We Love You, Rinbot!

It’s not often that we openly sympathize with the virii writers, but this time, it’s too good to be true. Rinbot Generation 7 is targeting Symantec [[SYMC]] and Symantec users – and that’s a good thing.

Anyone using Symantec’s anti-virus software from 2006 and hasn’t updated it is vulnerable to a very powerful complete remote control vulnerability. What does Symantec have to say about it?

Users of Symantec AntiVirus Corporate Edition and Symantec Client Security should apply the appropriate update as soon as possible, Vincent Weafer, a senior director at Symantec Security Response, said Tuesday. However, because there are no known attacks that exploit the flaw, the need to patch is not urgent, he added.

That’s an excerpt from a c|net article dating all the way back to May of 2006 – a year ago now. Thanks to Symantec’s non-chalance and Turner Broadcasting Systems’ (the owners of CNN) complete disregard for standard IT procedures, they were infected earlier today by Rinbot.

Rinbot’s nothing new, it’s an ancient virus that has found a new way of entering your PC: through Symantec’s software. Instead of viruses attacking Microsoft from left, right, top, and under for no truly good reason, here’s a virus that does some good in the world: it brings attention to a billion-dollar monopoly that has been gambling with the security of its users for years now.

What kind of anti-virus product only updates once a week (on Wednesdays). What kind of company labels a complete remote control vulnerability as “unimportant?” And most importantly, what kind of security company lets its product remain installed without updating?

Shame on Time Warner for hiring IT Guys that don’t know how to pick a decent anti-virus solution, and for being too thick to realize they need to manually update Symantec’s software. And shame on Symantec for doing this to its customers. Wake up people, Symantec’s not in it for your security, only your money.

Earlier this week, Symantec released a public press statement that they were “confident users would see beyond the price” of their new 360 system protection software…. 2 days later: Symantec labels Yahoo! Desktop as a virus – an “honest mistake.”

“There will definitely be some price sensitivity” on the part of users, said Mark Kanok, 360’s product marketing manager. “But the breadth and execution of Norton 360’s functionality is greater [than OneCare’s]. And I don’t think anyone should undersell the intelligence of users.”

If anyone is underselling the intelligence of users, it’s Symantec. Can they really believe that people will forever remain enchanted by their flourescent yellow coloring and not immediately switch to better alternatives, chief of which is NOD32?1

Anyone willing to bet how long the big yellow bubble grows until it pops? Or has it already?

Update: According to CNN, the authors of Rinbot don’t want it called that, but we have no idea what they would like, so that’s why we’re using that name here.


  1. NeoSmart Technologies recommends NOD32 for all home and business users’ AV protection needs. It really works. 

  • Similar Posts

    Craving more? Here are some posts a vector similarity search turns up as being relevant or similar from our catalog you might also enjoy.
    1. Symantec Uses Rootkits in Antivirus Software!
    2. Sony DRM: A WMD in the Wrong Hands
    3. Goodbye NOD32; Hello Kaspersky!
    4. JavaScript “Protection:” Don't Fall for it!
    5. Malware Warning
  • 22 thoughts on “We Love You, Rinbot!

    1. False Positives is something Norton is good at.

      I worked for an Anti-spyware company a while back and I remember the horror of when Norton added them to their filters – despite there being no legitimate reason to do so (I suppose you will have to take me on my word for it).  By the end of the week, half our customers had the program deleted, and we barely got a “Whoops” from Symantec before they fixed their ‘mistake’.

      On some really bad days, I kinda get the feeling that Norton has gutted its virus research wing and is trolling message boards and websites to get information.

    2. What I cannot stand about Symantec is that every year I’m expected to pony up for their products, but they seem to add more layers of bs and do a worse and worse job at what they’re supposed to do. Recall Norton Utilities, the recovery utility that could recover thousands sectors from a failed hard disk, but not their names? Central Point did a better job, so Symantec bought them and discontinued their better product. I dumped NU years ago because it just didn’t work as well beyond Win98. Same for their Antivirus — 2 years ago i bought both Symantec Internet Security and NAV 2005, but neither could properly uninstall and reinstall when they failed to accept updates.

      I spent hours dorking with it before a long phone call to india to discover the 50 character file that wouldn’t come up on a search of symantec downloads which was needed to completely uninstall their craptacular software. still had to clean the registry of symantec listings. Now I only use Symantec Corporate AV, and am looking for a new vendor because the auto updates are broken in 2 of our offices and it’s not with additional time to fix.

