Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Antivirus Firms "Won't Co-operate" With PC-Hacking Dutch Police

timothy posted about a year ago | from the talk-about-bad-pr dept.

Security 97

nk497 writes "Dutch police are set to get the power to hack people's computers or install spyware as part of investigations — but antivirus experts say they won't help police reach their targets. Mikko Hypponen, chief research officer at F-Secure, said the Dutch bill could lead to antivirus firms being asked asked to cooperate with authorities to let an attack reach the target. So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request, and said his own firm wouldn't want to take part. Purely for business reasons, it doesn't make sense to fail to protect customers and let malware through 'regardless of the source.'"

cancel ×

97 comments

Sorry! There are no comments related to the filter you selected.

Google Glasses WARNING (-1, Troll)

MoneyHappy (2914141) | about a year ago | (#43627679)

Warning to anyone thinking of wearing Google Glasses

As you might know, Google is developing glasses that record your and other peoples moves and actions via secret video camera embedded to glasses.

This won't be tolerated. You will get beaten and your glasses destroyed. Don't even think about buying and wearing them as this will drastically increase your changes of seriously "injuring" yourself.

Violence and education is the only solution to Google Glasses problem.

Re:Google Glasses WARNING (-1)

Anonymous Coward | about a year ago | (#43627705)

Or maybe we will violently beat the ass of anyone who threatens free thinking people such as yourself, a warning to you, loser

Re:Google Glasses WARNING (0, Interesting)

Anonymous Coward | about a year ago | (#43627713)

i approve of this.

Re:Google Glasses WARNING (0)

Cenan (1892902) | about a year ago | (#43628239)

I would like to see you try. Mind telling us where you're going to roam the streets with your bat and your homies?

Re:Google Glasses WARNING (0)

Anonymous Coward | about a year ago | (#43628455)

Fortunately there is only that one guy in the Google headquarters using it. Evidence of others using it does not exist.

Re:Google Glasses WARNING (0)

Anonymous Coward | about a year ago | (#43628573)

I wonder if I can get a targeting plug-in for Google Glass so that I can zero my concealed carry weapon in on your sorry ass.

Think Terminator! Yay!

Re:Google Glasses WARNING (1)

craigminah (1885846) | about a year ago | (#43628777)

Conversely and/or ironically, Google Glasses are also able to geolocate you to improve drone targeting.

Re:Google Glasses WARNING (2)

fast turtle (1118037) | about a year ago | (#43629011)

Then you better be wearing a vest as my Desert Eagle .50 caliber will take care of idiots like you. "Do You Feel Lucky?" and with my glasses recording, it's a slam dunk that it'll be a justified killing. Oh btw: don't even think about trying it in Texas as the courts have recognized the defence "He Needed Killing" though with Texas law, more then likely the Prosecution will award the shooter a medal for helping clean the gene pool.

Re:Google Glasses WARNING (0)

Anonymous Coward | about a year ago | (#43631021)

You do know that a .50 Desert Eagle is not considered a handgun and is illegal to carry in all 50 states, right? It's considered an anti-equipment munition by the Geneva Conventions and several international treaties to which the United States is a party, and because these treaties are the Supreme Law of the Land, they are binding upon US Citizens at home.

Therefore, the .50 Desert Eagle is a war munition and not a small arm. War Munitions are illegal for private citizens to possess or carry.

Re:Google Glasses WARNING (0)

Anonymous Coward | about a year ago | (#43631101)

Tell that to the thousands of normal citizens who already have them and took them to the CCW course and the cops there said it's fine.

Re:Google Glasses WARNING (1)

BitZtream (692029) | about a year ago | (#43631477)

Realistically ... Your desert eagle is going to worthless to you and become MINE when you're laying face down drowning in the blood pouring out the the back of your skull since I walked up behind you and you never saw me coming.

Get a clue, your gun doesn't make you invincible, just arrogant and cocky.

Re:Google Glasses WARNING (0)

Anonymous Coward | about a year ago | (#43629349)

Spreading fear to achieve your goals? Seems you meet the definition of terrorist.

Re:Google Glasses WARNING (0)

Anonymous Coward | about a year ago | (#43629761)

Or any government. Follow these laws (goal) or bad things will happen (fear).

Re:Google Glasses WARNING (0)

Anonymous Coward | about a year ago | (#43629907)

Or you could just root them and disable the tracking. It's not hard at all.

"So far" (1)

Anonymous Coward | about a year ago | (#43627723)

"So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request"
That's because it's not law yet; once it's law, they will.

Re:"So far" (5, Insightful)

Anonymous Coward | about a year ago | (#43627751)

The problem is simple: if you can impersonate police malware, any and all protection is instantly voided.
This is why it's a VERY, VERY bad idea.

Re:"So far" (4, Interesting)

AK Marc (707885) | about a year ago | (#43627785)

Still not hard with root. With a signed order by HR, I installed malware on an employee machine (he was violating just about every clause of the AUP). I had to load up the AV, set the malware to "approved" in the exception list, then install it. He never knew it was there, until he was fired for browsing porn on company time, and "working late" to impersonate young girls in chat rooms to pick-up men, essentially proof he was billing personal time to the company as overtime, as well as the multiple porn complaints we needed to address to prevent lawsuits. Captured the email addresses and passwords for his chatting accounts, things like hotteen14@aol/hotmail. But nobody ever logged into them, just proof that was all he was doing when alone late in the office (though, what was on his screen was known, nothing was known about what he was doing reading those emails or chats...)

