Hey, it’s my hobby, although I hope to make it my vocation again. After all the recent fuss over Sony’s use of a rootkit to protect honest consumers from doing things they have a legal right to do, I expect we’ll see more stories like the following come to light. Apparently, Symantec (aka Norton) uses rootkit technology to “protect” users from themselves when said users run Systemworks. Now I get the whole idea of wanting to help users avoid problems from accidentally screwing their systems up. I know that Symantec is just trying to help. But using technology to hide things from a user on their own system, without specifically spelling out that this will be done is just wrong. I understand it can be turned on and off, but I get the impression that the functionality of this feature is not spelled out in advance, and it really should be.
As the author of the linked column notes, there’s no known misuse of this rootkit technology to harm systems (that is, there are no known exploits of this “feature” by malware writers). But that doesn’t mean it can’t or won’t happen. It doesn’t even mean it hasn’t happened. As with the Sony fiasco, F-Secure appears to be the consumer protector we would like all security companies to be. This is a company that is getting my dollars when I next shop for security software. They just do things right. And they have a great security blog, too.