Antivirus software will ignore FBI spyware: solutions

Tim May tcmay at got.net
Mon Nov 26 16:37:12 PST 2001 

[I sent this a couple of hours ago, hasn't appeared on my feed, lne.com. 
Apologies if you get it twice.]

On Monday, November 26, 2001, at 11:49 AM, Sunder wrote:

> Great and wonderful except:
>
> 1. If such spyware has already been installed on your system you can't
> trust your os therefore:
>
> 	a. It may use your OS to hide the key capture log, so you
> 	   won't be able to just watch files.  Think of a kernel patch
> 	   that removes all references to a specific file, not just
> 	   sets it to be hidden.

Yes, but this is probably beyond current and foreseeable attacks. I 
don't dispute that all sorts of advanced attacks are possible, just that 
the fixes this guy suggested are "much better than doing nothing."

Even _secure_ OSes (KeyCOS, for example) are vulnerable to attacks when 
physical access is gained...doesn't make it easy, though.
>

> 4. If you live in a crowded area, your iPod can be lifted off you
> in a false mugging, or break in, pick pocketting while you're at a
> restaurant, movie, etc.

This implies a level of surveillance/commitment beyond what most FBI 
attacks are at.

More importantly, theft of my iPod would then trigger certain actions. 
Cancelling my existing key and generation of a new one.

All of these kinds of "they've got your hardware" attacks are present 
with nearly all systems. All require more work than the simple insertion 
of a keystroke logger involves. It's all measures and countermeasures.
>

> 10. Ordered any new copies of a bit of software?  Maybe they have a deal
> with FedEx, UPS, the Mailman.  Maybe what you're getting is the upgrade
> and then some.  How can you tell that copy of SmallTalk doesn't carry an
> extra bit of code just for you?  How can you tell that the latest patch 
> to
> MacOS you've just downloaded really came from Apple?  Sure DNS said it 
> was
> from ftp.apple.com but how do you know that the router upstream from 
> your
> internet provider didn't route your packets via ftp.fbi.gov?

Paranoia can be a dangerous thing.
--Tim May
"Gun Control: The theory that a woman found dead in an alley, raped and
strangled with her panty hose,  is somehow morally superior to a woman 
explaining to police how her attacker got that fatal bullet wound"


--Tim May
"That government is best which governs not at all." --Henry David Thoreau

More information about the Testlist mailing list