But the point is, for effective malware, you must disable the AV. When the AV has a known hole, everyone will pretend to be the police. Even if a huristics might cause an issue, once you have it on, you attack the AV first. I remember back in the 90's when AV was starting to mature, most of the "smarter" malware would attack the AV. Even if it couldn't disable it, it would run up CPU and cause false alarms to encourage the user to disable it. Causing holes, no matter how small, will allow someone in who shouldn't be in.

Re:"So far" (1)

Anonymous Coward | about a year ago | (#43627839)

" But nobody ever logged into them,"

There is no way you know that. A good corporate security system wouldn't ever need to install spyware and collect those details to prove it's case.
As administrator at my company, all I need to do is look at the Cyberoam logs.

Re:"So far" (1)

Anonymous Coward | about a year ago | (#43627895)

He(the guy doing the privacy violation) would have been breaking the law in almost any country.. their computers or not. it's not like they could put cameras in their wc booths if they suspected people to be wanking in there.

Well they could, but there would be lawsuits to pay for filming people while wanking.

Re:"So far" (0)

Anonymous Coward | about a year ago | (#43627947)

As long as it is within the grounds of the company and outside the bath/changing rooms, I can't see it being any more than the cameras that they have setup to watch tellers at banks or at fast food locations. Personal things should never be done on company property, excluding emergencies, and personal phones are also excluded.

Re:"So far" (0)

Damouze (766305) | about a year ago | (#43627981)

Relieving yourself (as in 'number one' and 'number two') is also a very personal thing. It is nobody's business but your own.

Re:"So far" (1)

SuricouRaven (1897204) | about a year ago | (#43628045)

Which is why some schools have moved to open-to-the-corridoor facilities - the only privacy is in the cubicles themselves. The toilets have traditionally been the one place in a school where neither cameras not teachers may venture, and thus the place to go for bullying, gossip and dealing drugs.

Re:"So far" (1)

AK Marc (707885) | about a year ago | (#43630995)

He would have been me, and why is it illegal for me to install spyware on my own computer? If that's the case, we can arrest everyone with a hacked computer to shut down botnets. It's a great plan, but putting millions of grandmothers in jail will probably not work.

Re:"So far" (0)

Anonymous Coward | about a year ago | (#43628039)

A good corporate policy would to not need to install such a system at all. The fact you even have it makes you a bad administrator.

Where I work, employees are given free reign over the internet without snooping into every data stream that comes in and out of their PC.

Those that use Cyberoam and any other SSL proxy based sniffing has no business in any moral environment and should question their ethics.

You should put more trust in your employees and not need to big brother every digital movement they make.

Firefox and Chrome have extensions to warn users of fake SSL certs used for corporate snooping, I suggest everyone use them.

If you have serious trust issues to that level for all employees 1) You shouldn't be an administrator 2) Why are they still employed?

Re:"So far" (1)

AK Marc (707885) | about a year ago | (#43630979)

There is no way you know that.

Yes, there is. I did it. Personally. The report had the passwords scrubbed.

A good corporate security system wouldn't ever need to install spyware and collect those details to prove it's case.

So it's always collecting those details on everyone, rather than waiting for an issue and addressing problems on a more targeted basis? And that's better? I've worked in those places. It was a full-time job to exclude sites from the proxy, as so many popular sites handle caching poorly (often deliberately, to push their own CDN - Google, I'm looking at you).

Re:"So far" (5, Informative)

gweihir (88907) | about a year ago | (#43628227)

I have absolutely no problem with your example, as there the legitimate system administrator installs the spy-ware. What the article is talking about is hacking a system against the will of the legitimate system administrator and, consequentially, bypassing the AV software. An additional problem is that the police is routinely incompetent. In the case of the German "Bundestrojaner", it was found that all recovered copies had a hard-coded symmetric encryption key used to protect the installed backdoor. That means anybody with access to the malware (including all targets) had low-effort access to all the targets. That is just completely unacceptable. Even more unacceptable is that the police (at least in Germany) is not responsible for the damage they cause. If they by accident hack the wrong machine, they should both be liable for all damage and those negligent should be personally subject to criminal liability. Guess what, they are not. Even worse, if they find anything on this wrong machine, they can use it against the owner, even if they did not have permission to look in the first place. That is what a police-state looks like: Too much power and no responsibility for the police. This is the road to hell.

Re:"So far" (1)

Intrepid imaginaut (1970940) | about a year ago | (#43628415)

Guess what, they are not.

You're assuming they can manage to keep their efforts within German or Dutch borders. If I find anyone interfering with my machines I will be pressing for a prosecution no matter who they are, even if that means police wandering outside of their jurisdiction. Ah the joys of trying to apply local laws to an international internet.

Re:"So far" (0)

Razgorov Prikazka (1699498) | about a year ago | (#43630495)

And that is why rkhunter, clamav, encrypted partitions including swap, well configured iptables and well defined policies are so important. I got nothing to hide and want to make it as hard as possible for the police to find that out just that. Even if they are allowed to try.

