Slashdot Mirror
Will Security Firms Detect Police Spyware?
cnet-declan writes "A recent appeals court case dealt with Drug Enforcement Administration agents using a key logger to investigate a suspect using PGP and Hushmail. That invites the obvious question: Will security companies ever intentionally overlook police spyware? There were somewhat-muddled reports in 2001 that Symantec and McAfee would do just that, so over at News.com we figured we'd do a survey of the top 13 security firms. We asked them if it is their policy to detect policeware. Notably, Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested. We've also posted the full results, with the companies' complete answers. Another question we asked is if they have ever received a court order requiring them to overlook police key loggers or spyware. Symantec, IBM, Kaspersky, and others said no. Only Microsoft and McAfee refused to answer."
"Tbireazrag ntrapvrf naq onpxqbbef va grpuabybtl cebqhpgf unir n ybat naq serdhragyl pynaqrfgvar eryngvbafuvc. Bar 1995 rkcbfr ol gur Onygvzber Fha qrfpevorq ubj gur Angvbany Frphevgl Ntrapl crefhnqrq n Fjvff svez, Pelcgb, gb ohvyq onpxqbbef vagb vgf rapelcgvba qrivprf. Va uvf 1982 obbx, Gur Chmmyr Cnynpr, nhgube Wnzrf Onzsbeq qrfpevorq ubj gur AFN'f cerqrprffbe va 1945 pbreprq Jrfgrea Havba, EPN naq VGG Pbzzhavpngvbaf gb ghea bire gryrtencu genssvp gb gur srqf."
Jvgu Ohfu va bssvpr lbh pna bayl rkcrpg zber bs gur fnzr.
I don't trust any of them NOT to do whatever the cops/government want(s).
Open Source all the way.
I am going to send all my private messages by owl from now on.
Will Adaware detect Police spyware? I wonder.....
never buy anything from check point.
If you mod me down, I will become more powerful than you can imagine....
How long until real malware figures out how to make itself whitelisted?
They don't need to turn a blind eye to policeware. The commercially available remote administration tools aren't in the databases.
the NPG electrode was replaced with carbon blac
But it's not the source, it's the data.
And publishing data or distributing which compromises investigations is probably a felony.
So how would your open source system work? Would you openly publish how to recognize all of the government's spy software?
I'm not normally given to conspiracies, but this is ridiculous. The fact that we're having this conversation means that at least someone is concerned about the possibility of Government key loggers not being detected, and if it's taken someone outside of gov't this long to discuss it then I feel certain that the gov't itself has been thinking about this for some time.
These companies will cave to whatever law enforcement agency has jurisdiction for the investigation quicker than the last Harry Potter book hit the torrents. The only possible exception would be those AV companies that are immediately outside of the grasp of the agency involved. I don't even think that those companies are safe because their own governments would likely bear pressure to comply.
load "$",8,1
If they do whitelist gov't spyware, they will probably also lie about it.
I think modern government wouldn't do its own spying, but would find a subcontractor.
technical writing / development
As far as I am concerned, no company that white-lists "entities" is in security.
White-listing processes/applications/files/data is not global, and is the only level for security. White-listing a company or organization is never an option. It is politics.
You'll notice that when asked about key loggers they started talking about methods of detection other than signature recognition. Kaspersky even mentioned that he wasn't talking about signature recognition which is the only reliable method.
You can take this as a hint that none of the companies is distributing signatures of the programs that the government uses.
The question was "Have you ever received such a court order signed by a judge...".
But if what they had received instead was a NSL, they would be under a gag provision (with *jail* as the penalty) to not mention anything about it.
That's only in Amerika of course.
Nope. Just the opposite. Instead of searching for software that could be spying on you, the transparency means that you already know what is running and what it is doing.
sounds like a bad idea to me. What happens if the government spyware is in the wrong hands. Seems to me this would be very dangerous and open up a can of worms to someone hoping to protect their computer. An example is Encase FIM (just for law enforcement FBI/Police/etc) which has a remote stealth agent for connecting to evidence computers. This is not picked up by scanners but im sure its available on warez sites which probably means its not just in intended hands. In the end i want an AV tool that can tell me if anything potentially dangerous is going on with my computer. The AV tool wont be able to discern if the user of the spyware has good or bad intentions so it shouldnt try (especially based on the author of the spyware).
If policeware gets a free pass to do things that, done by other parties, would be considered "malicious", then other malware will quickly begin to disguise itself as policeware to avoid detection.
Because the software can then be captured by the hackers then used on the government systems, which will have their own software used against them.
This is exactly like the key-to-the-city thing. If that key gets stolen...
In the end, it won't work. Government is a business providing a service at the barrel of a gun and as we've seen countless time, the free market never choses the violent solution.
