McAfee Will Ignore FBI Spyware

Drew writes: "The Washington Post is reporting on the FBI's new spyware called 'Magic Lantern.' According to their article, 'At least one antivirus software company, McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal suspect.' It is ridiculous that the software companies that are supposed to help us protect computers purposefully leave in loopholes for the FBI to operate their spyware."

Fucking Great

Now anyone can craft their virii to look like the FBI's brood and avoid detection alltogether.

Fabulous, I hope everyone feels safer already.

Re:McAffee

The problem, in my opinion, is that sales of McAfee's products will NOT drop because of this. You're forgetting that 99% of the people who buy that product do so because of FUD--Fear, Uncertainty, and Doubt. These are people who do not understand computers, viruses, bugs, worms and all kinds of other "marketing" names. They buy McAfee because it will prevent "hackers" (who should be called "crackers") from entering their system and causing their CPU to melt. These people will say, "Well of course McAfee shouldn't detect the FBI's crimefighting behavior." They simply don't know that this is a loophole for crackers (the "hackers" they're afraid of) to take advantage of. And they'll never consider that a possibility.

THAT is the problem with things like this. Just wait a few more days and we'll probably get a Slashdot story about a press release by the FBI telling of a new "technology" (a 4KB program that plugs this loophole) that empowers criminals to rub the Magic Lantern and make a wish that the FBI will leave them alone.

Magic Lantern benefits crackers!

The point is, these aren't loopholes for the FBI. McAfee will ignore this loophole, and that will allow CRACKERS to get into your system. This program, which is intended to prevent people from getting into your computer, will happily ignore all cracking that takes place through the same loopholes as this so-called Magic Lantern.

Oh well... Next time, use OpenBSD.

What about linux users?

In contrast, Magic Lantern could be installed over the Internet by tricking a person into double-clicking an e-mail attachment

So I guess for linux users, the email would probably look like the following:

Dear Sir or Madam,
Please make sure you are root when you execute this file.

Thanks,
The FBI

Re:What about linux users?

So I guess for linux users, the email would probably look like the following:

I think it is more likely that the trojan would look like:

if(uptime()>3500000) {
ExploitLocalRootHole();
DoEvilStuff();
} else {
WaitUntilNextLocalRootHoleDiscovered();
ExploitNewLocalRootHole();
DoEvilStuff();
};

US dictating foreign users rights as well?

Arrggghh!

OK, I really need to get this off my chest here.
How will this affect copies of software sold countries outside the US? Will my AV software end up crippled and able to be exploited by those who have reverse engineered the "FBI Friendly" code?

Why is this acceptable? Because the good old US Government wishes to remove the much-lauded freedom of its citizens, the rest of the world also loses those freedoms. Will McAfee for example really bother to have a US-only version with the FBI-lover code in it, and remove that code from all other versions? Even if they say they have, how will we know???

Grrrrrrrrr....

Beyond Here Lies Paranoia

Is anyone else wondering whether this means that it would soon be mandatory for software that is used in the US to have exploitable security flaws in order to better catch terrorists?

For those that would point out that convincing someone to click on an attachment is social engineering and not really an exploit, I'd like to point out that there are mechanisms that can be put in place both at by the OS or the mail reader to make things like clicking attachments less dangerous (automatically running attachments as a user with minimal privileges is one of them). But given that the FBI is relying on OSes not to make doing this easy would applications or OSes that tend towards security start to face the same stigma and negative association that encryption has faced since the events of 9-11?

Here's McAfee's contact page

In case you want to shout at them about how you'll not buy any more of their products. Maybe if McAfee understands how stupid this is, they'll change their minds (hahaha, right).

http://www.mcafee.com/aboutus/contact_us.asp? [mcafee.com]

McAfee.com Corporate Headquarters
McAfee.com
535 Oakmead Parkway
Sunnyvale, CA 94085
USA

Telephone: (408) 992-8100
Fax: (408) 720-8450

Is There a Difference?

"McAfee Will Ignore FBI Spyware"

They've been ignoring viruses for years. Why change now?

;)

Knunov

Norton won't do this

Norton Personal Firewall/Internet Security detects and stops this software from operating, as a personal firewall program is designed to do.

If McAfee does not, then they should be investigated by the FTC for marketing a low quality product.

FBI - Classic magician's trick?

It just may be that the FBI's so-called "Magic Lantern" is a classic magician's trick. They are telling the whole world that this Magic Lantern is a technology that will seek out and destroy every dangerous criminal on the face of the planet. They're marketing it as an unbeatable technology that works on EVERY SINGLE COMPUTER IN THE WORLD (that is, every one that's running Windows). They're causing lusers to think that there really is some kind of crimefighting technology when it's really nothing more than a bug which allows crackers to compromise Windows.

