×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Will Security Firms Detect Police Spyware?

kdawson posted more than 6 years ago | from the who-do-you-trust dept.

Privacy 269

cnet-declan writes "A recent appeals court case dealt with Drug Enforcement Administration agents using a key logger to investigate a suspect using PGP and Hushmail. That invites the obvious question: Will security companies ever intentionally overlook police spyware? There were somewhat-muddled reports in 2001 that Symantec and McAfee would do just that, so over at News.com we figured we'd do a survey of the top 13 security firms. We asked them if it is their policy to detect policeware. Notably, Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested. We've also posted the full results, with the companies' complete answers. Another question we asked is if they have ever received a court order requiring them to overlook police key loggers or spyware. Symantec, IBM, Kaspersky, and others said no. Only Microsoft and McAfee refused to answer."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

269 comments

Security (2, Insightful)

Anonymous Coward | more than 6 years ago | (#19893869)

"Tbireazrag ntrapvrf naq onpxqbbef va grpuabybtl cebqhpgf unir n ybat naq serdhragyl pynaqrfgvar eryngvbafuvc. Bar 1995 rkcbfr ol gur Onygvzber Fha qrfpevorq ubj gur Angvbany Frphevgl Ntrapl crefhnqrq n Fjvff svez, Pelcgb, gb ohvyq onpxqbbef vagb vgf rapelcgvba qrivprf. Va uvf 1982 obbx, Gur Chmmyr Cnynpr, nhgube Wnzrf Onzsbeq qrfpevorq ubj gur AFN'f cerqrprffbe va 1945 pbreprq Jrfgrea Havba, EPN naq VGG Pbzzhavpngvbaf gb ghea bire gryrtencu genssvp gb gur srqf."

Jvgu Ohfu va bssvpr lbh pna bayl rkcrpg zber bs gur fnzr.

Re:Security (0, Flamebait)

Anonymous Coward | more than 6 years ago | (#19894509)

Idiot moderator! Parent is not off topic. (Hint: rot13)

Re:Security (5, Informative)

Jugalator (259273) | more than 6 years ago | (#19894985)

Decoded because tinfoiling or making a point this way is just plain annoying... :-p

"Government agencies and backdoors in technology products have a long and frequently clandestine relationship. One 1995 expose by the Baltimore Sun described how the National Security Agency persuaded a Swiss firm, Crypto, to build backdoors into its encryption devices. In his 1982 book, The Puzzle Palace, author James Bamford described how the NSA's predecessor in 1945 coerced Western Union, RCA and ITT Communications to turn over telegraph traffic to the feds."

With Bush in office you can only expect more of the same.

Re:Security (0)

Anonymous Coward | more than 6 years ago | (#19895067)

"Tbireazrag ntrapvrf naq onpxqbbef va grpuabybtl cebqhpgf unir n ybat naq serdhragyl pynaqrfgvar eryngvbafuvc. Bar 1995 rkcbfr ol gur Onygvzber Fha qrfpevorq ubj gur Angvbany Frphevgl Ntrapl crefhnqrq n Fjvff svez, Pelcgb, gb ohvyq onpxqbbef vagb vgf rapelcgvba qrivprf. Va uvf 1982 obbx, Gur Chmmyr Cnynpr, nhgube Wnzrf Onzsbeq qrfpevorq ubj gur AFN'f cerqrprffbe va 1945 pbreprq Jrfgrea Havba, EPN naq VGG Pbzzhavpngvbaf gb ghea bire gryrtencu genssvp gb gur srqf."

Jvgu Ohfu va bssvpr lbh pna bayl rkcrpg zber bs gur fnzr.
Qapla'! Tonight we dine in Sto-Vo-Kor!

Would you TRUST their answers if they said "no"? (4, Insightful)

khasim (1285) | more than 6 years ago | (#19893885)

I don't trust any of them NOT to do whatever the cops/government want(s).

Open Source all the way.

Re:Would you TRUST their answers if they said "no" (3, Insightful)

HomelessInLaJolla (1026842) | more than 6 years ago | (#19893935)

They don't need to turn a blind eye to policeware. The commercially available remote administration tools aren't in the databases.

Uhm no (2, Interesting)

Cafe Alpha (891670) | more than 6 years ago | (#19893941)

But it's not the source, it's the data.

And publishing data or distributing which compromises investigations is probably a felony.

So how would your open source system work? Would you openly publish how to recognize all of the government's spy software?

The opposite. (1)

khasim (1285) | more than 6 years ago | (#19894067)

So how would your open source system work? Would you openly publish how to recognize all of the government's spy software?

Nope. Just the opposite. Instead of searching for software that could be spying on you, the transparency means that you already know what is running and what it is doing.

Re:The opposite. (2, Interesting)

Eternauta3k (680157) | more than 6 years ago | (#19894703)

ps ax | wc -l
119
So... in order to stay away from spyware, you have to know what those 119 processes do?

Re:Uhm no (1, Insightful)

misleb (129952) | more than 6 years ago | (#19894323)

So how would your open source system work? Would you openly publish how to recognize all of the government's spy software?


Sure, why not? Fight the power.

-matthew

TFA didn't ask about National Security Letters (4, Informative)

schwaang (667808) | more than 6 years ago | (#19894047)

The question was "Have you ever received such a court order signed by a judge...".
But if what they had received instead was a NSL, they would be under a gag provision (with *jail* as the penalty) to not mention anything about it.

