Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Will Not Detect Magic Lantern

Posted by timothy on from the et-tu-eric dept.

An anonymous reader contributes: "In this article on Declan McCullagh's Politech, Symantec chief researcher Eric Chien stated that provided a hypothetical keystroke logging tool was used only by the FBI, Symantec would avoid updating its antivirus tools to detect such a Trojan, echoing a similar stance Network Associates allegedly took with its McAfee anti-virus software earlier this week. 'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,' said Chien. 'However we would detect modified versions that might be used by hackers.'"

13 of 582 comments (clear)

  1. Open Source Solution? by boinger · · Score: 4, Interesting

    How's OpenAntiVirus doing? How does it compare to the Big Two? - If it can't hold up, do "we" have any other viable options outside of McAfee and Symantec?

    --
    Send your friends messages of love at fuck-you.org
  2. Great - It's a three way race by Embedded+Geek · · Score: 4, Interesting
    So, now it's a three way race to see who's smarter: To see if the (1)virus writers are smart enough to make it look like their stuff is (2)FBI to (3)AV developers.

    Eventually, I'm gonna need a scorecard to keep all this striaght.

    --

    "Prepare for the worst - hope for the best."

  3. Reverse engineers line up here - by Medievalist · · Score: 4, Interesting


    Well, if the antivirus vendors are going to include a sufficiently detailed signature in their products for the FBI's virii, that should help anyone trying to build a detector.

    I'm sure somebody will try to build malware that impersonates this so-called "Magic Lantern" - I hope they call it "Magic Latrine" :^).

    But wouldn't it be nice to see a GPL'd program to detect the FBI's virus? Then, if I found it on my machine, I could stop the goverment-sponsored theft of my CPU cycles. Of course, I'd then call the FBI and offer to let them reinstall it given adequate monetary compensation - but that's just me, you might take some other action.

    --Charlie

  4. J. Edgar Hoover lives on... by coolgeek · · Score: 4, Interesting
    Sorry for the -dash- of a conspiracy theory here, but I really wonder what the spooks have on these guys. The thought that McAfee, Symantec, et.al. could be implicated for obstructing an investigation is absurd. Well, maybe not with John Ashcroft-Hitler running the DoJ. Anyway, back to my point. Here's an opinion from a judge who upheld a citizens' right to use a radar detector:

    If government seeks to use clandestine and furtive methods to monitor citizen actions, it can ill afford to complain should the citizen insist on a method to effect his right to know he is under such surveillance.
    Judge Joseph Ryan, Superior Court, District of Columbia

    Granted, its only a district court, however it is a compelling opinion, and a brilliant interpretation of the Fourth Amendment. IR detection/imaging and monitoring utility bills have been tossed out on similar grounds. I wonder what AVP is going to choose... Perhaps this is a great opportunity for Free Software, I just wonder how a free software anti-virus lab would work. Anyway, end of my rant.

    --

    cat /dev/null >sig
    1. Re:J. Edgar Hoover lives on... by scaryjohn · · Score: 3, Interesting
      Oh i doubt that the FBI blackmailed Symantec and NAI to get this in. On the contrary:
      1. they're trying to retain the confidence of the middle-american software purchaser (both private and commercial) that would revolt* against them as "un-american" if they obstructed anything the FBI proposed.
      2. they'd probably face some sort of frivolous or trumped up charge of aiding terrorism or maybe even sedition if they'd announced plans to detect magic lantern. not that such a charge would stick (on appeal).
      [*]said middle-american probably doesn't understand the security implications of permitting a class of trojan software to do its work (not that i do, but i acknowledge it has the potential to be quite a problem). said middle-american would also dismiss the raising of any privacy or civil rights concerns with a hearty "NONE OF THAT MATTERS ANY MORE! WE'RE AT WAR NOW!" and probably a "don't bring any of that unamerican talk into my $location" or a "the FBI is on our side, they wouldn't do anything to hurt us." for good measure.
      --
      One might ask the same about birds. What ARE birds? We just don't know.
    2. Re:J. Edgar Hoover lives on... by Malcontent · · Score: 3, Interesting

      Simple.

      The CEO of symantec get's labled as a terrorist by Ashcroft.

      He can now be detained infinately without charges. His confinement is not public nor are his charges (if any).

      Life without parole without a trial or charges being filed. If he happens to be non citizen he can be tried by a military tribunal (AKA kangaroo court) and be sentenced to death.

      Would you react any differently?

      --

      War is necrophilia.

  5. Stance of non-us companies? by Splat · · Score: 4, Interesting

    Does anyone know the stance of non-US companies of anti-virus software on Magic Lantern? If a foreign product detects an FBI trojan horse will it then become illegal under some US law?

  6. The funny part... by Lumpy · · Score: 4, Interesting

    This will only catch the dumb or the pedophiles.

    Are they writing this "virus" for BeOS? how about OS/2?

    What about a linux box running as only old a.out?

    I can think of at least 70 ways to make their "virus" not work on my machine. (I highly doubt that this "virus" will run on my Linux development box that uses a Hitachi SH4 processor)

    all this hubub about company X or software Z will or will not detect this virus app is pure marketing and hype. Noone who is really threatened by this could care as it is easily defeated from ever infecting the system by simply changing the archetecture...... Hey FBI, not everyone runs windows on Intel hardware.

