McAfee Will Ignore FBI Spyware

Drew writes: "The Washington Post is reporting on the FBI's new spyware called 'Magic Lantern.' According to their article, 'At least one antivirus software company, McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal suspect.' It is ridiculous that the software companies that are supposed to help us protect computers purposefully leave in loopholes for the FBI to operate their spyware."

Re:McAffee

[rice_burners_suck]

The problem, in my opinion, is that sales of McAfee's products will NOT drop because of this. You're forgetting that 99% of the people who buy that product do so because of FUD--Fear, Uncertainty, and Doubt. These are people who do not understand computers, viruses, bugs, worms and all kinds of other "marketing" names. They buy McAfee because it will prevent "hackers" (who should be called "crackers") from entering their system and causing their CPU to melt. These people will say, "Well of course McAfee shouldn't detect the FBI's crimefighting behavior." They simply don't know that this is a loophole for crackers (the "hackers" they're afraid of) to take advantage of. And they'll never consider that a possibility.

THAT is the problem with things like this. Just wait a few more days and we'll probably get a Slashdot story about a press release by the FBI telling of a new "technology" (a 4KB program that plugs this loophole) that empowers criminals to rub the Magic Lantern and make a wish that the FBI will leave them alone.

Here's McAfee's contact page

[Anonymous+DWord]

In case you want to shout at them about how you'll not buy any more of their products. Maybe if McAfee understands how stupid this is, they'll change their minds (hahaha, right).

http://www.mcafee.com/aboutus/contact_us.asp?

McAfee.com Corporate Headquarters
McAfee.com
535 Oakmead Parkway
Sunnyvale, CA 94085
USA

Telephone: (408) 992-8100
Fax: (408) 720-8450

All they have done is make a nation weaker. . .

[werdna]

Way to go. The FBI, in hopes of protecting the nation, introduces its mystical spyware to facilitate its enforcement. MacAfee, in its strong show of faux patriotism willfully places a security hole in its virus systems (and I have no doubt that some government backdoors is part of the Microsoft antitrust settlement).

Net result is that we have made an internet security infrastructure even weaker than it was before. While this overall approach is not likely to beat up on well-informed criminals and terrorists, it does weaken everybody else's system, making the nation even more vulnerable to actual cyberterrorism than it was before.

All we have done is to make a nation weaker.

Interesting Situation

[gibara]

This creates an interesting situation. As I understand it, virus detection programs use:

1) signatures -specific byte patterns which are searched for in files, and

2) heuristics - in this case algorithms which seek unlikely looking data to determine whether the user should be alerted to a possible intrusion attempt.

McAfee can of course omit signatures for this 'Magic Lantern' (ML) software from their database. However, in the case of the heuristics, avoiding user notification of ML requires either:

a) a weakening of the heuristic(s), presumably to such an extent that other viruses may penetrate the system or

b) the presence of a special signature in the McAfee software which (on recognizing ML) can 'override' the heuristic

Case (b) is interesting. If McAfee do this with a simple byte pattern search this will immediately provide viruses with a neat little 'binary tag' which permits them to evade McAfee's software

The alternative must be to use a cryptographic hash which can be used to identify ML but which cannot be readily forged by other virus code. Using this checksum technique also demands that the ML 'payload' remain unchanged. Very restrictive for code which needs to be stealthy.

But the most important side-effect of both of these techniques - and any others McAfee might choose to use, would be that it provides an easy route for developers to produce software which can check for ML.

In other words, McAfee cannot both provide useful levels of virus detection and avoid alerting the user to Magic Lantern without giving other developers a blueprint to locate it.

Re:It sounds like Anthrax story

[_Sprocket_]

A long time ago USArmy decided that biological harzadous weapons would be a great idea. Then they developed a deadly biological weapon, they called A-n-t-h-r-a-x.

There is one implied point that I can agree with - development of offensive techniques can come back to bite one. However, the example of anthrax is increadably lax in fact.

Others have already pointed out that anthrax is a natural agent. It is one of few agents known that could be deadly enough to be used as a weapon. Research in this agent have been towards defense against the weapon as well as creating a more effective strain.

One thing that hasn't been pointed out is that this is not the sole realm of the US military nor Mr. Bush (either one). Anthrax research began over 80 years ago. And not just by the US. The Biological Weapons and Toxins Convention produced many signers agreeing to prohibit offensive biological weapons research and production. But it has done little good. There are numerous states and autonomous groups (ie: terrorists) continuing development of biological weapons. And two major signers of the convention, Iraq and the former Soviet Union, later acknologed continued offensive biological weapons programs. Today, there are believed to be at least 17 nations with offensive biological weapons programs.

Iraq itself has claimed to have produced "weaponized" anthrax. There are fears that former USSR scientists have been hired by external interests for their knowledge of anthrax based weapons. And of course, it is unknown how many terrorist organizations have their own biological weapons programs. One known group Aum Shinrikyo, responsible for release of sarin in a Tokyo subway station, attempted to release anthrax and botulism throughout Tokyo on 8 occasions with (thankfully) negative resaults.

