|
Home > Archive > Anonymous Servers > August 2007 > Antiviral products to detect police LE viruses and trojans?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Antiviral products to detect police LE viruses and trojans?
|
|
| Anonymous 2007-08-03, 1:13 am |
| Can anyone knowledgable tell me if there exists any antiviral or
antitrojan product that will detect law enforcement viruses and
spyware?
In other words, perhaps a product not made in the US or in a country
influenced by the US that has not made a seeet heart deal with LE to
not detect their spyware?
I used to think that Kaspersky was one such company, but now not so
sure, then I heard that NOD32 made in eastern europe was such a
product, but I now see that they have offices in San Diego,
California.
Perhaps is there an Open Source heuristic product that is
uncompromised that will pick up these things?
My trust level is 0. Thanks.
| |
| Michael Yardley 2007-08-03, 7:13 am |
| On Aug 2, 8:48 pm, Anonymous <cri...@ecn.org> wrote:
> Can anyone knowledgable tell me if there exists any antiviral or
> antitrojan product that will detect law enforcement viruses and
> spyware?
>
> In other words, perhaps a product not made in the US or in a country
> influenced by the US that has not made a seeet heart deal with LE to
> not detect their spyware?
>
> I used to think that Kaspersky was one such company, but now not so
> sure, then I heard that NOD32 made in eastern europe was such a
> product, but I now see that they have offices in San Diego,
> California.
>
> Perhaps is there an Open Source heuristic product that is
> uncompromised that will pick up these things?
>
> My trust level is 0. Thanks.
Echelon Engines on the Internet backbones pick up encyption, if they
see excessive encryption posts coming from an IP NSA puts a sniffer
on it.
Found this article that talks about a piece of spyware called
"cipav",
used by none less than the FBI. According to the article the
organization is able to get this piece of spyware installed through
the target users gmail and myspace accounts.
Check for example this link:
http://digitaldaily.allthingsd.com/20070719/cipav/
or this:
http://www.heise-security.co.uk/news/92950
Would not surprise me if it was possible to accomplish this through
yahoo and hotmail as well. Most likely all large U.S. corporations
are
in bed with 'who-ever-may-now-be-in-charge', just as various
corporations provided silent support for Hitlers atrocities during
WWII. Probably part of the reason as to why yahoo recently removed
their email storage meter;-P
Some months ago it was in the news that google did not want to give
out information about its users search queries to the government. At
least they did not deny collecting data, which they do (because it is
'big business').
Better to use other search engines (like perhaps clusty?) if you care
about privacy, or disable java* technologies and cookies while using
yahoo or google...
Kaspersky
Kaspersky Lab is a computer security company, co-founded by Eugene
Kaspersky in 1997, offering antivirus, anti-spyware, anti-spam, and
anti-intrusion products. Kaspersky Lab is a privately held company
headquartered in Moscow, Russia with regional offices in the UK,
France, Germany, the Netherlands, Poland, Romania, Japan, China,
Korea, USA.
In 2005, Red Herring magazine listed Kaspersky among "Red Herring 100
Europe", a selection of the 100 private companies in Europe and Israel
that play a leading role in innovation and technology.
According to AV-Comparatives, Kaspersky Anti-Virus (formerly known as
AntiViral Toolkit Pro) rates highly amongst virus scanners in terms of
detection rates. In 2006 Kaspersky Anti-Virus was ranked second, and
was the recipient of the TopTenReviews Gold Award. In addition,
Kaspersky has passed all Virus Bulletin comparative tests since August
2003. According to PC World, Kaspersky antivirus software provides the
fastest updates for new virus and security threats in the industry.[1]
Kaspersky Anti-Virus engine also powers products or solutions by other
security vendors, such as Check Point, Bluecoat, Juniper Networks,
Sybari (now acquired by Microsoft), Netintelligence, GFI Software, F-
Secure, Borderware, FrontBridge, G-Data, Netasq, AOL's Active Virus
Shield, and others. Altogether, more than 120 companies are licensing
technology from Kaspersky, which makes it one of the most widely used
antivirus engines in the industry.