Couple of weeks ago I went to buy a new laptop. At the shop I was immediately mugged by some MS employee telling me that windows was the best. I told him that I wanted to install Linux. He couldn't comprehend and I told him that it was more secure. He still didn't get it. So I asked the guy to help me out finding an AV for linux. He checked them all and couldn't find one "they are all for windows machines". I smiled at him and told him: Nice fucking product if you need third party software just to keep it secure.
That was his red pill I guess.

Re:"So far" (1)

Sabriel (134364) | about a year ago | (#43632143)

And that is why rkhunter, clamav, encrypted partitions including swap, well configured iptables and well defined policies are so important.

Nice fucking product if you need third party software just to keep it secure.

Did you see what you did there? :)

Re:"So far" (0)

Anonymous Coward | about a year ago | (#43636065)

Good luck certifying every piece of OS software you load up on that Linux box of yours. Modern MS offers are secure by default. it isn't 1998 anymore.

Re:"So far" (0)

Anonymous Coward | about a year ago | (#43632545)

Its not even just the police, but the insurance companies, healthcare , and a plethora of big bro agencies seeking out porn or weapons or fraud or terrorism or anti government sentiment for anti leftists.. and new world order all have card blanc.. did I miss some? Its a jungle out there and this world sent in the lawyers first to pave the way. Get whatever you can on everyone who isn't one of us, tie their hands with these tos binding oneway or the highway and pay to play. We'll make new laws as we go whenever it suits us. We will be the epoxy that binds the virtual world to the real world.

Re:"So far" (0)

Anonymous Coward | about a year ago | (#43628747)

a signed order by HR.

Hope he sued HR and you after he was fired. "A note from your mommy" does not give you the right to hit the kids thats an asshole in school. Likewise, HR is not above the law, they are not the police or a court.

Re:"So far" (-1)

Anonymous Coward | about a year ago | (#43629077)

Sweet Jesus, slashdot is filled with utterly moronic posts today. Do you know ANYTHING about corporate policy or the laws in his country? No? Then SHUT THE FUCK UP!

Re:"So far" (3, Informative)

AK Marc (707885) | about a year ago | (#43631025)

A signed order from the owner of the computer to install software on that computer does absolve me of all legal risk.

Re:"So far" (0)

Anonymous Coward | about a year ago | (#43629377)

If you had to install malware to catch an employee browsing porn, chatting with young girls, etc. then you suck at your job and your IT situation is pure shit. You shouldn't need *anything* installed on that local machine to get all the data you need, and as an IT admin there are plenty of legitimate workplace monitoring packages you could use instead.

It's like saying "I needed a bouncer for my club, so I went out on the street and paid a bunch of dangerous thugs in Crack to watch the door, instead of just hiring a security guard"

Re:"So far" (1)

AK Marc (707885) | about a year ago | (#43631047)

How do I suck at my job if I'm hired after there's no such package, then during the period where I'm trying to get such a thing pushed through, this incident happens?

Oh, I should never take a job unless the A/C thinks they are already perfect. If they were, they'd likely not need me. No jobs for anyone.

Re:"So far" (1)

hairyfeet (841228) | about a year ago | (#43631125)

You are 100% correct, it'll be the Sony rootkit all over again. Anybody here remember that? That was legit anti piracy software but once word got out about it every malware writer was using it as a backdoor into the system. We'll see the exact same thing in this case, it won't be a month before tests looking for the "bacon backdoor" will come standard with metasploit and any AV found to support the bacon backdoor will be worth less than nothing.

At the end of the day you just can't give SOME rootkits a pass because they have "The Big Brother Seal of Approval" because malware is a billion dollar business and the malware writers are constantly on the look out for tricks that will give them more prey. Of course just like Sony it sounds like these LEOs think they are special little creatures and their shit don't stink, but I'd love to see the look on their faces if they end up getting a class action lawsuit over malware writers using their bacon backdoor as an AV free master key.

And can we give a hand to the AV companies? Its nice to see somebody stand for the users, self interest or no, instead of bowing down the second a badge is flashed their way.

Re:"So far" (0)

Anonymous Coward | about a year ago | (#43629217)

Just null route the entire country.

Re:"So far" (1)

gmuslera (3436) | about a year ago | (#43630237)

If is a backdoor, then the antivirus itself is malware. If you don't want to be between a rock and a hard place, stay out the windows.

Re:"So far" (3, Insightful)

doctor woot (2779597) | about a year ago | (#43627929)

"So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request"
That's because it's not law yet; once it's law, they will.

I sincerely doubt that. I'm sure more than a few of those asked to cooperate saw the marketing potential in possibly having one of the few AV services billed as "free from government malware!" Now that all that have been asked have refused, it'd take a death wish for a company to volunteer to be the black sheep.

Re:"So far" (1)

fustakrakich (1673220) | about a year ago | (#43629965)

All it takes is a secret national security letter to compel compliance. We don't know if there is some generic secret law that addresses the issue. Find a trained dog to sniff your network.

Re:"So far" (1)

RockDoctor (15477) | about a year ago | (#43635533)

All it takes is a secret national security letter to compel compliance.

