More on Magic Lantern, McAfee, Symantec, and FBI

Will Rodger wrodger at
Sat Dec 1 00:16:47 EST 2001

I wrote:

>We also know that virus scanners are remarkably bad at picking up and 
>stopping new malware. If they were any good at all, new viri and Trojans 
>would not spread the way they do.

Declan said:

>That's a fair statement, since the average Windows user either doesn't use 
>antivirus ware or doesn't keep it updated.

Yes, but I was thinking a bit differently: The AV companies have to get a 
copy of the malware to analyze in the first place to stop the Trojan, or at 
least or block something _very_ similar. I don't think either one is likely 
with half-competent Trojan writers.

So, I asked,  rhetorically:

>>How hard would it be to design a Trojan horse that could get around 
>>current scanners?

Declan says:

>Not that difficult, I suspect, with even the passive participation (merely 
>providing tech info, not redesigning) of the antivirus firms. But the FBI 
>would want to guard against two other possibilities: Future antivirus 
>software detecting an installed ML, and future antivirus software 
>detecting an attempt to install ML.

It seems to me they will have to get tons better at what they do before 
they can stop someone clicking on an attachment, for instance.

Tthere's a balancing act here: Do you risk your Trojan being discovered by 
McAfee and Symantec, or do you risk someone blabbing when you ask them to 
avoid blocking it, when the odds are they  won't block it in the 
foreseeable future?

Given what I know of leaks to the media (my time as a reporter at USA Today 
and Ziff Davis has to be worth something here) I wouldn't even think of 
approaching the AV companies about this.

But that's just me. The Fibbies may have it figured differently.

all the best,


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list