In early 2005, Kaspersky Labs revealed that it was contacted by "a
user asking how to disinfect the onboard computers of several Lexus
cars... The user said that the infection occurred via a mobile phone".
[2]
On 5 April 2007, Kaspersky Labs claimed to have found a virus that
infects Apple's popular iPod music player. The press release stated:
"It should be stressed that in order for the virus to function, Linux
has to be installed on the iPod.
The current line of Kaspersky products consists of Kaspersky Internet
Security 7 and Kaspersky Anti-Virus 7, released on August 1, 2007.
Kaspersky products are widely used in Eastern Europe and Asia, but
have not been strongly marketed in North America and Western Europe.
However, US-based magazine PC World recently awarded Kaspersky Anti-
Virus 6 the Editor's Choice in its 2007 anti-virus comparative
(partnered with AV-Test.org), a move which will likely result in more
widespread use in the Western Hemisphere. For example, it is now being
marketed by Sam's Club in tandem with the Symantec Norton product
line, which has been more popular in the USA.
The latest line of Kaspersky products is compatible with Windows
Vista.
The interface of Kaspersky Anti-Virus Personal 5.0 is not warm and
fuzzy, but when it comes to performance, this product excels.
In "The New Virus Fighters", Kaspersky was the only product among the
ten we tested to detect our zoo collection's backdoor programs, bots,
and Trojan horses better than 99 percent of the time. And it was the
quickest company at responding to new security threats. For the period
of eight months in 2005 that we tested, Kaspersky Labs released new
signature updates less than 2 hours after it detected a major security
threat, on average. Kaspersky ranked fourth in our heuristics tests.
The Kaspersky interface, while clean, isn't especially friendly,
offering little explanation of the options and settings. There is a
Help link at the bottom of the screen, but the assistance was sparse
compared with the other products we reviewed.
Upshot: Strong heuristics and virus detection, and quick outbreak-
response times, more than make up for weaknesses in interface design.
NOD32
NOD32 is an antivirus package made by the Slovak company Eset.
Versions are available for Microsoft Windows, Linux, FreeBSD, and
other platforms. Remote administration tools for multiuser
installations are also available at extra cost. NOD32 Enterprise
Edition consists of NOD32 AntiVirus and NOD32 Remote Administrator.
The NOD32 Remote Administrator program allows a network administrator
to monitor anti-virus functions, push installations and upgrades to
unprotected PCs on the network, and update configuration files from a
central location.
NOD32 consists of an on-demand scanner and four different real-time
monitors. The on-demand scanner (somewhat confusingly referred to as
NOD32) can be invoked by the scheduler or by the user. Each real-time
monitor covers a different virus entry point:
AMON (Antivirus MONitor) - scans files as they are accessed by the
system, preventing a virus from executing on the system.
DMON (Document MONitor) - scans Microsoft Office documents and files
for macro viruses as they are opened and saved by Office
applications.
IMON (Internet MONitor) - intercepts traffic on common protocols such
as POP3 and HTTP to detect and intercept viruses before they are saved
to disc.
EMON (E-mail MONitor) - An auxiliary module for scanning incoming/
outgoing e-mails via the MAPI interface, such as Microsoft Outlook and
Microsoft Exchange.
XMON (MS eXchange MONitor) - scans incoming and outgoing mail when
NOD32 is running and licensed for Microsoft Exchange Server - ie,
running on a server environment. This module is not present on
workstations at all.
NOD32 Virus Detection AlertNOD32 is written largely in assembly code
[5], which contributes to its low use of system resources and high
scanning speed, meaning that NOD32 can easily process more than 23MB
per second while scanning on a modest P4 based PC [6] and on average,
with all real-time modules active, uses less than 20MB of memory in
total [7] but the physical RAM used is often just a third of that.[8]
According to a 2005 Virus Bulletin test, NOD32 performs scans two to
five times faster than other antivirus competitors.[9][10]
In a networked environment NOD32 clients can update from a central
"mirror server" on the network, reducing bandwidth usage since new
definitions need only be downloaded once by the mirror server as
opposed to once for each client.
NOD32's scan engine uses heuristic detection (which Eset calls
"ThreatSense") in addition to signature files to provide better
protection against newly released viruses.