That's only in Amerika of course.

Re:TFA didn't ask about National Security Letters (2, Interesting)

UbuntuDupe (970646) | more than 6 years ago | (#19894257)

Isn't there necessarily a question that they *can* answer, though?

"Have you been given a court order to let police spyware in?" --> Must say no because of a gag order.
"Have you ever been in a position where the law required you to lie about questions related to your spyware activities?" --> ???

Re:TFA didn't ask about National Security Letters (2, Interesting)

Anonymous Coward | more than 6 years ago | (#19894759)

Well, there's considerable debate about that kind of question [wikipedia.org]. Okay, it's not quite the same situation, but it's somewhat similar. I think the responses of some classic ST:TOS episodes [wikipedia.org] are probably appropriate. Something along the lines of "I'm not programmed to respond in that area", or perhaps a shower of sparks before the lawyer's head explodes.

Most likely, they'd just say they are unable to answer. "Null" answers are always an option for lawyers.

Re:TFA didn't ask about National Security Letters (1, Flamebait)

huckamania (533052) | more than 6 years ago | (#19894841)

"That's only in Amerika of course."

Gee, you really believe the Chinese, Russian, Iranian, North Korean, Saudi, Syrian and Chilean governments would never do this? What about the Indonesian government or the government of any country in Africa? Seriously, put away the crack before the crack puts you away.

I would be more concerned if these companies were making deals to white-list spam bots or something truly nefarious.

Re:TFA didn't ask about National Security Letters (4, Informative)

schwaang (667808) | more than 6 years ago | (#19894889)

Totalitarian dictatorships absolutely would do this. But then, that's actually my point.

Re:Would you TRUST their answers if they said "no" (0)

Anonymous Coward | more than 6 years ago | (#19894235)

Open Source all the way.

I think I'll use open source from now on, but which are the best open source anti-spyware programs out there?

Re:Would you TRUST their answers if they said "no" (2, Informative)

HiThere (15173) | more than 6 years ago | (#19894927)

Probably the government approved SELinux. If you set the permissions correctly, then no program who doesn't need to should be able to detect what another program is doing.

Of course, setting the permissions correctly is a PITA...and so is using a system so configured. But it's probably as secure as you can get, bar a disconnect from the internet.

Re:Would you TRUST their answers if they said "no" (0)

Anonymous Coward | more than 6 years ago | (#19894451)

I am so sick of people assuming that just because they use encryption they are safe from everything. This is an exact reason for defense in depth and physical security. If the guy had set a bios password and encrypted his drives based on a secure passphrase, installing a key logger wouldn't be such a trivial feat. The FBI is no smarter than any security expert, and usually a hell of a lot dumber (collectively).

Re:Would you TRUST their answers if they said "no" (1)

iamacat (583406) | more than 6 years ago | (#19894911)

Indeed, why should you trust a private company (that too made up of former black hats) to be any more moral/law abiding than elected officials under public oversight? I think you should become as passionate about politics as you are about open source.

New solution (4, Funny)

Anonymous Coward | more than 6 years ago | (#19893905)

I am going to send all my private messages by owl from now on.

Re:New solution (1)

cp.tar (871488) | more than 6 years ago | (#19894765)

So if the owl gets intercepted, you'll know it by the look of its feathers.

Are owls therefore quantum?

note to self (4, Informative)

timmarhy (659436) | more than 6 years ago | (#19893919)

"Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested"

never buy anything from check point.

Re:note to self (1, Flamebait)

kevin_conaway (585204) | more than 6 years ago | (#19894005)

What if they have a court order? Do you not have a phone either?

This whole article smells like FUD against the government. If they have a court order (with proper oversight), I don't see a problem with this

Re:note to self (1)

HomelessInLaJolla (1026842) | more than 6 years ago | (#19894613)

If they have a court order (with proper oversight), I don't see a problem with this
FBI warrantless wiretap living under a rock and avoiding reality what?

Re:note to self (4, Insightful)

Danse (1026) | more than 6 years ago | (#19894657)

If they have a court order (with proper oversight), I don't see a problem with this
Read a newspaper in the last few years? Oversight is pretty much non-existent anymore.

Re:note to self (4, Interesting)

statusbar (314703) | more than 6 years ago | (#19894711)

All that needs to be done is for a hacker to find out what specific software is used by the police, and subvert it so that the hacker can use it to attack people while the spyware detector software purposely ignores it, thinking that it is from the police.

--jeffk++

Re:note to self (3, Insightful)

ArcherB (796902) | more than 6 years ago | (#19894039)

"Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested"

never buy anything from check point.


So I presume you are against the police using spyware as a tool in all circumstances?
Would your opinion change if the Police had a warrant? What if asked your permission to "snoop" your notebook that was stolen from you a week before in an effort to recover it?

Is this just limited to adware? If you daughter were kidnapped, would you protest them using her cel phone to track her?

I know it's cool to be against the 5-0, but I feel you opinion may change once you need the police to protect you or give you justice when a crime has been committed against you.

Re:note to self (2, Insightful)

Anonymous Coward | more than 6 years ago | (#19894123)

So I presume you are against the police using spyware as a tool in all circumstances? Would your opinion change if the Police had a warrant? What if asked your permission to "snoop" your notebook that was stolen from you a week before in an effort to recover it? I would rather have a backdoor entry to which only I have access to, or somebody else after I permit him to, for my laptop.. giving a free access to my property isnt something I am comfortable with.. if there is a warrant, then take my laptop and examine it.

