Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
News Your Rights Online

McAfee Will Ignore FBI Spyware 571

Drew writes: "The Washington Post is reporting on the FBI's new spyware called 'Magic Lantern.' According to their article, 'At least one antivirus software company, McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal suspect.' It is ridiculous that the software companies that are supposed to help us protect computers purposefully leave in loopholes for the FBI to operate their spyware."
This discussion has been archived. No new comments can be posted.

McAfee Will Ignore FBI Spyware

Comments Filter:
  • Fucking Great (Score:5, Insightful)

    by Breakfast Pants ( 323698 ) on Saturday November 24, 2001 @08:24PM (#2608511) Journal
    Now anyone can craft their virii to look like the FBI's brood and avoid detection alltogether.

    Fabulous, I hope everyone feels safer already.
    • Re:Fucking Great (Score:3, Interesting)

      by DragonMagic ( 170846 )
      I stopped bothering with virus software, mainly because its problems and prices and maintenance outweighed its benefits.

      Best thing: Download software from trusted companies and entities only, make backups of your registry and boot drive often, don't open attachments in email from those you don't fully trust not to carry viruses, and keep up to date on what new viruses are out there and how they operate.

      This doesn't affect me much. Just wish we knew how the FBI's virus would work so it could be stopped at the router or mail server level.
      • Re:Fucking Great (Score:3, Insightful)

        by firewort ( 180062 )
        Sure, but if that's your approach to preventing virii, how do I know I can trust you to not pass on a virus?

        I end up relying not only on you, but on the people you claim to be trusted.
        This is remarkably similar to trusting physically promiscuous people to not carry something transmittable to me.

        I approve of the steps you take, but how can I be sure all the people you trust take those steps as well?
        • I end up relying not only on you, but on the people you claim to be trusted. This is remarkably similar to trusting physically promiscuous people to not carry something transmittable to me. Yeah, and unlike in sex, in software, monogamy really isn't a feasible option (unless you believe Microsoft.)
    • If I were the FBI, I'd sign the virus with a secret key to keep others from imitating it. All McAffee would have to do is to check the signature on the virus.
  • by rice_burners_suck ( 243660 ) on Saturday November 24, 2001 @08:31PM (#2608530)

    The point is, these aren't loopholes for the FBI. McAfee will ignore this loophole, and that will allow CRACKERS to get into your system. This program, which is intended to prevent people from getting into your computer, will happily ignore all cracking that takes place through the same loopholes as this so-called Magic Lantern.

    Oh well... Next time, use OpenBSD.

    • This program, which is intended to prevent people from getting into your computer, will happily ignore all cracking that takes place through the same loopholes as this so-called Magic Lantern.

      It certainly raises the possibility ... but if McAfee is competant, it's only a small one. Magic Lantern is probably going to log information passively, and maybe send it to fbi.gov . It's not going to open up ports with shells attached to them. It's not going to propagate itself. It's not going to mail passwords to leet@haxors.ru . It's basically not going to do anything that a self-respecting malware author wants.

      So sure, maybe you could write Amazing Lightbulb, that McAfee can't distinguish from Magic Lantern. But it probably couldn't do anything interesting, because if it tried, McAfee would know it isn't Magic Lantern.

      (Ultimately, of course, malware versus anti-malware is an arms race, and a sufficiently clever hack can no doubt evade McAfee. Possibly, Magic Lantern code in McAfee might make it marginally easier; but anyone who's smart enough to evade McAfee can probably do it either way. And in a week or three, McAfee will issue an update, and the next round will begin.)

      FWIW, my take is that if court-authorized spyware warrants get the FBI to relax their anti-encryption stance, they're probably a good thing.

      • Unless McAfee has drastically changed the operating model of their software since I last used it (which would be 8 days ago, since I'm on vacation), you are completely wrong about what they do or do not detect.

        It's still based on signatures, not operating patterns.
        • Unless McAfee has drastically changed the operating model of their software since I last used it (which would be 8 days ago, since I'm on vacation), you are completely wrong about what they do or do not detect.

          It's still based on signatures, not operating patterns.

          Ok, I admit I haven't used a virus scanner since I last ran Windows, which was over 4 years ago. If McAfee is operates only on signatures, then obviously there is no need to impersonate Magic Lantern to evade it: any original code (that doesn't match existing signatures) will do. And since any code that does something more than Magic Lantern must necessarily be different from Magic Lantern, McAfee can write a signature for it after it's discovered. So, against signature-based defenses, impersonating Magic Lantern buys you exactly nothing. Is there anything I'm missing here?

          In my original post, please replace "McAfee" with "a hypothetical clever anti-malware product".

          (From memory, though, I thought that McAfee did guard against things like suspicious file modifications. Maybe that was a different product.)

          • If McAfee is operates only on signatures, then obviously there is no need to impersonate Magic Lantern to evade it: any original code (that doesn't match existing signatures) will do.

            Correct. This is one of the major problems with virus scanners, they tend to be vulnerable to The New Virus.

            And since any code that does something more than Magic Lantern must necessarily be different from Magic Lantern, McAfee can write a signature for it after it's discovered. So, against signature-based defenses, impersonating Magic Lantern buys you exactly nothing. Is there anything I'm missing here?

            Yes. McAfee calculates the signature from the code. Presumably, the way it works around Magic Lantern is by some code that looks like this:

            if virusSignature == magicLantern then return(1);

            else doCleanVirus();

            Therefore, if an enterprising virus writer can synthesize a virus that does something different, but causes McAfee to detect the same signature, it's happycakes time.

            That said, McAfee has always sucked donkey donuts. Norton is better; however, the only PC-based antivirus product I ever really had a lot of respect for was IBM AntiVirus, partly because it was the only one that could detect virii it didn't already know about. Sigh. It's long gone though.

