Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Thursday November 20 2014, @02:31PM   Printer-friendly
from the stop-staring-at-me dept.

Human rights charity Amnesty International has released a tool to detect and remove known government spyware programs. Describing the software as being the first to offer such a service, Amnesty commissioned the tool from prominent German computer security researcher and open source advocate Claudio Guarnieri, aka 'nex'. Acknowledging that the only sure way to prevent governments surveillance of huge dragnets of people is official legislation, Marek Marczynski of Amnesty nevertheless called the tool ( available here ) a useful countermeasure versus spooks. According to the app's instructions, it operates similarly to conventional malware or virus removal programs, though systems must be disconnected from the Internet prior to Detekt scanning.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Nerdfest on Thursday November 20 2014, @02:37PM

    by Nerdfest (80) on Thursday November 20 2014, @02:37PM (#118112)

    An "Open source advocate" that doesn't support Linux?

    • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @02:53PM

      by Anonymous Coward on Thursday November 20 2014, @02:53PM (#118118)

      And I don't see a free software license anywhere either...

      • (Score: 3, Informative) by Popeidol on Friday November 21 2014, @03:11AM

        by Popeidol (35) on Friday November 21 2014, @03:11AM (#118371) Journal

        Looks like they put one up just a few minutes after your post: It's Now under GPL3 [github.com].

    • (Score: 2) by Runaway1956 on Thursday November 20 2014, @05:33PM

      by Runaway1956 (2926) Subscriber Badge on Thursday November 20 2014, @05:33PM (#118174) Journal

      That was the first thing I looked at. They want us to download a .exe file. No .deb, no .rpm, no .tar.gz - nothing for any Unix-like.

      Oh well. If government is spying on me, so be it. I just hope they don't crash through the door during dinner. Their modus operandi generally involves busting the door down in the wee hours of the morning, so dinner should be safe.

      • (Score: 1, Flamebait) by Jeremiah Cornelius on Thursday November 20 2014, @07:08PM

        by Jeremiah Cornelius (2785) on Thursday November 20 2014, @07:08PM (#118199) Journal

        Deletes teh Chinks, leaves teh Yanks. Winderz is pre-pwn3d.

        --
        You're betting on the pantomime horse...
  • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @02:51PM

    by Anonymous Coward on Thursday November 20 2014, @02:51PM (#118117)

    It seems to me that phones are likely to be the favorite target of snoopware. But as long as you run the detector on the system being scanned the snoopware has the potential to spoof the detector. So it seems like the way to go would be a detector that runs on another system - either a PC or a phone of a different OS - that you connect to the phone and bypasses the software to read the hardware directly.

    Does such a scanner exist? Like a windows PC hosted scanner for android phones?

    • (Score: 2) by WillR on Thursday November 20 2014, @03:07PM

      by WillR (2012) on Thursday November 20 2014, @03:07PM (#118121)
      Even if the malware scanner runs on a PC, you still have to have trust something running on the phone to give you an accurate copy of the phone's flash for it to scan.

      Any rootkit that can hide itself from a scanner app on the phone could also hide itself from backup apps and infect your recovery so it's hidden from backups made there as well. If the phone has an unlocked bootloader, you could boot a known-good recovery image and use that to create a backup for scanning. If it doesn't, I'm not sure there is a way to get everything short of de-soldering the phone's flash chips and reading them with another device...
      • (Score: 2) by Nerdfest on Thursday November 20 2014, @03:36PM

        by Nerdfest (80) on Thursday November 20 2014, @03:36PM (#118134)

        We need the ability with phones to do the equivalent of booting a PC with a CD image. It's the only thing that can be trusted these days.

        • (Score: 2) by Runaway1956 on Thursday November 20 2014, @05:39PM

          by Runaway1956 (2926) Subscriber Badge on Thursday November 20 2014, @05:39PM (#118177) Journal

          Can a boot CD really be trusted?

          http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Heasman.pdf [blackhat.com]

          If the rootkit is written to a chip on the motherboard, how can your boot-CD make you secure?

          • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @06:53PM

            by Anonymous Coward on Thursday November 20 2014, @06:53PM (#118194)

            Worse, my CD/DVD drive is USB.