I'm going to hazard a guess that Kaspersky (headquarters : Moscow) and FSecure (headquarters : Helsinki) are going to be less than disturbed about a secret order from a foreign government requiring them to (secretly) do something that is likely to be very bad for their business, if not actually illegal. The most that the staff of the companies US offices can do (which would keep them personally in compliance with US law, probably) would be to pass on the request from the Black Hats, along with requesting compliance with both the requests in the letter and the requests for secrecy in the letter. And even that might not be enough to keep them out of jail. Tough : they have a political problem at home.

Incidentally, that's Moscow, Russia not Moscow, Idaho ; and Helsinki, Finland, not Helsinki, Alaska. Just to be clear about the countries involved.

Re:"So far" (4, Informative)

RDW (41497) | about a year ago | (#43627955)

I can't believe most antivirus companies would turn a blind eye to the tools used by law enforcement agencies and national governments. They only do that if the malware is installed by someone _really_ important. Like Sony:

http://www.wired.com/politics/security/commentary/securitymatters/2005/11/69601?currentPage=all [wired.com]

If they'd been USA's government, they'd do it. (0)

Anonymous Coward | about a year ago | (#43628845)

Didn't Norton aquiesce to the NSA or whatever's request to not recognise the signature of a trojan keylogger they produced, along with a few other companies?

Which only got turned around when people found out their AV was allowing known infections in and kicked up a hell of a storm (and since the NSA would now have some other AV being used by people who they want to spy on, it wasn't worth keeping in, else I'd suspect that they would have insisted still).

Seems like the only problem here is they were Dutch authorities, not USian.

Re:"So far" (0)

Anonymous Coward | about a year ago | (#43631209)

I would go further and say they probably do work with American agencies to develop spyware, for "lawful" purposes or for acts of war. But you would probably be better off finding those lone programmers that can write it to begin with.

Good citation post..

Re:"So far" (3, Insightful)

craigminah (1885846) | about a year ago | (#43628791)

The second a security company allows insecurities to exist NOBODY will use their software, nor should they. If a governmental agency wants to monitor its citizens they need to wiretap or do it some other way. It seems governments nowadays think they can do anything...

Re:"So far" (2)

johanw (1001493) | about a year ago | (#43630251)

The second a security company allows insecurities to exist NOBODY will use their software, nor should they. If a governmental agency wants to monitor its citizens they need to wiretap or do it some other way. It seems governments nowadays think they can do anything...

Well, the story of the Sony rootkit suggests otherwise. And of course, although all kinds of usefull programs like cracks are labeled as "potentially unwanted program", spyware like the Ask.com toolbar or Google Chrome can still pass all virusscanners.

Re:"So far" (1)

craigminah (1885846) | about a year ago | (#43630389)

I think Sony lost a lot of credibility for their root kit. PUPs, toolbars, and anything made by Google :) that have the potential to exfiltrate data generally won't be caught by a virus scanner unless it has an outgoing firewall or it has marked the program itself to be suspect.

who cares (2)

Njovich (553857) | about a year ago | (#43627727)

Aside from whitelisting executables, anti-virus products have about 0% chance of catching stuff that isn't distributed to hundreds of thousands of machines anyway. All they need to do is change their payloads and exploits sometimes. I doubt the police would even bother asking anti-virus makers.

Re:who cares (2)

AHuxley (892839) | about a year ago | (#43627787)

Depends on the OS and the software. Some AV may offer a phone home option for helping with new "strange" data, some are passive software outgoing firewalls that might be easy to code around??
Then you have packet analyser software.
What can the police contract for? A preflight script check for the presence of an outgoing firewall? A list of more advanced behavioural analysis AV solutions?
Try and keep up with EU, Russian, US AV vendors? Request a http://en.wikipedia.org/wiki/Magic_Lantern_(software) [wikipedia.org] free pass via EU and FBI contacts?

Maybe true 15 years ago, but not today... (2)

Gordo_1 (256312) | about a year ago | (#43627789)

Most of the major AV software suites utilize some form of behavioral heuristics to detect unknown threats. I'm not saying it's 100%, but you'd be surprised how effective it can be if implemented right.

Re:Maybe true 15 years ago, but not today... (0)

Anonymous Coward | about a year ago | (#43627923)

Even in the 2010s, all the attacker needs to do is infect a test machine and see if that triggers anything. If it does, modify the malware. Repeat until nothing is detected, then use.

Re:Maybe true 15 years ago, but not today... (2)

SuricouRaven (1897204) | about a year ago | (#43628047)

And risk getting caught when the AV company puts out an update altering their detection. Not just embarassing - it could compromise an ongoing investigation when the suspect learns their computer is being monitored. Or worse, from the perspective of the police, it could lead to their abuse of the technology in fishing expeditions may be exposed to the public and get someone fired.

Re:Maybe true 15 years ago, but not today... (1)

Behrooz Amoozad (2831361) | about a year ago | (#43628643)

When you have access (as in FULL ACCESS) to a computer you can silently disable AV updates.
All you need is a fake CA and some DNS change that can be done in hosts file.
And of course there are VM based rootkits which are virtually(ironic:) undetectable.

Unless it runs linux.

