Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: commercially spy software

Re: commercially spy software

From: Nick FitzGerald <nick_at_virus-l.demon.co.uk>
Date: Mon, 11 Aug 2003 16:31:41 +1200

Ferdi Öztürk <Ferdi.Oeztuerk_at_wincor-nixdorf.com> wrote:

> Hope, that's not an old topic for full-disc. I've played around a little
> with these commercial products, which firms use for keylogging, process
> tracing, screenshots etc. - Antivirus (Norton, Mcaffee) doesn't seem to
> care about these special spy software, e. g. "eBlaster" on windows os
> (2000, 98, xp).
>
> Since there was no port in use, the program was invisible to me. The spy
> software producers call it "stealth mode".
>
> Ok, your opinions?

You are right that, in general, traditional AV products will not detect
such "commercial spyware", at least so long as it is not renamed,
repackaged or otherwise modified from its normal commercial form. In
part you can "thank" the folk behind the NetBus RAT for this -- with
the release of the shareware version of NetBus Pro they complained that
the virus scanners of major AV companies such as Symantec and NAI (aka
McAfee) detecting their "product" were, in fact, anti-competitive
practices as those developers also had competing "remote access" and/or
"remote administration" products...

This minefield is one of the reasons why grown ups tend to prefer to
decide for themselves what code is "appropriate" to run on the systems
they are responsible for, and thus by exclusion, what code is not
appropriate. Thus, rather than relying on the commercially oriented
(and thus liable to be swayed by the possible legal damages threatened
by a suitably lawyered "opponent") decisions of other "big businesses",
whose interests will necessarily never align particularly well with
their customers (if nothing else, they want to maximize the money they
make off of you whereas you would prefer to minimize your costs),
pressure should be mounting for a new kind of security product -- real-
time integrity management of "executable" code. There are a few
(partial) solutions available already, but apparently there are not
enough grown ups in the market to make this a viable alternative (yet).

I expect this situation to change. 

-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Aug 11 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos