[Politech logo]

Politech is the oldest Internet resource devoted to politics and technology. Launched in 1994 by Declan McCullagh, the mailing list has chronicled the growing intersection of culture, technology, politics, and law. Since 2000, so has the Politech web site.

Symantec pledges to acquiese to FBI backdoor demands

Symantec sells security software including:
  Norton Antivirus
  Symantec Intruder Alert
  Symantec NetProwler 3.5
  Symantec AntiVirus Enterprise Edition
  Symantec AntiVirus Command Line Scanner 1.0
  Symantec Desktop Firewall 2.0
  Symantec Enterprise Firewall 6.5
  Symantec Enterprise VPN 6.5
  Symantec Enterprise Security Manager 5.5
  Symantec NetRecon 3.5


Date: Wed, 28 Nov 2001 12:47:21 +0100
To: declan@well.com
From: Maurice Wessling <maurice@bof.nl>
Subject: Symantec will not detect Magic Lantern


Eric Chien, chief researcher at Symantec's antivirus research lab, said 
that provided a hypothetical keystroke logging tool was used only by the 
FBI, then Symantec would avoid updating its antivirus tools to detect such 
a Trojan. The security firm is yet to hear back from the FBI on its 
enquiries about Magic Lantern but it already has a policy on the matter.

"If it was under the control of the FBI, with appropriate technical 
safeguards in place to prevent possible misuse, and nobody else used it - 
we wouldn't detect it," said Chien. "However we would detect modified 
versions that might be used by hackers."


Date: Wed, 28 Nov 2001 00:57:28 -0500
To: politech@politechbot.com
From: red <red@isr.net>
Subject: FC: McAfee broadens denial: No contact with government of any
Cc: declan@well.com, tbridis@ap.org

Declan, et al.

I believe it to be impossible that McAfee would build-in some sort of 
mechanism that would enable an authority to remotely allow keystroke 
logging. Not because this would technically be inconceivable - I believe it 
is, and I believe it is done as well -, but merely because of the 
international ramifications such construct would bring along. NAI, and 
McAfee.com certainly look forward to a more prosperous financial year. And 
they do their best to accomplish that. This company simply cannot afford 
under its new leadership to see its overseas competition (as F-Secure, 
Sophos and others) eat away their international market share. If 
McAfee.com/NAI would entertain what was said, this would be quite possibly 
the end of the company, as their international revenue would halt almost 
instantly. The impact would be felt in all NAI products.  And then with so 
many a.v. manufacturers, they'd still only cover those who'd agreed to do 
this. The possibility of an embarrassing leak would be a federal disaster. 
Come to mind that none of the foreign owned a.v.'s would go along. Although 
it might be seen that way by some, this would not be a "home land" security 
issue, sec.  It would impact almost all foreign nations. E.g. the EU would 
start stripping Mr. Mueller's pants down so fast, he even wouldn't have 
known he has 'em on. There's under the current EU regime (after the first 
Echelon raid) no-one willing to accept another candid U.S. camera 
trick.  Not even the U.K. would accept it.  And mix in that you also need 
to row-up all network intrusion vendors. And I simply do not see guys like 
Marcus Ranum (Network Flight Recorder) and Christopher Klaus (Internet 
Security Systems), just to name my personal pick of the crop, agree with 
compromising their product lines and future international sales. To top it 
off, look at this from the user side as well. A program like SurfinShield 
(Finjan) or Agnitum's Tauscan will take care of almost ANY Trojan. And, it 
would be a good idea to start using Evidence Eliminator (the latest version 
is here: http://www.evidence-eliminator.com/go.shtml?A660528 ) made by a 
real neat Brit, Andy Churchill, who deserves to be complemented for his 
efforts to contribute relentlessly to protect privacy of computer use.

On MagicLantern.  MagicLantern, according to my reliable sources is a 
derivative of the D.I.R.T. program (see http://www.codexdatasystems.com/ 
for details). A by no means for the experienced network administrator 
unbeatable, but nevertheless nifty pack of sleuth goodies, which do exactly 
what is promised: remote keystroke logging.  Codexdatasystems provides the 
software free of charge to law enforcement, so it's beyond the likely stage 
that the FBI didn't study it, and hence after some de-compilation made it 
more tailor-made, so to speak.  You'd be utterly surprised to learn what 
can be done and seen if you mix in the latest version of Network 
Observations, and use remote installed nodes.  By the way, Jack Valenti ( 
the movie mogul ) attempted to legally incorporate DIRT applications in the 
latest digital music trivia battle.  Not too long ago I saw a remark from 
John Young passing by, mentioning this.

  with regards / stringing along


Jack Ryan, PhD
research editor
Internet Security Review


POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/

Enter your email address to join Politech, Declan McCullagh's moderated technology and politics announcement list:

Return to politechbot.com