Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Will Not Detect Magic Lantern

Posted by timothy on from the et-tu-eric dept.

An anonymous reader contributes: "In this article on Declan McCullagh's Politech, Symantec chief researcher Eric Chien stated that provided a hypothetical keystroke logging tool was used only by the FBI, Symantec would avoid updating its antivirus tools to detect such a Trojan, echoing a similar stance Network Associates allegedly took with its McAfee anti-virus software earlier this week. 'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,' said Chien. 'However we would detect modified versions that might be used by hackers.'"

9 of 582 comments (clear)

  1. Open Source Solution? by boinger · · Score: 4, Interesting

    How's OpenAntiVirus doing? How does it compare to the Big Two? - If it can't hold up, do "we" have any other viable options outside of McAfee and Symantec?

    --
    Send your friends messages of love at fuck-you.org
  2. Great - It's a three way race by Embedded+Geek · · Score: 4, Interesting
    So, now it's a three way race to see who's smarter: To see if the (1)virus writers are smart enough to make it look like their stuff is (2)FBI to (3)AV developers.

    Eventually, I'm gonna need a scorecard to keep all this striaght.

    --

    "Prepare for the worst - hope for the best."

  3. Reverse engineers line up here - by Medievalist · · Score: 4, Interesting


    Well, if the antivirus vendors are going to include a sufficiently detailed signature in their products for the FBI's virii, that should help anyone trying to build a detector.

    I'm sure somebody will try to build malware that impersonates this so-called "Magic Lantern" - I hope they call it "Magic Latrine" :^).

    But wouldn't it be nice to see a GPL'd program to detect the FBI's virus? Then, if I found it on my machine, I could stop the goverment-sponsored theft of my CPU cycles. Of course, I'd then call the FBI and offer to let them reinstall it given adequate monetary compensation - but that's just me, you might take some other action.

    --Charlie

  4. J. Edgar Hoover lives on... by coolgeek · · Score: 4, Interesting
    Sorry for the -dash- of a conspiracy theory here, but I really wonder what the spooks have on these guys. The thought that McAfee, Symantec, et.al. could be implicated for obstructing an investigation is absurd. Well, maybe not with John Ashcroft-Hitler running the DoJ. Anyway, back to my point. Here's an opinion from a judge who upheld a citizens' right to use a radar detector:

    If government seeks to use clandestine and furtive methods to monitor citizen actions, it can ill afford to complain should the citizen insist on a method to effect his right to know he is under such surveillance.
    Judge Joseph Ryan, Superior Court, District of Columbia

    Granted, its only a district court, however it is a compelling opinion, and a brilliant interpretation of the Fourth Amendment. IR detection/imaging and monitoring utility bills have been tossed out on similar grounds. I wonder what AVP is going to choose... Perhaps this is a great opportunity for Free Software, I just wonder how a free software anti-virus lab would work. Anyway, end of my rant.

    --

    cat /dev/null >sig
  5. Stance of non-us companies? by Splat · · Score: 4, Interesting

    Does anyone know the stance of non-US companies of anti-virus software on Magic Lantern? If a foreign product detects an FBI trojan horse will it then become illegal under some US law?

  6. The funny part... by Lumpy · · Score: 4, Interesting

    This will only catch the dumb or the pedophiles.

    Are they writing this "virus" for BeOS? how about OS/2?

    What about a linux box running as only old a.out?

    I can think of at least 70 ways to make their "virus" not work on my machine. (I highly doubt that this "virus" will run on my Linux development box that uses a Hitachi SH4 processor)

    all this hubub about company X or software Z will or will not detect this virus app is pure marketing and hype. Noone who is really threatened by this could care as it is easily defeated from ever infecting the system by simply changing the archetecture...... Hey FBI, not everyone runs windows on Intel hardware.

    --
    Do not look at laser with remaining good eye.
  7. Actually, it's even simpler... by jd · · Score: 5, Interesting
    Use three intrusion detection programs, each using different cryptographic hashes, and each validating the other two.


    Such an arrangement would be next to impossible to compromise, as you would need to break all three programs within the check cycle of all three of them. Either that, or you need to break all three hashing algorithms, in such a way as to find a synonym in all three key spaces. Synonyms in a single key space are going to be common, simply because you're using fewer bits. Two coinciding synonyms will be very rare, and there's no guarantee that the software could be moulded into one. THREE coinciding synonyms will be so vanishingly rare that it wouldn't be worth anyone's while to search for one that's even remotely usable.


    There. Problem solved. And all it took was a bunch of Tripwire clones. And someone thought it was difficult?

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  8. Re:Some need to clue in by jmauro · · Score: 5, Interesting

    Whould you complain if they didn't protect your system from government hackers in China? In France? Working for the UN? These are government agents and if you're systems weren't protected from them from security that you bought then you'd be really pissed. You pay for security companies to protect you. Your analogy of the security gaurd is flawed. A security guard will stop a Federal agent and verify his search warrent and then see to it that the warrent is not executed incorrectly. He's there to protect your stuff and your rights. He'll also notify you the police were there, why they were there and what occured. Electronic security companies are breaking the trust of the person who bought the software. One would expect that the software prevents all intrusions. If it does not then the software is flawed. Allowing back doors is considered bad software design, I don't see how this situation changes the rules of software design.

    Government agencies have no reason to "crack" a system, if they're really interested they can get a search warrent and examine the system. The search and ceasure laws were designed to put all government investigative action in public view. Secret searches cannot be justified. If there is no good way to get the passwords for the keys, then the government is SOL. So they don't have one piece of evidence, I hope that the evidence that they do have would be more than just bits on a hard drive.

  9. Savvy by ucblockhead · · Score: 5, Interesting
    It likely won't be long before someone writes something that automatically detects the attempt to install "Magic Lantern" and then turns on a "Magic Lantern" emulator that sends exactly whatever keystrokes the crook wants sent. Imagine the fun that could be had... A nasty crook could have fun implicating all sorts of innocent people in criminal activities.

    --
    The cake is a pie