Bugtraq mailing list archives
Possible security issue in NAV2001 on Windows ME
From: Peter Kruse <peter.kruse () it dk>
Date: Sun, 22 Oct 2000 22:48:58 +0200
Yesterday I received my new laptop with a default installation of Microsoft Windows ME and the Norton Antivirus 2001 product. Durring a short test I accidentally stumbled upon a possible security problem with NAV. Overview: If you place a virus or other known malware in the c:\_RESTORE folder (apparently default on Windows ME) Norton Antivirus will not scan that folder in a "full-system" scan. This seems to be Symantec´s poor choice not to scan such files? However if you manually scan C:\_RESTORE NAV will find the infected file but won´t be able to delete, repair nor quarantine the file? This could lead a malicious user to drop files into the restore folder - there´re a few obvious ways to exploit this. Eventually this can be tested by booting from a dos and copy a virus to c:\_RESTORE. The test will show that NAV2001 will indeed detect the virus but will be unable to do further. This just might be a even bigger issue and could be Windows ME based and therefore leaving other AV-products vulnerable. Does anybody have further information regarding this possible security bug? I have contacted Symantec this morning but still no reply. Kind regards Peter Kruse www.virus112.com
Current thread:
- Possible security issue in NAV2001 on Windows ME Peter Kruse (Oct 24)
- <Possible follow-ups>
- Possible security issue in NAV2001 on Windows ME Bill Sobel (Oct 25)