More on Magic Lantern, McAfee, Symantec, and FBI
Will Rodger
wrodger at home.net
Sat Dec 1 00:16:47 EST 2001
I wrote:
>We also know that virus scanners are remarkably bad at picking up and
>stopping new malware. If they were any good at all, new viri and Trojans
>would not spread the way they do.
Declan said:
>That's a fair statement, since the average Windows user either doesn't use
>antivirus ware or doesn't keep it updated.
Yes, but I was thinking a bit differently: The AV companies have to get a
copy of the malware to analyze in the first place to stop the Trojan, or at
least or block something _very_ similar. I don't think either one is likely
with half-competent Trojan writers.
So, I asked, rhetorically:
>>How hard would it be to design a Trojan horse that could get around
>>current scanners?
Declan says:
>Not that difficult, I suspect, with even the passive participation (merely
>providing tech info, not redesigning) of the antivirus firms. But the FBI
>would want to guard against two other possibilities: Future antivirus
>software detecting an installed ML, and future antivirus software
>detecting an attempt to install ML.
It seems to me they will have to get tons better at what they do before
they can stop someone clicking on an attachment, for instance.
Tthere's a balancing act here: Do you risk your Trojan being discovered by
McAfee and Symantec, or do you risk someone blabbing when you ask them to
avoid blocking it, when the odds are they won't block it in the
foreseeable future?
Given what I know of leaks to the media (my time as a reporter at USA Today
and Ziff Davis has to be worth something here) I wouldn't even think of
approaching the AV companies about this.
But that's just me. The Fibbies may have it figured differently.
all the best,
Will
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list