Does F-Secure's antivirus turn a blind eye to spook spyware? CEO hits back Antivirus maker F-Secure has responded to privacy campaigners' concerns over the handling of spook-grade surveillance malware – by insisting its security software slays government spyware wherever it can. In an open letter to the Bits of Freedom team, F-Secure president and chief exec Christian Fredrikson said his firm stands …
I probably wouldn't believe this if it came from McAfee, Symantec, Microsoft, or many others.
From F-Secure, I'll at least accept it as plausible. Of the AV companies I've dealt with, they've been the least slimy. Note how they didn't mince words or try to complicate this very simple issue.
The sorts of attacks the NSA and similar agencies are likely to launch are going to be quite sophisticated, and not likely to trigger detection by regular AV systems. They'll be highly targeted. So even if the software ends up on systems other than the target the payload won't be executed, because they want to keep the attack secret, it doesn't help the NSA if the AV firms are out there (and there will always be one or two that will not comply even if the F-secure folks are lying - though I don't think they are since they don't have to).
There may be accidents, like Stuxnet getting out(even though the payload was not executed outside of Iran last I heard it still caused some other issues). Though such attackers have probably learned from that and are being more careful now.
I must be a bit jaded.
Item 2. Was a two parter. Were they saying that they would not provide the legal basis for doing it or that they haven't done it.
Item 3 also had multiplied questions in it. Again were they saying they have never granted a request or that they wouldn't provide information?
Item 4 is curious. They start off talking about malware ( which is a general classification ) but only really deny Trojans. This leaves open the possibility of other classes of malware such as worms or viruses.
Even if we assume he's not lying, the way it was answered leaves a tremendous amount of wiggle room.
...what about keygens and no-CD patches?
Oh I'm sure you'll get the occasional retard replying to me with "well them evil pirates deserve it". Yeah, I'm sure everyone else hit by the botnet made up of Dem Evul Pie Rats deserve it too.
I have a fully functioning paid copy of BI Studios' Carrier Command that mentioned nothing of bullshit online DRM malware on the box, but most certainly demands a guilty-until-proven-innocent online check once installed. So, I found the crack and patched it. Fuck you, BI. You used to be good.
That crack will probably be detected as a virus of type "keygen" by umpteen different virus scanners, whether it's actually malware or not. What about F-Secure?
Well we don't add detection on keygens on purpose, but are you aware that keygens are very frequently trojanized and drop malware in addition of cracking whatever software you want to get cracked.
So are you sure that the keygen that is being blocked by AV is in fact clean?
However since keygens are almost 100% used for illegal uses, we are not wasting time on investigating them for false alarms. So if we FA on a keygen, too bad.
Emisoft has already said in so many words, that it is tough luck if certain EU countries don't like their anti-malware solutions! That goes a LONG way for me! They got the ONLY HIPS(Heuristic Intrusion Prevention System) that has detected every one of those dastardly HPAA spies on my PC!! Not that I can get rid of them if I want content, but I thoroughly enjoyed keeping a choke hold on them while using my rights to legitimate high definition content!
Basically they told a certain member of the EU to go fuck them selves - so they are my only hero in this game, so far!
Thanks for the suggestion. I have got tired of Kaspersky making my machine slow as molasses. It's now gone into the same 'File 13' as did Panda when they brought in their all singing, all dancing, all stopping system.
Off to try Emsosoft on my test machine.
I could be wrong but I seem to recall that F-secure was one of the only AV companies that published information and detected the dodgy Sony CD Rootkit. Mark Russinovich published his work on it at about the same time. It quite a while ago now, but the info should still be available.
It was later revealed that the big AV corporations and Microsoft had known about it all along and done SFA because it was part of Sony's DRM.
F-Secure have routinely published detailed research information about various forms of criminal oriented malware. They are one of the few AV companies that I'd believe on this issue if they comment at all.
Is it possible the malware writers are looking for malware as well?
So they can hijack it if it's better at being malicious than their code?
Possibly because it has a special "Official Govt Malware, please ignore" tag?
Surely not.
Stuxnet. The perfect weapon. And the Iranians will never be able to turn it against us.
That worked out real well too.
In over 20 years working for anti-virus companies, I never once heard about any pressure being put on us by government agencies to not detect malware.
To be honest, I can't imagine a govt agency *trusting* an anti-virus company (and the variety of nationalities employed inside a typical security lab) to keep such a request secret anyway.
Not to mention, how exactly would an anti-virus company be expected to respond if a customer (who was being spied upon by the agency) sent in a sample, and asked why we weren't detecting it when - say - F-Secure was?
So, I don't think this is happening.
Rather than nobbling the anti-virus companies, I suspect govt agencies are writing malware (just like the bad guys) and working their damndest to avoid detection (just like the bad guys). The fact that any state-sponsored malware is likely to be designed for specific targeted attacks, helps their hand of course...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
