Slashdot Mirror
Symantec Anti-Virus Supresses Privacy Tool
salimfadhley writes "Symantec's 'Norton Antivirus' now attempts to remove Freegate, a program designed to help Chinese internet users view websites blocked by the government firewalls. Symantec offered no reason why the program (which is not spyware) was marked as a 'trojan' in Chinese versions of the software, however even an unattuned conspiracy theorist will guess that this was done at the request of the Chinese government. "
The thing about Chinese Virus Scanners. After an hour you are still infected and need to scan again.
...But I digress. TREMBLE PUNY HUMANS!ONE DAY MY SPECIES WILL DESTROY YOU ALL!
I'd certainly like to see the official line on this one. Probably a bit like Cisco - "Hey, anything to make a buck, right? We don't have no scruples." Similar issues appeared with web censorware which were illuminated by the organization, PeaceFire a few years back. Not only were the censorware lists blocking "legitimate" websites but also blocked sites that could (without imagination) be construed as agendas beyond the scope of "protecting children" against sex. Outsourcing your software increases the risk of being subjugated by others. It is unfortunate that we need so dearly the protection that antivirus software provides - but we're putting our trust in corporations that do not hold honor over profit (few do, nothing special about this one.) The same struggle with subjugation appears in the Digital Rights Manglement issues, where Microsoft chooses what you do with your computer. Fortunately as we've seen with the adware war, Freegate and friends will continue to evolve. Let us hope that the antivirus vendors have as much trouble blocking Freegate as they do catching legitimate malware! Bill
AVG Antivirus is a great alternative to Symantec's Norton AntiVirus.
It's free for home users, has a memory-resident scanner, scheduled updates, limited scheduled scans and doesn't bog down your system with unnecessary crap like the Norton or Mcafee anti-virus programs.
"Can of worms? The can is open... the worms are everywhere."
No one should be using Norton anyway. I jumped Norton's ship (after using it for free for a month) after discovering you need to pay for updates past that point and it annoys you daily about it (and even offers a "remind me after..." prompt where the only choice is 1 day). The only way to stop the annoyance is to uninstall the program or buy a year subscription. I did what they didn't want me to do. Take that Symantec. Hello Grisoft.
In so much as having no sense of humor. That and the blatant censorship is starting to happen. I've actually noticed "politically incorrect" posts disappearing completley. I got my first warning about posting as an AC today. That's kinda the point of posting as an AC. So everyone else can ignore it. If things keep up, it will be just like Fark where everyone is scared to death to speak their mind for fear of bans and censorship.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
If they block this at the request of the Chinese government, one wonders how long it will take before the US government makes similar requests...
I hope that the government won't do this. I doubt they will, any time soon. But with the way government regulation of IT is going, I wouldn't be surprised at legislation like this...
It's only an insult if it's not true.
Suppress: v. to contain, restrict, or otherwise withhold some content from dissemination.
Supress: adj. Lacking the time required to ensure proper spelling and grammatical accuracy.
I am posting as an AC to test slashdot's new system of warning people about AC comments being deleted. We'll see if I get one!
Huzzah!
Yanking a program you know about out just because one of these programs says it is bad isn't smart...though I've felt like choking a few admins who took any report as 100% valid.
That said, is this stupidity or malace?
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
All non-free virus scanners nowdays require subscriptions.
Jay | http://oldos.org
Even I can't come up with something that stupid.
Either that, or something truly bizarre went on. I mean, I doubt the combination of a weird antenna and aliens even can produce unexplaned, defective pregnancies.
But if it indeed does... "Truth is stranger than fiction."
I personally believe anti-virus it a waste of time.
/dev/null
1: Trusted sites should be trusted.
2: It is new viruses that are more prevalent, and the ones you are less likely to be protected against.
3: Behavioural systems (i.e. secure systems) shoudl be in place to stop NEW code doing things, like an internal firewall - would you like xyz.exe whihc has been on your system for 30 minutes / 3 days or whatever to acces ABC resource / network, reg setting etc.