Re:note to self (1)

stinerman (812158) | more than 6 years ago | (#19894179)

So I presume you are against the police using spyware as a tool in all circumstances?
Not at all so long as the proper warrants are issued.

Would your opinion change if the Police had a warrant?
See above.

What if asked your permission to "snoop" your notebook that was stolen from you a week before in an effort to recover it?
That sentence isn't grammatically correct, so I can't tell what you mean.

Is this just limited to adware? If you daughter were kidnapped, would you protest them using her cel phone to track her?
Of course not. Unless I or she (if a legal adult) had turned off any tracking features on the phone. The phone is personal property. If the owner turns off any tracking features they had damn well better not be turned back on without the owner's say so. I might be kicking myself afterward, but that is my choice. Same as people who don't wear seatbelts.

If I buy software that detects spyware on my computer, it had better detect any and all spyware. Without digressing too far, this is why FOSS is very important in a time of decreased privacy. I guarantee you clamav and similar products will detect anything you want them to. If upstream allows for exceptions, we can simply take those exceptions out.

Re:note to self (5, Insightful)

evanbd (210358) | more than 6 years ago | (#19894253)

Warrants should be required for the police to install the keylogger, and a court order or similar should be required for the AV program vendor to assist. If the necessary warrants and orders are in place, by all means, they ought to comply. But CheckPoint has said they don't feel a need to wait for such -- just the say-so of the police. That way lies abuse of power.

Re:note to self (1)

ArcherB (796902) | more than 6 years ago | (#19894601)

Warrants should be required for the police to install the keylogger, and a court order or similar should be required for the AV program vendor to assist. If the necessary warrants and orders are in place, by all means, they ought to comply. But CheckPoint has said they don't feel a need to wait for such -- just the say-so of the police. That way lies abuse of power.ability to abuse, you end up with policemen walking a beat with little more than a whistle to do their jobs! The trick is to recognize the potential, demand oversight and employ extremely strict punishment to prevent abuse so the tools are allowed to be used in a legal manner.

Re:note to self (1)

ArcherB (796902) | more than 6 years ago | (#19894639)

(damn preview!)
Warrants should be required for the police to install the keylogger, and a court order or similar should be required for the AV program vendor to assist. If the necessary warrants and orders are in place, by all means, they ought to comply. But CheckPoint has said they don't feel a need to wait for such -- just the say-so of the police. That way lies abuse of power.

I doubt that checkpoint can turn off features of its product on a particular set of machines after the product has been sold and installed. They either include the ability to check for law enforcement snooping or they don't unless checkpoint installs a back door that only they have access to, but then THEY become a spyware company!

I'm against abuses of power too, but anything can be used to abuse power. If you take away 100% of the ability to abuse, you end up with policemen walking a beat with little more than a whistle to do their jobs! The trick is to recognize the potential, demand oversight and employ extremely strict punishment to prevent abuse so the tools are allowed to be used in a legal manner.

Re:note to self (1)

Chris Burke (6130) | more than 6 years ago | (#19894917)

I'm against abuses of power too, but anything can be used to abuse power. If you take away 100% of the ability to abuse, you end up with policemen walking a beat with little more than a whistle to do their jobs! The trick is to recognize the potential, demand oversight and employ extremely strict punishment to prevent abuse so the tools are allowed to be used in a legal manner.

Yah, no kidding. That's why he said it was okay if they had a warrant, i.e. with court oversight. Those first two sentences comprise nothing but a strawman.

Re:note to self (2, Insightful)

HomelessInLaJolla (1026842) | more than 6 years ago | (#19895081)

If you take away 100% of the ability to abuse, you end up with policemen walking a beat with little more than a whistle to do their jobs!
That's a real good indicator that we don't need so many policemen.

Now if we could just do something about the part about having 1100 new, lobbyist driven laws every year maybe we could balance things out.

The trick is to recognize the potential, demand oversight and employ extremely strict punishment to prevent abuse so the tools are allowed to be used in a legal manner.
That's not a trick. It's utter and complete fantasy to think that the system won't be exploited at the oversight level, or that "extremely strict punishment" won't be selectively enforced.

Re:note to self (4, Interesting)

HiThere (15173) | more than 6 years ago | (#19895133)

You *have* noticed what kind of oversight is being provided these days? When ANY is provided...

Oversight essentially means they run back to the office and time-stamp a preprinted form. There's a little more involved than that, but not much. They get to choose the most pliable judge available...and there are some who are pretty pliable.

The bizarre thing is that even THAT much oversight is seen as too much by those in charge of the snooping agencies. And it's not usually because of urgency. (As I recall they can get special exemptions for planting a bug on a target of opportunity...retroactive permission.)

The current moral corruption of the police appears to extend all the way from the local level to the federal. (I hope your local police are still honest. If so, count yourself lucky...or uninformed.)

This current level of corruption probably reaches back to Nixon's Imperial Presidency, and before him to FDR's centralization of the government. And before him, also. (Notice that it's not specific to any one party. What one party does, the other party rarely repeals.) With the removal of habeas corpus it's barely disguised any more. This *IS* a police state. So far it's a more humane one than most of it's predecessors, but it has the diagnostic features. Britain is, or appears to be headed, the same way.

Probably this is because of two basic features:
1) Population density makes it more difficult to control people, and
2) The removal of a frontier means that if the powers that be get mad at you, there's no place to escape to.
Ostensibly these two factors pull in opposite directions, but actually the freedom of the frontier had a back-transference that lead to greater liberty in the sessile population.

