[17296] in bugtraq
Possible security issue in NAV2001 on Windows ME
daemon@ATHENA.MIT.EDU (Peter Kruse)
Mon Oct 23 13:06:48 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id: <OPEGIPGNCOCEPOHEJPELGECFCAAA.peter.kruse@it.dk>
Date: Sun, 22 Oct 2000 22:48:58 +0200
Reply-To: peter.kruse@it.dk
From: Peter Kruse <peter.kruse@IT.DK>
To: BUGTRAQ@SECURITYFOCUS.COM
Yesterday I received my new laptop with a default installation of Microsoft
Windows ME and the Norton Antivirus 2001 product. Durring a short test I
accidentally stumbled upon a possible security problem with NAV.
Overview:
If you place a virus or other known malware in the c:\_RESTORE folder
(apparently default on Windows ME) Norton Antivirus will not scan that
folder in a "full-system" scan. This seems to be Symantec4s poor choice not
to scan such files? However if you manually scan C:\_RESTORE NAV will find
the infected file but won4t be able to delete, repair nor quarantine the
file? This could lead a malicious user to drop files into the restore folder
- there4re a few obvious ways to exploit this. Eventually this can be tested
by booting from a dos and copy a virus to c:\_RESTORE. The test will show
that NAV2001 will indeed detect the virus but will be unable to do further.
This just might be a even bigger issue and could be Windows ME based and
therefore leaving other AV-products vulnerable.
Does anybody have further information regarding this possible security bug?
I have contacted Symantec this morning but still no reply.
Kind regards
Peter Kruse
www.virus112.com