I'd like to see them ask that question. After all, virus checkers see every file on your disk, every email you get and send, every IM chat. So it's a natural point of leverage for any kind of spying. Only the OS itself would be a better target.
And it's even better than whitelisting, because you can do a blanket search of *everyone* using the virus checker for interesting keywords or known-enemy email addresses. Hey Poindexter, get on it!
What I've always wondered is the kind of backroom heavy negotiating that got printer manufacturers to agree to printing printer-identifying information on EVERY page!
Here's an interesting question: Do any Google employees get to see search trends in real time? For example, if 1000 people are working on something very secret, is that thousand enough to give some Google employee a clue, if they're doing all kinds of searches to see what's already online. (Obviously, turning off referral strings!)
My final conspiracy question is whether supermarket loyalty-card programs allow real employees to see names and shopping lists, in the small-scale aggregate. My guess is "No".
I think I'll use open source from now on, but which are the best open source anti-spyware programs out there?
Just wait 'till the mafiaa partner with the AV companies to detect copyright material.
1984 was not supposed to be an instruction manual.
Linux or OpenBSD would never incorporate spyware-friendly features. OpenBSD in particular has mechanisms to make it difficult to even create such things. If you care about security, use one of those systems. Any foreign government that is running Windows for its desktop OS is in serious denial.
Note that the risk is not just court-authorized wiretaps. The bigger risks are illegal police wiretaps, and illegal criminal (non-police) wiretaps. Any keylogger that is designed to go through a built-in exploit would be a hot item on the cracking market.
This highlights the needs for more open source/public software. Whether it is voting machines or spyware scanners. Some things can't reliably be left to commercial vendors with closed source.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
1. Whitelist police spyware
2. Crim gets hold of police spyware
3. Crim gets pwns your machine, steals your identity and makes your life a living hell for the next 3 years or more.
If you paid for a piece of anti-spyware and they leave a backdoor open like this, isn't that a case of negligence?
These posts express my own personal views, not those of my employer
If reputable companies do it, someone will write something to scan for them. Its not like there is only 1 company in business who has a 100% market share.
I think Eset is Czech or something. God only knows what laws apply to them.
Some technologies are simply too easily abused. You want to check my system for criminal activity? Fine. Get a warrant and confiscate it. I don't think this is anti 5-0. This is checks and balances. There are tons of great people involved in law enforcement, but adding tools and acceptions like this is just taking another needless step down a slippery slope.
We keep gleefully throwing away our rights in the name of what? Fear? That's bad rationale. Our founding fathers must be turning in their graves.
Quack, quack.
Sounds like the Government is planning to implant a rootkit in every single computer or atleast leave a vulnerability/flaw in code (very easy to do with Vista since its so new) which will allow them to do so.
Time for everyone to switch to Linux. The more eyeballs we can get on code the more likely someone isnt able to sneak shit like this in.
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused
Quo usque tandem abutere, Nimbus, patientia nostra?
I am so sick of people assuming that just because they use encryption they are safe from everything. This is an exact reason for defense in depth and physical security. If the guy had set a bios password and encrypted his drives based on a secure passphrase, installing a key logger wouldn't be such a trivial feat. The FBI is no smarter than any security expert, and usually a hell of a lot dumber (collectively).
What I'd like to see is a actual accounting of "whitelisted" programs, ones that have attained the appropriate certificate.
Walk with Music;
Oh, you don't have one. Policeware... DELETED!
I see lots of comments on either side of the political/privacy spectrum, but that really isn't the issue. For that, yes, the cops need unfettered access in a few, specific, court approved cases, and no others. Balance being key. BUT (and it's a really big but), the real issue is the white listed spyware. If I'm going to use spyware for some nefarious purpose, why not use my resources to get the good stuff that the detectors are told to ignore? Easily done and we know this! The end result would be a two-class system of spyware: the garbage that isn't too hard to get rid of, and the really dangerous crap you won't even know is there.
Given that a target could be using multiple OSes, reformating, etc, etc.... wouldn't installing a compromised BIOS make more sense? How could you know that this wasn't already the case... unless of course you using LinuxBIOS built from your own (validated) source.
Or going the hardware route - installing an inline keylogger is a bit noticable, but what if this (just the chip+wires) was installed inside the PC or keyboard case?
Munge.
Police actually had to brake in the persons' office to install the keylogger, in order to get their PGP password. This means PGP is at least quite good. However, the article implies that PGP is breakable with a bit of time and effort: Coffey asserted that the DEA needed "real-time and meaningful access" and that's why they monitored for the keys.
Unlike traditional malware, "policeware" would only be present on the target machine(s), rather than spread to any and every computer, so it's extremely unlikely that AV vendors would ever receive a sample. No sample means it would continue to go undetected, provided it was designed to go undetected in the first place.