Re:Maybe true 15 years ago, but not today... (1)

AHuxley (892839) | about a year ago | (#43629289)

Interesting BA, would this be done at the adsl exchange/digital loop level? Or at the ISP? A small computer/server to inject on one users net use 24/7?
Would the end user note a jump in ping on say the first hop or is it effortless wrt to any slowness now?
Thanks :)

Re:Maybe true 15 years ago, but not today... (0)

Anonymous Coward | about a year ago | (#43629477)

If they don't make things worse [pcworld.com] ...

Re:who cares (0)

Anonymous Coward | about a year ago | (#43627815)

This isn't the early 90s, most AVs today do far more then just signature based scanning. Behavior based heuristics and HIPS tend to catch most forms of unknown malware, its up to the user what he or she does with the warning popped up by the AV after that point however.

Re:who cares (1)

jonbryce (703250) | about a year ago | (#43627975)

Anti-virus will often report if a program tries to edit /etc/hosts, change network settings or install new security certificates - the sort of thing you would need to do to implement a man-in-the-middle attack.

Re:who cares (1)

wisnoskij (1206448) | about a year ago | (#43628307)

SO you don't think that the police want to keep track of hundreds of thousands of individuals?

Hmm (3, Insightful)

BeTeK (2035870) | about a year ago | (#43627745)

I think hacking has one big downside compared to traditional phone tapping. It is possible person being hacked can detect this and make counter measures against it OR even supply false information. For police standpoint I would consider information gained through hacking very unreliable.

The police (0)

Anonymous Coward | about a year ago | (#43627795)

have worked tirelessly on preparing a robust and extended-life version of spyware, codenamed Dutch Oven. Frankly they just don't understand all the stink about it.

That's not how you say it... (2)

VortexCortex (1117377) | about a year ago | (#43627829)

...firms being asked asked to cooperate ...

I think you mean: ...firms being asked, and asked again to cooperate...

Re:That's not how you say it... (2)

mwvdlee (775178) | about a year ago | (#43628021)

It's more like the firms are being "asked" asked to cooperate.
Kinda like how a robber "asks" asks you for money.

Re:That's not how you say it... (0)

Anonymous Coward | about a year ago | (#43636075)

Nah, 'ask ask' is in the latest nuspeak dictionary - just ask the Ministry for your copy.

Of Course That's What They Would Say (2)

Jah-Wren Ryel (80510) | about a year ago | (#43627861)

You really can't draw any conclusions from what they SAY, only what they DO. It would be the kiss of death for them to say anything else.

If they said they did cooperate, then anyone doing anything remotely suspect would use a different product making that cooperation useless. Meanwhile everybody worried about criminals exploiting the backdoor by impersonating the cop-ware would also switch to another product.

The only way we will know is if someone notices cop-ware installed on their system and tests the antivirus software to see if it detects it - and then goes public with the results.

Re:Of Course That's What They Would Say (1)

Kjella (173770) | about a year ago | (#43628387)

The only way we will know is if someone notices cop-ware installed on their system and tests the antivirus software to see if it detects it - and then goes public with the results.

So? Antivirus fails to identify malicious software all the time, the only way you'd have any hard evidence is if you proved that the detection code intentionally ignored it.

Re:Of Course That's What They Would Say (0)

Anonymous Coward | about a year ago | (#43629487)

Means probably you need a Russian AV program.

Like they have a chance (1)

Anonymous Coward | about a year ago | (#43627877)

That's hilarious. The antivirus gang doesn't have anything that works against targeted attacks anyway. The police isn't going to install the same malware that's on a million other machines on the suspects' computers to add them to a botnet, which is about the only thing any antivirus software can prevent, if the stars are aligned right.

Re:Like they have a chance (1)

StillAnonymous (595680) | about a year ago | (#43629123)

It also depends on how the cops intend to get this malware onto someone's computer. Are they doing a little B&E escapade while you're away and stuffing it in locally? If so, that could be pretty hard to detect unless you have hidden cameras or you diligently check logs on a regular basis. Or is it some weak trick where they email the guy an with some pornoesque .exe attachment and cross their fingers, hoping he'll give it a double-click?

Even if they did comply (2)

Opportunist (166417) | about a year ago | (#43627933)

It would not be long until some researcher gets a hold on it (if nobody else, maybe the CCC again after they did the same with the German version of the pest), examines it and publishes the details. And then, the whole thing is for /dev/null because not only does it become trivial to find it, it will also tip off everyone who was infected with it, doubling as a "the feds are closing in" warning.

N.W.A. said it best... (2, Funny)

Nyder (754090) | about a year ago | (#43627951)

"Fuck tha Police"

Windows OS!? (0)

Anonymous Coward | about a year ago | (#43628001)

i thought was always one big piece of malware. Pre-installed!. What a joke!.

Fedware (2)

foobsr (693224) | about a year ago | (#43628009)

http://boingboing.net/2007/07/13/dea-agents-used-keyl.html [boingboing.net]

Quote: "It seems that spyware and key loggers are far more advanced and commonplace today than they were six years ago, as are anti-spyware tools. I wonder if the FBI could seek a court order requiring an anti-spyware company not to report fedware (as in, fedware would be whitelisted if detected and the customer would not be alerted)." News from 2007.

CC.