The US Army and Mr. Bush may not be helping the situation with the state of biological threats in the world. But they are far from the only cause of this threat.

The threat offered by Magic Lantern is a bit different than anthrax. Defense against biological weapons are, for the most part, a resonsiblity of the State. However, security of private networks have been, and really should continue to be, the resonsibility of those who own those networks. If those in the industry who provide key solutions to private security conserns wish to hamstring their products, then those who are responsible for their benifactor's network security should know. And adjust their contracts / purchases / strategy accordingly.

Re:FBI - Classic magician's trick?

[nido]

On the contrary--government people are really stupid, and even more so when it comes to computers.

This statement reminded me of a page full of various thought traps people fall into, in particular this one:

Government Trap #5: The belief that government people can do anything better than other people. Government people don't have any special magical powers.

Also worth calling attention to are:

Government Trap #9: The belief that government provides protection. Just look at the crime statistics. (or recent events in New York City)

Government Trap #10: The belief that certain activities or functions must be done by government. Government consists of people. These people don't have any special magical powers.

... and especially this one:

Government Trap #13: The belief that government exists as a volitional entity. This is an aspect of the Group Trap. When having to deal with "government," you always have to deal with individual human beings. Realizing this helps make you much more effective in warding off any attempts by individual government people to violate your freedom. Rather than having to handle "the government," you have to handle one or a few specific individuals. Frederic Bastiat said. "The State is the great fictitious entity by which everyone expects to live at the expense of everyone else." [emphasis added]

Read the rest of this report, "Harry Browne's Freedom Principles" here.

Re:Fucking Great

"Virii" is NOT a word, please refrain from using it. I'm sure you will find the plural sense of virus, "viruses", to be quite helpful in your journey across the vast plain that is the English language.

Not just flamebait, you're wrong, too.

[rjh]

1. The security of an iterative hash algorithm cannot be any better than that of its compression function. (Source: Menezes, Van Oorschot and Vanstone, Handbook of Applied Cryptography)
2. MD5 is an iterative hash function. (Source: Schneier, Applied Cryptography Second Edition; also, Menezes)
3. Collisions can be generated in MD5's hash algorithm (Dobbertin, 1996).
4. Dobbertin's compression-function collision algorithm executes in just a few hours on a 586 (Dobbertin, 1996).
5. Therefore, collisions in the full MD5 algorithm can be generated in the same time or less. (This is known to be true as a logical consequence of what's already been proven; if anyone has actually used Dobbertin's attack on the full algorithm, they've kept quiet about it.)

... Next time, before you quote Applied Cryptography, you might want to ask a cryptographer what the latest research in the field is.

www.kaspersky.com

[profi]

Forget McAfee. The best antivirus software for Windows is Kaspersky Antivirus, and they are based in Russia.

Re:FBI - Classic magician's trick?

[fosh]

> Government Trap #5: The belief that government people can do anything better than other people. Government people don't have any special magical powers.

I'll assume you are talking about American Government.

The government in America does have one, very special, magical power that you seem to be neglecting, it has the support of the people it is regulating. This is from where it derives its power, and its authority to use such power. So in one sense, sure the government is just a bunch of people, a bunch of people who have the support of a majority (well...) of the rest of the people

--Alex Fishman

Re:Wondering is there is a open source alternative

[Tazzy531]

I was working with the CS Department at my school on this research project for DARPA. Basically it is a self-learning IDS program based on data-mining techniques. How it works is that it sets up a number of different sensors within the computer. When something fits the footprint of a potential intrusion, it marks it as such. Then it creates a model (or virus definition) for the intrusion.

By using this technique, you limit the amount of work that the developers have to do.

silly - loophole has always been there...

If the news reports are to be believed, the FBI is merely taking advantage of a loophole people have known about for years - keylogging.

Most keyloggers don't get reported by most "virus" programs. I think Norton AV does, but then again its "Corporate Edition" might not - keylogging is something a lot of corporations do, believe it or not, and that might be against their target market.

People really concerned with privacy should be using software with anti-keylogging features, which on Windoze machines includes products like Scramdisk (freeware! and with crypto module plug-in support, though not fully tested by the community), its successor DriveCrypt (commercial and untested by the community so far, but made by people who maintained Scramdisk), and I think possibly BestCrypt(commercial but tested somewhat). These all have the ability to mask input against keylogging, to varying degrees. Read the documentation and enable it.

And again, remember. For them to use the keylogger, they have to install it on your system, and have some way to retrieve the info.
Practice good data hygiene, like you should be doing anyway, and you should be fine. If you want to test whether the programs mask effectively, install some program like Back Orifice and have it log while you create and mount containers. If the log shows your password, obviously it's not working.