What can be done? Solutions seem either difficult or undesirable. Either drastically decrease the population (H5N1 may attempt this solution), or create a new frontier (which must be reachable at least by the middle class, if not by the impoverished). Space travel appears too expensive for the foreseeable future. Ditto for under-sea colonies. And it has to be a meat-space frontier. Virtual realities don't have the same "getting out from under the thumb of an oppressive government" effect (except in fantasy...which isn't sufficient).

Re:note to self (1)

R3d M3rcury (871886) | more than 6 years ago | (#19894393)

So I presume you are against the police using spyware as a tool in all circumstances? Would your opinion change if the Police had a warrant? What if asked your permission to "snoop" your notebook that was stolen from you a week before in an effort to recover it?
No, not in all circumstances. That's just being ridiculous. I have no problem with police using spyware anymore than I have a problem with police doing wiretaps, once they have gotten the appropriate permission to do so. But that's really not what this is about.

That said, commercial enterprises that are selling me security software to perform a certain task should not be making exceptions. Would you buy encryption software that had a "back door" so that the police could decrypt whatever you encrypted? I know I wouldn't because it wouldn't be secure. How do I know that a former police officer--who found out the "back door" from some previous case--wouldn't be going through my stuff? How do I know some disgruntled officer didn't sell the information to thieves? How do I know some disgruntled company employee didn't sell the information to thieves?

Yes, you can try to sell me software that will detect spyware but won't detect certain "police-issued" spyware. But I won't be buying it.

Don't play stupid.. (3, Insightful)

msimm (580077) | more than 6 years ago | (#19894429)

Some technologies are simply too easily abused. You want to check my system for criminal activity? Fine. Get a warrant and confiscate it. I don't think this is anti 5-0. This is checks and balances. There are tons of great people involved in law enforcement, but adding tools and acceptions like this is just taking another needless step down a slippery slope.

We keep gleefully throwing away our rights in the name of what? Fear? That's bad rationale. Our founding fathers must be turning in their graves.

Re:Don't play stupid.. (1, Troll)

huckamania (533052) | more than 6 years ago | (#19894943)

"We keep gleefully throwing away our rights in the name of what? Fear? That's bad rationale. Our founding fathers must be turning in their graves."

I'd like to know what rights you think have been thrown away? I think our founding fathers would be amazed that what they started has lasted so long, and longer than any other current government.

The NSA phone taps is probably what you are talking about, so I'm going to troll there. First, I'll concede the point that phone conversations are property and that making a copy of such can be considered seizure of said property. Now that that is out of the way, the NSA phone taps cover phone conversations between this country and another. The property in this case crosses our national border. It is 100% legal for the government to seize and search property at the border without the need for a search warrant. Always has been. So, no rights have been given up or forfeited.

There, feel better?

Re:note to self (0)

Anonymous Coward | more than 6 years ago | (#19894439)

I know it's cool to be against the Boss, but I feel your opinion may change once you need the Party to protect you or get you a job when you're standing in line waiting for bread.

By the way, your papers please, tovarisch.

Re:note to self (0)

Anonymous Coward | more than 6 years ago | (#19894485)

That of course assumes a constitutionally-limited government and due process of law. You know, a moral and just system of law which respects the individual's natural human right (god-given if you prefer) to liberty and self-ownership.

We don't have that here in the US, and until we do, I'll be damned if I'm ever going to be apologetic for the power elite who control government -- or their business associates in the "private" sector.

Re:note to self (5, Insightful)

Copid (137416) | more than 6 years ago | (#19894583)

I don't totally disagree in theory, but as I see it,the problem with this is similar to the problem with encryption key escrow: If there's a hole in the security for the "good guys" the "bad guys" will figure out how to exploit it. If the government has a way to get your encryption keys, even assuming that they're always on their best behavior, you can bet that a smart kid somewhere will figure out how to get your keys as well, and you can't assume that he'll be on his best behavior. Likewise, if you program a blind spot into a virus / malware scanner, I don't think it's unreasonable to bet that the same kid will figure out a way to make his malware look benign enough to slip through the same hole.

It's a simple rule of security: If there's a low security path, the bad guys will take it. That's how they win. Assuming otherwise is silly.

Re:note to self (2, Insightful)

Bob9113 (14996) | more than 6 years ago | (#19894725)

So I presume you are against the police using spyware as a tool in all circumstances?

I am opposed to the police using my property to collect evidence against me. It is much akin to my support for the right to not self-incriminate. You want to use your stuff to conduct surveillance? Cool (as long as you have proper authority, etc). But my stuff is my stuff.

Why is this important? Because in order for technology to take an increasing role in our personal lives, we must be able to trust our technology as much as we trust ourselves. Technology takes on a hostile role towards us (as in the case DRM, spyware, botnets, etc) creates a barrier of distrust between us and the technology. It will forestall the merging of mind and machine. That is contrary to our best interest as a species.

Re:note to self (3, Insightful)

misleb (129952) | more than 6 years ago | (#19894785)

So I presume you are against the police using spyware as a tool in all circumstances?


This isn't about how and when police should use wiretaps. It is about companies ignoring their ethical obligation to detect any and all "spyware." Hence the note to self: "Never by anything from Checkpoint" They either can't be trusted to do the job you pay them to do.

