IP: Antivirus firms deny Magic Lantern backdoor plans (fwd)

Eugene Leitl Eugene.Leitl at lrz.uni-muenchen.de
Tue Dec 11 03:31:31 PST 2001




-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3

---------- Forwarded message ----------
Date: Tue, 11 Dec 2001 06:04:54 -0500
From: David Farber <dave at farber.net>
Reply-To: farber at cis.upenn.edu
To: ip-sub-1 at majordomo.pobox.com
Subject: IP: Antivirus firms deny Magic Lantern backdoor plans


>From: "Bill Sodeman" <bill at sodeman.com>
>To: <farber at cis.upenn.edu>
>Subject: Antivirus firms deny Magic Lantern backdoor plans
>Date: Mon, 10 Dec 2001 23:47:17 -0600
>X-Mailer: Microsoft Outlook, Build 10.0.3311
>Importance: Normal
>
>http://dailynews.yahoo.com/h/nm/20011210/tc/attack_tech_dc.html
>
>Monday December 10 8:30 PM ET
>Antivirus Firms Say They Won't Create FBI Loophole
>By Elinor Mills Abreu
>
>SAN FRANCISCO (Reuters) - Anti-virus software vendors said on Monday
>they don't want to create a loophole in their security products to let
>the FBI or other government agencies use a virus to eavesdrop on the
>computer communications of suspected criminals.
>
>Under a project code named "Magic Lantern," the U.S. Federal Bureau of
>Investigation is creating an e-mail-borne virus or Trojan horse that
>hides itself on the computer and captures all keystrokes made, including
>passwords that could be used to read encrypted mail, according to a
>report on MSNBC.com in November.
>
>Despite subsequent reports to the contrary, officials at Symantec Corp.
>and Network Associates Inc. said they had no intention of voluntarily
>modifying their products to satisfy the FBI. Spokesmen at two other
>computer security companies, Japan-based Trend Micro Inc. and the U.S.
>subsidiary of UK-based Sophos PLc., made similar statements.
>
>All four anti-virus companies said they had not contacted or been
>contacted by the U.S. government on the matter.
>
>"We're in the business of providing a virus-free environment for our
>users and we're not going to do anything to compromise that security,"
>said Tony Thompson of Network Associates.
>
>"Symantec's first priority is to protect our customers from malicious
>and illegal attacks," Symantec Chief Executive John W. Thompson said in
>a statement. "We have no intention of creating or leaving a hole in our
>software that might compromise that security."
>
>If anti-virus vendors were to leave a hole for an FBI-created Trojan
>horse program, malicious hackers would try to exploit the hole too,
>experts said.
>
>"If you leave the weakness for the FBI, you leave it for everybody,"
>said Fred Cohen, an independent security expert and digital forensics
>professor at the University of New Haven.
>
> >From the industry perspective, leaving a hole in anti-virus software
>would erode public confidence and damage the reputation of the vendor,
>sending customers to competing companies, the vendors said.
>
>The government would have to convince all anti-virus vendors to
>cooperate or the plan wouldn't work, since those not cooperating would
>have a market advantage and since they all share information, said a
>Symantec spokeswoman.
>
>"The thought that you would be able to convince the industry as a whole
>to do this is kind of naive," she said.
>
>All four anti-virus companies said they had not contacted or been
>contacted by the U.S. government on the matter.
>
>The FBI declined to confirm or deny the report about "Magic Lantern,"
>when it was first published by MSNBC.com and a spokesman was not
>available for comment on Monday.
>
>PLAN WOULD ALIENATE OTHER COUNTRIES
>
>Symantec and Networks Associates, both of whom have investments in
>China, would not jeopardize their footings in that market, said Rob
>Rosenberger, editor of www.vmyths.com, a Web site that debunks virus
>hoaxes.
>
>"If (the Chinese) thought that the company was a tool of the CIA (news -
>web sites), China would stop using those products in critical
>environments," Rosenberger said. "It is in the best interest of
>anti-virus vendors not to heed the call of the FBI."
>
>"We always try to cooperate with the authorities when it's appropriate.
>Having said that, our No. 1 goal is to protect our customers," said
>Barbara Woolf of Trend Micro. "I've heard reports that the government is
>upset this got out and is going back to the drawing board."
>
>Appeasing the U.S. government would be difficult for vendors who have
>parent companies and customers outside the United States, they said.
>
>"If the laws of the land were to change to permit this kind of activity
>then we would abide by the law," said David Hughes, president of Sophos'
>U.S. subsidiary.
>
>But "how would a vendor provide protection for customers outside of the
>specific jurisdiction?" Hughes asked. "If we were to do this for the
>U.S. government we'd also have to do it for the government of any other
>nation that would want to do something similar."
>
>
>==========================
>
>Bill Sodeman
>bill at sodeman.com / http://bill.sodeman.com
>
>1-512-845-0119

For archives see:
http://www.interesting-people.org/archives/interesting-people/





More information about the cypherpunks-legacy mailing list