Re:Fedware (3, Informative)

Seumas (6865) | about a year ago | (#43628255)

And don't forget the FBI doing things like requesting (and who knows what they're doing when they're not politely requesting) to send an email with a payload that would jack the customer's computer (in one case, an anonymous email account that they wanted to infect the owning computer so they could use the webcam/skype/etc to view the identify of the person using it -- and don't forget, doing that would circumvent encryption since you could gather data on the computer pre-encryption).

http://gawker.com/judge-tells-fbi-they-cannot-use-webcams-to-spy-on-peopl-483855078 [gawker.com]

The concept of privacy is over and people who think you're being monitored "retroactively, down the road" are behind the times. It's real-time and it's across the board (and, as per recent cases apparently, can also be retroactive so you can go back and retrieve information like phone calls in-full that occurred prior to when you had the wire tap to record them).

That would be hard (1)

Sycraft-fu (314770) | about a year ago | (#43630141)

Since many of the big name anti-virus companies aren't from the US. ESET is in the Slovak Republic. Kaspersky is in Russia. Bitdefender is in Romania. So they don't really take orders from the FBI. Now, they do have US offices, so they aren't 100% out of reach, however they could always decide to shut down their US office. You don't need a presence in the US to sell in the US, and indeed most of them sold their AV scanner prior to having a US office. At that point the US government could go and declare it is illegal to buy their product in the US but man would that send up all kinds of red flags and would really screw over the goal of sneakily getting their stuff on to systems since now everyone would know.

The AV market is pretty global, with many of the vendors not only not being US companies, but not headquartered in US allies. The US government would have very little influence on them over all, and it would more than likely backfire. After all, it could be big press and big sales to be the AV vendor that told the FBI to fuck off and is able to find government security programs.

The sad truth (0)

Anonymous Coward | about a year ago | (#43628025)

They, AV companies do not need to cooperate. So far, AV companies have failed to detect "as it is happening" any of the major (nation state) malware attacks. Hackers simply use antivirus trial or purchased versions to test their malicious creations against detection and refine the exploits until it passes through unseen all of the major AV brand products. (In case of Flamer, some 420 security software were deliberately bypassed via various tech tricks. The pre-sortie testing phase alone must have cost millions of dollars.) It is usually months or years afterwards that some bug accidentally unmasks the super-trojans, hyper-worms, etc. For example early gen Stuxnet crashed some very-very old (P1-200MHz) iranian computers running Win 2000...

Reputation (1)

roman_mir (125474) | about a year ago | (#43628065)

For a business in an actual free market reputation is everything, brand name is everything. The owners of the business know that the only thing that actually is worth something is their brand. If people know that a company has been in the market for years and it consistently puts out good reliable products, then people are more willing to accept that their next product is good and reliable.

It is EXTREMELY EASY to lose good faith with stupid business decisions [wikipedia.org] .

Of-course governments don't give a shit if your private property is harmed, your business is harmed as long as governments can achieve their oppressive nefarious goals. The worst part is that by not cooperating you are putting yourself into the cross-hairs of the government thugs that are absolutely willing to pull the trigger [wired.com] . Of-course the smaller fish you are, the easier it is to punish you for not giving the government thugs what they want.

Oh yeah? (0)

Anonymous Coward | about a year ago | (#43628243)

Well, that's what they'd say, right. Makes their betrayal all the more valuable.

its funny (2)

arbiter1 (1204146) | about a year ago | (#43628273)

Reading over the parent story link of this, when such bill's are proposed they use Child Porn has the reason for needing such bill's. Almost every bill of this kinda that is excuse they give for needing it is to help prevent child porn. I mean Really? Is that the best they can come up with to push this kinda crap through? Part that really is concerning is "including those located in foreign countries". So they can hack someone in a completely different country with 0 problem? Um i doubt most countries would be fine with state sponsored hacking like this. No surprise that anti-virus firms won't allow this, if they did let this crap through would make people question what else is and what else could pose as such malware and skate by with the white-list.

Re:its funny (1)

dissy (172727) | about a year ago | (#43629595)

Almost every bill of this kinda that is excuse they give for needing it is to help prevent child porn. I mean Really? Is that the best they can come up with to push this kinda crap through?

It doesn't need to be the best they could claim, it just needs to be good enough to work. And unfortunately, it is.

No politician wants the possibility of others claiming you aren't against child porn, or worse to claim your vote assisted child porn.
You could very likely get a law passed allowing you to rape little children while video taping it, so long as you can spin anyone voting against you as not trying to prevent child porn.

Nothing shuts down the brains of most people like the terms "child porn" and "terrorist".

Re:its funny (1)

Razgorov Prikazka (1699498) | about a year ago | (#43630627)

Actually... you should see the politician who thought up this law. Whenever it is about IT (or something else he doesn't know about) He lowers his voice as to be more authoritative and starts droning on about CP. He does that trick every time again. It is quite annoying. Couple of month ago he wanted to make it illegal to keep your facebook passwd to yourself when in custody. And there he was on the telly again in his lowered voice: Well you see... Child pornography, you must know, can only be battled like this you see. That is why we need FB login credentials hhmkay?
Tsjees. As if paedophiles use FB to communicate on their activities... 148 liked this rape!

geopolitical reality (1)

argStyopa (232550) | about a year ago | (#43628275)

And that, kids, is the difference between being little Holland, and big United States.