4: Signed content can lead to more trust.
5: this would stop dialers, toolbars, spyware, fuckware, malware, shitware, pancreasware and all other forms of binary information that belongs in
I think anti-virus has gone far enough. I use google when I download a funny file, I google the filename, I google the filesize. If I am still not happy, I don't run it.
I mean who would run whoah_funny_check_this_shit_out.exe ??
setup.exe's - again, d/l from a trusted source. Run as a low priv user if need be, test it on a sandbox to be sure... but don't fsskin virus scan it - and then run it on your prized system, because anyone can right a rm -rf ~ and cause simple havoc, and this file will not be picked up by any antivirus software.
Don't reply on virus software, I'd say it gives a false sense of security at the best of times.
Educate users is important, and I would love to see an 'untrusted file' idea, where a custom made trojan would find itself in a pretty lame sandbox if someone runs it the first time, this behaviour gets recorded, then judged if it may be harmful, and above certain levels (tried to access a network resource, tried to remove a file, tried to access existing registry tree, tries to send emails to your entire address book) it quarantines, and alerts an admin.
Any linux developers like that idea? temporal / quantitative security measures for automated sandbox maintenance and binary acceptance program.
or gnutqsmasmbap.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Apologies for abhorrent spelling in my posts. THey are typos, honest gov.
Using VMWare with virtual networking and memory and file system woudl be great to sandbox exe's. This could be done on the fly - or even as you run it, the executions get fed through a filter, that would allow any program to run normally until it hit an alarm in the FS, net, reg, or mem allocation.
even internal hackers would have to get thier code past this system, and therefore alert an admin.
internal firewall every resource, but allow the program to run UNTIL it hits this point of alarm.
In case Microsoft needs help filling in 3000 patent forms:
I copyright all ideas, related to, pertaining to, based on, genetically similar or even sounding like the above, and release it under GPL / copyleft / erm... yeah, opensource.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
I have to say I half agree with you.
,notify the user.
Our email attachment rules - block all that content. f course people zip up some of that content, so maybe unzip and block, this is email attachment filtering.
Checking for knwon virus signatures, yes this is an application of virus detection that is not used as a security measure, but as a decision maker, or audit trail.
Outlook is causes 99.99999* of virus problems, allowing someone to send email as you, with viruses in it - embarrassing!
I still cannot believe people use that....
Knowing a file is a known virus is ok, and useful, but you are right in saying that mail attachment filters are better. Remove anythign remotely hazardous.
Send a link to a file if you want someone to d/l it, and then use the trust rule, and fallback on the behavioural checking.
Never be in a position to run code that you have been assured by a virus checker that it is not a virus.
Of course, my approach would stop trojans, worms, scripts, anything that has this efect (each application can extend the security layer into its own realm, so openoffice could have a protect sandbox that would test scripts and if it crosses a line, like tries to embedd itself, or open a new document, or search or something
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Don't use Norton if you wanna use Freegate?
Get paid to search..It's geniune and
There were viruses a long time before Outlook. There will be viruses a long time after Outlook. As far as "allowing someone to send email as you" - that's not Outlook's fault, that's SMTP's fault: the From: header is never authenticated. Yes, Outlook's security model sucks, but security issues are a lot more subtle than you're allowing.
For instance: what antivirus software is really designed to do is not to stop 0 day infections, but to put a limit on how long a virus can be effective. When was the last time you heard about someone who had the Michelangelo virus? Can't remember? That's because antivirus software is doing its job: preventing viruses from sticking. How about RedAlert or MSBlast (gee, Outlook had nothing to do with those, did it? Yes, we can all blame MS's sloppy approach to security, with full justice, but we have to remember that MS is a product of its niche - if IBM had ended up in the monopoly role of the monoculture, it is entirely possible that their products would have introduced "user friendly" features that undercut security, too.)
