|
 |
divendres, 13 / gener / 2006 |
La versió Home té suport fins al 31 de desembre d'enguany. La versió Professional també deixava d'estar suportada en aquesta data, per Microsoft ha ampliat el suport fins una data encara per determinar però que, com a mínim, serà de dos anys després de la publicació de Windows Vista.
|
01:38 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
Us recordeu de tot allò que va passar quan es va saber que Sony instal·lava, amb els seus CD, un autèntic rootkit que permetia a una persona externa un control complet de l'ordinador...
Crèieu que això no es podia superar?
Doncs s'ha superat: Symantec anuncia que una funció de Norton SystemWorks, la paperera anomenada Norton Protected Recycle bin (NProtect) es comporta com un autèntic rootkit: modifica l'API de Windows per tal d'impedir l'accés al directori on emmagatzema els fitxers esborrats. Symantec ho justifica en un butlletí de seguretat tot dient que ho fa per protegir a l'usuari
When NProtect was first released, hiding its contents helped ensure that a user would not accidentally delete the files in the directory. In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory. We have released an update that will make the NProtect directory visible inside the Windows Recycler directory. With this update, files within the NProtect directory will be scanned by scheduled and manual scans as well as by on-access scanners like Auto-Protect.
És a dir, un lloc ideal per tal que els programes instal·lin malware que serà totalment invisible.
Més detalls a eWeek: Symantec Caught in Norton 'Rootkit' Flap.
Actualització: F-Secure també ho comenta a The "Symantec Rootkit" i el qualifiquen com menys greu:
But we want to be clear on this: what Symantec was doing here was not nearly as bad as what Sony was doing with their rootkit.
Norton Systemworks has a feature called "Protected Recycle Bin". This feature is intended to enable the user to recover deleted files that would otherwise be unrecoverable. These files are stored in a folder typically called C:RecyclerNprotect - and this folder is hidden with rootkit-like techniques. There's nothing inherently wrong in this.
The only problem is that any malware already running on the system can copy itself to that particular folder and Systemworks will hide it completely from the user and from all known on-demand antivirus scanners (except from F-Secure Internet Security 2006, which will see it because it integrates the BlackLight rootkit detection technology).
However, we haven't seen any malware which would even attempt to do that.
The main difference between the Symantec rootkit and Sony rootkit is not technical. It's ideological. Symantec's rootkit is part of a documented, useful feature; it could be turned on or off and it could easily be uninstalled by the user. Unlike Sony's rootkit.
So we don't think this was that big a deal. But we're happy it has been fixed before anybody really attempted to exploit it.
|
00:54 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 2003-2006 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
 |
 |
 |
 |
Contingut actualitzat
Categories
Darrers comentaris
Arxiu
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
|
 |
 |
 |
 |
|
