, SecurityFocus 2000-09-07
Symantec takes NetBus Pro off their anti-virus blacklist.
A struggling software company that markets a retooled backdoor program as a remote administration utility has gotten a shot of legitimacy from security products firm Symantec, which has removed scanning for NetBus Pro from their Norton AntiVirus product."Our attorneys contacted their attorneys, and once that was set in motion it took about two weeks for them to remove it," says
Swedish programmer Carl Fredrik Neikter created the original NetBus in early 1998 as a pranksters' tool. Like the Cult of the Dead Cow's later work, Back Orifice, NetBus could be installed secretly on a target's computer, allowing a third party to control it remotely. In addition to functions like keyboard monitoring and remote file access, NetBus could be directed to vex a user with stunts like switching the functions of the left and right mouse buttons, or opening and closing the CDROM tray.
The program became an instant underground hit, and cyberpunks began sending it to unwitting victims as an email attachment, prompting anti-virus companies to earmark it as malicious code.
Neikter publicly decried the illegal applications of his program, and later that year he partnered with Florida-based UltraAccess Networks to turn NetBus into a legitimate remote administration and workplace surveillance tool. The company has been struggling since then to shake their product's underground image, and to keep NetBus Pro out of anti-virus company's crosshairs.
Unlike the original program, the $15.00 NetBus Pro does not install silently or remotely, making it inefficacious for hack-attacks, says Neikter. "You have to have physical access to the machine to make it run." Nevertheless, most anti-virus companies continue to flag the program as a backdoor or Trojan horse, and Neikter claims that cripples sales of the product.
Panda Sofware has removed it from their list; WebTrends has reclassified it from a backdoor to a remote administration tool; and last May, Network Associates reportedly pulled it from their anti-virus product, but kept NetBus Pro scanning alive and well in command line mode.
A Symantec spokesperson confirmed the change, but said no one was available to comment further.
To Spence, Symantec's turnaround is particularly significant because the California company is the maker of PC Anywhere, a competing remote administrative tool. Spence has accused Symantec of anti-competitive tactics in the past, but is now hoping anti-virus makers follow Symantec's lead, and soon. "We're barely getting our bandwidth bills paid."