NOD32 was born in the early 1990s when computer viruses were becoming
increasingly prevalent[11]. At the time of its creation, the popular
television program Nemocnica na Okraji Mesta, or "Hospital at the Edge
of the City" was broadcasting on many European television networks.
Early viruses often targeted hard disk boot sectors, located near the
edge of the disk. As a pun, the program's creators named their new
anti-virus program the "Hospital at the Edge of the Disk", or
"Nemocnica na Okraji Disku", giving it the initials NOD. [12]
Initially the program gained popularity with IT workers in Eastern
European countries, as Eset was based in Slovakia. Though the
program's abbreviation was originally pronounced as individual
letters, recent worldwide use of the program has led to the more
common single-word pronunciation, sounding like the English word
"nod". [13]
Current versions of NOD32 are very different from the original NOD
software. Several generations of the program have been developed as a
response to a rapidly changing attack pattern by increasingly complex
viruses. The program, now for both 32-bit and 64-bit systems[14], is
known as NOD32, replacing the older 16-bit flagship product, NOD-ICE.
[15]
Google on "web heuristic review"
uzReview
uzReview is distributed from an open-source repository. Go there to
install and for more information.
Heuristic Review is a process for expert review of web/software
usability. uzReview is a Mozilla sidebar designed to facilitate this
process. It supports the logging of heuristics against a URL or a
keyword. The keyword facility is designed to allow the review of
processes or workflows. Additionally, there's a rich text editor which
supports drag and drop of content from the browsed pages for comments,
ui improvements, etc.
A diagram of the task model/ui flow is available.
Features:
* Auto-logging of URL in view
* Tag heuristic sequences by keyword for workflows
* Add notes to your heuristic rating
* Drag and drop pernicious HTML into the examples WYSIWIG editor
* Configurable heuristics, stored in XML Related Links
Our fallout visualizer: Map your customer visit funnel.
Google on "web heuristic review"
http://www.uzilla.net/uzilla/info/products/uzreview/ This is what
you want NO
heuristic programming
A branch of artificial intelligence, which uses heuristics -- common-
sense rules drawn from experience -- to solve problems. This is in
contrast to algorithmic programming, which is based on mathematically
provable procedures. Heuristic programming is characterized by
programs that are self-learning; they get better with experience.
Heuristic programs do not always reach the very best result but
usually produce a good result. Many expert systems use heuristic
programming.
My trust level is 0. well may be you should try using google once in
while.
| |
| Anonymous 2007-08-03, 7:13 am |
| > On Aug 2, 8:48 pm, Anonymous <cri...@ecn.org> wrote:
antiviral or[vbcol=seagreen]
country[vbcol=seagreen]
not so[vbcol=seagreen]
>
> Echelon Engines on the Internet backbones pick up encyption, if they
> see excessive encryption posts coming from an IP NSA puts a sniffer
> on it.
I have never seen any documentation that this is true, but when dealing
with a formidable advesary I would assume that statement is probably
true.
If so and the communications are encrypted, what could an entity hope
to gain by putting a sniffer in an IP address except just to see more
encrypted traffic?
| |
| Michael Yardley 2007-08-03, 1:14 pm |
| On Aug 3, 2:42 am, Anonymous <nob...@mixmin.net> wrote:
> antiviral or
>
> country
>
> not so
>
>
>
>
> I have never seen any documentation that this is true, but when dealing
> with a formidable advesary I would assume that statement is probably
> true.
>
> If so and the communications are encrypted, what could an entity hope
> to gain by putting a sniffer in an IP address except just to see more
> encrypted traffic?- Hide quoted text -
>
> - Show quoted text -
Terrorists are known to be using encryption and the Internet to
communicate, tonight I note 110 new messages in alt.anonymous.messages
alone, look at the recent UK case. Yes they cannot read the
encryption, they can try to, but they can see where it is coming from
and going too. and now mcuh traffic. This means they can tap phone
lines and listen to cellular and satellite communications, use
direction voice mics that can pick up conversations. It is know that
the USA security services where listening in on Bin Lad dins Calls.
