Antivirus software will ignore FBI spyware: solutions

26 Nov 2001

      Some interesting tips (bottome of this message) for detecting FBI/SS
snoopware that NAI/McAfee is now assisting the FBI in installing. 

I especially like the idea of "type hundreds of random key strokes and
see which files increase in size." (Or just look for any file size
changes, as most of us type tens of thousands of keystrokes per day.)

The mathematical side of most encryption is vastly stronger than the
"crypto hygiene" side. There's a reason "code rooms" and "crypto
shacks" on military ships and bases have lots of hoops to jump through,
with locked boxes, double-keyed switches, controlled access, etc.  

Most users of PGP take no steps to secure key materials. (I plead
guilty, too.) Most of us are used to immediate access, and we want
crypto integrated with our mail. The notion of going to a locked safe,
taking out the laptop or removable hard drive, ensuring an "air gap"
between the decoding system and the Net, and checking for keyloggers
and hostile code, and so on, is foreign to most of us. 

The "dongle" idea (e.g., Dallas Semiconductor buttons, etc.) has been
around for a long time. Here's a new twist: the Apple iPod music
player. I just got one. A 4.6 GB hard disk (Toshiba 1.8"). Hooks up via
Firewire/IEEE 1394, with the link recharging the battery and
auto-linking. The disk can also be mounted as a standard Firewire disk.
Meaning, it could be used to store key material and even be used for
PGP scratch operations. The increased security comes from its small
size (easy to lock up) and because I usually have it with me when I am
away from home. This makes "sneak and peek" searches and plants of
malicious code less useful. Not a complete solution. Crypto hygiene and
all.

Here's the article:
...
Path: sjcpnn01.usenetserver.com!e420r-sjo4.usenetserver.com!sjcppf01!usenetserver.com!hub1.nntpserver.com!headwall.stanford.edu!newsfeed.stanford.edu!sn-xit-01!sn-post-01!supernews.com!news.supernews.com!not-for-mail
From: Rastus P. Riley 
Newsgroups: misc.survivalism
Subject: Re: Antivirus software will ignore FBI spyware: solutions
Date: Mon, 26 Nov 2001 12:37:27 -0800
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <1m950usq1saskrs1g0ajmdi5h3e49fcd8b@4ax.com>
...
On 25 Nov 2001 21:48:28 GMT, phatmike@isomorphic.net (phatmike) wrote:
...
...
According to the Washington Post, "At least one antivirus software company,
McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't
inadvertently detect the bureau's snooping software and alert a criminal
suspect."
http://www.washingtonpost.com/wp-dyn/articles/A1436-2001Nov22.html
1.  Use a secure type of OS with login screen for every session
         a.  Log out after every use
         b.  If house invaded, Feds need to have initial login
              password to insert trojan.
2.  Use In/Out firewall
         a.  Zone Alarm Pro
         b.  Monitors in/out traffic
                  1.  If trojan tries to send data, then firewall will
                       highlight it.
3.  Always check for small programs by last accessed date.
          a.  Uncheck hidden files
          b.  Look for files that increase in size by testing with 300
               random keystrokes.
4.  Use Proxies, don't run attatchments, don't use
     Outbreak Express.
Hope this helps,
-Rastus

Antivirus software will ignore FBI spyware: solutions

Tim May