no anti-virus maker could say yes to these questions. it would be career suicide as they say for the company.
Antivirus bods grilled: Do YOU turn a blind eye to government spyware?
Security guru Bruce Schneier has joined with the Electronic Frontier Foundation and 23 other privacy and digital rights activists to call on antivirus firms to publicly state they do not turn a blind eye towards state-sponsored malware. Antivirus vendors have been given until 15 November to go on the record about detection of …
-
-
Tuesday 5th November 2013 13:54 GMT Tom 35
I would expect...
The request would not be to ignore the spyware forever, but not to be the first to detect it.
Once some other company in a different country detects it, cover blown and everyone can add it to the detected list.
The only thing I can see that argues that this is not happening would be leaks. If this was going on I would have expected a leak or two to have happened.
-
-
Tuesday 5th November 2013 09:49 GMT doronron
Sophos OWNs Utimaco software
Wikileaks is your friend, their Spyfiles project shows who sells what surveillance kit that we know of:
http://wikileaks.org/spyfiles/
And Sophos has companies in that market,
http://wikileaks.org/spyfiles/files/0/54_200906-ISS-PRG-UTIMACO2.pdf
Sophos sell Government interception and data logging software courtesy of their Utimaco subsidiary, which is quoted in Germany.
I view this as a conflict of interest, so I don't trust them. But until I get rid of Windows on the next upgrade, I tolerate companies like this.
[Added]
Take a look at Glimmerglass, they make an automatic mirror tap for fibre optic cable intercepts under the sea (with a nice picture showing the data going into the NSA).
http://wikileaks.org/spyfiles/files/0/274_GLIMMERGLASS-AVIATIONWEEK-201004.pdf
-
Tuesday 5th November 2013 12:07 GMT Anonymous Coward
Have you ever detected the use of software by any government (or state actor) for the purpose of surveillance?
I would think most would be able to answer yet to that, although they may be cagey about positively attributing it to a state actor.
There's been plenty of APT discoveries by all of the AV vendors where China was at least insinuated to be behind the threats.
-
Tuesday 5th November 2013 17:31 GMT phil dude
well this is the rub...
So who do we trust? Govt? Big Corp? Your neighbour? Bruce is right on the money...
The problem we seem to have in the world is that the concept of trust has become "fractional" where previously it was binary or only a little less than one.
By that I mean, the invisible govts of the 50's was "trusted" as much as it was possible to observe for most people. Same with the police really...
Fast forward post-snowden, internet etc , and we have a fractional component to every trust vector involving entities we do not directly interact...
I am perhaps thinking of the "things you should not see made; sausages and legislation". Getting more and more like "things they don't want you to see made....".
How about this for a new branch of made up social science - trust vector mathematics. Forget social networks....;-) Wow! I have discovered a way of getting LINPACK into social studies ;-)
Anyone for calculating eigenvectors of the BNP? eigenvalues of lobbying cash?
I think that deserves a beer ;-)
P.
-
Tuesday 5th November 2013 21:37 GMT Dan Paul
Re: well this is the rub...there can be no trust because it's the only way to be sure
All the X Files posters notwithstanding, "Trust no one!", not even fractionally; because at least you will not be wrong. None of these agencies or governments deserve any trust as they have ALREADY violated everything that could ever command any trust.
Now, there are only lies, damn lies and even more damn lies.
When someone says "Hey buddy, I have a bridge in Brooklyn to sell you" and it has more truth than "You can keep your health coverage"; then we may as well stop communicating as there are no truths to be conveyed to anyone, anylonger.
-
-
Tuesday 5th November 2013 18:27 GMT Brian Miller
Don't bang dinner gong in front of hungry code diggers
Kurt Wismer is right that it would be very bad opsec to tell someone, "don't look there." That's exactly what they'll do! And then they'll blab all about it. That's what they do, all day, day in and day out. If the NSA asked anybody to ignore some code, it would have come out long before Edward Snowden. And how many AV and wanna-be AV firms and authors are there? Everybody wants a headline, and that would one would come flying out faster than the Streisand effect.
Would an AV company shut down like Lavabit and Silent Mail did? That's the real question.
-
Wednesday 6th November 2013 03:58 GMT Anonymous Coward
Re: Don't bang dinner gong in front of hungry code diggers
Receive a NSL. Go to jail by saying you've been ordered to install backdoors, or close business, or proceed as usual making profits. Which one do you think they would go for? Even if they get caught later they can argue they really "didn't want to" and possibly their competitors are in the same basket, so no reputation loss either...
-
Thursday 7th November 2013 15:48 GMT Yet Another Anonymous coward
Re: Don't bang dinner gong in front of hungry code diggers
However the same argument doesn't apply to putting backdoors in products.
Microsoft / IBM / Cisco / Siemens / etc all have divisions that sell classified systems - staffed with people who can be trusted - they all have valuable government contracts that make them very accommodating and they all have enough zero-day exploits that even if one is discovered who is going to blame the feds? And anyway a replacement can be pushed out next tuesday.
-