Security Software Is It Safe ?

[GhostShip]

Oh dear more holes opened up by the so called "protection vendors" just waiting to be exploited once more.  :roll:

http://www.computerworld.com/securitytopics/security/story/0,10801,107695,00.html?source=x06

The Windows operating system expert who exposed Sony BMG Music Entertainment's use of rootkit cloaking techniques last year is now criticizing security vendors Symantec Corp. and Kaspersky Lab Ltd. for shipping software that works in a similar manner.
Mark Russinovich, chief software architect at systems software company Winternals Software LP, says that the techniques used by Symantec's Norton SystemWorks and Kaspersky's Anti-Virus products are rootkits, a term usually reserved for the techniques used by malicious software to avoid detection on an infected PC. There is "no good justification," for the use of such techniques, Russinovich said.

Symantec's Norton SystemWorks PC-tuning software uses cloaking techniques to hide a directory of backup files. This technique has been employed by SystemWorks since the 1990s in order to prevent users from accidentally deleting these files, according to Vincent Weafer, senior director for development at Symantec Security Response.
Symantec issued the patch because hackers could conceivably use the SystemWorks cloaking capability to hide files on the system. Weafer described this possibility as a low-risk threat, saying that most security software would be able to detect these cloaked files.

Kaspersky's use of cloaking software is more recent. With Version 5 of its Kaspersky Anti-Virus software, first released about a year ago, the company used cloaking techniques to hide "checksum" information that the software used to determine which files on the computer it had or had not scanned.

Any thoughts folks regarding these new "one a week" revelations ?

[KM]

i don't think there is a problem with any program using whichever methods are available to achieve an end result, as long as it doesn't cause any problems for the user

just remember that there is nothing in your operating system that can only be exploited by something malicious, there are normally just as many legitimate reasons for doing something a certain way

[Lysanddder]

You can find Marc's write-up on the Symantec recycle bin rootkit here:http://www.sysinternals.com/blog/2006/01/rootkits-in-commercial-software.html

The idea is that the program catches files that hte operating system deletes but doesn't put into the recycle bin. If the user wants those files back, he or she can simply tell the program to put them back and it will do so. That's how the program is intended to function, by keeping deleted files invisible but still accessible by the user if said user desires. I don't have an issue with it, although he does make a good point reguarding how XP handled system restore VS. how Norton protected recycle bin handles it.