-- Eugen* Leitl <a href="http://leitl.org";>leitl</a> ______________________________________________________________ ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 ---------- Forwarded message ---------- Date: Tue, 11 Dec 2001 06:04:54 -0500 From: David Farber <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Antivirus firms deny Magic Lantern backdoor plans >From: "Bill Sodeman" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: Antivirus firms deny Magic Lantern backdoor plans >Date: Mon, 10 Dec 2001 23:47:17 -0600 >X-Mailer: Microsoft Outlook, Build 10.0.3311 >Importance: Normal > >http://dailynews.yahoo.com/h/nm/20011210/tc/attack_tech_dc.html > >Monday December 10 8:30 PM ET >Antivirus Firms Say They Won't Create FBI Loophole >By Elinor Mills Abreu > >SAN FRANCISCO (Reuters) - Anti-virus software vendors said on Monday >they don't want to create a loophole in their security products to let >the FBI or other government agencies use a virus to eavesdrop on the >computer communications of suspected criminals. > >Under a project code named "Magic Lantern," the U.S. Federal Bureau of >Investigation is creating an e-mail-borne virus or Trojan horse that >hides itself on the computer and captures all keystrokes made, including >passwords that could be used to read encrypted mail, according to a >report on MSNBC.com in November. > >Despite subsequent reports to the contrary, officials at Symantec Corp. >and Network Associates Inc. said they had no intention of voluntarily >modifying their products to satisfy the FBI. Spokesmen at two other >computer security companies, Japan-based Trend Micro Inc. and the U.S. >subsidiary of UK-based Sophos PLc., made similar statements. > >All four anti-virus companies said they had not contacted or been >contacted by the U.S. government on the matter. > >"We're in the business of providing a virus-free environment for our >users and we're not going to do anything to compromise that security," >said Tony Thompson of Network Associates. > >"Symantec's first priority is to protect our customers from malicious >and illegal attacks," Symantec Chief Executive John W. Thompson said in >a statement. "We have no intention of creating or leaving a hole in our >software that might compromise that security." > >If anti-virus vendors were to leave a hole for an FBI-created Trojan >horse program, malicious hackers would try to exploit the hole too, >experts said. > >"If you leave the weakness for the FBI, you leave it for everybody," >said Fred Cohen, an independent security expert and digital forensics >professor at the University of New Haven. > > >From the industry perspective, leaving a hole in anti-virus software >would erode public confidence and damage the reputation of the vendor, >sending customers to competing companies, the vendors said. > >The government would have to convince all anti-virus vendors to >cooperate or the plan wouldn't work, since those not cooperating would >have a market advantage and since they all share information, said a >Symantec spokeswoman. > >"The thought that you would be able to convince the industry as a whole >to do this is kind of naive," she said. > >All four anti-virus companies said they had not contacted or been >contacted by the U.S. government on the matter. > >The FBI declined to confirm or deny the report about "Magic Lantern," >when it was first published by MSNBC.com and a spokesman was not >available for comment on Monday. > >PLAN WOULD ALIENATE OTHER COUNTRIES > >Symantec and Networks Associates, both of whom have investments in >China, would not jeopardize their footings in that market, said Rob >Rosenberger, editor of www.vmyths.com, a Web site that debunks virus >hoaxes. > >"If (the Chinese) thought that the company was a tool of the CIA (news - >web sites), China would stop using those products in critical >environments," Rosenberger said. "It is in the best interest of >anti-virus vendors not to heed the call of the FBI." > >"We always try to cooperate with the authorities when it's appropriate. >Having said that, our No. 1 goal is to protect our customers," said >Barbara Woolf of Trend Micro. "I've heard reports that the government is >upset this got out and is going back to the drawing board." > >Appeasing the U.S. government would be difficult for vendors who have >parent companies and customers outside the United States, they said. > >"If the laws of the land were to change to permit this kind of activity >then we would abide by the law," said David Hughes, president of Sophos' >U.S. subsidiary. > >But "how would a vendor provide protection for customers outside of the >specific jurisdiction?" Hughes asked. "If we were to do this for the >U.S. government we'd also have to do it for the government of any other >nation that would want to do something similar." > > >========================== > >Bill Sodeman >[EMAIL PROTECTED] / http://bill.sodeman.com > >1-512-845-0119 For archives see: http://www.interesting-people.org/archives/interesting-people/
