How to defeat spyware

Mon Jan 7 19:31:28 PST 2002

> Look into what's inside OS X, which is what I run. A lot of FreeBSD,
> some Mach, etc. However, I don't kid myself that keystroke loggers
> for Macs, which I have bought myself for my own use (some years ago)
> won't be carried by spooks doing sneak and peak entries.

Windows *, Mac * and Linux probably together have 99.9% (guessing) of
the desktop market, so if I were packing a kit, I would carry disks
for each of those.  It's technically not difficult with any of these
OSes, because none of them have any kind of MAC system.

> Some of you might have already looked into this and may have some data 
> points.
> 
> It seems to me that the older type of keystroke logger (history file in 
> Unix, Ghostwriter, etc.) can be defeated thusly.

Yeah, that proposal (snipped above) would definitely defeat the plain
old BIOS keyloggers.  How sophisticated is the FBI stuff?  Let's make
some reasoned speculation.

Most of their targets aren't going to be super-sophisticated hackers
who will do those kind of things.  The FBI has a whole bunch of tools
which they use to achieve their goal (get the conviction, etc).
Generally, they don't need any one of those tools to be perfect.  The
plain old keystroke logger would work in most cases, probably.
However, that is not the end of the story...

> Selecting letters with a mouse on the screen also bypasses the
> keyboard.

Ouch!  That might work for occasional short messages, but for daily
use?

> The question is, are "keystroke loggers" actually doing more than
> keystroke logging. Are they, for example, monitoring all screen I/O
> (seems unlikely, for bandwidth reasons).

Obviously, the earlier ones worked at the BIOS level and could only
catch key activity.  I have definitely seen some products (plural)
available now which monitor GUI events, so it can show all the
activity of the snooped machine in a window.  This is OS specific, but
there are only about five OSes out there, and this technique
definitely works, and it WILL easily defeat all your tricks of using
the clipboard, mouse, etc.  Note that this is not the same as dumping
full-res video at 30 fps, which would be impossible, as you point
out.  Catching gui events is compact enough to be practical.

Bottom line: I don't have any knowledge of what the FBI actually does,
but there are off-the-shelf commercial things out there which defeat
what you described, so it's safe to assume that the FBI has something
like that if they feel they need it.

Bottom line 2: You need to have a tamper resistant system if you are
faced with an attack from the FBI hacker team.  Fortunately, in this
case tamper resistance is pretty easy.  Get yourself a webcam.  I
don't think many Mafiosos are sophisticated enough for this, or they
probably would have found some other line of work.

> > My attitude is to think about simple things and think about ways to
> > de-escalate a conflict as much as possible, so I'm not so enthusiastic
> > about a shotgun on a string.
> 
> That's cool. Just don't support laws affecting my decisions.

Have no fear, Tim!  No one ever asks me how the laws should be anyway.