And how often do you look at the back of your computer? How often do you think the average user does, or would even notice anything out of the ordinary if they were staring right at one? Sure, this is more difficult on a laptop since it would have to be opened, but it would also be even more discreet. I'm not aware of any products on the market for laptops, but I'm sure LE could commission one to be made, if necessary.
The point is, it would be an incompetent department indeed which needed cooperation from AV suppliers to keep their surveillance methods discreet.
https://www.eff.org/https-everywhere
Which security programs would you use? Which ones would you recommend to less tech-savvy friends and family? Assuming - The person is a "user" not power, super or otherwise having extra abilities or knowledge The machine is a windows pc (lets say XP for argument's sake) The user is willing to use what you recommend or install for a product price range of $0-$30US Thus far I have gone for the basic "freebie suite": AVG Free, Zone Alarm Free, Ad-Aware and Spybot. I also run these on my windows box so I am able to help if anyone has a question (about a dozen friends and family members)
C-Net was a C64 BBS system, went up to something like v18, and the codebase was forked around v13 to make Image.
the NPG electrode was replaced with carbon blac
Hint. Start | run | OSK. Use that whenever entering the first half of your passphrase.. then use kbd for second half. That will confuse the hell out of them.
Indeed, why should you trust a private company (that too made up of former black hats) to be any more moral/law abiding than elected officials under public oversight? I think you should become as passionate about politics as you are about open source.
Probably the government approved SELinux. If you set the permissions correctly, then no program who doesn't need to should be able to detect what another program is doing.
Of course, setting the permissions correctly is a PITA...and so is using a system so configured. But it's probably as secure as you can get, bar a disconnect from the internet.
I think we've pushed this "anyone can grow up to be president" thing too far.
sounds right
You do realize that a computer has no idea who installed any given program, right?
What I mean by that is that the bad guys can and will use pirated copies of the police spyware should it be legally undetectable.
Might want to think about the implications of that. Personally, I'd rather have no spyware and require the police to use bugs or mini cameras pointed at the computer screen once they had a proper warrant.
But they damn well get a proper warrant. All this unaccountability they've been provided does not sit well with me. After all, if people were so trustworthy that accountability was not required, we wouldn't need police in the first place.
Wise guy, eh? Let me introduce you to my main man Edgar!
Once the malware is identified, it can be copied and manipulated to run on systems with impunity while it's being ignored by the AV software. It would be reckless to the point of being ineffective forever.
Consider what happened with the SONY rootkit? Bruce Schneier (Cryptography and Security Expert) reported that Symantec and McAfee who both knew about the SONY rootkit did not add it to their signatures file. Apparently if SONY hacks your computer, that's fine with them! They only updated their files once SONY themselves had retracted the rootkit. http://www.schneier.com/blog/archives/2005/11/sony s_drm_rootk.html
If Symantec and McAfee will let SONY hack your PC, they'll let the government hack your PC.
Can anyone recommend a virus scanner that looks after the customer rather than the virus companies one-day maybe potential business partners if they get lucky?
Microsoft on the other hand, I wouldn't trust as far as I can throw the entire set of Justice Dept. filings against them.
You are welcome on my lawn.
1) AV companies whitelist trojan used by government agents.
2) government agents install said trojan on all the bad-guys computers.
So now all the known bad guys have copies of a trojan that is whitelisted by the AV software...
What could possibly go wrong?
That's exactly the level of intelligence I've come to expect from this government.
Oh wait, maybe they'll copyright the the trojan so the bad guys can't copy it and use it on other computers...
Any AV company that co-operates with such a plan is incompetent.
A company providing protection from keyloggers and other tools that are installed without the user's consent (malware) should not be making exceptions for anything that would otherwise be considered malware.
... including installing keyloggers. But having a security vendor be open to the idea of intentionally weakening their application is reason enough for me to not renew my ZoneAlarm license.
This reminds me of the same arguments that were made for the "clipper chip". That is: "Encryption is OK as long as law enforcement has a back door". The non-technical amongst us would proclaim that "You're against Law Enforcement if you don't support some kind of key escrow service." Security tools that are designed with weaknesses built in are not good security tools.
The current crop of anti-malware tools are already not adequate. Vendors should err on the side of caution and flag anything that is monitoring keystrokes or matches signatures without concern about who installed it, or whether or not it is an application that is "whitelisted" for keylogging. To do otherwise invites criminals to take advantage of that circumstance and ensure that the malware they use appears whitelisted.
I don't care about your political views or your opinions about whether or not a particular administration or government is "Good or Evil". I'm all for law enforcement using necessary (legal) means to enforce the laws
"God is dead!" - Nietzsche
"Nietzsche is dead!" - God
Open Source all the way.