            • McAfee calculates the signature from the code. Presumably, the way it works around Magic Lantern is by some code that looks like this:

              if virusSignature == magicLantern then return(1);

              Sure. But after a Magic Lantern impersonator is discovered and analyzed, McAfee adjusts the signatures to distinguish the impostor from the original. So the situation is the same as for any other virus: undetected at first, but stopped after McAfee analyzes it and issues a signature update. Really, all McAfee would be doing is ensuring that none of their "bad" signatures matches Magic Lantern.

              That said, McAfee has always sucked donkey donuts.

              Yes, I do seem to remember that....

      • Even if your theory is correct (which it is not, as pointed out by other users). Then what prevents a user to do :

        - Modify c:\windows\hosts, point fbi.gov to the ip of haxor.org
        - Mail all passwords to me@fbi.org

        Virus writers are smart. Very smart some times... keep this in mind please ;-)
        • - Modify c:\windows\hosts, point fbi.gov to the ip of haxor.org
          - Mail all passwords to me@fbi.org

          This particular example is silly: any software smart enough to detect and stop outgoing mail would probably 1) use the IP address of fbi.gov to allow Magic Lantern and 2) flag the modification of the hosts file as suspicious. However, ...

          Virus writers are smart. Very smart some times... keep this in mind please ;-)

          ... you are right in the same sense that I already mentioned: it's an arms race. There will always be ways to evade scanners, and perhaps the Magic Lantern features will make it a little easier. But it's hardly a red carpet for viruses.

          (Heck, if Magic Lantern does send mail to spooks@fbi.gov, and you can subvert the router on the victim's network, you can just infect him with the real Magic Lantern and you win!)

      • "So sure, maybe you could write Amazing Lightbulb, that McAfee can't distinguish from Magic Lantern. But it probably couldn't do anything interesting, because if it tried, McAfee would know it isn't Magic Lantern."

        Unless, of course, the first thing that Amazing Lightbulb does is shut off all run anti-virus software and delete the executables to prevent them from running later.
    • What the world needs now is a virus that exploits the Magic Lantern blind eye and erases the WPA database.

      Tasty.
  • by beuk ( 18933 )
    The Magic Lantern technology, part of a broad FBI project called "Cyber Knight," would allow investigators to secretly install over the Internet powerful eavesdropping software that records every keystroke on a person's computer, according to people familiar with the effort.

    The software is somewhat similar to so-called trojan software already used illegally by some hackers and corporate spies. The FBI envisions one day using Magic Lantern to record the secret unlocking key a person might use to scramble messages or computer files with encryption software.

    does anyone know of a URL for a well-written anti-microsoft screed that would be understood by my grandmother? something that intelligently synthesizes arguments against hailstorm/passport/closed source/key escrow/etc. and for the adoption of free software?

    • does anyone know of a URL for a well-written anti-microsoft screed that would be understood by my grandmother? something that intelligently synthesizes arguments against hailstorm/passport/closed source/key escrow/etc. and for the adoption of free software?

      If you find one, let me know. My experience is there aren't any. Pretty much most documents I've read on the subject either fall WAY too heavy on the "FREE AS IN SPEECH" aspect of things (which I don't agree with - not *every* piece of software should be FREE like that imo), or it falls into the "micro$haft"-style of writing - making overly broad criticisms of MS and overpomising on the benefits on 'non-MS' stuff.

      "My Lunix box has been up for 8 years without a reboot!" doesn't really mean jack-squat to most people, especially when they don't often experience downtimes with Windows. I can match every "WindoZe sux!" story with equally painful Linux experiences (X basically sucking, software crashing, etc.)

      There does need to be some more good literature on this topic - the Cathedral and Bazaar wasn't bad, but I lost my copy and we need more anyway! :0
  • by Griim ( 8798 ) on Saturday November 24, 2001 @08:32PM (#2608535) Homepage
    In contrast, Magic Lantern could be installed over the Internet by tricking a person into double-clicking an e-mail attachment


    So I guess for linux users, the email would probably look like the following:

    Dear Sir or Madam,
    Please make sure you are root when you execute this file.

    Thanks,
    The FBI
  • For one thing, I wonder if this "Magic Lantern" has been ported to Linux. I tend to think not - it probably needs some pretty OS-specific code to hide itself effectively, so for now my bet would be Windows only. If you think Linux is common enough they'll want to rewrite a Magic Lantern for it soon, just continue along the path of security through (relative) obscurity, and switch to BeOS.

    Another option: I wonder what a port sniffer/firewall would see while the Magic happened? If anyone posting to slashdot thinks the Feds might want to shine a Lantern on them, could you try this experiment? We won't know whether you really have ML installed until you're disappeared, of course, but at that point your data might prove useful.
    • wonder if this "Magic Lantern" has been ported to Linux. I tend to think not ... so for now my bet would be Windows only.

      That's a hell of a bet to make if you're a criminal. There are a reasonable number of remote-root exploits for Linux, and it's possible that they're may be unknown ones out there.

      I mean, Christ, the FBI isn't that stupid, I'm sure they have the resources to port software to different platforms, even if they need a totally new codebase.
    • > For one thing, I wonder if this "Magic Lantern" has been ported to Linux. I tend to think not -

      Next week's headlines:
      SURVEY SHOWS MORE MOBSTERS PREFER LINUX
      Also, I'm wondering how long it will be before some enterprising soul catches a copy of the lantern, analyzes it for a .sig, and then tells the (under)world how to add it to the McA virus list by hand? If the morons in the antivirus industry can do it, are we to suppose the gangsters/terrorists/druglords/your-boogyman-here can't figure it out?

      Or better yet (for suitable notions of "better"), use McA to detect it, but rather than replacing it just install a script to fake a safe log for the FBI's reading pleasure?
  • by Stillman ( 185591 ) on Saturday November 24, 2001 @08:35PM (#2608542) Homepage
    Arrggghh!