For an example of why this whitelisting is a problem regardless of whether or not individual wiretapping cases are legit: What if a criminal decides to utilize the police spyware? How hard can it be to take a machine has been "bugged" by the police, find the binary, and copy it for your own use... and do your dirty work undetected? All it takes is one clever hacker to dissect the police keylogger and distribute it amongst his friends....

-matthew

Re:note to self (3, Insightful)

HiThere (15173) | more than 6 years ago | (#19895163)

Besides, if they'll whitelist the police, they'll whitelist Sony...as many did.

Re:note to self (0)

Anonymous Coward | more than 6 years ago | (#19894825)

"Check Point said it would 'afford law enforcement' the courtesy of whitelisting if requested"

never buy anything from check point.


So I presume you are against the police using spyware as a tool in all circumstances?


He said it was a "not to self"... so yes, I would presume that he doesn't want the police snooping on him under any circumstances.

Would your opinion change if the Police had a warrant?


Mine wouldn't. I don't want the cops spying on me, warrant or otherwise. It's not my job to make their lives easy.

I invoke my right to the 5th amendment....

What if asked your permission to "snoop" your notebook that was stolen from you a week before in an effort to recover it?


Freedom isn't free.

Is this just limited to adware? If you daughter were kidnapped, would you protest them using her cel phone to track her?


Would you protest to them using her cel to track her if she wasn't kidnapped?

Errr... (0)

Anonymous Coward | more than 6 years ago | (#19895053)

You do realize that a computer has no idea who installed any given program, right?

What I mean by that is that the bad guys can and will use pirated copies of the police spyware should it be legally undetectable.

Might want to think about the implications of that. Personally, I'd rather have no spyware and require the police to use bugs or mini cameras pointed at the computer screen once they had a proper warrant.

But they damn well get a proper warrant. All this unaccountability they've been provided does not sit well with me. After all, if people were so trustworthy that accountability was not required, we wouldn't need police in the first place.

Re:note to self (0)

UbuntuDupe (970646) | more than 6 years ago | (#19894055)

Good idea -- buy from the ones clever enough to lie about whether they'll let police spyware in.

Or just use an open source solution.

Re:note to self (1)

dohcrx (979568) | more than 6 years ago | (#19895141)

how many on /. use a spyware program that is cracked/registered illegitimately??? it would be tragic if those spyware companies chose to whitelist only those that were caught using the program improperly. i mean, upgrading and then having to find a crack for the new version is hard enough... :P

Re:note to self (1)

billsf (34378) | more than 6 years ago | (#19895161)

It may seem harsh, but I fully agree. This is a very serious slip and the company is likely to go out of business. The justification that 'you may need police protection' is seriously flawed. News of a security firm going to the police would most likely result in the firm going bust. This is a no win situation. Best advice: Don't talk.

Even a whitelist won't work? (0)

Anonymous Coward | more than 6 years ago | (#19893933)

How long until real malware figures out how to make itself whitelisted?

Fastens buckle on tinfoil hat (4, Insightful)

fishthegeek (943099) | more than 6 years ago | (#19893957)

I'm not normally given to conspiracies, but this is ridiculous. The fact that we're having this conversation means that at least someone is concerned about the possibility of Government key loggers not being detected, and if it's taken someone outside of gov't this long to discuss it then I feel certain that the gov't itself has been thinking about this for some time.

These companies will cave to whatever law enforcement agency has jurisdiction for the investigation quicker than the last Harry Potter book hit the torrents. The only possible exception would be those AV companies that are immediately outside of the grasp of the agency involved. I don't even think that those companies are safe because their own governments would likely bear pressure to comply.

Re:Fastens buckle on tinfoil hat (2, Interesting)

dotpavan (829804) | more than 6 years ago | (#19894057)

These companies will cave to whatever law enforcement agency has jurisdiction for the investigation quicker than the last Harry Potter book hit the torrents. The only possible exception would be those AV companies that are immediately outside of the grasp of the agency involved. I don't even think that those companies are safe because their own governments would likely bear pressure to comply.


true, but they could atleast try, like Google refused to turn-in the search queries. I know, not every company is a mammoth like Google and cant afford the wrath of Govt., but an initial refusal (and later caving in under pressure) might put them in a better light than complying right at the first request..


what is also interesting is that MS *must have* caved in sometime in the past (from their refusal to answer), and Vista's inbuilt spyware/malware detection makes it more likely to snoop on its users.. privacy concerns explode!

Re:Fastens buckle on tinfoil hat (1)

cez (539085) | more than 6 years ago | (#19894309)

what is also interesting is that MS *must have* caved in sometime in the past (from their refusal to answer), and Vista's inbuilt spyware/malware detection makes it more likely to snoop on its users.. privacy concerns explode!

the scary part is if "MS *must have* caved", who's to say what these spyware/malware companies do even matters. You will notice that they all say what they can detect, they will report. If MS caved, then a back door could be structured for an agency with the right credentials, that could plausibly deny that detection from occurring.

I'm curious to know how long it took and how many spyware/malware detectors found Sony's rootkit?

Re:Fastens buckle on tinfoil hat (0)

Anonymous Coward | more than 6 years ago | (#19894773)

I'm curious to know how long it took and how many spyware/malware detectors found Sony's rootkit?
IIRC the answer is zero. It was detected manually by Mark Russinovich of Sysinternals.