Is your BIOS in that motherboard you are using open source?
Is that integrated circuitry on your motherboard and CPU open source?
Just trying to "free your mind" because obviously the Matrix has you.
I regret that I only have one mod point to give per post.
Of course, if they have already volunteered to whitelist said police and federal keyloggers, spyware, etc, then they never would have gotten any court orders. So by answering the question asked, it still leaves the possibility of them not searching for and destroying "legal" spyware.
A recent appeals court case dealt with Drug Enforcement Administration agents using a key logger to investigate a suspect using PGP and Hushmail. That invites the obvious question:
But the fact that you are a 'suspect' getting spyied on only for using PGP and a mail anonymiser is not an 'obvious question'? For me it is a lot more, since the Spyware detector have no choice but to obey the law. If they refuse to whitelist cop spyware, a law will force them very quickly.
...I would NOT be depending on consumer-grade anti-virus products for my security.
Unless there's a world-wide conspiracy or a single supplier of "police spyware" in the world, Anti-Spyware products from other countries will not follow "don't detect us" order (and, I bet, there would be one or two posts with "would you look at that?!" notes, listing exactly what "please don't detect us" not says). ;) ) :)
Of course it also implies that gov-spyware is used in such mass quantities that at least one or more somewhat knowledgeable people find that something is wrong and involve anti-virus/spyware vendors.
So... those who believe in world-wide conspiracy -- there is nothing to protect you (otherwise it wouldn't be ww-c
Those who are paranoid -- use anti-virus/spyware kits from different countries. Kill everything suspicious (perhaps including one or two of those anti-virus programs that point at each other as a threat)
Everyone else... panic for a week, then move on to the new threat/panic/book/movie
Hyperom.com
Oh thanks for clearing that up for me. I'm so relieved.
Quack, quack.
"once you need the police to protect you"
They just won't. I kept having a guy park in my driveway at night to sleep. I called the police repeatedly, they refused to do anything. They kept asking if he was doing anything "threatening".
So I went down to the guy with a baseball bat, told him if he showed up again I would do my best impression of Babe Ruth with him having a close seat. He left and hasn't been back since. What good are the cops. Ultimately, you have to defend your own property yourself because the cops don't want to deal with it. I guess they're too busy beating skateboarders asses and confiscating cars because they thought there was drugs in them (snigger).
So please spare me the tales of how the cops are here to serve and protect. It's complete bullshit.
The answers given by the security firms were very carefully phrased to indicate that they would detect and notify users if police installed commonly available spyware. They did not indicate what they would do in the presence of proprietary spyware developed for police and/or intelligence use only that was not in common use and thus would not have a virus signature.
A question. If a malware detector wants to avoid detecting government malware, would they need to explicitly whitelist it or merely fail to blacklist it?
If they do whitelist government malware, is it possible to read the whitelist and extract the signatures of the whitelisted malware - and then search your system using a modified scanner and the signature they so thoughtfully provided?
.evom ton seod gis eht
What about tracking systems on cars that police install, or bugs in your home.
is it legal to remove them if found? I would destroy them all, uninstall it etc. But is it legal to do so?
The phrase "more better" is acceptable English. suck it grammar Nazis
Is there such a thing as a generic test for keyloggers? Perhaps some way to profile a known-clean system and then spot the difference in some aspect of performance if a keylogger is subsequently inserted? If the keylogger is rootkit-like it may be hard to spot in the small space of memory it would require. But wouldn't it usually introduce some slight delay in the speed of keyboard input getting to the intended program? Is there any way to test for that without the test program itself getting the same slightly-delayed input, with no way to measure when the key actually made contact? Can keyboard input be simulated in a way that would send it through any installed keylogger, and so reveal it?
Alternately, the keylogger is most likely storing the logged keys either in clear or in isomorphic form to the input. So if you inserted your own keylogger into the system, what would it take to scan memory (and drives?) for matches on samples of what your own keylogger captures? Keyloggers aren't going to want to be burdened with heavy encryption to avoid this scanning, since that would add enough system load to make them more spottable by other means. Obviously you'd have to mask out the legitimate memory locations of, say, your word processor the input's going to - which would miss a keylogger patched into your word processor.
Is anyone working on a way to harden systems against this whole category? (Yeah, key-logging dongles are yet another thing. Software insertion is the question I'm addressing.)
"with their freedom lost all virtue lose" - Milton
It isn't detected because it isn't policeware. Or were you inferring that it is? Care to back that conspiracy up with facts and evidence? Tell all of us uninformed sheeple how you know such insider knowledge. Of course you won't be able to because you're pulling all this out of your ass.