    --
    Do not look at laser with remaining good eye.
  7. Actually, it's even simpler... by jd · · Score: 5, Interesting
    Use three intrusion detection programs, each using different cryptographic hashes, and each validating the other two.


    Such an arrangement would be next to impossible to compromise, as you would need to break all three programs within the check cycle of all three of them. Either that, or you need to break all three hashing algorithms, in such a way as to find a synonym in all three key spaces. Synonyms in a single key space are going to be common, simply because you're using fewer bits. Two coinciding synonyms will be very rare, and there's no guarantee that the software could be moulded into one. THREE coinciding synonyms will be so vanishingly rare that it wouldn't be worth anyone's while to search for one that's even remotely usable.


    There. Problem solved. And all it took was a bunch of Tripwire clones. And someone thought it was difficult?

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  8. Re:Some need to clue in by jmauro · · Score: 5, Interesting

    Whould you complain if they didn't protect your system from government hackers in China? In France? Working for the UN? These are government agents and if you're systems weren't protected from them from security that you bought then you'd be really pissed. You pay for security companies to protect you. Your analogy of the security gaurd is flawed. A security guard will stop a Federal agent and verify his search warrent and then see to it that the warrent is not executed incorrectly. He's there to protect your stuff and your rights. He'll also notify you the police were there, why they were there and what occured. Electronic security companies are breaking the trust of the person who bought the software. One would expect that the software prevents all intrusions. If it does not then the software is flawed. Allowing back doors is considered bad software design, I don't see how this situation changes the rules of software design.

    Government agencies have no reason to "crack" a system, if they're really interested they can get a search warrent and examine the system. The search and ceasure laws were designed to put all government investigative action in public view. Secret searches cannot be justified. If there is no good way to get the passwords for the keys, then the government is SOL. So they don't have one piece of evidence, I hope that the evidence that they do have would be more than just bits on a hard drive.

  9. Re:Silly to the extreme by BrookHarty · · Score: 3, Interesting

    Its never about if your wrong or right, its about political views. Many people in the US seem to be blind to the reasons justice organizations go on holy crusades. Its either political or religious. Right or wrong is decided by the group that better lawyers.

    Your free to live in the USA as long as you have the same morals, if you don't its off to prison with you. Over a million people are in prison in the US for minor drug related charges, Over 2 million are on parole for minor drug offenses as "Position of marijuana"

    The moral majority in the US has passed laws to keep freedoms from you. They empower the jacked boot thugs to take everything you own, lock you away, and forget about your speedy trial. They can ruin your life, walk away and say "All in a days work, protecting the innocent..."

    Crime is murder, rape, arson, robbery, identify theft, violence and abuse...
    NOT backing up software, fair use, recording a tv show, downloading an mp3, having sex, smoking, erotica, fiction writing, speaking against the government, abortion and sexual orientation...

    At least they cant put me in prison for detecting a trojan, right?

    -
    The law, in its majestic equality, forbids the rich as well as the poor to sleep under bridges, to beg in the streets, and to steal bread. - Anatole France (1844 - 1924)

  10. What I don't get... by jabber01 · · Score: 3, Interesting

    Why is this thing a Trojan?

    There would be no issue at all here if this program was something that had to be manually installed. If the FBI got a warrant to enter a suspect's home, install a 'tap' on his PC, and then retrieve the data, there would be no issue.

    Any criminal savvy enough to detect that sort of intrusion is also savvy enough to detect and subvert Magic Lantern. Hell, if I had something to hide, I'd keep it away from the networks, on an encrypted drive, wired to destroy the data if I failed to log in correctly - and I am NOT a criminal mastermind.

    All ML does, by being a Trojan, is get non-criminal technologists pissed off over civil rights and such.

    Sure, it may make the 'tap' easier to set up remotely (does it really? only with very ignorant criminals I think) and to pull data off as it's being generated, so that a logfile can't be easily found (but anyone with something to hide is likely to be sniffing their own packets anyway, no?).

    There's something else going on here. It could be about testing the waters for industry compliance to Federal backdoors (PGP anyone?). It could be to increase the anxiety level of technologically inept/newbie potential terrorists.

    The publicity level of this strikes me as a diversionary tactic, because the technological aspects of ML are surely defeatable (we can look at our own packets down to the bit after all) and the audacity of it (Big Brother factor) is sure to kill it.. The next step is to have each cell phone sold with a listening device that the FBI could turn on remotely. Even the technologically ignorant would not stand up for that, or for this.

    --

    The REAL jabber has the user id: 13196
    What you do today will cost you a day of your life

  11. Savvy by ucblockhead · · Score: 5, Interesting
    It likely won't be long before someone writes something that automatically detects the attempt to install "Magic Lantern" and then turns on a "Magic Lantern" emulator that sends exactly whatever keystrokes the crook wants sent. Imagine the fun that could be had... A nasty crook could have fun implicating all sorts of innocent people in criminal activities.

    --
    The cake is a pie