Kudos0

Security questions

Posted: 25-Dec-2008 | 8:33PM · 3 Replies ·

I have a few questions:

1) It seem that Norton Antivirus for Mac 11 installed a keychain called "Symantec" upon installation of the program. Is this a normal behavior? I.e., is the keychain really installed by Symantec?

2) The keychain is locked and cannot be opened by an admin password. Why is the keychain locked and no access is allowed for the system admin? Again, am I understand this correctly that the password for the Symantec keychain is not the same as the system admin password and it is held by Symantec?

3) Does the password of the Symantec keychain affected by the admin password changes at all? I am mainly concern that in the future, if the admin password is compromised in anyway, the Symantec keychain will retained the same password even when the admin password is changed.

4) What is the purpose of the keychain?

5) There is a folder that blocks access even with the system admin account. It is in the Application Support -> Symantec -> Settings. Is this normal? Why the admin cannot access the folder?

I am asking these questions because there is no documented note or help anywhere that state the above issues. This becomes a security concern when we do system auditing since it is not something I expect. I think these issues should be properly documented and available to users. Thanks.

Message Edited by mocca on 12-25-2008 08:35 PM

Replies

Kudos0

Re: Security questions

Posted: 25-Dec-2008 | 8:33PM · Permalink

I have a few questions:

1) It seem that Norton Antivirus for Mac 11 installed a keychain called "Symantec" upon installation of the program. Is this a normal behavior? I.e., is the keychain really installed by Symantec?

2) The keychain is locked and cannot be opened by an admin password. Why is the keychain locked and no access is allowed for the system admin? Again, am I understand this correctly that the password for the Symantec keychain is not the same as the system admin password and it is held by Symantec?

3) Does the password of the Symantec keychain affected by the admin password changes at all? I am mainly concern that in the future, if the admin password is compromised in anyway, the Symantec keychain will retained the same password even when the admin password is changed.

4) What is the purpose of the keychain?

5) There is a folder that blocks access even with the system admin account. It is in the Application Support -> Symantec -> Settings. Is this normal? Why the admin cannot access the folder?

I am asking these questions because there is no documented note or help anywhere that state the above issues. This becomes a security concern when we do system auditing since it is not something I expect. I think these issues should be properly documented and available to users. Thanks.

Message Edited by mocca on 12-25-2008 08:35 PM
Kudos0

Re: Security questions

Posted: 26-Dec-2008 | 11:54AM · Permalink

Sorry wrong post. I have removed the info which was intended for another post.

Message Edited by pore_vinod on 12-27-2008 01:27 AM
Kudos0

Re: Security questions

Posted: 07-Jan-2009 | 2:33PM · Permalink

Hi mocca,


Thanks for your questions!

We use our own keychain to handle our super-secret subscription stuff. It's all handled internally (by our products), which is why you see the keychain locked even for Admins. Our keychain is not affected by any changes to individual users' keychains (which is why we made it separate), so you can change anything and it should not affect us. 

We limit permissions on our settings folder to the root user only. This is done because we don't want any rogue programs getting inside and changing any of your security settings. 

I understand your concerns and apologize for the lack of documentation. Let me know if you have any more questions.

Thanks!

Nick UchidaManager, SQA EngineeringMacintosh Products

This thread is closed from further comment. Please visit the forum to start a new thread.