Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] Re: Magic Lantern reality check,

Die =DCberlegungen eines Anti-Viren-Software-Herstellers zu den =
von Magic Lantern,
Gruss, Myriam =20

'Magic Lantern' Rubs the Wrong Way

Anti-virus products could detect the FBI's new spyware. But should =
By Shane Coursen
Dec 3 2001 1:01AM PT

The notion of programming anti-virus software to deliberately ignore a
particular program, despite malicious characteristics, is nothing new. =
mainstream AV software packages have a built-in capability to ignore;
commonly referred to as "exclusion." Exclusion helps AV software avoid =
positives, helps to avoid unnecessarily scanning files that are too =
small to
carry any known virus, helps to ignore files that are marked as "known
clean," and has even helped an anti-virus company or two to avoid a =
In short, exclusion is helpful because it necessarily helps a
processor-intensive application to run more efficiently.=20

Exclusion as we know it could be redefined, however, with the advent of =
program named Magic Lantern. As first reported by MSNBC, Magic Lantern =
is a
program under development by the FBI that watches and records =
keystrokes. The goal is to catch the passphrase of an otherwise =
cipher from a bad guy's system.=20

Magic Lantern clearly falls in the category of malicious software.
Specifically, it's a Trojan horse, in the same class as Back Orifice =
and Sub

The FBI creating such a program shouldn't come as a shock. Three-letter
agencies of all sorts make no bones of the fact that they must =
regularly do
things that many would consider less than savory. To get to the bad =
you sometimes have to become a bad guy. With the news of Magic Lantern, =
public may now add "creation of software that would otherwise be =
malicious" to the list of nasty, yet supposedly necessary, work of the =
But the anti-virus industry is directly affected by the FBI's move. =
the beginning, our job definition has been to protect end-users from =
of computer viruses and other malicious software. With Magic Lantern, =
is a possibility that we might be asked to look the other way.=20

Anticipating this, anti-virus firms are already forming their =
Symantec has gone on the record as saying they would cooperate with the =
and give Magic Lantern immunity from detection. Sophos would not. =
position depends on which report you read.=20

There is precedent for private companies voluntarily assisting the U.S. =
national security matters -- as early as 1945, Western Union, RCA and =
were routinely passing confidential international telegraph traffic to =
government. But until now, the gift of assistance has generally been =
upon on a case-by-case basis. Never before has the possibility of a
wide-blanket government directive presented itself so quickly and

Game Over=20
If we avoid detecting the Magic Lantern program, law enforcement =
stand a chance to retrieve effortlessly sensitive pieces of information =
a bad guy's computer. At first glance it appears to be a noble idea.=20

But what would we lose in the process?=20

There is no clear ethical code of conduct to guide us in this. As I've
argued before, advancements in computer software technology have =
the ability to devise an ethic de rigueur in the industry.=20

However, marketing forces can offer us a little clarity.=20

Governments around the world on many levels rely on "made in the USA"
anti-virus software to protect critical infrastructure. Will the world
continue to trust U.S.-based software if we purposely design flaws in =
software at the request of our government?=20

International associations and alliances shift, after all, sometimes =
and drastically. What if a country suddenly fell out of favor for =
performing a terrorist act? Now, just as suddenly, every computer in =
country, with their backdoored anti-virus programs, is wide open to =
by the U.S.=20

However unlikely this scenario may be, the mere possibility would turn
collusion with the FBI into the mark of Cain for the U.S. anti-virus
industry. If U.S.-based companies are ultimately compelled by court =
order to
work along with law enforcement agencies, the result would be the same, =
least in the international market.=20

And, of course, Magic Lantern can not be made to work with limited
cooperation. If just one anti-virus software product detects Magic =
the game is over.=20

Due to the international nature of anti-virus software, it simply may =
not be
possible for the anti-virus industry as a whole to lend the blind eye =
FBI would like.=20

This is more than just an academic issue for me. As CEO of WildList
Organization International, it's my job to collect malicious code sent =
in by
WLO participants around the world. When two or more participants report =
same virus, the virus is placed on our official list of viruses spotted =
the Wild." Likewise, Trojan horses are added to our official =

Certification agencies use data from WildList Organization =
when testing anti-virus products. So if Magic Lantern were to show up =
on one
of our lists, detection of it could become a litmus test for anti-virus
product certification.=20

So what would I do? Since at least two WLO participants would have to =
Magic Lantern independently, i.e., fall under FBI surveillance, the =
odds are
I'll never have to make that decision. But however noble the FBI's
intentions, if WLO ever decided to purposely not list a program, then =
effectiveness would be called into question forever. Absent legal
compulsion, that won't happen on my watch.

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.