Slashdot Mirror
McAfee Will Ignore FBI Spyware
Drew writes: "The Washington Post is reporting on the FBI's new spyware called 'Magic Lantern.' According to their article, 'At least one antivirus software company, McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal suspect.' It is ridiculous that the software companies that are supposed to help us protect computers purposefully leave in loopholes for the FBI to operate their spyware."
does anyone know of a URL for a well-written anti-microsoft screed that would be understood by my grandmother? something that intelligently synthesizes arguments against hailstorm/passport/closed source/key escrow/etc. and for the adoption of free software?
There will always be another program that will aid in blocking this. I do not get to upset over McAfee not preventing this. I am sure you can go to Freshmeat or C|Net downloads and find some freeware ap in time that blocks this behavior.
No biggy getting upset over it. The only thing to get upset about is the extra few k of resources that another program will take. With how ram is now days... who cares?
30% off web hosting. Coupon code "SLASHDOT".
forgetting that 99% of the people who buy that product do so because of FUD
... the American market may well stand behind an American company and the FBI in the name of national security.
Not really true.
Most of the people who buy antivirus software do so because they know they are at risk.
You've seen you rapidly viruses can spread in the time between they're released and the time the AV companies release detection.
And you know that even after the AV companies detect the virus, the virus doesn't die out straight away because there are enough computer users who aren't running AV software to keep it alive.
If you were running IT for a large company, wouldn't you want to be protected from Sircam say, which you know is out there and you know will forward internal documents when it spreads?
The rest is right though
http://www.thehungersite.com
I stopped bothering with virus software, mainly because its problems and prices and maintenance outweighed its benefits.
Best thing: Download software from trusted companies and entities only, make backups of your registry and boot drive often, don't open attachments in email from those you don't fully trust not to carry viruses, and keep up to date on what new viruses are out there and how they operate.
This doesn't affect me much. Just wish we knew how the FBI's virus would work so it could be stopped at the router or mail server level.
Human nature is the same everywhere; the modes only are different. -- Earl of Chesterfield
There is no doubt that Macafee's mindless show of patriotism invites a new breed of free-to-do-as-they-will virii from everyone, including terrorists -- merely by attempting to appear to be the Golden Lantern.
But moreover, it shows an economic cluelessness, inviting competitors to provide a service they do not. Even worse, it is one thing to sell a "here's some filters, we're trying to keep the buggers out," program, but another thing entirely to sell one KNOWING that it will permit viruses to go undetected. That additional scientermight even invite litigation from companies injured by their recklessness.
In short, it is amazing what a little jingoism can do to get people to lose their minds.
and not purchase, nor recommend to anybody including my employer (2000+ PCs) McAfee's products. Or any other product that doesn't jive with what I want it to do.
Will be interesting to see what the marketplace thinks of this move when their stocks start trading again on Monday.
F-Prot isn't based in the States, and maybe they will provide the protection users want.
You can lock a UNIX box down tighter than a virgin whore if you know what you're doing. And with the current IT job shortage, I bet Don Parcheesi can find a pet UNIX geek or three dirt cheap. Or some trustworthy ones for a bit more.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Correct. This is one of the major problems with virus scanners, they tend to be vulnerable to The New Virus.
Yes. McAfee calculates the signature from the code. Presumably, the way it works around Magic Lantern is by some code that looks like this:
if virusSignature == magicLantern then return(1);
else doCleanVirus();
Therefore, if an enterprising virus writer can synthesize a virus that does something different, but causes McAfee to detect the same signature, it's happycakes time.
That said, McAfee has always sucked donkey donuts. Norton is better; however, the only PC-based antivirus product I ever really had a lot of respect for was IBM AntiVirus, partly because it was the only one that could detect virii it didn't already know about. Sigh. It's long gone though.
my old sig used to be funny, but then slashcode ate it and now it's not funny anymore
Easy way to abuse the FBI's new Magic Lantern "virus."
Do illegal stuff online, and be conspicuous about it. If you are already involved in organized crime, this will be easy. Do all your stuff using PGP on a Windows 2000 base install. Regularly talk on the phone to your buddies about those idiot FBI agents who can't read your encrypted email. Make sure to do everything with LCD montitors so that the FBI has to crack the email instead of just tapping your CRT. Get a geek to learn a lot about virus operation so that he can regularly check the system and snag the virus.
As soon as the virus pops up, keep playing along. Send out encrypted crap messages that make no sense, and appear to be written in code words so that the FBI spends more time trying to crack THAT code after cracking the message. At the same time, decompile the virus and figure out how it works. Alter the virus to be self-propigating and extremely malicious, destroying all filesystems on infected machines and shutting them down while residing only in memory to prevent people from finding the virus on disk.