          • (Score: 2) by frojack on Thursday November 20 2014, @07:06PM

            by frojack (1554) on Thursday November 20 2014, @07:06PM (#118198) Journal

            Hmmm, very old proof of concept power point presentation doesn't equate to a valid risk,

            --
            No, you are mistaken. I've always had this sig.
      • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @04:11PM

        by Anonymous Coward on Thursday November 20 2014, @04:11PM (#118145)

        > Even if the malware scanner runs on a PC, you still have to have trust something running on the phone to give you an accurate copy of the phone's flash for it to scan.

        Unless you have DMA access [wikipedia.org] to the phone ala firewire or jtag.

        • (Score: 2) by WillR on Thursday November 20 2014, @05:48PM

          by WillR (2012) on Thursday November 20 2014, @05:48PM (#118180)
          JTAG would work, but you need special hardware and the ability to modify the phone. Has anything since the original iPhone had Firewire?
    • (Score: 2) by Techwolf on Thursday November 20 2014, @03:08PM

      by Techwolf (87) on Thursday November 20 2014, @03:08PM (#118122)

      On a related note. Is there a live CD that will scan the hard drive on the computer? The live CDs I have tried will scan the window registery,but will come up clean sence the windows registery is of the live CD and not the hard drive on the computer. Same thing for the malware and virious scanner on the live CD, will come up clean sence it is scanning itself so to speak.

      • (Score: 2) by mtrycz on Friday November 21 2014, @11:31AM

        by mtrycz (60) on Friday November 21 2014, @11:31AM (#118439)

        Are you seraching for something like the Kaspersky Rescue Disk?

        It's a modified Gentoo Live CD with the Kaspersky Antivirus engine and networking for downloading definitions updates, made specifically to scan a fucked up windows system. It's free as in beer.

        --
        In capitalist America, ads view YOU!
  • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @03:28PM

    by Anonymous Coward on Thursday November 20 2014, @03:28PM (#118130)

    Somebody wake me up when tools like this can detect hypervisor malware running above OS scope.

    • (Score: 1) by karmawhore on Friday November 21 2014, @06:50PM

      by karmawhore (1635) on Friday November 21 2014, @06:50PM (#118555)
      I've had it up to *here* with ACs posting in their sleep. I get that you can't be bothered to sign in, but for crying out loud at least crack an eyelid!
      --
      =kw= lurkin' to please
  • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @04:03PM

    by Anonymous Coward on Thursday November 20 2014, @04:03PM (#118140)

    I'm vastly more concerned about corporate spying than government spying. Most governments are far too inept to do anything with the data collected.

    • (Score: 2) by Nerdfest on Thursday November 20 2014, @04:07PM

      by Nerdfest (80) on Thursday November 20 2014, @04:07PM (#118143)

      A smart corporation would just steal or buy the data from the government.

      • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @04:17PM

        by Anonymous Coward on Thursday November 20 2014, @04:17PM (#118148)

        The government isn't allowed to collect data in many cases or it's more efficient for to outsource.

        They buy it from corporations.

    • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @04:16PM

      by Anonymous Coward on Thursday November 20 2014, @04:16PM (#118147)

      > I'm vastly more concerned about corporate spying than government spying. Most governments are far too inept to do anything with the data collected.

      Lucky you live in a relatively free country then and aren't engaged in a struggle against your government.
      Oh wait... [theguardian.com]

    • (Score: 2) by Geezer on Thursday November 20 2014, @04:21PM

      by Geezer (511) on Thursday November 20 2014, @04:21PM (#118152)

      Unfortunately, we are fast arriving at a point where corporations, for all practical purposes, are the government.

    • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @07:52PM

      by Anonymous Coward on Thursday November 20 2014, @07:52PM (#118222)

      What kind of a nerd are you??? (j/k, roflmao)

  • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @04:04PM

    by Anonymous Coward on Thursday November 20 2014, @04:04PM (#118142)

    It just sits there forever with "The scanning is in progress. It might take several minutes, please be patient and do not interrupt the application before it has naturally finished." Sorry, if your application shows no indication for 5+ minutes that it is actually doing anything I'm going to force kill it. This needs a working progress bar or even better a scrolling log of status messages. For all I know it just sits in an idle loop for 20 minutes and than says everything is OK - even if your system is loaded to the hilt with Government spyware.