Then, the criminals who are trying to avoid the FBI see this and talk to someone who understands computers. That person tells them how to patch their system to remove the vulnerability.

Here's where the classic trick takes place. The criminal thinks he's immune from the Lantern, so he goes on with business as usual. He writes down his drug trafficking records or whatever, and then the FBI goes in behind his back, using some other system that nobody knows about, and gets the information.

I'm not saying this is what's going on. On the contrary--government people are really stupid, and even more so when it comes to computers. But I'm saying this is a possibility, and I'll try not to discount the FBI's intelligence just yet.

Oh well.

Evidence of Cluelessness at Every Level

There is no doubt that Macafee's mindless show of patriotism invites a new breed of free-to-do-as-they-will virii from everyone, including terrorists -- merely by attempting to appear to be the Golden Lantern.

But moreover, it shows an economic cluelessness, inviting competitors to provide a service they do not. Even worse, it is one thing to sell a "here's some filters, we're trying to keep the buggers out," program, but another thing entirely to sell one KNOWING that it will permit viruses to go undetected. That additional scientermight even invite litigation from companies injured by their recklessness.

In short, it is amazing what a little jingoism can do to get people to lose their minds.

All they have done is make a nation weaker. . .

Way to go. The FBI, in hopes of protecting the nation, introduces its mystical spyware to facilitate its enforcement. MacAfee, in its strong show of faux patriotism willfully places a security hole in its virus systems (and I have no doubt that some government backdoors is part of the Microsoft antitrust settlement).

Net result is that we have made an internet security infrastructure even weaker than it was before. While this overall approach is not likely to beat up on well-informed criminals and terrorists, it does weaken everybody else's system, making the nation even more vulnerable to actual cyberterrorism than it was before.

All we have done is to make a nation weaker.

Interesting Situation

This creates an interesting situation. As I understand it, virus detection programs use:

1) signatures -specific byte patterns which are searched for in files, and

2) heuristics - in this case algorithms which seek unlikely looking data to determine whether the user should be alerted to a possible intrusion attempt.

McAfee can of course omit signatures for this 'Magic Lantern' (ML) software from their database. However, in the case of the heuristics, avoiding user notification of ML requires either:

a) a weakening of the heuristic(s), presumably to such an extent that other viruses may penetrate the system or

b) the presence of a special signature in the McAfee software which (on recognizing ML) can 'override' the heuristic

Case (b) is interesting. If McAfee do this with a simple byte pattern search this will immediately provide viruses with a neat little 'binary tag' which permits them to evade McAfee's software

The alternative must be to use a cryptographic hash which can be used to identify ML but which cannot be readily forged by other virus code. Using this checksum technique also demands that the ML 'payload' remain unchanged. Very restrictive for code which needs to be stealthy.

But the most important side-effect of both of these techniques - and any others McAfee might choose to use, would be that it provides an easy route for developers to produce software which can check for ML.

In other words, McAfee cannot both provide useful levels of virus detection and avoid alerting the user to Magic Lantern without giving other developers a blueprint to locate it.

I'm going to vote with my dollars....

and not purchase, nor recommend to anybody including my employer (2000+ PCs) McAfee's products. Or any other product that doesn't jive with what I want it to do.

Will be interesting to see what the marketplace thinks of this move when their stocks start trading again on Monday.

F-Prot [f-prot.com] isn't based in the States, and maybe they will provide the protection users want.

How long will it be...

Before the Mafia moves to Linux, FreeBSD or one of the commercial unices out there? I mean, come on, those guys aren't stupid. If you are in their industry, you don't tend to live long.

You can lock a UNIX box down tighter than a virgin whore if you know what you're doing. And with the current IT job shortage, I bet Don Parcheesi can find a pet UNIX geek or three dirt cheap. Or some trustworthy ones for a bit more.

The real irony.

This is Microsoft's wet dream... If the holes the FBI uses are unique, then the holes will be classified to protect the FBIs ability to monitor terrorists (therefore protecting national security). That means, they will have the ability to stop security exploits from being published in the interests of national security.

Trust is absolutely necessary to have democracy.

We need to protect ourselves vigorously from crime. However, creating secret agencies who are able to commit crimes themselves is not the way to protect ourselves.

Already there is a serious problem with people committing some destructive act and claiming it was done by the CIA or other U.S. government secret agency. There is no good defense against this, because people worldwide know that the U.S. government secret agencies routinely break the law. How could it be proven that the FBI, CIA, or NSA, or some other secret agency didn't do a particular crime?

The U.S. FBI, CIA, and NSA are now worldwide surveillance agencies. They are supported by Americans who are not allowed to know how much of their money is spent on surveillance. United States citizens are not allowed to know what the U.S. government secret agencies are doing, so they don't know if the agencies are doing things they would now support.