After a few days, set up an online store selling anti-virus software at $19.95 a seat licensing. Encrypt everything the program contains with the exception of an executable, so that no other virus company can figure out how it works without violating the DMCA.
Laugh at the FBI agents who are too busy trying to figure out what all your code words are to notice you raking in millions with a foreign company selling anti-virus software, move to Zug, and retire.
I admit, that scenario is a bit of a stretch. A more likely scheme (And what will likely happen very soon.) is a few good crackers decompile antivirus software from McAffee and Norton, both American companies that will allow the FBI virus through, and compare it with antivirus software from foreign firms, which will likely block the FBI virus to prevent the USA from spying on their companies as the USA does with echelon. Bingo, killer virus in no time flat, watch it take the world by storm. And before any of you bother to post about how the FBI will manage to keep all the details secret so that this doesn't happen, think about this; if the FBI could manage to keep a secret, we would not know about things like Magic Lantern and Carnivore to begin with.
I want to thank the FBI for fucking over America with their inability to realize the dire consequences of their poorly-planned actions. By doing this the FBI is screwing over:
1- All of the companies around the world, especially in the US, that will spend a ton of money dealing with the downtime caused by the first virus to exploit the Magic Lantern backdoors.
2- All of the American antivirus software companies who will lose market share to foreign software companies who do not leave FBI backdoors in their products.
3- Microsoft, who will likely be accused of leaving FBI backdoors in Windows, and who will lose market share when a virus sweeps the Windows world on a level that shames Code Red I and II.
4- All the Windows admins out there who will now have to rebuild all of their compromised machines, and switch to antivirus software by companies that do not leave backdoors for the FBI.
Instead of believing in to the hype that Slashdot has come to like, let's look at the situation(s) more closely. My main questions spawn from ponderance of the WHOLE situation. These questions I plan to adress.
1:Why did MCafee allow this trojan?
2:What is the FBI's purpose in creating this tool?
3:Why did the FBI tell?
4:Who is this tool targeted at(main classes of criminals)?
5:How will other anti-virus companies look at the FBI's choice?
Well, lets consider the targets first. I see the most common groups targeted at are drug dealers and computer _criminals_. It's safe to say that the Computer criminals probably will not be caught in a trap like this. The FBI's main tool is believed to be a windows executible however, don't make rash belifs that the FBI hasn't considered a *nix tool yet.
The main mode of transport is that of a binary segment sent over email. Since Outlook is the most popular form of email client, Outlook buffer hacks that 'autorun' binary code are the best transport. Next off, who said that the FBI would be sending data back through the Internet or do any dialing? If I wrote a tool like that, I'd store data (keystrokes, logins/passwds, 'certain sites') in a secure place of the computer. I'd aim for the segment after the bootsector code. There's plenty of space for a few KB of the 'best info'. The FBI would raid the machine anyways, so sending back data is useless (trace of tcp/udp streams would be evident).
However, I question why the FBI even told here. Thier purpose is to catch intrastate criminals and investigate bad political dealings. I'm questioning if the FBI even has this technology. I'm much more scared of a hardware dongle that has 5 megs of storage capibility. Those types of entering have been cleared by the courts, providing the correct documents have been presented. Malware is going to be caught, unless the FBI destroys the data before the criminal sends it away elsewhere.
The last fields of questions deal with the AV companies themselves. Why exactly did MCafee do such a thing? Perhaps they have no choice. There is such a law called Obstruction of Justice. If the AV companies do not allow some sort of loophole, they could be tried in a court of law. Most of you Slashdotters would say "So What", but this type of court battle would lead to either horrendous losses to the company, and eventually having to put the anti-FBI code in, or the destruction of the company. However all is not lost. There is more AV companies outside the US. They WILL defend thier rights to no FBI code in thier computers. I mainly count the Russian AV coders to somehow get the code and track/kill it.
Flat out, the FBI will fail only because of public outcry. They will catch a few criminals and will parade around saying how the US is a better place without the 'scum of the Earth' around. However the worst thing people could do is to assume that the FBI is stupid. They have already addressed most of the questions, better than that has slashdot crowd.
Would they let us know that?
Josh Crawley
I don't. Not after I run one early version (2.6.x, US version) through w32dasm and found a pgpSendPrivateKeysToKeyserver function (notice, private) or something like that.. In the next release I couldn't find such a function. I don't know whether that was some joke by a programmer, for the API for corporate use for the companies to spy on their employees or what was the point. I don't care anymore... I've stopped trusting them.
Conversely, all one needs to do to disable this half-assed attempt at preventing detection by the FBI is to simply compare two virus signature dat files. One "pre-lantern ignoration", one "post-lantern ignoration". A bit of differential analysis later, and one knows what the scanner is ignoring.
One then either hacks up a new DAT file to detect that which is supposed to be ignored, or one concocts a small virus scanner which ONLY looks for that particular signature.