    OK, I really need to get this off my chest here.
    How will this affect copies of software sold countries outside the US? Will my AV software end up crippled and able to be exploited by those who have reverse engineered the "FBI Friendly" code?

    Why is this acceptable? Because the good old US Government wishes to remove the much-lauded freedom of its citizens, the rest of the world also loses those freedoms. Will McAfee for example really bother to have a US-only version with the FBI-lover code in it, and remove that code from all other versions? Even if they say they have, how will we know???

    Grrrrrrrrr....
  • by Carnage4Life ( 106069 ) on Saturday November 24, 2001 @08:37PM (#2608549) Homepage Journal
    Is anyone else wondering whether this means that it would soon be mandatory for software that is used in the US to have exploitable security flaws in order to better catch terrorists?

    For those that would point out that convincing someone to click on an attachment is social engineering and not really an exploit, I'd like to point out that there are mechanisms that can be put in place both at by the OS or the mail reader to make things like clicking attachments less dangerous (automatically running attachments as a user with minimal privileges is one of them). But given that the FBI is relying on OSes not to make doing this easy would applications or OSes that tend towards security start to face the same stigma and negative association that encryption has faced since the events of 9-11?
    • Is anyone else wondering whether this means that it would soon be mandatory for software that is used in the US to have exploitable security flaws in order to better catch terrorists?


      It doesn't need to be as complex as that. They could just require that all computers contain a user account named 'fbi', group 'root', password 'jedGaRHoOVer'. Simple.


      Failure to support the account would be considered an act of harboring terrorists. Civilians using this account would be considered impersonating a federal agent: that's illegal, so there won't be a problem with unauthorized access.

    • Remember Cringley's column [pbs.org]about Microsoft wanting to replace TCP/IP with their own protocols? Imagine a requirement that American's only use software that the FBI can get at- and if that software ran on proprietary Microsoft protocols, the government could force American ISPs to block the older protocols that only criminals need anyway. Given that George Bush will likely be elected if he can drag on his "war on terrorism" until 2004 (Americans always re-elect wartime preisdents.), that leaves us with seven more years of a federal government supports Microsoft, supports John Ashscroft's assault on the freedoms provided by our constitution, and is not afraid of the political ramifications of extreme actions.

      I think we all have a reason to be paranoid...
  • Hum, all we have to have is some hackers go through the virus scanning software and figure out what they're "ignoring" for keystroke logging and other things and impliment it the same way the FBI would. That way it would go completely undetected.

    I'm glad the PC world feels safe with virus scanners installed.
  • by Anonymous DWord ( 466154 ) on Saturday November 24, 2001 @08:41PM (#2608562) Homepage
    In case you want to shout at them about how you'll not buy any more of their products. Maybe if McAfee understands how stupid this is, they'll change their minds (hahaha, right).

    http://www.mcafee.com/aboutus/contact_us.asp? [mcafee.com]

    McAfee.com Corporate Headquarters
    McAfee.com
    535 Oakmead Parkway
    Sunnyvale, CA 94085
    USA

    Telephone: (408) 992-8100
    Fax: (408) 720-8450
  • Why does an organization like the FBI even need the ant-virus makers cooperation? If they were half as good as the federal government makes them out to be they would have a cross-platform, stealthed, and god-only-knows-what program out in a day.

    Or is that the NSA?

    But honestly, if virus writers can bypass virus-scanners, why can't the Feds?
  • by Knunov ( 158076 ) <eat@my.ass> on Saturday November 24, 2001 @08:45PM (#2608573) Homepage
    "McAfee Will Ignore FBI Spyware"

    They've been ignoring viruses for years. Why change now?

    ;)

    Knunov
  • by Chairboy ( 88841 ) on Saturday November 24, 2001 @08:47PM (#2608581) Homepage
    Norton Personal Firewall/Internet Security detects and stops this software from operating, as a personal firewall program is designed to do.

    If McAfee does not, then they should be investigated by the FTC for marketing a low quality product.
  • by rice_burners_suck ( 243660 ) on Saturday November 24, 2001 @08:48PM (#2608585)

    It just may be that the FBI's so-called "Magic Lantern" is a classic magician's trick. They are telling the whole world that this Magic Lantern is a technology that will seek out and destroy every dangerous criminal on the face of the planet. They're marketing it as an unbeatable technology that works on EVERY SINGLE COMPUTER IN THE WORLD (that is, every one that's running Windows). They're causing lusers to think that there really is some kind of crimefighting technology when it's really nothing more than a bug which allows crackers to compromise Windows.

    Then, the criminals who are trying to avoid the FBI see this and talk to someone who understands computers. That person tells them how to patch their system to remove the vulnerability.

    Here's where the classic trick takes place. The criminal thinks he's immune from the Lantern, so he goes on with business as usual. He writes down his drug trafficking records or whatever, and then the FBI goes in behind his back, using some other system that nobody knows about, and gets the information.

    I'm not saying this is what's going on. On the contrary--government people are really stupid, and even more so when it comes to computers. But I'm saying this is a possibility, and I'll try not to discount the FBI's intelligence just yet.

    Oh well.

    • and whats more important, the Feds are arguing that they don't need to desclose the methods they use to uncover the data. So they can just say "we used magic lantern" when they used other (non admissible in court) options.
    • On the contrary--government people are really stupid, and even more so when it comes to computers.

      This statement reminded me of a page full of various thought traps people fall into, in particular this one:

      Government Trap #5: The belief that government people can do anything better than other people. Government people don't have any special magical powers.


      Also worth calling attention to are:

      Government Trap #9: The belief that government provides protection. Just look at the crime statistics. (or recent events in New York City)

      Government Trap #10: The belief that certain activities or functions must be done by government. Government consists of people. These people don't have any special magical powers.

