Hacking Symantec: Easy Peasy

26Jun2008 Filed under: Observations, The Dark Side Author: Rami Taibah

Last week, the IT department had an epiphany, they decided to replace Mcafee Anti-Virus with Norton on all employees computers. Since I work in a company technologically retarded, the announcement almost went unnoticed with minimal opposition from all the departments. Only a handful (actually one besides me) didn’t like the decision. We discussed it a bit, that Norton is a resource hog, and will probably slow up our systems. However we begrudgingly obliged.

While I knew that my system was screwed, since I didn’t defragment for some time, had loads of unnecessary applications, didn’t clean my registry for a few month…etc. You know how XP could become after a couple of month of usage. The Norton installation was like the last nail in my laptops coffin. The system has become so annoyingly slow, that on more than one occasion I almost punched the screen! Switching between applications could take up to 30 seconds, sending out an E-mail would take another 30 seconds, random freezes while typing a document, it really got frustrating. I decided to take matters into my own hands. Step one: be the technological renegade I always been, get rid of Norton!

So I fire up my Control Panel, and then click on the Add/Remove Programs icon, click on the damn Norton icon and Remove. Oh oh not so fast cowboy, I needed a password:

At this point, a lot of ideas crossed my mind, smart guessing, brute force, social engineering…etc. But I decided to appeal to Google, maybe there was a default password I could use. After a quick 30 second Google, I landed on a forum, someone had the same exact problem I had, one suggested to fire up the Task Manager and kill a process run by the user (not System) called Msiexec.exe. My first thought, was NO WAY, it can’t be that easy! But decided to try it.

Lo and Behold! The uninstallation rolled and I had a Norton free system within a minute!

Now my question is: is this the kind of security millions of computer users and thousands of corporation depending on? How can such a hack go unnoticed for multiple versions (yes it has been around even for earlier versions) by such a “leading” computer security company? Didn’t any one report it? File a bug? Security through obscurity my ass!

Tags: Hacking, Norton, Symentac

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

17 Responses to “Hacking Symantec: Easy Peasy”

Yousef Raffah Vote: 0 0
June 26th, 2008 at 4:43 pm

hahahaha, that is nice to hear. Dude your company’s IT security policies are way different than ours, I’m not saying we are great, but we are a little bit better, at least, in terms of the Antivirus.
Good luck with your Norton security and my regards to your IT team

[Reply]
Chris Vote: 0 0
June 27th, 2008 at 12:18 am

Are you kidding me? What a joke.

[Reply]
tom Vote: 0 0
June 27th, 2008 at 12:44 am

This exploit doesn’t surprise me at all. S.E.P. is the biggest load of crap ever. Half of the option don’t work (Network Threat Protection being the biggest one). The centralized console doesn’t work. I installed this around my work and had to run back to each machine, uninstall the software, reinstall the software in stand-alone mode, no network threat protection, no Application and Device Control, and I hope that the updates are happening, but I can’t check in a centralized console. A definite ‘don’t use’ from me.

[Reply]
tom Vote: 0 0
June 27th, 2008 at 12:49 am

Started thinking about it and found that they just released another upgrade. 11.0.2010. Downloading now. Let’s see if it’s still crap….

[Reply]
Sam Dodge Vote: 0 0
June 27th, 2008 at 2:27 am

Last time I checked, it was stupid easy to “hack” that product. There’s a registry key that allows you to enable/disable the use of the uninstall password.

Change the key to a zero, and attempt the uninstall. No password needed.

How’s that for stupid?

[Reply]
crotchet Vote: 0 0
June 27th, 2008 at 2:49 am

So let me see. You admit to downloading, installing and using 3rd party software that wasn’t approved by your “IT Department”, you then complain the system is slow to use. Did you contact IT? Perhaps normal every day maintenance could have cleared up any problems. What formal troubleshooting methodology did you perform? Whats that? The first thing you did when you experienced a performance problem with the companies (not yours) machine was… uninstall antivirus?
Well on behalf of your company’s IT dept, F*** you.
you’re the ones that propagate malware all over corporate networks due to your apparent lack of respect for the equipment your company lets you use, and your utter ignorance in your inability to keep a simplistic os like XP and allow it to become “unusable within months”.
You should not have admin rights. It only takes one weak link, and you sound like you’re rusting.