Re:Fastens buckle on tinfoil hat (1)

cez (539085) | more than 6 years ago | (#19894855)

Thank you, while his name escaped my immediate recall, I knew it was by an idividual. I should have made my question clearer, ...time to adoption of that particular signature? Or hell... time it took them to whitelist it if they did.

Re:Fastens buckle on tinfoil hat (2, Interesting)

secPM_MS (1081961) | more than 6 years ago | (#19894829)

Please note that I know nothing whatsoever about Microsoft's activity in this area.

The libertarian definition of government is an organization that claims a legal monopoly on violence in a region. No company or organization is going to long survive direct and focused government duress - its assets will be seized and its staff find themselves contemplating uncomfortable surroundings. That said, everyone should expect that organizations will comply with court orders / security directives (at lease once they have exhaused their appeals processes, if any). Privacy does not trump law.

Judge Learned Hand once admonished a new attorney with something along the following lines "Sir, this is a court of law. It is not a court of justice." Do not attempt to extrapolate your values to the law.

All nations have a need to conduct covert survelience. This may involve software, hardware, human intelligence, etc. It is reasonable to assume that they will make reasonable efforts to preserve these capabilities. Draw your own conclusions. Officials with a court warrant can covertly plant HW monitoring systems in target systems. Such attacks will compromise the system regardless of the OS.

Will The President (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#19894003)


George W. Bush [whitehouse.org] proclaim the destruction of the U.S.A. inventory of weapons of mass
destruction?

People DON'T need to know. He's the world's biggest gunrunner.

Thanks.

Paradox (1)

athloi (1075845) | more than 6 years ago | (#19894015)

If they do whitelist gov't spyware, they will probably also lie about it.

I think modern government wouldn't do its own spying, but would find a subcontractor.

Whitelisting entities? (5, Insightful)

Pitawg (85077) | more than 6 years ago | (#19894035)

As far as I am concerned, no company that white-lists "entities" is in security.

White-listing processes/applications/files/data is not global, and is the only level for security. White-listing a company or organization is never an option. It is politics.

The respondents weaseled (5, Interesting)

Cafe Alpha (891670) | more than 6 years ago | (#19894043)

You'll notice that when asked about key loggers they started talking about methods of detection other than signature recognition. Kaspersky even mentioned that he wasn't talking about signature recognition which is the only reliable method.

You can take this as a hint that none of the companies is distributing signatures of the programs that the government uses.

what happens if it gets into the wrong hands (1)

pigphish (1070214) | more than 6 years ago | (#19894085)

sounds like a bad idea to me. What happens if the government spyware is in the wrong hands. Seems to me this would be very dangerous and open up a can of worms to someone hoping to protect their computer. An example is Encase FIM (just for law enforcement FBI/Police/etc) which has a remote stealth agent for connecting to evidence computers. This is not picked up by scanners but im sure its available on warez sites which probably means its not just in intended hands. In the end i want an AV tool that can tell me if anything potentially dangerous is going on with my computer. The AV tool wont be able to discern if the user of the spyware has good or bad intentions so it shouldnt try (especially based on the author of the spyware).

Undetectable Policeware = Undetectable Malware (2, Insightful)

MattW (97290) | more than 6 years ago | (#19894089)

If policeware gets a free pass to do things that, done by other parties, would be considered "malicious", then other malware will quickly begin to disguise itself as policeware to avoid detection.

Re:Undetectable Policeware = Undetectable Malware (3, Insightful)

Howitzer86 (964585) | more than 6 years ago | (#19894195)

That's not likely, as there isn't such a thing as a policeware flag. Instead, the federal government will contact the spyware removal companies and let them know that their super secret monitor worm/trogan/virus/whatever is not to be put within their databases.

Sure, at some point someone may create a malicious program that pretends to be an established policeware program, but that would be big enough to create headlines... and it's reign would thus be short.

Re:Undetectable Policeware = Undetectable Malware (2, Interesting)

cstdenis (1118589) | more than 6 years ago | (#19894225)

Even easier, somebody can just modify the policeware to report to them instead of police. If the police and installing this on hacker computers, sooner or later a hacker will find it and exploit it.

What's Going On Here? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#19894095)

Is C|Net a Slashdot WHORE, or is Slashdot a C|Net WHORE? Why is C|Net running stroies on Slashdot? Money deal?

Well that's funny... (1, Insightful)

Anonymous Coward | more than 6 years ago | (#19894171)

Because the software can then be captured by the hackers then used on the government systems, which will have their own software used against them.

This is exactly like the key-to-the-city thing. If that key gets stolen...

In the end, it won't work. Government is a business providing a service at the barrel of a gun and as we've seen countless time, the free market never choses the violent solution.

Have you actually *spied* on users for the gov't? (1)

schwaang (667808) | more than 6 years ago | (#19894189)

I'd like to see them ask that question. After all, virus checkers see every file on your disk, every email you get and send, every IM chat. So it's a natural point of leverage for any kind of spying. Only the OS itself would be a better target.

And it's even better than whitelisting, because you can do a blanket search of *everyone* using the virus checker for interesting keywords or known-enemy email addresses. Hey Poindexter, get on it!