      ... and especially this one:

      Government Trap #13: The belief that government exists as a volitional entity. This is an aspect of the Group Trap. When having to deal with "government," you always have to deal with individual human beings. Realizing this helps make you much more effective in warding off any attempts by individual government people to violate your freedom. Rather than having to handle "the government," you have to handle one or a few specific individuals. Frederic Bastiat said. "The State is the great fictitious entity by which everyone expects to live at the expense of everyone else." [emphasis added]

      Read the rest of this report, "Harry Browne's Freedom Principles" here [buildfreedom.com].
      • Blockquoth the poster:

        Government Trap #9: The belief that government provides protection. Just look at the crime statistics. (or recent events in New York City)

        Today's irony: Who collects and collates those statistics? Government, of course, even though the page makes it sound like government is pointless and useless.


        I suppose that pointing out a decade of falling crime statistics doesn't earn me any points toward proving that government can offer protection?

      • > Government Trap #5: The belief that government people can do anything better than other people. Government people don't have any special magical powers.

        I'll assume you are talking about American Government.

        The government in America does have one, very special, magical power that you seem to be neglecting, it has the support of the people it is regulating. This is from where it derives its power, and its authority to use such power. So in one sense, sure the government is just a bunch of people, a bunch of people who have the support of a majority (well...) of the rest of the people

        --Alex Fishman
    • What would a smart criminal do? Don't use a computer and don't write anything down. Do everything orally in person, then it's all hersay in the courts. Makes the government work harder. That what I would do if I was a criminal. Why make the FBI's job easy?
  • The way anti-virus software generally works is that it detects particular programs and patterns. This isn't like fixing a security hole or something, where a number of programs can be stopped with a single fix.

    In this case, they'll probably just not write a detector for ML, and it won't get caught. If someone writes something similar to ML, they'll probably just test their detector to make sure it only catches the intended virus and not ML.

    McAfee is in the business of stopping particular exploits, not of fixing anything. That's why people keep getting new viruses that aren't significantly different from old viruses.

    Of course, ML doesn't seem to be designed to spread all over the net, so McAfee probably wouldn't do anything about it anyway, any more than they do anything about other non-automated security breaches.
  • by werdna ( 39029 ) on Saturday November 24, 2001 @09:09PM (#2608650) Journal
    There is no doubt that Macafee's mindless show of patriotism invites a new breed of free-to-do-as-they-will virii from everyone, including terrorists -- merely by attempting to appear to be the Golden Lantern.

    But moreover, it shows an economic cluelessness, inviting competitors to provide a service they do not. Even worse, it is one thing to sell a "here's some filters, we're trying to keep the buggers out," program, but another thing entirely to sell one KNOWING that it will permit viruses to go undetected. That additional scientermight even invite litigation from companies injured by their recklessness.

    In short, it is amazing what a little jingoism can do to get people to lose their minds.
  • by werdna ( 39029 ) on Saturday November 24, 2001 @09:18PM (#2608679) Journal
    Way to go. The FBI, in hopes of protecting the nation, introduces its mystical spyware to facilitate its enforcement. MacAfee, in its strong show of faux patriotism willfully places a security hole in its virus systems (and I have no doubt that some government backdoors is part of the Microsoft antitrust settlement).

    Net result is that we have made an internet security infrastructure even weaker than it was before. While this overall approach is not likely to beat up on well-informed criminals and terrorists, it does weaken everybody else's system, making the nation even more vulnerable to actual cyberterrorism than it was before.

    All we have done is to make a nation weaker.
  • by gibara ( 165385 ) on Saturday November 24, 2001 @09:19PM (#2608681) Homepage
    This creates an interesting situation. As I understand it, virus detection programs use:

    1) signatures -specific byte patterns which are searched for in files, and

    2) heuristics - in this case algorithms which seek unlikely looking data to determine whether the user should be alerted to a possible intrusion attempt.

    McAfee can of course omit signatures for this 'Magic Lantern' (ML) software from their database. However, in the case of the heuristics, avoiding user notification of ML requires either:

    a) a weakening of the heuristic(s), presumably to such an extent that other viruses may penetrate the system or

    b) the presence of a special signature in the McAfee software which (on recognizing ML) can 'override' the heuristic

    Case (b) is interesting. If McAfee do this with a simple byte pattern search this will immediately provide viruses with a neat little 'binary tag' which permits them to evade McAfee's software

    The alternative must be to use a cryptographic hash which can be used to identify ML but which cannot be readily forged by other virus code. Using this checksum technique also demands that the ML 'payload' remain unchanged. Very restrictive for code which needs to be stealthy.

    But the most important side-effect of both of these techniques - and any others McAfee might choose to use, would be that it provides an easy route for developers to produce software which can check for ML.

    In other words, McAfee cannot both provide useful levels of virus detection and avoid alerting the user to Magic Lantern without giving other developers a blueprint to locate it.

    • Actually, B is more interesting than some people may realize. Allow me to illustrate:

      If we take the stance that such software (Magic Lantern) *would* have to be frequently modified to remain stealthy, we end up with a whole new problem on our hands. In order to keep up with the newest "ignore versions", McAfeee would have to release new descriptor files/lists containing this info.

      So, now that we have the concept of an "ingore list" rather than just "detect lists", let's say that a virus author decides to exploit some weakness in the McAfee product itself to add his/her nasty code to the ignore list. It's not that I think the McAfee coders are *completely* incompetent... I just think any company willing to take "ignore" action on finding an unauthorized program (worm) can't be very intelligent in the first place.