Re:geopolitical reality (0)

Anonymous Coward | about a year ago | (#43630503)

Over 10 years ago the US was talking to firms about doing something similar. It did not get much media attention but it happened. I never heard about them being denied.

In the 90s already the Secret Service made a deal with the color printer vendors to print serial numbers on all print outs - they didn't get a lot of media attention but way more than the antivirus move did. It took 7 or so years before people stopped calling me a conspiracy nut when the EFF came out with proof of how Xerox was compliant. We have yet to hear about the other printers... which are most likely doing it as well... since the late 90s. The idea was to stop printing of realistic money. But today the FBI (not in charge of counterfeit) has the software to track your print outs to you.

I don't doubt for a second that most the companies complied with the FBI request for backdoor software. The request when I read about it was before 911 and I'm sure they repeated it afterwards and people were more than willing... I don't think it is something they use heavily because it would get noticed. They hacked cell phones to bug mobsters and probably saved that one and kept it quiet as long as possible-- that became public with the court transcripts from a high profile case; but I highly doubt it was the 1st use of it by the FBI. So few people know about that one -- and that was back before the smart phone revolution.

Some foreign governments won't use Microsoft without source code review (china) because they think the USA is exploiting it. (and they likely are... although its probably the NSA which is why you'll never find out. The NSA has many times the budget of the CIA and people have a hard time grasping that it is such a well hidden organization.)

I'd see some lawsuits coming (4, Interesting)

gnasher719 (869701) | about a year ago | (#43628319)

Anti-virus software is sold by making promises to the buyer. For example, promises to protect their privacy. Anti-virus software that gave the police access to your computer, even if that was legal, would be in breach of the promises they made when they sold the software. That would be false advertising.

Could you imagine millions of customers asking for their money back when anti-virus software that claims to protect their data intentionally doesn't protect it?

Re:I'd see some lawsuits coming (1)

kav2k (1545689) | about a year ago | (#43628529)

No, frankly, I cannot imagine millions of users with pitchforks and refund claims. I doubt this would motivate a lot of them.

Re:I'd see some lawsuits coming (2)

El_Muerte_TDS (592157) | about a year ago | (#43630853)

What anti-virus software is sold with promises? afaik they come with huge disclaimers.

I agree (1)

bytesex (112972) | about a year ago | (#43628445)

'Good malware' is the stupidest idea ever.

Translation... (0)

Anonymous Coward | about a year ago | (#43628839)

They will cooperate, they'll just never publicly admit to it. If you're using your computer for any nefarious purpose, using software written by ANYONE ELSE, anywhere on the system, or it's connected to any form of network, you're a fool, you're going to get caught, and you're going to deserve it.

If you think I'm wrong because you've been doing (BLANK) with yours for (DURATION) and haven't been caught, you must understand (THEY) know you're doing it, they simply don't regard (BLANK) as being important enough to haul your ass in yet at the expense of possibly unzipping (THEIR) proverbial 'fly'. The day you screw up and do something that gets you caught without their having to reveal how they know what you're doing, they'll make up a sanitized case against you, full of serendipitous - but plausibly innocently collected facts, and nail your ass. Here's an illustration:

You start downloading recipes for how to make toxic and/or explosive substances and reading them. You do this using TOR or some other system to "guarantee" anonymity. Secretly, (THEY) know who you are, and what you've learned. They watch you to see if/when you attain the capability to carry out some attack or another. Then one of two things happen. You get close enough that they run out of time, they finish cobbling together a case where they frame you for something else, then 'find' evidence of the thing you're actually planning to do in the course of the trumped-up investigation, OR ELSE... you actually DO do something they can nail you for without having to say in court that they did something illegal, or admitting something that might compromise their investigations into the activities of others, and in the process of nailing you for THAT, they 'accidentally' stumble across the thing that is the ACTUAL reason you got busted. They send you up the river, all without having to make it public that they're doing what they were doing. It's really beautiful when you think about it, because if they weren't doing this, there'd be a lot more dead and wounded about.

So how do people still manage to pull stuff off? You'll never stop everyone, only almost everyone, which is still, from a standpoint of peace and security, way better than stopping NOBODY.

Now you might say that it's unpatriotic or whatever, to want the government to invade people's privacy, etc., but the world has evolved in such a way as to make it so that either the government has to get Big-Brothery at times, or the system completely collapses because we've pissed off enough people, and for long enough that you can't have a civil society where anyone can have even a reasonable assurance of being alive next... say, Tuesday, if they don't stop people from blowing things up, and committing mass-murder. It's sad, but that's the way things have gotten to be anymore. Is this untenable? Perhaps. But the alternative is either living in a police-free state, (one where rule of law is a joke, or flat-out non-existent,) or one in which we do what we can to prevent overreach but understand that we won't have the kind of peace and freedom we once enjoyed.

They say, about jobs, that you must choose two out of the three following things:
1. Enjoy your job.
2. Make good money.
3. Live within the law.
The pessimist would say one cannot generally, as a rule, do all three.

The same principle applies to civilization:
1. Enjoy peace and security.
2. Live in a prosperous society.
3. Be free of the elements of the 'police state'.
You can do any two, but not all the three for any real length of time.

