Slashdot Mirror
Antivirus Firms "Won't Co-operate" With PC-Hacking Dutch Police
nk497 writes "Dutch police are set to get the power to hack people's computers or install spyware as part of investigations — but antivirus experts say they won't help police reach their targets. Mikko Hypponen, chief research officer at F-Secure, said the Dutch bill could lead to antivirus firms being asked asked to cooperate with authorities to let an attack reach the target. So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request, and said his own firm wouldn't want to take part. Purely for business reasons, it doesn't make sense to fail to protect customers and let malware through 'regardless of the source.'"
Aside from whitelisting executables, anti-virus products have about 0% chance of catching stuff that isn't distributed to hundreds of thousands of machines anyway. All they need to do is change their payloads and exploits sometimes. I doubt the police would even bother asking anti-virus makers.
I think hacking has one big downside compared to traditional phone tapping. It is possible person being hacked can detect this and make counter measures against it OR even supply false information. For police standpoint I would consider information gained through hacking very unreliable.
The problem is simple: if you can impersonate police malware, any and all protection is instantly voided.
This is why it's a VERY, VERY bad idea.
Still not hard with root. With a signed order by HR, I installed malware on an employee machine (he was violating just about every clause of the AUP). I had to load up the AV, set the malware to "approved" in the exception list, then install it. He never knew it was there, until he was fired for browsing porn on company time, and "working late" to impersonate young girls in chat rooms to pick-up men, essentially proof he was billing personal time to the company as overtime, as well as the multiple porn complaints we needed to address to prevent lawsuits. Captured the email addresses and passwords for his chatting accounts, things like hotteen14@aol/hotmail. But nobody ever logged into them, just proof that was all he was doing when alone late in the office (though, what was on his screen was known, nothing was known about what he was doing reading those emails or chats...)
But the point is, for effective malware, you must disable the AV. When the AV has a known hole, everyone will pretend to be the police. Even if a huristics might cause an issue, once you have it on, you attack the AV first. I remember back in the 90's when AV was starting to mature, most of the "smarter" malware would attack the AV. Even if it couldn't disable it, it would run up CPU and cause false alarms to encourage the user to disable it. Causing holes, no matter how small, will allow someone in who shouldn't be in.
Learn to love Alaska
Most of the major AV software suites utilize some form of behavioral heuristics to detect unknown threats. I'm not saying it's 100%, but you'd be surprised how effective it can be if implemented right.
...firms being asked asked to cooperate ...
I think you mean: ...firms being asked, and asked again to cooperate...
You really can't draw any conclusions from what they SAY, only what they DO. It would be the kiss of death for them to say anything else.
If they said they did cooperate, then anyone doing anything remotely suspect would use a different product making that cooperation useless. Meanwhile everybody worried about criminals exploiting the backdoor by impersonating the cop-ware would also switch to another product.
The only way we will know is if someone notices cop-ware installed on their system and tests the antivirus software to see if it detects it - and then goes public with the results.
When information is power, privacy is freedom.
"So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request"
That's because it's not law yet; once it's law, they will.
I sincerely doubt that. I'm sure more than a few of those asked to cooperate saw the marketing potential in possibly having one of the few AV services billed as "free from government malware!" Now that all that have been asked have refused, it'd take a death wish for a company to volunteer to be the black sheep.
It would not be long until some researcher gets a hold on it (if nobody else, maybe the CCC again after they did the same with the German version of the pest), examines it and publishes the details. And then, the whole thing is for /dev/null because not only does it become trivial to find it, it will also tip off everyone who was infected with it, doubling as a "the feds are closing in" warning.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
"Fuck tha Police"
Be seeing you...
I can't believe most antivirus companies would turn a blind eye to the tools used by law enforcement agencies and national governments. They only do that if the malware is installed by someone _really_ important. Like Sony:
http://www.wired.com/politics/security/commentary/securitymatters/2005/11/69601?currentPage=all
Quote: "It seems that spyware and key loggers are far more advanced and commonplace today than they were six years ago, as are anti-spyware tools. I wonder if the FBI could seek a court order requiring an anti-spyware company not to report fedware (as in, fedware would be whitelisted if detected and the customer would not be alerted)." News from 2007.
CC.
TaijiQuan (Huang, 5 loosenings)
I have absolutely no problem with your example, as there the legitimate system administrator installs the spy-ware. What the article is talking about is hacking a system against the will of the legitimate system administrator and, consequentially, bypassing the AV software. An additional problem is that the police is routinely incompetent. In the case of the German "Bundestrojaner", it was found that all recovered copies had a hard-coded symmetric encryption key used to protect the installed backdoor. That means anybody with access to the malware (including all targets) had low-effort access to all the targets. That is just completely unacceptable. Even more unacceptable is that the police (at least in Germany) is not responsible for the damage they cause. If they by accident hack the wrong machine, they should both be liable for all damage and those negligent should be personally subject to criminal liability. Guess what, they are not. Even worse, if they find anything on this wrong machine, they can use it against the owner, even if they did not have permission to look in the first place. That is what a police-state looks like: Too much power and no responsibility for the police. This is the road to hell.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Reading over the parent story link of this, when such bill's are proposed they use Child Porn has the reason for needing such bill's. Almost every bill of this kinda that is excuse they give for needing it is to help prevent child porn. I mean Really? Is that the best they can come up with to push this kinda crap through? Part that really is concerning is "including those located in foreign countries". So they can hack someone in a completely different country with 0 problem? Um i doubt most countries would be fine with state sponsored hacking like this. No surprise that anti-virus firms won't allow this, if they did let this crap through would make people question what else is and what else could pose as such malware and skate by with the white-list.
Anti-virus software is sold by making promises to the buyer. For example, promises to protect their privacy. Anti-virus software that gave the police access to your computer, even if that was legal, would be in breach of the promises they made when they sold the software. That would be false advertising.
Could you imagine millions of customers asking for their money back when anti-virus software that claims to protect their data intentionally doesn't protect it?
The second a security company allows insecurities to exist NOBODY will use their software, nor should they. If a governmental agency wants to monitor its citizens they need to wiretap or do it some other way. It seems governments nowadays think they can do anything...
Then you better be wearing a vest as my Desert Eagle .50 caliber will take care of idiots like you. "Do You Feel Lucky?" and with my glasses recording, it's a slam dunk that it'll be a justified killing. Oh btw: don't even think about trying it in Texas as the courts have recognized the defence "He Needed Killing" though with Texas law, more then likely the Prosecution will award the shooter a medal for helping clean the gene pool.
Mod me up/Mod me down: I wont frown as I've no crown
The second a security company allows insecurities to exist NOBODY will use their software, nor should they. If a governmental agency wants to monitor its citizens they need to wiretap or do it some other way. It seems governments nowadays think they can do anything...
Well, the story of the Sony rootkit suggests otherwise. And of course, although all kinds of usefull programs like cracks are labeled as "potentially unwanted program", spyware like the Ask.com toolbar or Google Chrome can still pass all virusscanners.
A signed order from the owner of the computer to install software on that computer does absolve me of all legal risk.
Learn to love Alaska
so where were these anti virus folks when Sony was planting its virus?
Not a single one of them reported it.
I suspect that it is not principles but money that talks here.
let the Dutch police pony up some cash and see if they get a different reaction.
pgmer6809