Notwithstanding the foregoing, as the FBI engages in more and more of this useless intrusive crapola, do they really think that the criminal elements aren't going to run a firewall that blocks all traffic except that which they specifically allow? VPNs? SSL? Encrypted tunnels which don't comply with some 'standard'? Encrypted file systems? NSA-enhanced Linux + whatever?
These morons at the FBI have just got to learn that whatever they come up with - we'll do them one better. It's not that we're criminal - it's that we're AMERICAN damnit! And we HATE being fucked with by our government...
Do our constitutional rights even exist anymore?
.45 in my pocket, the constitution says I can, the government tells me I'm breaking the law......
:)
Owning a weapon is a priviledge, let alone owning a weapon and carrying it on your person. "The right to bear arms." You need specific reason now to carry a concealed weapon, why is that? I'm an american citizen, if I want to carry a
Sorry using an example of the breakdown of our constitutional rights.
This really disturbs me. Between Carnivore and now Magic Lantern, we have pretty much given up all rights to privacy on the internet. I know that most of you will say that its been likely that the government has been monitoring traffic for some time anyways secretly, now we are publically accepting this as "ok in the name of our safety." Don't think they monitor your cell phone calls? Explain how they got voice recordings of the conversations of the doomed flight to Sommerset, PA.
This is disgusting. We are just handing over our freedom and very few people are saying a word. Funny how not all that long ago, the Supreme court ruled that aquiring search warrants based upon thermal readings from a house was illegal and yet they haven't said a word about anything the FBI has been doing.
Its really fscking sad that the alleged "war on terrorism" is really just a lame excuse to quickly remove a good deal of our rights. People in New York City are being searched randomly in Manhattan. What the hell is that? In 10 years can I expected to be searched if I walk down my street? If I have something illegal, is the search unreasonable, or does the court care more about me just having something illegal? If our phones and computers are tapped (lets assume for the moment that they are for the most part) where does the government stop? They can see what I am writing and talking about....why shouldn't they be allowed to see what I am doing in my home without a search warrant? The best part of it is, nobody would even know if they were being watched. I know this has been something people have complained about over the years (as the government has slowly crept into their privacy), but now its really in our faces. 1984 is not very far away indeed.
Let's take Magic Lantern for instance. If one were to disassemble it, it would violate the DMCA ruling. If one were to circumvent it (which likely anyone in their right mind will), the techniques used would likely violate DMCA. (Remember Skylarov?.....)
Can anyone think of software they might use that might possibly violate the DMCA ruling? I can think of a few, and I am not talking about cracking software. Also this makes me wonder about Windows....does DMCA make WINE illegal?
Indeed, the whole issue is a lot like a runaway train coming down the hill. People see it from the distance and don't realize how dire their situation is and eventually the train comes pummeling down into their sleepy little town and destroys it. I wonder how long before we lose all faith in the government entirely. Too bad we decided that we are too weak and lazy to take the government back into our own hands. What's so sad is that the more disillusioned we become with our government the more likely we will feel that it is out of our control. Judging by the recent elections and the completely disgusting turnout, it seems we are just about there. What do we do in 10 years when we don't even have enough voters voting to elect an official?
Its really time to either:
A) Do something about the slippery path we have slid on
or
B) Walk away from it, buy a huge ranch/estate/tract of land, start a community of like minded individuals, and ignore what the government does. I suggest some western states that do not tax their land so you can totally live government free.
Just some random infuriating thoughts I've had lately.....
Zos/Xavius.23
zos[@]winwood.net
Art is the realization of truth - AOS
zosxavius photography
How about this argument?
Microsoft has been convicted of being a monopoly that illegally uses that monopoly to extend it's monopoly itself into new areas. The conviction was upheld unanomously by the appeals court.
Seems to be a pretty good argument against Microsoft to me.
I have a couple questions on this one.
1) I'm aware of some utilities/scripting that can be done under *nix to check for unauthorized modifications to filesystems, is there a similar utility/scripting that can be used for windows ?
2) Are there any lawyers out there familiar with the legality of *actively* defending ones private computer against unauthorized connections/intrustions ?
I.E. : systems notices trojan, locates where it's sending it's traffic, broadcasts a 'cease and desist' warning, then floods the bandwidth with garbage data, or something more destructive. (Run script, root the attacking box, rm -rf / )
Supposedly we have the right to bear arms. Supposedly we have the right to defend our homes from intrusion. I'm wondering if such active defense of one's own computer and data could plausibly fall under 'home defense'.
More likely it would fall under 'hindering prosecution' or 'domestic terrorism'.
Or, could just develop a script that detects said trojan, and instead of sending keytrokes it just sends a billion instances of "Your mother's a $2.00 whore."