Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will Security Firms Detect Police Spyware?

Posted by kdawson on from the who-do-you-trust dept.

cnet-declan writes "A recent appeals court case dealt with Drug Enforcement Administration agents using a key logger to investigate a suspect using PGP and Hushmail. That invites the obvious question: Will security companies ever intentionally overlook police spyware? There were somewhat-muddled reports in 2001 that Symantec and McAfee would do just that, so over at News.com we figured we'd do a survey of the top 13 security firms. We asked them if it is their policy to detect policeware. Notably, Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested. We've also posted the full results, with the companies' complete answers. Another question we asked is if they have ever received a court order requiring them to overlook police key loggers or spyware. Symantec, IBM, Kaspersky, and others said no. Only Microsoft and McAfee refused to answer."

7 of 269 comments (clear)

  1. Whitelisting entities? by Pitawg · · Score: 5, Insightful

    As far as I am concerned, no company that white-lists "entities" is in security.

    White-listing processes/applications/files/data is not global, and is the only level for security. White-listing a company or organization is never an option. It is politics.

  2. The respondents weaseled by Cafe+Alpha · · Score: 5, Interesting

    You'll notice that when asked about key loggers they started talking about methods of detection other than signature recognition. Kaspersky even mentioned that he wasn't talking about signature recognition which is the only reliable method.

    You can take this as a hint that none of the companies is distributing signatures of the programs that the government uses.

  3. Re:note to self by evanbd · · Score: 5, Insightful

    Warrants should be required for the police to install the keylogger, and a court order or similar should be required for the AV program vendor to assist. If the necessary warrants and orders are in place, by all means, they ought to comply. But CheckPoint has said they don't feel a need to wait for such -- just the say-so of the police. That way lies abuse of power.

  4. Re:note to self by Copid · · Score: 5, Insightful

    I don't totally disagree in theory, but as I see it,the problem with this is similar to the problem with encryption key escrow: If there's a hole in the security for the "good guys" the "bad guys" will figure out how to exploit it. If the government has a way to get your encryption keys, even assuming that they're always on their best behavior, you can bet that a smart kid somewhere will figure out how to get your keys as well, and you can't assume that he'll be on his best behavior. Likewise, if you program a blind spot into a virus / malware scanner, I don't think it's unreasonable to bet that the same kid will figure out a way to make his malware look benign enough to slip through the same hole.

    It's a simple rule of security: If there's a low security path, the bad guys will take it. That's how they win. Assuming otherwise is silly.

    --
    An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
  5. -1, Moot by StikyPad · · Score: 5, Insightful

    Unlike traditional malware, "policeware" would only be present on the target machine(s), rather than spread to any and every computer, so it's extremely unlikely that AV vendors would ever receive a sample. No sample means it would continue to go undetected, provided it was designed to go undetected in the first place.

    And how often do you look at the back of your computer? How often do you think the average user does, or would even notice anything out of the ordinary if they were staring right at one? Sure, this is more difficult on a laptop since it would have to be opened, but it would also be even more discreet. I'm not aware of any products on the market for laptops, but I'm sure LE could commission one to be made, if necessary.

    The point is, it would be an incompetent department indeed which needed cooperation from AV suppliers to keep their surveillance methods discreet.

    --
    https://www.eff.org/https-everywhere
  6. Re:Security by Jugalator · · Score: 5, Informative

    Decoded because tinfoiling or making a point this way is just plain annoying... :-p

    "Government agencies and backdoors in technology products have a long and frequently clandestine relationship. One 1995 expose by the Baltimore Sun described how the National Security Agency persuaded a Swiss firm, Crypto, to build backdoors into its encryption devices. In his 1982 book, The Puzzle Palace, author James Bamford described how the NSA's predecessor in 1945 coerced Western Union, RCA and ITT Communications to turn over telegraph traffic to the feds."

    With Bush in office you can only expect more of the same.

    --
    Beware: In C++, your friends can see your privates!
  7. McAfee and Symantec dropped the ball by BillGatesLoveChild · · Score: 5, Informative

    Consider what happened with the SONY rootkit? Bruce Schneier (Cryptography and Security Expert) reported that Symantec and McAfee who both knew about the SONY rootkit did not add it to their signatures file. Apparently if SONY hacks your computer, that's fine with them! They only updated their files once SONY themselves had retracted the rootkit. http://www.schneier.com/blog/archives/2005/11/sony s_drm_rootk.html

    If Symantec and McAfee will let SONY hack your PC, they'll let the government hack your PC.

    Can anyone recommend a virus scanner that looks after the customer rather than the virus companies one-day maybe potential business partners if they get lucky?