Call me stupid, but don't most virus/malware scanners use heuristics and other methods designed to detect methods of attack, rather than particular signatures attached to specific pieces of software? Scanners could work in two ways: find residue/signatures of specific pieces of problem software, then clean up/block that software. Or, in addition to signatures, detect methods problem software uses, such as scanning every port in order, using known methods to attempt to hide in memory, attempting to install without user confirmation, etc. If scanners use methods, not just signatures, then police designed software would be just as likely to be detected as any other new virus/malware.
I don't know a lot about this, but it seems to me that ever since viruses began to hide themselves in memory and polymorph on the harddrive, i.e. since 1994 or so, scanners have had to be more clever and have had to look for methods. They recognize types of behaviors and types of signatures which are known to correlate pretty well to virii and malware.
This possibility is confirmed by AVG's Fran Bosecker [TFA]: AVG detects methods not signatures. Therefore police malware would have to use novel methods to be undetectable.
And again, my assumption is confirmed, by Randy Drawas of Kaspersky Lab [TFA]: And again my view is confirmed, this time by Vlad Gorelik of Sana Security [TFA]:And, finally, my view is confirmed by Dan Hubbard of Websense [TFA]:If this is true, and police software is as likely to be picked up as any other malware, then the police require malware whitelisting to do their job. It is not moot.
The average policy agency, slowed down with bureaucratic molasses, will not be at the forefront of malware development. They will need whitelisting, OR methods that disable security software.
I'm shocked the parent got +5. Are there no technically competent
What are the chances of success of a company specifically advertising that they don't overlook any spyware (including intelligence services spyware) from any country including US and making their business model on it?
Everything I write is lies, read between the lines.
Sure, this is more difficult on a laptop since it would have to be opened, but it would also be even more discreet. I'm not aware of any products on the market for laptops, but I'm sure LE could commission one to be made, if necessary.
Laptop keyloggers exist now. Buy one here.
http://www.keyghost.com/PCI-MPCI-Keylogger.htm
The truth shall set you free!
This does seem like a very valid concern, but the key point missed in the summary is that there are countries and governments besides America. (shocking, I know)
Just like America has a vested interest in preventing the Russians/Chinese/Terrorists/etc from spying on us by detecting their keyloggers (but whitelisting their own), other countries will similarly want to keep out America's malware.
So I guess the trick is to install two A/V programs, from two different nations.
Number one in covert ops is based on need to know. Nobody not cleard for the ops project doesn't need to know. The fewer who know the better. There is less chance of a security breach and provides the rest of the department deniability.
This includes anyone outside the agency. Installing spyware would include modified signature files and executable for the scanner. The scanner provider does not have a need to know. Building a look-alike security scanner that pretends to scan the system isn't that hard to replicate and may be undetected enough to compromise the encryption password to enforcement.
The truth shall set you free!
The idea of companies letting governmental agencies install spyware is just another example of how we are loosing our right to privacy. If I owned an antispywre company I would refuse to adhere to an order, even if signed by a judge, to let a governmental agency's spyware go undetected. If ordered to do this I would rather tell the client that there computer is no longer secure and refuse to update there software, which would be a major hint that something is going on. People need to get together and start standing up for there rights to privicy on the internet and off, and be willing to go to jail for there beliefs. Remember if you get sent for jail for something like this, you most likely wont go to a place where violent criminals get sent.
The article naturally focuses on the world of windows, given the companies involved. A Linux/BSD/Solaris/etc box isn't likely to be compromisable with a windows-based keylogger trojan (if indeed a trojan is how they install this software), but there exists no doubt at least one UNIX-style equivalent keylogger, so you're still not out of the woods.
However, if someone is in the habit of using Knoppix/MEPIS/other live distro when sending/receiving sensitive encrypted data, the root filesystem cannot be written to, so you're back to clean whenever you reboot.
I guess that leaves BIOS-level hacks (?) or devices inserted in the keyboard signal path..
I just hope the politicians (who invariably are usually the ones with the least knowledge of computers) come to their minds before the big desaster strikes.
It's not so much an issue of security and anti-malware vendors. A "government trojan" has the potential to become a diplomatic desaster. I mean, ponder the consequences.
Aside from the political problem that could rise when such a trojan is detected (and I deliberately don't write "if". "When" is the word of choice, because it will be detected, no matter whether AV vendors ignore it, because they must or because they want to 'help their country'), which can quickly destroy the rest of support a government has from its subjects, the foreign politics are much more endangered.
Imagine the US writing a keylogging and content sniffing trojan. Said trojan is then issued to a potential suspect. Said suspect finds it and forwards it via spam mail to Chinese companies and government. There it's detected, dissected and analyzed, to find that it's a keylogger reporting to the NSA.
Can you imagine the international implications?