      Web hosting by geeks, for geeks. Now starting at $4/month (USD)! [trilucid.com]
      If you're gonna email, use the public key!
    • You're assuming for some reason that detection is implemented like this:

      if (checkKnownSignatures() == INFECTED || checkHeuristics() == MAYBE_INFECTED) {
      alertUser();
      }

      That would indeed call for a weakening of heuristics. I reckon you could avoid this "stupid" situation by a slight change to your logic:

      if (checkHeuristics() == MAYBE_INFECTED) {
      if (checkKnownSignatures() != INFECTED_BY_MAGIC_LANTERN) {
      alertUser();
      }
      } else if (checkKnownSignatures() == INFECTED) {
      alertUser();
      }
  • The bureau has been largely frustrated in efforts to break open such messages by trying different unlocking combinations randomly, and officials are increasingly concerned about their ability to read encrypted messages in criminal or terrorist investigations.
    Want to encrypt your messages w/o FBI getting your passwords?
    1. Create message on machine isolated from any network.
    2. Encrypt message, then copy to floppy
    3. Load floppy on networked PC
    4. Send to all your buddies!
    5. Don't forget to take isolated machine with you when you leave your hideout...
    Bad FBI, no donut!
  • Does magic lantern require a search warrant?

    Does this qualify as wire tapping?

    Does the international cybercrime treaty apply here?

    Can they install this virus on a computer in another country ? (where US due process may not apply?)

    Just some thoughts.
  • by Lawmeister ( 201552 ) on Saturday November 24, 2001 @09:30PM (#2608721) Homepage
    and not purchase, nor recommend to anybody including my employer (2000+ PCs) McAfee's products. Or any other product that doesn't jive with what I want it to do.

    Will be interesting to see what the marketplace thinks of this move when their stocks start trading again on Monday.

    F-Prot [f-prot.com] isn't based in the States, and maybe they will provide the protection users want.
  • by Greyfox ( 87712 ) on Saturday November 24, 2001 @09:37PM (#2608743) Homepage Journal
    Before the Mafia moves to Linux, FreeBSD or one of the commercial unices out there? I mean, come on, those guys aren't stupid. If you are in their industry, you don't tend to live long.

    You can lock a UNIX box down tighter than a virgin whore if you know what you're doing. And with the current IT job shortage, I bet Don Parcheesi can find a pet UNIX geek or three dirt cheap. Or some trustworthy ones for a bit more.

  • I use filters for web, scanners for adware, virus checkers, back up programs, password safes, security tools and firewall software.
    My computer is a warzone, as long as I have the tools I can win the war. I wonder how long before my tools will be outlawed.

    -
    Politics is the art of preventing people from taking part in affairs which properly concern them. - Paul Valery
  • by lkaos ( 187507 ) <anthony@codemonke y . ws> on Saturday November 24, 2001 @09:47PM (#2608763) Homepage Journal
    This is Microsoft's wet dream... If the holes the FBI uses are unique, then the holes will be classified to protect the FBIs ability to monitor terrorists (therefore protecting national security). That means, they will have the ability to stop security exploits from being published in the interests of national security.

  • We need to protect ourselves vigorously from crime. However, creating secret agencies who are able to commit crimes themselves is not the way to protect ourselves.

    Already there is a serious problem with people committing some destructive act and claiming it was done by the CIA or other U.S. government secret agency. There is no good defense against this, because people worldwide know that the U.S. government secret agencies routinely break the law. How could it be proven that the FBI, CIA, or NSA, or some other secret agency didn't do a particular crime?

    The U.S. FBI, CIA, and NSA are now worldwide surveillance agencies. They are supported by Americans who are not allowed to know how much of their money is spent on surveillance. United States citizens are not allowed to know what the U.S. government secret agencies are doing, so they don't know if the agencies are doing things they would now support.

    The people who work for the FBI are often not smart people. They don't realize that trust is absolutely necessary in a democracy. They have often in the past not shown understanding of the other needs of democracy. They have often acted like secret police. They often believe in killing or other ways of being destructive as a way of curing some ill in society.

    Now they will be attacking computers like the criminals. They will say that they are doing it only to solve crimes, but it is socially impossible to control this kind of thing. Once the principle is established that a secret agency can break the law, there is in practice no limit to what some people in that agency might feel "justified" in doing. Consider your own experience. When has the boss had complete knowledge and complete control over the actions of employees? Never. A company's only good policy is to hire open and honest people and to encourage honesty and genuine caring.

    The FBI's influence will mean that the U.S. taxpayer's money will become a powerful force in preserving security holes, instead of closing them. Generally, this kind of software has had holes of its own. You may be attacked by a cracker exploiting a security hole created by FBI software. Governments will detect FBI snooping software and feed the FBI erroneous information.

    This is all support for people who like snooping and sneaking. It is not actually a way to reduce crime. It is for adults who like to treat the whole world as a video game. It is for the kind of people who think of themselves as James Bond, who like the idea of being able to kill other people legally.


    How U.S. government policy contributed to terrorism: What should be the Response to Violence? [hevanet.com]
  • I refer to my previous post on this very subject a few days ago...

    http://slashdot.org/comments.pl?sid=23995&cid=2593 071 [slashdot.org]

  • I have seen for sale devices that will tell you if your phone calls are being listened to by a third party.
    • Are these devices legal?
    • Will they detect wiretaps placed by the police?
    This is EXACTLY the same situation. What is the legal precedent?
  • by Anonymous Coward
    Posted by Brett Glass to Dave Farber's Interesting People mailing list [interesting-people.org]:

    I have just removed all Network Associates products from my workstations and network servers, and will no longer recommend them to my clients or readers.

    I have taken this position because Network Associates, by rigging its products not to detect tampering by specific parties of its choosing, has betrayed users' trust and started a descent down a perilous, slippery slope. Will the company next change its PGP ("Pretty Good Privacy") software so that it contains back doors as well? Will its "Sniffer" products be configured to ignore certain types of attacks and allow selected parties onto customers' networks undetected, possibly hiding illegal searches by freewheeling law enforcement personnel? Will its "Magic Solutions" products, which allow remote control and maintenance of user workstations, become a vector for the installation of spying software by government snoops?