The USA will not tell you but it is suspected that they can read
encryption and work with commercial companies to do this. They have
some of the most high end computers available. Given what is happening
in the World right now with terrorists, I happen to support Echelon as
a way of fighting Terrorism and keep the travelling public (airlines)
safe. Have a nice day
http://torrentfreak.com/netenforcer...orrent-traffic/
Rogers realized that the bit-shaping applications they were using to
limit the traffic that is generated by BitTorrent weren't effective
anymore, and started to throttle all encrypted transfers as well. As a
consequence, people have trouble connecting to encrypted e-mail
services, and other applications that rely on encrypted connections.
Rogers is not the only ISP that tries to cut down the BitTorrent
traffic. Last year we had a discussion whether traffic shaping is good
or bad, and both BitTorrent users and ISPs had some good arguments.
However, limiting all encrypted transfers is a completely different
story, it affects a wide range of customers, not only the ones using
BitTorrent.
http://torrentfreak.com/rogers-figh...pted-transfers/
ISPs screwing up encrypted traffic
http://www.ccirrus.per.sg/rfc13109/...rypted-traffic/
| |
| George Orwell 2007-08-04, 1:14 am |
| In article <1186147825.601231.59370@i13g2000prf.googlegroups.com>
Michael Yardley <yardleymj@yahoo.ca> wrote:
>
> On Aug 3, 2:42 am, Anonymous <nob...@mixmin.net> wrote:
>
> Terrorists are known to be using encryption and the Internet to
> communicate, tonight I note 110 new messages in alt.anonymous.messages
> alone, look at the recent UK case. Yes they cannot read the
> encryption, they can try to, but they can see where it is coming from
> and going too. and now mcuh traffic. This means they can tap phone
> lines and listen to cellular and satellite communications, use
> direction voice mics that can pick up conversations. It is know that
> the USA security services where listening in on Bin Lad dins Calls.
> The USA will not tell you but it is suspected that they can read
> encryption and work with commercial companies to do this. They have
> some of the most high end computers available.
That is made up FUD I'm afraid. It sounds like you're a Fox News
viewer, or maybe a fan of 24 who takes the computer stuff a little
too seriously.
| |
|
| George Orwell <nobody@mixmaster.it> wrote in
news:3f4db2a10e0529753458a295c83cdc3f@mi
xmaster.it:
> In article <1186147825.601231.59370@i13g2000prf.googlegroups.com>
> Michael Yardley <yardleymj@yahoo.ca> wrote:
>
> That is made up FUD I'm afraid. It sounds like you're a Fox News
> viewer, or maybe a fan of 24 who takes the computer stuff a little
> too seriously.
>
>
Don't interrupt him. This is great stuff! I love reading this
group for the joy of seeing psychopathology in action.
A
| |
| Nobody 2007-08-04, 7:14 pm |
| On Sat, 4 Aug 2007 01:54:29 +0200 (CEST), George Orwell <nobody@mixmaster.it> wrote:
>:In article <1186147825.601231.59370@i13g2000prf.googlegroups.com>
>: Michael Yardley <yardleymj@yahoo.ca> wrote:
>:>
>:> On Aug 3, 2:42 am, Anonymous <nob...@mixmin.net> wrote:
>:>> > On Aug 2, 8:48 pm, Anonymous <cri...@ecn.org> wrote:
>:>> >> Can anyone knowledgable tell me if there exists any
>:>> antiviral or
>:>> >> antitrojan product that will detect law enforcement viruses and
>:>> >> spyware?
>:>>
>:>> >> In other words, perhaps a product not made in the US or in a
>:>> country
>:>> >> influenced by the US that has not made a seeet heart deal with LE to
>:>> >> not detect their spyware?
>:>>
>:>> >> I used to think that Kaspersky was one such company, but now
>:>> not so
>:>> >> sure, then I heard that NOD32 made in eastern europe was such a
>:>> >> product, but I now see that they have offices in San Diego,
>:>> >> California.
>:>>
>:>> >> Perhaps is there an Open Source heuristic product that is
>:>> >> uncompromised that will pick up these things?
>:>>
>:>> >> My trust level is 0. Thanks.
>:>>
>:>> > Echelon Engines on the Internet backbones pick up encyption, if they
>:>> > see excessive encryption posts coming from an IP NSA puts a sniffer
>:>> > on it.