For European governments, the headaches get even worse. Kaspersky said they won't care (and I believe them. I mean, if I was in Russia and had the backing of the government there, I wouldn't care about "do not find" letters from some minor country in Europe either). European AV researchers will be in Den Hague immediately when a "you must not find" letter hits their desk, and sue for unfair competition situations. And then, the cat IS out of the box. Dead or alive.
What governments around the world didn't get yet is that the success of trojans lies on their spreading. A trojan gets sent to a few thousand targets, a tenth of a percent of which actually click on it and infect themselves. The current very popular and successful form of infecting where you manipulate webpages to spread your malware is definitly out for targeted infections either, you'd have no control over who gets infected.
So if you send your "targeted" trojan to a thousand suspects, only ONE of them on average will actually be infected. Compare that to the dangers of having that trojan in the "wrong hands" (see above), using such a trojan would be political suicide for any remotely democratic government.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Now I don't use any of the software referenced in the article, but I am concerned about this development.
I live outside of the U.S. Although there are some citizens of the USA which seem to think (/. being less afflicted than some other forums) that the Web is inherently American, the Web != USA. It's a global thing.
Am I to suspect from this piece that a machine outside of the USA is potentially open to compromise as a result of the whitelisting of software that could be used by American law-enforcement agencies?
The companies complicit in this sorry tale of capitulation need to be chastised - economically. The alternative is that more countries will exercise sufficient political clout to get their sh!tware whitelisted, and the questionable value of security software will be further eroded.
With an Open Source scanner at least one can be sure there is no policeware whitelist...
When the German government came up with the idea that encryption systems (including SSL access to a box) have to include a "police backdoor", the immediate reaction from the Chaos Computer Club was an open letter, effectively saying "Good idea, it's gonna make hacking a heck lot easier".
There is no such thing as a "good backdoor". Information does get out, and the implication is that security that leaves a "legal hole" open is none. Not because you'd fear police, but because there is an unpluggable hole that sooner or later a crook will detect and use.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
No, not for the crooks, but for security altogether. Let's take a look.
Police comes forwards with a trojan that must not be detected. AV vendors heed the order and whitelist it.
Now, I dunno if you know how malware is developed. Malware is routinely tested against the current AV tools. Simply because you want to create malware that is at least not immediately detected. So what's the best malware? Exactly: One that MUST NOT be detected. So what's the best base for the ultimate trojan? The police trojan. You only have to create a trojan that matches the whitelist signature of the fed trojan to be safe from detection.
It's way easier than trying to match your malware against other software that's on a whitelist. That police trojan has to do essentially what you want to do: Infect a computer, install a keylogger, steal the user's passwords, sniff through his files. No "ordinary" software that could be whitelisted does that. Your chances to match your trojan against this piece of whitelisted shit are incredibly higher.
So if I was a malware writer, I'd be waiting with anticipation for the feds to release it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
"So please spare me the tales of how the cops are here to serve and protect. It's complete bullshit."
Calm down now. I know you made that story up. Everybody knows. What did really happen was that you were overspeeding inside city limits, burned a few lights and a patrol car stopped you.
You were ordered - at gunpoint because you were all agitated and flustered and angry - do get out and show your papers. They made you walk the line, with your family and friends (who were in the back car) watching. People in the street stopped and said "Watch that drunk fuck!" aloud. You were humiliated, publicly.
It must have hurt a lot, having your tough-guy image shattered. All the tall tales you fed your family and friends were revealed to be lies. You were too scared to talk back to the cops. You hung your head low and complied.
So now your kids disrespect you. Your wife doesn't listen to you anymore. Your friends laugh behind your back. You are now marked for life as a loser.
You boil with rage whenever you see a uniform. You replay that scene over and over in your memory, always changing it in your mind. You fantasize about using martial arts to subdue the cops, grabbing their guns and shooting them. You imagine yourself as the heroic leader of a revolution against The Man.
But the painful truth always ruins your pathetic daydreams. You have been humiliated. Oh, the hurt! Oh, the indignity! It must be terrible being you.
What do you do when there's a cop show on TV your kids want to see? Do you yell at them? Do they laugh at you? Your authority is now forever compromised. You will never get it back.
Have you considered suicide?
Wired is reporting on some FbI spyware used to catch people. Wonder if any of these companies would spot and report that...
i _spyware
http://www.wired.com/politics/law/news/2007/07/fb
I mean, your Windows computer with McAfee AV talks to Microsoft and McAfee every day, yes? If either company can uniquely identify your computer ( *cough* registration key *cough*), what's to stop them from putting together a special "update" just for you?
Maybe their refusal to answer is simply a refusal to lie.
This is not my sandwich.