Your approach frankly isn't going to work with the majority of users. You're never gonig to be able to prevent things like "Here is the report you asked for / report.doc.vbs" showing up in a user's mailbox when that user really was expecting a report from the putative sender (I've seen this happen - precisely what the virus writer is shooting for - and in that situation, a manager waiting for an important time-sensitive report from a subordinate, it's all too easy for the recipient to fail to notice that the icon is wrong, that there's an extra extension, etc.). Some users email exes for legitimate reasons. Some users are too busy to run an MD5 check on every attachment they get (and have you ever tried to explain how MD5 works to a secretary?). If viruses can be blamed 99% of the time on anything, they can be blamed on social engineering: the same impulses that make people give out their credit card numbers to total strangers who "call from the bank" will make viruses continue to spread.
no no no, I meant as you as in from your outbox, to your recipients. Even picking up replies from you.
Not the simple
EHLO form.me
RCPT foo@barney-bignutts.com
FROM whoever@Iwanttobe.com
DATA
from the top of my head.
As far as I am concerned, 0 day threats are the most threatening, and the most damaging, and since they still happen Virus software ISN'T doing it's job.
SO what, it stops old viruses. I am more worried about newer ones.
How will the approach of filtering, and application sandboxing and education now going to stop a vbs file?
the filter caught it.
worm, firewall
trojan, firewall
internal maliscious hacking - auto sandboxing and admin alerts.
You don't need to do MD5 summing, you dissallow binary attachments. Then peope adapt. Except for the Microsoft jpeg parser *groan* it should be safe enough to handle non binary data.
And as in the openoffice example I gave, any script that is enabled in the future should have applicaiton controls to limit its ability to kill you.
If however you run a program that doesn't have that, you only risk that applications zone of trust, not your whole app. So your email might go down if using a non 'trust-zonerized' email app.
now social engineering is an argument in my court, how virus protection only gives you false sense of security.
My whole argument is to take out applications from the loop that dupe you into a false sense of security. someone with firewall and virus checking may feel safe from hackers, and stupidly be more easy about giving out access pwds.
right well, it isn't a perfect world, and a standard applcation sandboxing model and trust zoning at OS level is too much to ask for, even though the basic user permissions should keep things safe (you need user/application level permissions, so Bob/IE has diff access to Bob/FireFox and 'cetra.
simple. says simon.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Granted, SMTP may not be the most full-proof protocol. But Outlook and M$ deserve alot of the blame for this. The defaults and features are atrocious. How about turning OFF the preview pane as default? How about NOT allowing HTML email in the preview pane? How about NOT automatically executing macros and code in the Local Computer zone? Sure, some of these issues have been dealt with, but in all cases the solutions are sloppy, difficult to implement and in the end, useless.
The whole reason zero day exploits are the most dangerous is precisely because anti-virus software exists. If it didn't, day 300 or day 3000 exploits would be as dangerous as 0 day expoits.
No the whole reason is because systems should be patched.
Yet again - viruses and worms are different. Virus checking software is redundant. Filtering content and sandboxing any binary that fails a temporal or trust test.
Worms - only newer ones are still prominent, why, because of system patching. So your argument about chicken egg viruses and anti-virus losses ground here.
Secure, sandbox, trust, filter and patch.
this isn't a 100% effective solution, but at least you know that. A virus checker makes you complacent.
thats it folks.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
One only needs to realize that Symantec, like most American corporations, has dollar signs in its eyes at the prospect of selling its product to three billion or so Chinese consumers. Trouble is, China is a police state. Faced with the prospect of losing out, Symantec, as so often happens with American corporations, sold out and sold its customers down the river.
And when the virus writer finds an exploit to your trust testing code?
Has anyone exploited unix file permissions?
I merely want to have the same thing, see what time the file was d/l and say, this file is new, lets fsk with it until someone with authority says it is ok.
that is oversimplifying it.
But if someone exploits it, it gets patched. Like jpeg, bmp and ssh exploits.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com