[Reply]
Rami Taibah Vote: 0 0
June 27th, 2008 at 3:07 am

@crotchet: First of all, it seems like you are a system admin and have tasted the brunt of stupid users, I understand. But no need to lash out on me, I assure you that I am totally aware of what I am doing at any point in my system.

The 3rd party apps you ask of, are your everyday apps for me (and probably you) like Firefox, GIMP, Adobe Air, VLC..etc. The computer I recieved from the company had only 1 thing on it, and that was Mcaffee Anti-virus! So do you expect me to work with a fresh install of XP? I need to do quick photo editing, I need to browse the Internet, I even need to see some multimedia every now and then.

And trust me I am not stupid to not have anti-virus on an XP system, I simply rolled back to Mcaffee.

Besides, this post is not about me bragging about how “daring” or “adventurous” I am, it’s about how stupid Symantec is. I was astonished by how I bypassed their security measures, and decided to share it with the world.

Thank you for your pleasant comment, it really felt warm inside!

[Reply]
MONKEY Vote: 0 0
June 27th, 2008 at 4:17 am

M$ will never fix Windows
Too many eat with a bad system like Windows
Symantec is trying to spread the hoax that Mac OS X is Vulnerable, so they can create new markets, but unfortunately nobody needs an antivirus on Unix system, because unless a virus has root powers it cannot cause any damage to the system, just to the user area.

*Edited by admin: Caps removed*

[Reply]
honest_ape Vote: 0 0
June 27th, 2008 at 4:32 am

@crotchet

Dude! If you’re going to say Fuck You, have the balls to say that shit, man! Quit being a fucking pussy! If you’re going to hurl insults like that at a guy, grow a pair and do it right!

F*** You? C’mon, loser. You’re going to say fuck you and at the same time try to make it polite by censoring it? Make up your fucking mind.

Pussy.

[Reply]
guyonphone Vote: 0 0
June 27th, 2008 at 9:41 am

The default/backdoor password is (are you ready for this?) “symantec” typing that in usually lets you uninstall it.

[Reply]
Scott Vote: 0 0
June 27th, 2008 at 11:39 am

The fact that you can uninstall (or install) anything just proves that your IT department sucks.

Oh yeah, but then it was already obvoius with the Norton (or McAfee for that matter) thing as well.

[Reply]
amrush Vote: 0 0
June 27th, 2008 at 12:14 pm

lol … that’s actually dumb I hope by the time I start working nothing would be changed ..

[Reply]
numerodix Vote: 0 0
June 28th, 2008 at 7:33 pm

That is absolutely amazing. They demand a password just so you can get rid of the bitch. What incredible audacity!

[Reply]
reghax0r Vote: 0 0
July 7th, 2008 at 2:22 am

Why bother killing processes when you can just change two registry keys from 1 (00000001) to 0 (00000000):

[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security]
“UseVPUninstallPassword”=dword:00000000
“LockUnloadServices”=dword:00000000

[Reply]
manuel Vote: 0 0
July 11th, 2008 at 4:36 pm

awesome… so easy. the worse part is, a lot of people cant even do that…

[Reply]
Ivan Vote: 0 0
July 12th, 2008 at 1:12 pm

For the technically challenged - Symantec site Downloads - Norton removal Tool.

[Reply]
diz8 Vote: 0 0
July 18th, 2008 at 7:24 pm

Updated reg keys for Endpoint 11.0.2000.1253

[HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security]
“LockUnloadServices”=dword:00000000
“UseVPUninstallPassword”=dword:00000000

[Reply]

About this blog

Royal HeHe2-ness is a world where free software is valued, nay sought for!! While proprietary software is banished, degraded and ridiculed till the end of times.

Recent Articles
Recent Comments

Royal HeHe2-ness!