My first thought is how one can secure anything with the help of Symantec, Mcafee or any other security vendor. If they gladly whitelist governmental spyware/keyloggers how do i know my network is secure? Nothing stops a blackhat that has gotten his hands on one of theese programs. Or do the security vendors somehow know who can use it or not? I really dont see how that would work. Most probably no destinction is made as to whom is using the badware. I also dont trust foreign governments, expecially since the US has been involved in spying for its own business many times before. So in effect any non US company should shun US based security products like the plague.
HTTP/1.1 400
Translated: Sanctified and exalted be G-d's great name...
Which is the opening to the Kaddish; the "Mourner's Kaddish," sometimes referred to as "the Jewish prayer for the dead." A tad maudlin, although I agree with the 'truth to power' sentiment of the OP.
Y'he sh'lama rabba min sh'mayya v'chayyim tovim
HTH. HAND.
--
There's no business like
Since no one else has mentioned it...
CALEA.
When an isp gets a subpoena, they're required to be able to tap your internet traffic basically at a moment's notice. The law enforcement agency will then receive a full packet trace of literally every bit of your network traffic.
Granted, this is meaningless on a stand-alone pc that's not connected to the internet, but the instances where they'll want to install gov't spyware on this type of system has got to be far, far less often.
"I can be self-referential if I want to," said Tom, swiftly.
I think the big question is, what is the difference between police spyware and the sony root kit? Both have good intentions, but could still be utilized by hackers.
I remember some 12 years ago or so, a friend of mine said he
used the KGB encryption algorithm to encrypt his stuff. At
the time this struck me as odd. But he went on to explain
that anything created here in the US would likely have back
doors available to various agencies. He noted that the
KGB probably has back doors to their encryption stuff as well.
But he didn't care if the KGB knew his stuff. . .
Unless there's a world-wide conspiracy or a single supplier of "police spyware" in the world, Anti-Spyware products from other countries will not follow "don't detect us" order
The single supplier of police spyware will ultimately be the OS vendor. And with a near-monoculture based on a closed-source OS, you bet who will open the backdoor for over 90% of all desktop PCs worldwide. Do YOU know what's hidden in all those kernel modules, DLLs etc. of your default Windows install? Ditto for Macs. Only Linux/BSD are (at least for now) somewhat secure, provided you avoided the closed-source drivers like the plague.
The moment it gets really dangerous, is when the police troyans will be embedded in silicon, a.k.a in every network adapter, hard disk controller, keyboard controller etc...; AND when it can be reached/activated from the outside somehow. Let's see: Network adapters: check! Graphic adapters? they could communicate over the bus with the NICs: check! Keyboard controllers? via USB bridge: check! Disk controllers? Again, over the bus, without OS intervention: check!
But at least for now, the easiest way to install a police troyan is to ship it with Windows, or with a popular driver of that platform. Or maybe, it's not necessary to ship anything: just use the pre-installed backdoors (every blackbox has some). Conversely, the easiest way to keep safe (for now), is to use an open source OS, compile everything yourself (Gentoo? BSDs?), and be generally very alert on security; esp. considering that you could slurp a distro over a compromised link (man in the middle attack).
cpghost at Cordula's Web.
If you know what your running and what should be running, and you monitor your connections, and what should be connected, and you keep backups mirror images and you know how to track down bad process's, you really don't need a scanner. You don't need these companies. I have crap from back in the bbs days that can still make un-detectable worms for windows/dos systems. hex editors, and file managers like ztree and mc are invaluable defense against this bullshit. On the other hand you need to know what the fuck your looking at. Is something encrypted and don't belong? DELETE THE FUCKER. You don't need to be a +HCU wizard to find shit and stop it. Know a little ASM, know some C, know some code! BE DANGEROUS YOURSELF! The other thing is don't panic. If you find a rootkit your already owned, the damage is already done. Stay calm and defend your network. UNPLUG IT! if you have to. iptables the problem out. Can't do no more damage if you can't get a fucking packet moving anywhere. Now lets get these horrible fuckers out of our government (who are elected via these fucking cracked electronic voting machines), and restore the constitution before we have a civil war!!
Nobody not cleard for the ops project doesn't need to know.
My head asplode! Ow. Seriously, I usually hate the grammar nazi's around here, but it took me three tries to parse this sentence. And if I'm not mistaken, once the triple negative is decoded, it says "Everybody who hasn't been cleared for the ops project needs to know," which I reckon is the opposite of what the author intended.
Yikes.
Since you've resolved yourself to make my words a part of your daily, perhaps you'd like to introduce yourself to me?
How about you start out by telling me what you had for breakfast?
Are you at work when you type this junk or is this something that you do because you have no other options for any productive hobby in life?
the NPG electrode was replaced with carbon blac
Or are they building their backdoors in their code? Let us not forget that Moscow is not nearly so squeamish as Washington when it comes to individual rights. Go Putin! Bring back the bad old days!