>:>>
>:>> I have never seen any documentation that this is true, but when dealing
>:>> with a formidable advesary I would assume that statement is probably
>:>> true.
>:>>
>:>> If so and the communications are encrypted, what could an entity hope
>:>> to gain by putting a sniffer in an IP address except just to see more
>:>> encrypted traffic?- Hide quoted text -
>:>>
>:>> - Show quoted text -
>:>
>:> Terrorists are known to be using encryption and the Internet to
>:> communicate, tonight I note 110 new messages in alt.anonymous.messages
>:> alone, look at the recent UK case. Yes they cannot read the
>:> encryption, they can try to, but they can see where it is coming from
>:> and going too. and now mcuh traffic. This means they can tap phone
>:> lines and listen to cellular and satellite communications, use
>:> direction voice mics that can pick up conversations. It is know that
>:> the USA security services where listening in on Bin Lad dins Calls.
>:> The USA will not tell you but it is suspected that they can read
>:> encryption and work with commercial companies to do this. They have
>:> some of the most high end computers available.
>:
>:That is made up FUD I'm afraid. It sounds like you're a Fox News
>:viewer, or maybe a fan of 24 who takes the computer stuff a little
>:too seriously.
Maybe. Only the NSA know and they aint telling. My guess the truth
is somewhere between. Nobody but a fool would argue against Uncle
Sam having spent many billions of our money to increase surveillance
is not monitoring the net. They surely are monitoring. How sophisticated
this monitoring is, is anybody's guess. It must be real hard to figure out
how to catch someone who sends 1 msg to aam and then, perhaps, dl
1 message the next day. A real PITA.
Excuse me, my coffee and donuts are waiting.
| |
| Anonymous Sender 2007-08-06, 7:13 am |
| Michael Yardley wrote:
>
> Terrorists are known to be using encryption and the Internet to
> communicate, tonight I note 110 new messages in alt.anonymous.messages
> alone,
Uh, why do you link the 110 new messages in alt.anonymous.messages with
terrorism? Loads of us use nyms that terminate in
alt.anonymous.messages and it has nothing to do with terrorism. Its
perfectly legal.
Do you think that just because you can't read the messages that they
must contain material thats evil or something?
> Yes they cannot read the encryption, they can try to, but they can see
> where it is coming from and going too. and now mcuh traffic.
No, they can see a message ended up in a newsgroup. They don't know
who that message is intended for. When people retrieve their mail from
there, they retrieve *all* the messages so nobody knows which one was
for who.
> This means they can tap phone lines and listen to cellular and
> satellite communications, use direction voice mics that can pick up
> conversations. It is know that the USA security services where
> listening in on Bin Lad dins Calls. The USA will not tell you but it is
> suspected that they can read encryption and work with commercial
> companies to do this.
You show a complete lack of understanding of even the basic concepts of
encryption. No, if the encryption was used correctly the government
would not be able to read it. Go read up about it.
You appear to be making this stuff up as you go along because it fits
your view of the world and what you would like to think the government
are capable of. That doesn't make it true.
| |
| Anonymous 2007-08-18, 1:14 pm |
| On Fri, 03 Aug 2007, Michael Yardley <yardleymj@yahoo.ca> wrote:
snip
>Terrorists are known to be using encryption and the Internet to
>communicate, tonight I note 110 new messages in alt.anonymous.messages
>alone, look at the recent UK case. Yes they cannot read the
>encryption, they can try to, but they can see where it is coming from
>and going too. and now mcuh traffic. This means they can tap phone
>lines and listen to cellular and satellite communications, use
>direction voice mics that can pick up conversations. It is know that
>the USA security services where listening in on Bin Lad dins Calls.
>The USA will not tell you but it is suspected that they can read
>encryption and work with commercial companies to do this. They have
>some of the most high end computers available. Given what is happening
>in the World right now with terrorists, I happen to support Echelon as
>a way of fighting Terrorism and keep the travelling public (airlines)
>safe. Have a nice day
XXXXXXX, you deserve the AmeriKa you will one day wake up in.
|
|
|
|
|