2007/07/18

Fedware - The New Frontier In Malicious Software

Malware (malicious software) is scary enough. A rootkit can give an attacker unfettered access to your system and your most sensitive data. A keystroke logger can capture the passphrases that you use to encrypt files and volumes. These days, especially on Windows, you absolutely must have security software that continuously scans for the viruses and worms and install the malicious pieces of code. But what about when it's the federal government doing the attacking?

Recent high-profile prosecutions have revealed that, for example, the DEA employs keystroke loggers to give them access to the encrypted files of suspected manufacturers of illegal drugs, and if the DEA is doing it you can bet the farm that the FBI and Secret Service are as well. So here's the question: How do you protect yourself against over-zealous law enforcement agencies installing Fedware on your computers? And more importantly, will your security software manufacturer protect you or expose you?

Oh sure, if you're up to no good a rootkit is sort of like a wiretap, ordered by a court and used for evidence gathering. But we know that the Bush Administration, under the guise of fighting terror, has instructed the DoD and FBI to illegally monitor all sorts of groups--peaceniks and protesters--that aren't exactly out there cooking crystal-meth to feed to your kids. So what do you do to protect yourself.

Unfortunately, the answer may ultimately lie with the company whose security software you choose, and when a Federal order comes down many vendors, such as CheckPoint (ZoneAlarm) and McAfee (Norton), will quietly ignore Fedware and won't tell you about it. Hell CheckPoint goes so far as to 'whitelist' borderline software from vendors that request an exemption. But really...should you even trust what a vendor says about their policy on detecting Fedware? After all, they're in the business of selling you a security package, and if they reveal that they're...essentially...not secure, why would you stick with their product?

Ironically, the solution to this problem may lie with the open-source software community. A high-quality, thoroughly reviewed, well-understood, open-source security package may be your only defense against Fedware because, in the end, there would be nobody that could be ordered to intentionally sabotage the product.

Labels: , , , ,

14 Comments:

I am reminded of a photo that a friend took of himself in full combat fatigues, gas mask and holding his pistol in one hand and a rifle in the other.

The caption he'd put on it was "Don't worry, I'm from the Government and I'm here to protect you"
There seems to be a way to come in using backdoors on any computer. I wonder now if there's any company that really protects the backdoor?

Google has the software that comes in on Microsoft firewall backdoor. When uploading photos or videos a backdoor is being used through a firewall.
...cooking crystal-meth to feed to your kids.

Now there's a hekk of an idea! {-;

Erm, Seriously though, I'm not a big open-source user, just because I don't buy much software period. That being said, your advice is totally spot-on in this kind of situation. It's an extremely rare big company that is going to find the spine to defy a Federal "request" for a backdoor or "sharing" data. Open-source cats do what they do for love of the challenge and tend towards libertarianism, as least as far at in the societal sense.

BTW, Network Associates is McAfee. Symantec is Norton. We use the former at my job and I use NOTHING at home unless I think something looks fishy. If I get a virus/malware (twice in 12 years!) then I install a freeware Anti and if that doesn't clean it up, I format my C drive and enjoy a nice clean partition. Of course, for me that's kinda fun, and definitely NOT recommended for the avg user.
Sewmouse... The Feds chant the, "...trust us we would never abuse our powers" mantra every time they put in place a new privacy violating technology or law. But the stark reality is quite the opposite. If it can be abused, someone in government will.

Let's Talk... Unless you are fairly technically savvy, securing a system is quite difficult. One depends on the security software to make intelligent decisions. It's very unfortunate that the ethics of the vendors is now in question.
So much has changed since the Nazi takeover...
Michael... "...NOTHING at home"? I suspect that you've been hit more than twice in two years, unless you've got a good hardware firewall in your router.

But to the main point. I'd love to see a open-source security solution. Where cryptography is concerned, open-source algorithms and solutions are the ONLY solutions. All others are treated as suspect. In short, closed-source simply cannot be trusted.

Chuck... YOu're referring to the election of 2000, I presume? ;-)
kvatch, I don't know if you recall Steve Gibson over at Free Ware he has a lot of great programs one could use to help with such problems. From what I'm reading from the comment section a lot of folks could benifit from some free protection.

Great, Great Post kvatch!
This is the same administration that insists on keeping what they do out of sight doesn't have a problem with sticking their malware in your computer.
Google has the software that comes in on Microsoft firewall backdoor. When uploading photos or videos a backdoor is being used through a firewall.
----------------
Larry:

Yes, that's absolutely correct!
They are watching us all, and there is nothing we can reliably do about it.

God it makes me sad to type stuff like that.

"The hate us for our freedom."

No, Mr. President...I think that YOU hate us for our freedom!
That's it. I'm going back to using smoke signals, is all I'm saying.
Let's Talk... Thanks. There are a number of freeware "scanner" solutions for dealing with problems on an incident by incident basis. Unfortunately, not person or group has taken it upon themselves to try a more comprehensive solution remember that such a solution would require a standard way of identifying vulnerabilities so that an open-source virus scanner/firewall could deal with them.

Lew... All under the guise of: "Our data is our data, and your data is our data."
Suzie-Q... EEK! Don't like that, but then I'm very, VERY wary of Google's desktop apps.

Gary... Sad isn't it. See my comment to Lew.

Diva... Good idea, but they're sort of low bandwidth. That webpage is gonna load real slow over the the "Smokernet".
There are a couple good rootkit removers in freeware. Grisoft makes one.

Add a comment

Links to this post:

Create a Link