Where's your evidence? Oh, wait, everyone is supposed to accept your incessant prattle because you are homeless-- right?
I see you've made it back. Again, I'm flattered by your constant and neverending attention.
It's clear that you crave my attention. You hardly ever miss a post or a chance to respond to anything which I say with contradiction, derision, disdain, and scorn. You obviously don't like the topics which I pick to discuss and you obviously don't like what I have to say about those topics. It's also obvious, though, that my attention is very important to you.
So why don't you do something productive? If you crave my attention so much, if it's that important to you, then sign up for an account, watch the front page, and post some of your own original thoughts to any of the stories. Have you had any original thoughts in the last six months? I haven't seen any. Every single one of your posts has been nothing but a response to what I'm thinking. You've made yourself out to nothing more than a very poor sidekick. Go ahead, post any of your own original material to any topic, and then mail a notice to my Hotmail account to tell me which post was yours. I will then demonstrate for you, since the concept is clearly (with six month history) beyond your scope of understanding, the art of constructive and casual conversation.
the NPG electrode was replaced with carbon blac
The following is a simulated troll for entertainment purposes only:
-- So many court cases...so many lawsuits...FOI requests...etc. etc. etc. Where do I begin? Yet you haven't named a single one. More crackpot conspiracy theory. They have all done wonders for my self esteem Clearly demonstrating that you troll because you have a low self-esteem. I never considered Mother Nature to be very conspiratorial. That's because she isn't. You only think she is because you're a crackpot conspiracy theorist... I drink to forget, and it's working wonderfully. ...with a substance problem.
How is anyone supposed to take you seriously? Why aren't you homeless?!
--
This concludes the trolling section of this post
--
In seventh grade my Amer. Hist. teacher, first day of class, was reciting the usual litany of rules of the classroom. Although he didn't ask for our assent I gave mine, with an "Uh-huh" from the back of the classroom, after each and every one. A week later he got me back. In a discussion about the early American colonies and the Salem witch trials he illustrated the importance of the American judicial principle "Innocent until proven guilty." He asked the class for a volunteer to role-play an accused witch in a "guilty until proven innocent" courtroom. I volunteered.
Everything which comes from the ACs over the last sixth months (with this account), over the last five years (with previous ones), from my managers with the employers whom I left (leading to my homelessness), and from the ego-driven knuckleheads on IRC over the last ten has been 100% reminiscent of that simple 15-minute example of "guilty until proven innocent" which I learned in 7th grade.
It really saddens me that there are corporate heavyweights, "leading" researchers with multiple PhD degrees, corporate managers, executives, politicians, and anyone over the age of 12 who still conducts their business as if all of life is a "guilty until proven innocent" interrogation of anyone who dares to refuses to acknowledge their supreme authority.
It also puzzles(*) me as to how I became such a primary target above all the other available humans in society.
(*) Not really. Witch hunters tend to go after anyone more intelligent than they are--and their fanatical zeal increases exponentially with the intelligence differential.
the NPG electrode was replaced with carbon blac
Luckily there's ClamAV and open source software.
depends on what morals and what laws you are referring to. it is likely each would violate morals and laws, but they would be different ones.
upon the advice of my lawyer, i have no sig at this time
But I have this "crazy Idea" that the government and the people who allow the government to rule over it, are supposed to have a reciprocal, mutual relationship. That means, for the most part, each "side" has roughly the same "power", whether it is access of information, transparency and accountability, mutual oversight, and technology. If they detect something crooked on "our" side, we grant them the power to bring that person down; vice versa, we have to have the ability to detect something crooked on thier side as well. Allowing police to implant spyware and having spyware blockers go along with this, while normally a citizen is not supposed to implant spyware and can face prison for this - this is very asymetric. There is a growing amount of asymetry between the police, corrosion of civil rights, and its not conspiracy to believe this; this is factual. Along time ago, armored knights on mounts were uesd to suppress serfs / slaves by crooked rulers in England; When the crossbow came out, *any* peasant could take down a knight with a well placed shot. They were quick to outlaw the crossbow. This is an example of how its important to fight for things that keep symmetry, and how we have to be vigilant and guard against asymmetry. Democracy isnt self-maintaining, and its not suprising how many Republicans are so quick to side with the police, thinking they are just well-reasoned citizens against crackpot-conspiracy theorists, when it is they who haven't studied the history of suppression, the meaning and importance of what our founding fathers were fighting for, and the spirit that belies the Declaration and Constitution: an open society, and a free society. Facism has always been with us, and ive noticed many "fascist" comments from many slashdotters, and I'm amazed at how utterly devoid they are of an education behind that attitude they have. Yes, they don't stress much history, American history as a Comp Sci major, but please, lets try to be smart and not devolve into little imps.