Join 3,501 readers in helping fund MetaFilter (Hide)


November 28, 2001
6:35 PM   Subscribe

In lieu of the Magic Lantern thread, Symantec will be ignoring the FBI trojan. [taken from ./]
posted by hobbes (22 comments total)

 
Hopefully the hacker community will fix this corporate conniving. =Þ
posted by hobbes at 6:38 PM on November 28, 2001


(looking adoringly at G4 running OSX)
posted by jragon at 6:44 PM on November 28, 2001


i reserve a doubt about whether the FBI has the moral scruples to use any such software responsibly. much less the MPAA.
posted by phalkin at 6:55 PM on November 28, 2001


Dotslash?
posted by danwalker at 7:11 PM on November 28, 2001


Dotslash?

Dotslash.
posted by iceberg273 at 7:16 PM on November 28, 2001


Please, /. is so long. Typos are pretty much inevitable.
posted by websavvy at 7:19 PM on November 28, 2001


MPAA? i'm more scared about the RIAA...
posted by jmd82 at 7:34 PM on November 28, 2001


The article states that Symantec will not detect magic lantern but will detect any variants. To me, this means that Symantec will go through the trouble of identifying magic lantern but not release it in their virus definition files. They will purposely ignore it.

What happens when firewall makers start purposely ignoring attempts to broadcast on certain ports? This is a major, major digital civil liberties issue and I can't believe that you people are bitching about typos.

Imagine that all new telephones had a recording feature that you couldn't disable which could be remotely activated by the government and secretly broadcast your conversations. Now imagine that those telephones have speakerphones which are always on, monitoring everything you say within earshot. Would you be so carefree then?

Jragon: Do you really think that the FBI will only make a wintel binary of magic lantern?
posted by yangwar at 7:40 PM on November 28, 2001


Anyone know if McAfee is going the same route? I'm ready to switch today if not....
posted by rushmc at 7:41 PM on November 28, 2001


Here's the deal with McAfee. You decide.
posted by emptyage at 7:49 PM on November 28, 2001


If the FBI can't use a trojan horse, they can still break into your office.
posted by iceberg273 at 7:53 PM on November 28, 2001


Or they can always use van Eck phreaking, a la TEMPEST.
posted by waxpancake at 8:12 PM on November 28, 2001


So who's left? Trend Micro's Pc-cillian is what I use. What a great selling point Trend could make if they went against the big two. "Even Detects Government Trojans!"

yangwar brings up some great points and I'm pretty skeptical that once magic lantern becomes known to the hacking community the anti-virus people will able to keep up. Allowing one vulnerability is one too many.

Scary thought about government ignored packets. I can almost see the world's firewall makers getting an FBI bulletin on ignoring suspicious traffic from this IP block because its us hacking your stuff.

Or they can always use van Eck phreaking, a la TEMPEST.

Fine. Get a warrant. Go through my crap, its the blatant security laziness that's the issue here and the industry's kowtowing towards it.
posted by skallas at 8:49 PM on November 28, 2001


Shades of the Clipper Chip.
posted by StOne at 9:29 PM on November 28, 2001


Somehow I don't think that users of any UNIX variant who are resourceful enough to run "ps -aux" every once in a while have much to fear from this.

OS X users - learn it, use it, love it.
posted by clevershark at 9:34 PM on November 28, 2001


My hope is that foreign anti-virus software makers (anyone have any links?), or open source initiatives such as nessus, or OpenAntiVirus will try to counter this threat.
posted by Kikkoman at 9:54 PM on November 28, 2001


"...acquiese to FBI backdoor demands"

So, they're taking it in the ass, then?
posted by Danelope at 1:08 AM on November 29, 2001


clevershark: Any unix flavour of Magic Lantern will presumably install "new" versions of ls, ps, etc.
posted by salmacis at 2:19 AM on November 29, 2001


My, don't those intelligence people have a fertile imagination. This is such an obviously unworkable, fantastical scheme that it leads us to one of two conclusions. Either, (1) this is a publicity stunt attempting to show that the government is tech-savvy, or (2) the FBI is full of morons.
posted by dlewis at 3:45 AM on November 29, 2001


Jragon: Do you really think that the FBI will only make a wintel binary of magic lantern?

Couldn't tell ya. But I know the chances of them making one for OSX is lower than for Wintel.
posted by jragon at 6:34 AM on November 29, 2001


"clevershark: Any unix flavour of Magic Lantern will presumably install "new" versions of ls, ps, etc."

They'd have to replace a whole slew of other utilities, too, or there would still be a way to find it. Like this simple way of finding out if any files in /etc (which is where all the startup files are, for the non-linux-users) have been changed, or if anything's been added:

md5sum `find /etc -type f` > ~/md5sums

Do that right after you install, and you can do it again with a different filename later. Diff the two files and you'll see any changes.

They've replaced diff, too? Write a Perl script, and use its filesystem functions. That doesn't work? How about an emergency boot disk with copies of ls, ps, find, and so on?

If you're serious enough about security on a *nix system, you can find anything.
posted by CrayDrygu at 8:33 AM on November 29, 2001


Some more comprehensive ways to monitor for replaced files are listed here.
posted by sonofsamiam at 9:05 AM on November 29, 2001


« Older According to this editorial,...  |  Conflict Resolution In The Mid... Newer »


This thread has been archived and is closed to new comments