    Just as disturbing as the company's breach of trust with its customers is the prospect that others will exploit the back doors installed for the benefit of government agencies.

    Network Associates has shown that it is willing to compromise its integrity by selling intentionally faulty products. For this reason, it is no longer appropriate or wise for those concerned about the security of their networks, systems, or confidential data to use them.

    http://www.interesting-people.org/archives/interes ting-people/200111/msg00319.html [interesting-people.org]

  • by supabeast! ( 84658 ) on Saturday November 24, 2001 @11:02PM (#2608978)
    Easy way to abuse the FBI's new Magic Lantern "virus."

    Do illegal stuff online, and be conspicuous about it. If you are already involved in organized crime, this will be easy. Do all your stuff using PGP on a Windows 2000 base install. Regularly talk on the phone to your buddies about those idiot FBI agents who can't read your encrypted email. Make sure to do everything with LCD montitors so that the FBI has to crack the email instead of just tapping your CRT. Get a geek to learn a lot about virus operation so that he can regularly check the system and snag the virus.

    As soon as the virus pops up, keep playing along. Send out encrypted crap messages that make no sense, and appear to be written in code words so that the FBI spends more time trying to crack THAT code after cracking the message. At the same time, decompile the virus and figure out how it works. Alter the virus to be self-propigating and extremely malicious, destroying all filesystems on infected machines and shutting them down while residing only in memory to prevent people from finding the virus on disk.

    After a few days, set up an online store selling anti-virus software at $19.95 a seat licensing. Encrypt everything the program contains with the exception of an executable, so that no other virus company can figure out how it works without violating the DMCA.

    Laugh at the FBI agents who are too busy trying to figure out what all your code words are to notice you raking in millions with a foreign company selling anti-virus software, move to Zug, and retire.

    I admit, that scenario is a bit of a stretch. A more likely scheme (And what will likely happen very soon.) is a few good crackers decompile antivirus software from McAffee and Norton, both American companies that will allow the FBI virus through, and compare it with antivirus software from foreign firms, which will likely block the FBI virus to prevent the USA from spying on their companies as the USA does with echelon. Bingo, killer virus in no time flat, watch it take the world by storm. And before any of you bother to post about how the FBI will manage to keep all the details secret so that this doesn't happen, think about this; if the FBI could manage to keep a secret, we would not know about things like Magic Lantern and Carnivore to begin with.

    I want to thank the FBI for fucking over America with their inability to realize the dire consequences of their poorly-planned actions. By doing this the FBI is screwing over:
    1- All of the companies around the world, especially in the US, that will spend a ton of money dealing with the downtime caused by the first virus to exploit the Magic Lantern backdoors.
    2- All of the American antivirus software companies who will lose market share to foreign software companies who do not leave FBI backdoors in their products.
    3- Microsoft, who will likely be accused of leaving FBI backdoors in Windows, and who will lose market share when a virus sweeps the Windows world on a level that shames Code Red I and II.
    4- All the Windows admins out there who will now have to rebuild all of their compromised machines, and switch to antivirus software by companies that do not leave backdoors for the FBI.
  • Makes you wonder what the real reason was behind Microsoft's settlement....could part of the terms have been to disclose "unknown" security holes to the FBI for use with their Magic Lantern spyware? Conspiracy theory is fun :) Big brother is watching....
  • I for one hope that other anti-virus and/or firewall manufacturers opt to not ignore this poorly planned intrusive boorish spying mechanism, or choose to let it pass without warning the user, which leaves a HUGE hole in personal and corporate security nets. The Federal Government is obviously using "terrorism" as the new catch all for more spending, it is tantamount to the "communism" and the witch hunts in Salem, Mass. It is clear that our own government is insouciant to the basic rights of man, life, liberty, and the pursuit of happiness. The Washington overreacting machine is in overdrive now, in full kneejerk mode to enact stupid laws, that are not always easy to repeal.

    Insert Sig Here.
  • Back when I worked for McAfee.com (which is technically not McAfee, but even so...), Srivats Sampath (the CEO) apparently had this incredible idea: a web-based MP3 player. He wanted this thing to be part of our web-based antivirus/security suite. Ha ha.

    I quit not long after that, as did a lot of other people. Whee.

  • by zunger ( 17731 ) on Sunday November 25, 2001 @12:07AM (#2609115)
    Well, I'm seeing a completely different issue here, beyond other people being able to craft virii exploiting the same holes that this Magic Lantern does. (Although I'm assuming that as security holes get patched, Magic Lantern will ultimately refer to a family of virii rather than any single virus; it's going to make McAfee's job of trying to explicitly exclude it from virus searches all the more ridiculous)

    The thing that occurs to me is that, back when I was an easily amused kid I used to capture computer viruses, dissect them and study them. If Magic Lantern is genuinely going to be an effective way to retreive data -- and if it's a virus designed by a team of top-level professionals, which it is likely to be, then it should be so -- then how long a matter of time is it going to be before everyone and his mad bastard cousin starts to make copies of this virus and mutate it for their own ends? This seems like it would quickly become a valuable corporate espionage tool, and then a personal espionage tool, and then just a total disaster area.

    The problem with this is, if they design a powerful cracking tool which by its nature must be primarily built out of code resident on the target's machine, it's only a brief matter of time before such software and any upgrades thereof enter the mainstream of black-hat equipment.

    Frankly, I'm not looking forward to script kiddies with tools like this...
  • Well, since most readers are most likely open-source enthusiasts, I would like to say that an obvious solution is not to use McAFee and only install software that you have faith in or that you compile from the source. This is a damn shame that this retarded crap is happening.

    I would also like to point out some problems I foresee. What will stop the FBI from hacking into my pc here in Canada if I install McAfee? Is this not outside of the FBI jurisdiction? Will software developpers only create software that complies to US demands the and sell it the world-over.