Re:Have you actually *spied* on users for the gov' (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#19894255)

i play xbox 360 with my brother sometimes... its very cool... my brother is 30 years old hes pretty smart... he has 45 iq its the same as heis shoe size.. pretu good considaring 100 is full.... xbox is cool but xobx 360 is beter... i am masetr chief from halo... bcz when i played halo for the second time i knew what was going too happen befor eit happend... so im takeru... its pretty cooll... sonic is cool... i dont like tails though bcz hes sonics girlfrend... i want2 be sonics girlfrend.... sonic is so fast and handsome its increddibnle... sometimes... together... my mom and dad are brother and sister... its prety cool i gess... i herd its prety normal in america.... they love eachother like a father and daugher... theyr so cute together... together... sometimes... xbox... my brother is in wheel chair... but hes cool because hes smart... yea... the boy in the basements said he isnt smart and he say bad thing about my dad... but its no mater... he is chained up... in basement... together... xbox... yea... m

Re:Have you actually *spied* on users for the gov' (1)

cstdenis (1118589) | more than 6 years ago | (#19894281)

Just wait 'till the mafiaa partner with the AV companies to detect copyright material.

What an interesting question! (0)

Anonymous Coward | more than 6 years ago | (#19894233)

What I've always wondered is the kind of backroom heavy negotiating that got printer manufacturers to agree to printing printer-identifying information on EVERY page [wikipedia.org]!

Here's an interesting question: Do any Google employees get to see search trends in real time? For example, if 1000 people are working on something very secret, is that thousand enough to give some Google employee a clue, if they're doing all kinds of searches to see what's already online. (Obviously, turning off referral strings!)

My final conspiracy question is whether supermarket loyalty-card programs allow real employees to see names and shopping lists, in the small-scale aggregate. My guess is "No".

If it needs to be secure, open source (0)

Anonymous Coward | more than 6 years ago | (#19894287)

Linux or OpenBSD would never incorporate spyware-friendly features. OpenBSD in particular has mechanisms to make it difficult to even create such things. If you care about security, use one of those systems. Any foreign government that is running Windows for its desktop OS is in serious denial.

Note that the risk is not just court-authorized wiretaps. The bigger risks are illegal police wiretaps, and illegal criminal (non-police) wiretaps. Any keylogger that is designed to go through a built-in exploit would be a hot item on the cracking market.

The importance of open source... (2, Informative)

misleb (129952) | more than 6 years ago | (#19894301)

This highlights the needs for more open source/public software. Whether it is voting machines or spyware scanners. Some things can't reliably be left to commercial vendors with closed source.

-matthew

Police spyware used by the dark side? (4, Interesting)

syousef (465911) | more than 6 years ago | (#19894397)

1. Whitelist police spyware
2. Crim gets hold of police spyware
3. Crim gets pwns your machine, steals your identity and makes your life a living hell for the next 3 years or more.

If you paid for a piece of anti-spyware and they leave a backdoor open like this, isn't that a case of negligence?

Re:Police spyware used by the dark side? (3, Informative)

BUL2294 (1081735) | more than 6 years ago | (#19894655)

I live in Chicago. Half the cops here are crooks, and the other half would never snitch on their crooked friends...

So, yes, such white-listed malware is bound to get into the hands of crooks--especially if it's in the hands of cops.

Immaterial (1)

crossmr (957846) | more than 6 years ago | (#19894423)

If reputable companies do it, someone will write something to scan for them. Its not like there is only 1 company in business who has a 100% market share.

CNET: what about Eset's NOD32? (0)

Anonymous Coward | more than 6 years ago | (#19894427)

I think Eset is Czech or something. God only knows what laws apply to them.

Sony Rootkit.... (2, Informative)

Tuoqui (1091447) | more than 6 years ago | (#19894431)

Sounds like the Government is planning to implant a rootkit in every single computer or atleast leave a vulnerability/flaw in code (very easy to do with Vista since its so new) which will allow them to do so.

Time for everyone to switch to Linux. The more eyeballs we can get on code the more likely someone isnt able to sneak shit like this in.

Re:Sony Rootkit.... (1)

january05 (1126057) | more than 6 years ago | (#19895065)

The Sony rootkit is a good point, since Symantec agreed not to detect it. "The creator of the copy-protection software, a British company called First 4 Internet, said the cloaking mechanism was not a risk, and that its team worked closely with big antivirus companies such as Symantec to ensure that was the case. The cloaking function was aimed at making it difficult, though not impossible, to hack the content protection in ways that have been simple in similar products, the company said." http://www.groklaw.net/article.php?story=200511131 64717817&query=symantec [groklaw.net]

List of Whitelists PLEASE... (2, Interesting)

cez (539085) | more than 6 years ago | (#19894471)

What I'd like to see is a actual accounting of "whitelisted" programs, ones that have attained the appropriate certificate.

Where is the search warrant? (1)

Spy der Mann (805235) | more than 6 years ago | (#19894489)

Oh, you don't have one. Policeware... DELETED!

I said deleted! (0)

Anonymous Coward | more than 6 years ago | (#19895059)

Wise guy, eh? Let me introduce you to my main man Edgar!

The real issue is... (0)

Anonymous Coward | more than 6 years ago | (#19894497)

I see lots of comments on either side of the political/privacy spectrum, but that really isn't the issue. For that, yes, the cops need unfettered access in a few, specific, court approved cases, and no others. Balance being key. BUT (and it's a really big but), the real issue is the white listed spyware. If I'm going to use spyware for some nefarious purpose, why not use my resources to get the good stuff that the detectors are told to ignore? Easily done and we know this! The end result would be a two-class system of spyware: the garbage that isn't too hard to get rid of, and the really dangerous crap you won't even know is there.

