory. We have released an update that will make the NProtect directory visible inside the Windows Recycler directory. With this update, files within the NProtect directory will be scanned by scheduled and manual scans as well as by on-access scanners like Auto-Protect."
http://www.computerworld.com/blogs/node/1573