    3. It is dangerous for one security corporation to have such a large piece of the pie. 

      In a previous company I worked for that spanned the globe,  too much reliance was put on the NAV Corporate Product, and the pyramid scheme used to filter down updates was not sufficient to protect over one thousand systems.  Eventually, and multiple times, intrusions occurred and I.T. people who relied on the silent updates that occurred to infrequently spent hours, and hours, and hours of non-paid hours, cleaning up the mess.  And yes, year after year, we paid almost $10,000 U.S for the product.  

      It’s time to even the playing field.  Time for another more reliable product that needs to make a name based on reliance to appear.

    4. “It is dangerous for one security corporation to have such a large piece of the pie. ”

      Well, you can actually replace “one security corporation” with “one OS vendor”.

    5. Amazing.. an article bashing a flaw in a software product that was announced (and fixed) about 1 year ago.. and we have three comments about how this software sucks..

      How about the truth.

      How about.. you Failed.

      You failed to understand what you were doing. You failed to pay attention to what you were doing. And now you are upset because your failure has come back to haunt you. So.. instead of learning from this lesson.. you blame the product because it pointed out too you.. what you should have done.. and you failed to do..

      HA haha HA.. you suck.. now stop crying and GBTW.

    6. Symantec earned my hatred for the simple reason that they hate their faithful customers. If you are stupid enough to pay the yearly subscription, you only get your antivirus update once a week. In order to get on demand updates, you must buy the newest version of their software, which if it didn’t need a computer manufactured in the same year that is in the version’s name in order to run its bloat, would be a good thing.

      Unfortunately, for the most part, most of my friends who were running 2004 and computers manufactured in that year found that finally biting the bullet and upgrading to 2007 either rendered their computers slow and miserable, refused to install at all, or when the install was successful had activation problems to no end. Using the NRT to completely remove NIS did not fix anything. Symantec NIS 2007 is a disaster.

      I abruptly decided to defect to KIS 6.0 and AntiVir and have not gone back. The worst downside was that my computer can automatically update it’s antivirus signatures hourly now for as long as I buy my yearly subscription, and for some reason my computer runs faster.

      I’m not sure I can handle this and am considering buying Symantec NIS 2008 to gain back my missed lack of performance and when the year’s up going back to once a week virus definition updates. ;^)

    7. NOD32 FTW!

      But what I really hate about Symantec is all the products they buy and destroy. Sygate. LC5. Partition Magic. The list goes on forever. They buy up the competition, and then they KILL IT instead of making it better.

    8. Symantec is known for not just writing bloated software but also incompatible software. There has been this long standing issue with Discreet’s 3DStudioMax for example, and there are numerous other products out there that specifically mention Symantec software as the cause of problems.

      Last new-years day, my mother, anxious to renew her 2006 subscription – because let’s face it, there is no decent good alternative for PC-illiterate people – of Symantec Internet Security.  To then discover that the update – that has been payed for online – did not run on her Windows 2000 system is staggering.  To further discover that there is no true Symantec customer service helpdesk, only websites that refer to other websites, is also pretty discomforting. And the 5 different “responsibles” that we COULD at least send an email to, to explain our problem and try to get our money back, did NOT reply WHATSOEVER. No one cares at Symantec.

      The only option I had was to buy and install XP for my mother, and re-install her software, with all problems that come from that. Happy New-Year!

      If anyone has valid alternatives..

    9. I usually try to steer my clients away from Norton.  It’s a system hog, it does not update every day, and should anything go wrong, it’s a real mess to uninstall.  I’ve had to numerous registry hacks to get rid of it.

      Many times I have had a problem arise and I’ve had to go to Norton’s site to see what fix they have posted for that particular problem.  What a drag.  A number of clients have reported a low quality of customer support from Symantec.

      Anyway, a very good alternative it Trend Pc-cillin Internet Security 2007.  It’s an all-in-one package that is efficient, searches for updates every 3 hours (yes, I’ve had several updates in one day) and does a decent job in scanning.

      (my 2-cents worth)

    10. Okay, two cents worth from a tech who has been on several “sides” of this issue.

      I worked for an online brokerage firm (a really big one that offered discount trading before everyone got on the bandwagon) and spent a good portion of my day walking people through the process of manually cleaning their registry in order to uninstall Symantec’s products, simply so that they could access their e-mail and get confirmation of their trades.  Of course, they happily reinstalled the same products over and over because, as they put it, they’d already paid for the subscription because it “came with the computer.”  Step one to world domination.  Get there first.

      Step two.  Make updating your program more difficult than uninstalling the old version and buying a new one.

