lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3F37C4ED.20563.46611A4D@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: commercially spy software

Ferdi ?zt?rk <Ferdi.Oeztuerk@...cor-nixdorf.com> wrote:

> Hope, that's not an old topic for full-disc. I've played around a little
> with these commercial products, which firms use for keylogging, process
> tracing, screenshots  etc. - Antivirus (Norton, Mcaffee) doesn't seem to
> care about these special spy software, e. g. "eBlaster" on windows os
> (2000, 98, xp).
> 
> Since there was no port in use, the program was invisible to me. The spy
> software producers call it "stealth mode".
> 
> Ok, your opinions?

You are right that, in general, traditional AV products will not detect 
such "commercial spyware", at least so long as it is not renamed, 
repackaged or otherwise modified from its normal commercial form.  In 
part you can "thank" the folk behind the NetBus RAT for this -- with 
the release of the shareware version of NetBus Pro they complained that 
the virus scanners of major AV companies such as Symantec and NAI (aka 
McAfee) detecting their "product" were, in fact, anti-competitive 
practices as those developers also had competing "remote access" and/or 
"remote administration" products...

This minefield is one of the reasons why grown ups tend to prefer to 
decide for themselves what code is "appropriate" to run on the systems 
they are responsible for, and thus by exclusion, what code is not 
appropriate.  Thus, rather than relying on the commercially oriented 
(and thus liable to be swayed by the possible legal damages threatened 
by a suitably lawyered "opponent") decisions of other "big businesses", 
whose interests will necessarily never align particularly well with 
their customers (if nothing else, they want to maximize the money they 
make off of you whereas you would prefer to minimize your costs), 
pressure should be mounting for a new kind of security product -- real-
time integrity management of "executable" code.  There are a few 
(partial) solutions available already, but apparently there are not 
enough grown ups in the market to make this a viable alternative (yet).

I expect this situation to change.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