The people who work for the FBI are often not smart people. They don't realize that trust is absolutely necessary in a democracy. They have often in the past not shown understanding of the other needs of democracy. They have often acted like secret police. They often believe in killing or other ways of being destructive as a way of curing some ill in society.

Now they will be attacking computers like the criminals. They will say that they are doing it only to solve crimes, but it is socially impossible to control this kind of thing. Once the principle is established that a secret agency can break the law, there is in practice no limit to what some people in that agency might feel "justified" in doing. Consider your own experience. When has the boss had complete knowledge and complete control over the actions of employees? Never. A company's only good policy is to hire open and honest people and to encourage honesty and genuine caring.

The FBI's influence will mean that the U.S. taxpayer's money will become a powerful force in preserving security holes, instead of closing them. Generally, this kind of software has had holes of its own. You may be attacked by a cracker exploiting a security hole created by FBI software. Governments will detect FBI snooping software and feed the FBI erroneous information.

This is all support for people who like snooping and sneaking. It is not actually a way to reduce crime. It is for adults who like to treat the whole world as a video game. It is for the kind of people who think of themselves as James Bond, who like the idea of being able to kill other people legally.


How U.S. government policy contributed to terrorism: What should be the Response to Violence? [hevanet.com]

Multiple abuses of Magic Lantern.(Long)

Easy way to abuse the FBI's new Magic Lantern "virus."

Do illegal stuff online, and be conspicuous about it. If you are already involved in organized crime, this will be easy. Do all your stuff using PGP on a Windows 2000 base install. Regularly talk on the phone to your buddies about those idiot FBI agents who can't read your encrypted email. Make sure to do everything with LCD montitors so that the FBI has to crack the email instead of just tapping your CRT. Get a geek to learn a lot about virus operation so that he can regularly check the system and snag the virus.

As soon as the virus pops up, keep playing along. Send out encrypted crap messages that make no sense, and appear to be written in code words so that the FBI spends more time trying to crack THAT code after cracking the message. At the same time, decompile the virus and figure out how it works. Alter the virus to be self-propigating and extremely malicious, destroying all filesystems on infected machines and shutting them down while residing only in memory to prevent people from finding the virus on disk.

After a few days, set up an online store selling anti-virus software at $19.95 a seat licensing. Encrypt everything the program contains with the exception of an executable, so that no other virus company can figure out how it works without violating the DMCA.

Laugh at the FBI agents who are too busy trying to figure out what all your code words are to notice you raking in millions with a foreign company selling anti-virus software, move to Zug, and retire.

I admit, that scenario is a bit of a stretch. A more likely scheme (And what will likely happen very soon.) is a few good crackers decompile antivirus software from McAffee and Norton, both American companies that will allow the FBI virus through, and compare it with antivirus software from foreign firms, which will likely block the FBI virus to prevent the USA from spying on their companies as the USA does with echelon. Bingo, killer virus in no time flat, watch it take the world by storm. And before any of you bother to post about how the FBI will manage to keep all the details secret so that this doesn't happen, think about this; if the FBI could manage to keep a secret, we would not know about things like Magic Lantern and Carnivore to begin with.

I want to thank the FBI for fucking over America with their inability to realize the dire consequences of their poorly-planned actions. By doing this the FBI is screwing over:
1- All of the companies around the world, especially in the US, that will spend a ton of money dealing with the downtime caused by the first virus to exploit the Magic Lantern backdoors.
2- All of the American antivirus software companies who will lose market share to foreign software companies who do not leave FBI backdoors in their products.
3- Microsoft, who will likely be accused of leaving FBI backdoors in Windows, and who will lose market share when a virus sweeps the Windows world on a level that shames Code Red I and II.
4- All the Windows admins out there who will now have to rebuild all of their compromised machines, and switch to antivirus software by companies that do not leave backdoors for the FBI.

An alternative problem

Well, I'm seeing a completely different issue here, beyond other people being able to craft virii exploiting the same holes that this Magic Lantern does. (Although I'm assuming that as security holes get patched, Magic Lantern will ultimately refer to a family of virii rather than any single virus; it's going to make McAfee's job of trying to explicitly exclude it from virus searches all the more ridiculous)

The thing that occurs to me is that, back when I was an easily amused kid I used to capture computer viruses, dissect them and study them. If Magic Lantern is genuinely going to be an effective way to retreive data -- and if it's a virus designed by a team of top-level professionals, which it is likely to be, then it should be so -- then how long a matter of time is it going to be before everyone and his mad bastard cousin starts to make copies of this virus and mutate it for their own ends? This seems like it would quickly become a valuable corporate espionage tool, and then a personal espionage tool, and then just a total disaster area.

The problem with this is, if they design a powerful cracking tool which by its nature must be primarily built ou