Hack the BIOS. (1)

mungewell (149275) | more than 6 years ago | (#19894537)

Given that a target could be using multiple OSes, reformating, etc, etc.... wouldn't installing a compromised BIOS make more sense? How could you know that this wasn't already the case... unless of course you using LinuxBIOS built from your own (validated) source.

Or going the hardware route - installing an inline keylogger is a bit noticable, but what if this (just the chip+wires) was installed inside the PC or keyboard case?

Munge.

Use use OSK (0)

Anonymous Coward | more than 6 years ago | (#19894749)

Hint. Start | run | OSK. Use that whenever entering the first half of your passphrase.. then use kbd for second half. That will confuse the hell out of them.

Re:Hack the BIOS. (1)

domatic (1128127) | more than 6 years ago | (#19894757)

We're basically talking about the police tampering with a computer to get evidence. It'll work against Joe XP and Bob Macintosh but they would be better off just taking the machine if they have any reason to suspect technical smarts in their target. An integrity scanner like Tripwire will catch anything the police install software wise, especially if the target is extra paranoid and keeps his signatures on external media and boots from a CD to check them. As for hardware, geeks are poking around inside their computers all the time. I sure as hell know what belongs in there and what doesn't. The extra paranoid target could also just keep anything incriminating on a virtual machine stored on encrypted external media.

The fiddled BIOS is an interesting idea but that would require either multiple break ins or serious time for one. The hardware would have to be identified and the appropriate diddled BIOS obtained and installed. I suspect only the most high value targets like mob bosses would merit something like that. It would be too difficult to do routinely. Of course, such targets should operate under the most paranoid conditions possible. If nothing else, there should be physical security on the machine to preclude such shenanigans; locked rooms, tamper-revealing lock on machine, security cameras, the works....... Such targets either need practiced IT skills or should employ the best they can buy. (paid well I presume, who better to install diddly bits for the police?)

The other smart thing the cops could do is tap communications at the ISP. Everything has to be encrypted by default then and most times that isn't practical.

This says something for PGP (1)

brunos (629303) | more than 6 years ago | (#19894575)

Police actually had to brake in the persons' office to install the keylogger, in order to get their PGP password. This means PGP is at least quite good. However, the article implies that PGP is breakable with a bit of time and effort: Coffey asserted that the DEA needed "real-time and meaningful access" and that's why they monitored for the keys.

-1, Moot (5, Insightful)

StikyPad (445176) | more than 6 years ago | (#19894585)

Unlike traditional malware, "policeware" would only be present on the target machine(s), rather than spread to any and every computer, so it's extremely unlikely that AV vendors would ever receive a sample. No sample means it would continue to go undetected, provided it was designed to go undetected in the first place.

And how often do you look at the back of your computer [google.com]? How often do you think the average user does, or would even notice anything out of the ordinary if they were staring right at one? Sure, this is more difficult on a laptop since it would have to be opened, but it would also be even more discreet. I'm not aware of any products on the market for laptops, but I'm sure LE could commission one to be made, if necessary.

The point is, it would be an incompetent department indeed which needed cooperation from AV suppliers to keep their surveillance methods discreet.

Then based on the responses... (1)

zerhackermann (1073396) | more than 6 years ago | (#19894615)

Which security programs would you use? Which ones would you recommend to less tech-savvy friends and family? Assuming - The person is a "user" not power, super or otherwise having extra abilities or knowledge The machine is a windows pc (lets say XP for argument's sake) The user is willing to use what you recommend or install for a product price range of $0-$30US Thus far I have gone for the basic "freebie suite": AVG Free, Zone Alarm Free, Ad-Aware and Spybot. I also run these on my windows box so I am able to help if anyone has a question (about a dozen friends and family members)

Ron dies. Lupin dies. Percy dies. Voldemort dies. (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#19894659)

Snape's loyalty? I found this to be the saddest part of the book. As many people guessed, all was not what it seemed with Dumbledore, and the two did indeed have a plan that would eventually result in Snape killing him. But, Snape was only in on things for personal gain, and when Voldemort learns of this, he is obviously furious with Snape. Snape tries to make up for things by luring Harry to him, but Harry manages to escape, and Voldemort kills Snape before the final conflict.

I don't know what all these rumours are about Voldemort kidnapping Ron, it's a complete lie. Ron is killed by Bellatrix Lestrange in The Battle of Hogwarts, but Neville manages to finish off Bellatrix after Ron weakens her before his death.

Harry is not a horcrux.

As I've already stated, Voldemort kills Snape.

Voldemort is killed in the Department Of Mysteries. He baits Harry about his parents, Sirius, Dumbledore and Ron. which turns out to be the worst thing Voldemort could have done. As Voldemort steps out into the circular bit with many doors, Harry opens the locked door, and Voldemort is destroyed by the blinding light, which heals Harry, who seems close to death (he does not die).

Help. (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#19894945)

I've been infected..with a thought virus.
I think "Louisiana Brain Death does something" over and over and nothing else ever.
I wonder if that'll make me weak in my dealings with other people.
I hope not. I hope someone doesn't come over to me and demand things from me, without
my usual thoughts like 'this fool is trying to play me' et al. in response to such things in leui of just "Louisiana brain death does something", I don't know what might happen.

The obvious reason they shouldn't (1)

erroneus (253617) | more than 6 years ago | (#19895109)

Once the malware is identified, it can be copied and manipulated to run on systems with impunity while it's being ignored by the AV software. It would be reckless to the point of being ineffective forever.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...