[9882] in cryptography@c2.net mail archive
Re: More on Magic Lantern, McAfee, Symantec, and FBI
daemon@ATHENA.MIT.EDU (Declan McCullagh)
Fri Nov 30 19:02:38 2001
Message-Id: <5.1.0.14.0.20011130085941.02d1c7f0@mail.well.com>
Date: Fri, 30 Nov 2001 09:10:23 -0500
To: Will Rodger <wrodger@home.net>
From: Declan McCullagh <declan@well.com>
Cc: cryptography@wasabisystems.com
In-Reply-To: <5.1.0.14.0.20011130084252.009f56e0@netmail.home.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 08:56 AM 11/30/2001 -0500, Will Rodger wrote:
>We also know that virus scanners are remarkably bad at picking up and
>stopping new malware. If they were any good at all, new viri and Trojans
>would not spread the way they do.
That's a fair statement, since the average Windows user either doesn't use
antivirus ware or doesn't keep it updated. But crank up the paranoia dial a
notch -- the Sep. 11 terrorists weren't exactly stupid -- and that's
arguably a different story.
>How hard would it be to design a Trojan horse that could get around
>current scanners?
Not that difficult, I suspect, with even the passive participation (merely
providing tech info, not redesigning) of the antivirus firms. But the FBI
would want to guard against two other possibilities: Future antivirus
software detecting an installed ML, and future antivirus software detecting
an attempt to install ML.
One wit recommended a way to get a wild version of ML: Create a Hotmail
account with the appropriate-sounding name, post the appropriately
suspicious-sounding statements in the appropriate fora, and wait for the
attachments to come in. :)
-Declan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