    You better believe that in the near future more and more people will have a pc bundle and only use one (clean) pc to use the net (disconnected when not in use and removed from the network when in use) and use the others on a network to remove all data from that pc and store info. Essentially, if the trail of wires leads to and pc hd and its powered, it'll be your fault for letting the FBI access the info.

    I guess we finally realise that we have no rights. Its just wishful thinking on our parts and propaganda used by the governments.

    -I wish I could be sure that my thoughts werent being monitored.
    -My own tragic Hero - GoV
  • Instead of believing in to the hype that Slashdot has come to like, let's look at the situation(s) more closely. My main questions spawn from ponderance of the WHOLE situation. These questions I plan to adress.

    1:Why did MCafee allow this trojan?
    2:What is the FBI's purpose in creating this tool?
    3:Why did the FBI tell?
    4:Who is this tool targeted at(main classes of criminals)?
    5:How will other anti-virus companies look at the FBI's choice?

    Well, lets consider the targets first. I see the most common groups targeted at are drug dealers and computer _criminals_. It's safe to say that the Computer criminals probably will not be caught in a trap like this. The FBI's main tool is believed to be a windows executible however, don't make rash belifs that the FBI hasn't considered a *nix tool yet.

    The main mode of transport is that of a binary segment sent over email. Since Outlook is the most popular form of email client, Outlook buffer hacks that 'autorun' binary code are the best transport. Next off, who said that the FBI would be sending data back through the Internet or do any dialing? If I wrote a tool like that, I'd store data (keystrokes, logins/passwds, 'certain sites') in a secure place of the computer. I'd aim for the segment after the bootsector code. There's plenty of space for a few KB of the 'best info'. The FBI would raid the machine anyways, so sending back data is useless (trace of tcp/udp streams would be evident).

    However, I question why the FBI even told here. Thier purpose is to catch intrastate criminals and investigate bad political dealings. I'm questioning if the FBI even has this technology. I'm much more scared of a hardware dongle that has 5 megs of storage capibility. Those types of entering have been cleared by the courts, providing the correct documents have been presented. Malware is going to be caught, unless the FBI destroys the data before the criminal sends it away elsewhere.

    The last fields of questions deal with the AV companies themselves. Why exactly did MCafee do such a thing? Perhaps they have no choice. There is such a law called Obstruction of Justice. If the AV companies do not allow some sort of loophole, they could be tried in a court of law. Most of you Slashdotters would say "So What", but this type of court battle would lead to either horrendous losses to the company, and eventually having to put the anti-FBI code in, or the destruction of the company. However all is not lost. There is more AV companies outside the US. They WILL defend thier rights to no FBI code in thier computers. I mainly count the Russian AV coders to somehow get the code and track/kill it.

    Flat out, the FBI will fail only because of public outcry. They will catch a few criminals and will parade around saying how the US is a better place without the 'scum of the Earth' around. However the worst thing people could do is to assume that the FBI is stupid. They have already addressed most of the questions, better than that has slashdot crowd.

    Would they let us know that?

    Josh Crawley
  • NAI/McAffee - PGP? (Score:2, Insightful)

    by Mark Bainter ( 2222 )
    Does anyone still trust the PGP implementation released by McAffee? If the veiled warning by Phillip Zimmerman wasn't enough to raise concern (heck, his leaving at all should be enough to raise concern) then their quick decision to work with FBI here in this fashion ought to be the final nail.

    How can anyone trust anything NAI produces anymore?

    I doubt very many people with a clue did even before this. But at that time their rather powerfull marketing machine was able to keep the $$$ rolling in from joe blows buying computers with the software pre-installed and computer "hobbyists" who think they know what they are doing and recommend software like McAffee and NAV and so on because the names are well known.

  • By openining McAfee up to the "FBI Virus", they are obviously opening it up to any "similar, but malicious" viruses. The only way to guarantee that it will work, it will have to be able to compare the virus byte-for-byte with the FBI virus. For it to do that, it must quite literally have a copy of this virus buried internally in the virus definition file. Since you have a copy of the virus coming packaged with McAfee, why doesn't McAfee just INSTALL THE VIRUS when requested to do so by the FBI. That would solve the probelm of allowing other "cracker" versions of the virus on to the system, since they will be installed locally by McAfee itself... Of course, this makes no sense for an anti-virus company to be intentionally installing viruses, but whatever.
    • The only way to guarantee that it will work, it will have to be able to compare the virus byte-for-byte with the FBI virus. For it to do that, it must quite literally have a copy of this virus buried internally in the virus definition file.
      *sigh* Just including a [insert-favorite-cryptographic-hash (md5, sha1?)] checksum would work equally well. There's absolutly no need to include the entire virus code. So no, they wouldn't bundle the virus.
  • When I heard about Magic Lantern I was waiting for this.. There is no way that companies in Japan (or probably Singapore, Malaysia, China, Taiwan) will consider purchasing antivirus or other security software from U.S. companies if this happens. As it stands, Microsoft's greatest market potential is probably Japan, not the U.S. But there are plenty of other options, including say Trend Micro [antivirus.com] which is Japanese-Taiwanese.

    I know somebody there and think I'll ask them if they are planning on making security holes for every local law-enforcement agency. Could be a money maker but somehow I doubt it.. if it was China they would probably have to allow the government to install keyboard loggers on your pc through this Patriotic Remote Exploit facility. Unfortunately Japanese nuclear power plants are running Windows 95 as far as I could see from a recent newspaper photo.. (+3, Cynical, Despair)

  • by ZosX ( 517789 ) <`zosxavius' `at' `gmail.com'> on Sunday November 25, 2001 @05:24AM (#2609665) Homepage
    Do our constitutional rights even exist anymore?