      Step three.  Make buying the new version less expensive than renewing a subscription.

      Step four.  Make the new program force more than it’s rightful share of the resources but excuse it away by adding a disclaimer that “system response may be slower while real-time scanning is active.”  Never mind the fact that it should ALWAYS BE ACTIVE.

      The computer manufacturers have gotten a little smarter, however, because Norton’s newest products aren’t fully installed until activated.  Which means the cancer can be removed before it’s infected the system.  Thank the gods.  However, the beauty of modern “embedded” systems allows me to order packaged systems that are “stripped” of all the extraneous bloatware before they arrive.  I no longer have to spend an entire day on a new laptop/desktop uninstalling and cleaning a system before declaring it efficient and stable and installing products we currently use.

      SARC used to be my reference center of choice, before they got lazy and sloppy.  I stopped trusting them when I realized that they added tags into every compressed file on the drive without my permission and those tags transferred, should I ever send the file to someone.  Symantec’s loss is our gain, my friends.  Real programmers, like Kasparov, can now find their voices and speak to even lay-people about what’s really going on out there.

      I second the recommendation for Trend/Micro for consumers.  Webroot’s gotten a little sloppy but they’re working hard.  Even free alternatives, like AVG Free, are far superior in performance and updates than Symantec could ever be.  No, they won’t get rich off their products but they won’t become unsympathetic, bloated princes on golden thrones… colored bright yellow.

    11. Another vote for NOD32 from me.

      I love your “big yellow bubble” metaphor – I’ll be using it! 😀

    12. Your editorial is in error when it labels Symantec a monopoly. Certainly Symantec has managed to garner market share far out of proportion to the quality of its products, but it hardly has a lock. There are plenty of companies selling effective anti-virus software and they don’t lack for customers.

    13. I don’t know about that, ndt.

      In Econ 101, we were told that a company that buys out competition as soon as it starts to gain a major share of the pie is to be considered a monopoly. Taking into consideration Symantec’s chain-addiction to buying out and shutting down competitors in the Security Market, I don’t see a problem..

    14. Thanks, George… although, I swear that I did use paragraphs.  Why the hell did they get reformatted?  In fact, several of the quotes before mine had separate paragraphs when I read them before posting.  I wonder if the index had to be republished.  If so, it may have ditched the HTML tags.  I noticed the site wasn’t accessible for a short while, yesterday.

    15. Hey MrJodie,

      Don’t worry about it, I’ll add the paragraphs if you like. We’ve been slashdotted before, but never this bad (200k hits in just about 2 hours), it completely knocked the server offline.

    16. Thanks for very interesting article. Can I translate your article into polish and publish at my webblog? I will back here and check your answer. Keep up the good work. Greetings

    17. Sure, all articles on The NeoSmart Files are published under the Creative Commons agreement. Our specific licensing style lets you translate articles and host them on your site so long as you let others do the same, and you link back to the original article here, and name NST as the original author.

      Once you’ve translated it, please comment here or send a pingback our way, and I’ll even link your translation in the main article 🙂

    18. You know, I’ve been using NOD32 for the past year, and still got infected by no less than 2 trojans, a handful of viruses, and various malware, so my experience has been that “It doesn’t work.”  I even identified one of the trojans that went unidentified by sniffing my network traffic, then I put the files on a clean VM with NOD32 installed just to make sure it wasn’t a pre-existing condition (unlikely, since I installed NOD32 immediately after installing the OS) and it still didn’t detect them.  THEN I sent the samples to NOD32 for analysis, and they basically said “We need your logs.”  I’d wiped the logs by then, since I reinstalled the OS entirely, but they were basically devoid of any identified threat, so it was meaningless.

      On the other hand, Windows Defender actually identified one trojan that NOD32 didn’t, and Windows Live OneCare identified several other trojan installers.  Sophos AV identified even more.  That’s not to say there aren’t significant issues with those platforms either, but NOD32 didn’t serve me well at all.  I’ve been using Sophos for a week, and though it’s a bit too restrictive and processor intensive for my taste, it seems to be very effective, even going so far as to block cracks and windows hacks like the max half-open connection patch, which was somewhat annoying.  It also blocked a program because it was “created with malpacker” or something, although I had little reason to question the program in question (which was indeed a hack).  On the other hand, OneCare was causing bluescreens.  I’d like something with the detection rate of Sophos and the configurability of NOD32.

      At any rate, where network security is concerned, there’s no substitute for routinely monitoring and logging your network traffic.
       

    Leave a Reply

    Your email address will not be published. Required fields are marked *