Which two you get depends on where you live. There are some places of course that won't allow you to do even two or one, but I am fortunate enough, (as I suspect are most people who can read this,) not to live in any of THOSE places, though I have seen some of them first hand. They suck, and if I found myself in one, I'd find a way to leave, just as some of my ancestors did when they were stuck in a benighted shithole called the Soviet Union. It sucked, they left. Had they not, I wouldn't be here to make these observations now.

But as for anti-virus makers, their products by definition should not be used by anyone. If the system software you're using needs anti-virus protection, you're using the wrong software. If it were secure to begin-with, you wouldn't need it. So the solution isn't to pay money to use software that is designed to be buggy, insecure and full of holes guaranteeing you'll be beholden to them for updates in perpetuity, and then paying SOMEONE ELSE to fix the security holes THEY left behind. That would tend to encourage the creation of malware, so they'll have an excuse to continue charging you what amounts to digital-protection-money, and you'll feel obliged to keep paying them, or suffer the consequences. The solution is to use software made by people who don't have a business-impetus to ensure you constantly have to keep going back to them to fix all the bugs they deliberately left in the software. The way you can generally tell what's good and safe to use is to look at the motivation of those who created it, because you can't trust someone to TELL you that they're honest. If they weren't, they'd tell you they were, obviously. Similarly, of course the anti-virus makers are going to refuse to cooperate, loudly and publicly. That should say it all I think, really.

The money is in the TREATMENT, not the CURE.

The police could use a digital signature (1)

Time_Ngler (564671) | about a year ago | (#43629375)

There is no reason the av companies couldn't cooperate. The Dutch Police could sign their virus and that signature could be checked and then ignored in the anti-virus program. This refusal by the anti-virus corporations flies in the face of the wishes of the law makers, (ie. the police), and they should know that they would have never got to where they were without the permission of the authorities. They are biting the hand that feeds them and there may be consequences for not going along with what their told to do.

i hope they come for you first. (0)

Anonymous Coward | about a year ago | (#43629979)

you obviously are so eager to be fucked

Re:i hope they come for you first. (1)

Time_Ngler (564671) | about a year ago | (#43630065)

They will probably come for you before they come for me. I'm just reassuring the powers that be that I am an honest and would not ever be involved in anything that might be considered wrongdoing. You, on the other hand, are making waves, and that can get in the way of progress and the happiness and security of everybody.

Re:The police could use a digital signature (0)

Anonymous Coward | about a year ago | (#43631801)

... there may be consequences for not going along with what they're told to do.

What are the consequences of obedience? I'm glad for your 'police are always right' perspective. You will have no problem with the police infecting your computer, because the law lets them. I mean, you don't have any porn with age-indeterminate women (http://en.wikipedia.org/wiki/Ageplay) or pirated software/music/movies or media criticizing the ruling party?

This is a derivative of the "First, they came for the communists" meme. If it's acceptable to discriminate against other people, it's impossible to defend oneself.

Bullshit (0)

Anonymous Coward | about a year ago | (#43629521)

Anti virus software companies and even companies that make software like malware anti-bytes and Spybot search and destroy already allow total control rootkits from crappy rent to own companies to be installed and not detected so whos to say they wouldnt allow police made spyware shit to be installed on pc's?

Antivirus vendor and the state (0)

Anonymous Coward | about a year ago | (#43629631)

`So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request, and said his own firm wouldn't want to take part. Purely for business reasons, it doesn't make sense to fail to protect customers and let malware through 'regardless of the source.'"'

I would have taken it as given that the AV companies are in bed with the state security apparatus ...

Sony vs Dutch Police. Money Talks. (2)

softcoder (252233) | about a year ago | (#43632057)

so where were these anti virus folks when Sony was planting its virus?
Not a single one of them reported it.

I suspect that it is not principles but money that talks here.
let the Dutch police pony up some cash and see if they get a different reaction.
pgmer6809

and it doesn't matter... (0)

Anonymous Coward | about a year ago | (#43632105)

...because, as all AV companies tell you, malware still gets in, regardless of what AV product you have installed.

so it's not a may fools joke then? (1)

KingBenny (1301797) | about a year ago | (#43638245)

it's still a lousy one, who is this guy proposing that? sounds worse than when they missed that pedophile and blamed it on the evil tor (which is probably the only option in the universe)
did someone check the reality check on this before actually even thinking of asking to an antivirus company to 'maybe' let some attacks pass ?
only the validated ones from the dutch superpolice force who can never ever be spoofed or imitated ofcourse ...
as in please build a backdoor in your software by redesigning it for free because the east-indian company asks you ?
or as in we didnt even think about the technical implementation or the result on a security companies image there
or as in all your base are belong to us because we say so ?
or as in ?
did someone check the reality check here? i don't think so, i think police is getting lazy, under-educated and too big in numbers, costing too much to give a false image of safety to an ageing population being scared by nationalist fearmongers, overthere just as well as here, meanwhile obviously having no clue what this monstrous internet is, and probably not even knowing the year 2000 was already a while ago by now
to read this when i just woke up is sure to make my day
... seriously people ... who the fuck comes up with these ideas without even thinking them through for a second ? you're all FIRED, get out of mah land, no what, get out of my europe as long as i'm stuck here, and while you're out of here, try to get with the program
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>