Slashdot Mirror

← Back to Stories (view on slashdot.org)

Antivirus Firms "Won't Co-operate" With PC-Hacking Dutch Police

Posted by timothy on from the talk-about-bad-pr dept.

nk497 writes "Dutch police are set to get the power to hack people's computers or install spyware as part of investigations — but antivirus experts say they won't help police reach their targets. Mikko Hypponen, chief research officer at F-Secure, said the Dutch bill could lead to antivirus firms being asked asked to cooperate with authorities to let an attack reach the target. So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request, and said his own firm wouldn't want to take part. Purely for business reasons, it doesn't make sense to fail to protect customers and let malware through 'regardless of the source.'"

5 of 97 comments (clear)

  1. Re:"So far" by Anonymous Coward · · Score: 5, Insightful

    The problem is simple: if you can impersonate police malware, any and all protection is instantly voided.
    This is why it's a VERY, VERY bad idea.

  2. Re:"So far" by AK+Marc · · Score: 4, Interesting

    Still not hard with root. With a signed order by HR, I installed malware on an employee machine (he was violating just about every clause of the AUP). I had to load up the AV, set the malware to "approved" in the exception list, then install it. He never knew it was there, until he was fired for browsing porn on company time, and "working late" to impersonate young girls in chat rooms to pick-up men, essentially proof he was billing personal time to the company as overtime, as well as the multiple porn complaints we needed to address to prevent lawsuits. Captured the email addresses and passwords for his chatting accounts, things like hotteen14@aol/hotmail. But nobody ever logged into them, just proof that was all he was doing when alone late in the office (though, what was on his screen was known, nothing was known about what he was doing reading those emails or chats...)

    But the point is, for effective malware, you must disable the AV. When the AV has a known hole, everyone will pretend to be the police. Even if a huristics might cause an issue, once you have it on, you attack the AV first. I remember back in the 90's when AV was starting to mature, most of the "smarter" malware would attack the AV. Even if it couldn't disable it, it would run up CPU and cause false alarms to encourage the user to disable it. Causing holes, no matter how small, will allow someone in who shouldn't be in.

    --
    Learn to love Alaska
  3. Re:"So far" by RDW · · Score: 4, Informative

    I can't believe most antivirus companies would turn a blind eye to the tools used by law enforcement agencies and national governments. They only do that if the malware is installed by someone _really_ important. Like Sony:

    http://www.wired.com/politics/security/commentary/securitymatters/2005/11/69601?currentPage=all

  4. Re:"So far" by gweihir · · Score: 5, Informative

    I have absolutely no problem with your example, as there the legitimate system administrator installs the spy-ware. What the article is talking about is hacking a system against the will of the legitimate system administrator and, consequentially, bypassing the AV software. An additional problem is that the police is routinely incompetent. In the case of the German "Bundestrojaner", it was found that all recovered copies had a hard-coded symmetric encryption key used to protect the installed backdoor. That means anybody with access to the malware (including all targets) had low-effort access to all the targets. That is just completely unacceptable. Even more unacceptable is that the police (at least in Germany) is not responsible for the damage they cause. If they by accident hack the wrong machine, they should both be liable for all damage and those negligent should be personally subject to criminal liability. Guess what, they are not. Even worse, if they find anything on this wrong machine, they can use it against the owner, even if they did not have permission to look in the first place. That is what a police-state looks like: Too much power and no responsibility for the police. This is the road to hell.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. I'd see some lawsuits coming by gnasher719 · · Score: 4, Interesting

    Anti-virus software is sold by making promises to the buyer. For example, promises to protect their privacy. Anti-virus software that gave the police access to your computer, even if that was legal, would be in breach of the promises they made when they sold the software. That would be false advertising.

    Could you imagine millions of customers asking for their money back when anti-virus software that claims to protect their data intentionally doesn't protect it?