    Owning a weapon is a priviledge, let alone owning a weapon and carrying it on your person. "The right to bear arms." You need specific reason now to carry a concealed weapon, why is that? I'm an american citizen, if I want to carry a .45 in my pocket, the constitution says I can, the government tells me I'm breaking the law......

    Sorry using an example of the breakdown of our constitutional rights.

    This really disturbs me. Between Carnivore and now Magic Lantern, we have pretty much given up all rights to privacy on the internet. I know that most of you will say that its been likely that the government has been monitoring traffic for some time anyways secretly, now we are publically accepting this as "ok in the name of our safety." Don't think they monitor your cell phone calls? Explain how they got voice recordings of the conversations of the doomed flight to Sommerset, PA.

    This is disgusting. We are just handing over our freedom and very few people are saying a word. Funny how not all that long ago, the Supreme court ruled that aquiring search warrants based upon thermal readings from a house was illegal and yet they haven't said a word about anything the FBI has been doing.

    Its really fscking sad that the alleged "war on terrorism" is really just a lame excuse to quickly remove a good deal of our rights. People in New York City are being searched randomly in Manhattan. What the hell is that? In 10 years can I expected to be searched if I walk down my street? If I have something illegal, is the search unreasonable, or does the court care more about me just having something illegal? If our phones and computers are tapped (lets assume for the moment that they are for the most part) where does the government stop? They can see what I am writing and talking about....why shouldn't they be allowed to see what I am doing in my home without a search warrant? The best part of it is, nobody would even know if they were being watched. I know this has been something people have complained about over the years (as the government has slowly crept into their privacy), but now its really in our faces. 1984 is not very far away indeed.

    Let's take Magic Lantern for instance. If one were to disassemble it, it would violate the DMCA ruling. If one were to circumvent it (which likely anyone in their right mind will), the techniques used would likely violate DMCA. (Remember Skylarov?.....)
    Can anyone think of software they might use that might possibly violate the DMCA ruling? I can think of a few, and I am not talking about cracking software. Also this makes me wonder about Windows....does DMCA make WINE illegal?

    Indeed, the whole issue is a lot like a runaway train coming down the hill. People see it from the distance and don't realize how dire their situation is and eventually the train comes pummeling down into their sleepy little town and destroys it. I wonder how long before we lose all faith in the government entirely. Too bad we decided that we are too weak and lazy to take the government back into our own hands. What's so sad is that the more disillusioned we become with our government the more likely we will feel that it is out of our control. Judging by the recent elections and the completely disgusting turnout, it seems we are just about there. What do we do in 10 years when we don't even have enough voters voting to elect an official?

    Its really time to either:

    A) Do something about the slippery path we have slid on

    or

    B) Walk away from it, buy a huge ranch/estate/tract of land, start a community of like minded individuals, and ignore what the government does. I suggest some western states that do not tax their land so you can totally live government free. :)

    Just some random infuriating thoughts I've had lately.....

    Zos/Xavius.23
    zos[@]winwood.net

    Art is the realization of truth - AOS
  • Logical (Score:4, Funny)

    by heikkile ( 111814 ) on Sunday November 25, 2001 @05:52AM (#2609697)
    Of course McAffee et al wanted a signature for the thing, and this was the best way to formulate the question. Besides, now they can produce a spevif Lantern-detector, and sell under the counter for a high price - and sell the names of the buyers to FBI. Ah the beauty of the free market...
  • Outside the US of A, many countries have strict laws against assisting foreign powers in their spying, and rightly so. I suppose knowingly installing backdoors might fall under such clauses. I would not dare to install or recommend installing McAffees scanners on sensitive networks without seeking legal advice!
    • ...except that any country exercising those laws against the FBI and the US would run the risk of being declared "terrorist" and the bombs would be falling once again.

      But isn't the FBI prohibited from running operations outside the US?
  • by Anonymous Coward on Sunday November 25, 2001 @06:10AM (#2609721)
    If the news reports are to be believed, the FBI is merely taking advantage of a loophole people have known about for years - keylogging.

    Most keyloggers don't get reported by most "virus" programs. I think Norton AV does, but then again its "Corporate Edition" might not - keylogging is something a lot of corporations do, believe it or not, and that might be against their target market.

    People really concerned with privacy should be using software with anti-keylogging features, which on Windoze machines includes products like Scramdisk (freeware! and with crypto module plug-in support, though not fully tested by the community), its successor DriveCrypt (commercial and untested by the community so far, but made by people who maintained Scramdisk), and I think possibly BestCrypt(commercial but tested somewhat). These all have the ability to mask input against keylogging, to varying degrees. Read the documentation and enable it.

    And again, remember. For them to use the keylogger, they have to install it on your system, and have some way to retrieve the info.
    Practice good data hygiene, like you should be doing anyway, and you should be fine. If you want to test whether the programs mask effectively, install some program like Back Orifice and have it log while you create and mount containers. If the log shows your password, obviously it's not working.
  • by morcheeba ( 260908 ) on Sunday November 25, 2001 @11:57AM (#2610291) Journal
    This same question came up with Back Office vs. Back Orifice. Because Microsoft was a "respectable" company (and because it costs money), antivirus companies decided that Back Office was a legit remote network administration tool. However, when the "hacker group" cult of the dead cow [cultdeadcow.com] released Back Orifice [sourceforge.net], the antivirus vendors decided that, even though Back Office could do everything that Back Orifice did, because it was free and not released by a corporation it should be classified as a trojan.

    So, besides magic lantern, you could have the SMS part of Back Office installed, too. And with its weak encryption, it's a greater security risk than BO2K.

    More BO2k docs [sourceforge.net] and info [nwinternet.com]

"In my opinion, Richard Stallman wouldn't recognise terrorism if it came up and bit him on his Internet." -- Ross M. Greenberg

Working...