    • (Score: 2) by tibman on Thursday November 20 2014, @05:37PM

      by tibman (134) Subscriber Badge on Thursday November 20 2014, @05:37PM (#118176)

      I just took a look at the source code and there is in-fact a progress bar.

      The scanning is in progress. It might take several minutes, please be patient and do not interrupt the application before it has naturally finished.

             

      Refresh [soylentnews.org]
      Should refresh automatically every 5 seconds

      So the application may actually be broken for you.

      --
      SN won't survive on lurkers alone. Write comments.
  • (Score: 1, Insightful) by Anonymous Coward on Thursday November 20 2014, @04:12PM

    by Anonymous Coward on Thursday November 20 2014, @04:12PM (#118146)

    Acknowledging that the only sure way to prevent governments surveillance of huge dragnets of people is official legislation,

    Don't be absurd, official legislation never prevents anything. It enables, it does not and has never prevented anything, it only, at best, provides punishment potential for non-cooperation which is frequently ignored by those with the power. Kind of like the lock on the door only protects you from honest people. SWAT frequently doesn't even check to see if it is locked.

    • (Score: 2) by sudo rm -rf on Thursday November 20 2014, @04:19PM

      by sudo rm -rf (2357) on Thursday November 20 2014, @04:19PM (#118150) Journal

      hihi, reminds of my neighbour back in 2000something, when the police made a house search (for drug money IIRC) only to come back half an hour after they left because they forgot the battering ram at his place...

    • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @06:15PM

      by Anonymous Coward on Thursday November 20 2014, @06:15PM (#118189)

      >> Acknowledging that the only sure way to prevent governments surveillance of huge dragnets of people is official legislation,
      >
      >Don't be absurd, official legislation never prevents anything.

      Don't make the mistake of thinking the government is an independent entity just because individuals within it sometimes act on their own.

      The government is 100% a creation of law, it has no other existence except that which is defined in law. If the law does not permit government action then the government, by definition, can not act.

      • (Score: 3, Insightful) by JNCF on Thursday November 20 2014, @07:09PM

        by JNCF (4317) on Thursday November 20 2014, @07:09PM (#118202) Journal

        Don't make the mistake of thinking the government is an independent entity just because individuals within it sometimes act on their own.
        The government is 100% a creation of law, it has no other existence except that which is defined in law. If the law does not permit government action then the government, by definition, can not act.

        Are you suggesting that the NSA is definitionally not a part of the government because they are systematically breaking the law, or am I reading your post wrong? This would seem an odd definition of government to me, not the one most people use in day to day speech. It also brings up the question of whose laws define government. If the British claim a territory and have laws written for it, and the territory claims independence and has different laws written, which laws determine the actual government?

        Democracies, dictatorships, and drug cartels all have laws. My favorite definition of government is "the biggest gang in town." I think that sums up the real situation quite nicely. The NSA is certainly a part of the biggest gang in town, and passing even more legislation outlawing their treason isn't going to stop them.

        • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @07:38PM

          by Anonymous Coward on Thursday November 20 2014, @07:38PM (#118215)

          > Are you suggesting that the NSA is definitionally not a part of the government because they are systematically breaking the law, or am I reading your post wrong?

          You are reading my post wrong. As the article said, laws are needed to restrain mass surveillence, in the absence of such laws the NSA is operating within the law. Figuring this stuff out is a process, there will always be people testing the boundries, that is the nature of human organizations. It is up to us to sharply define those boundaries when there is ambiguity.

          • (Score: 2) by JNCF on Friday November 21 2014, @12:37AM

            by JNCF (4317) on Friday November 21 2014, @12:37AM (#118342) Journal

            As the article said, laws are needed to restrain mass surveillence, in the absence of such laws the NSA is operating within the law.

            Whoa-whoa-whoa, we already have that law. In the United States of America there is no law higher than the constitution, the fouth amendment of which reads as follows:
            "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

            That seems pretty clear to me. The NSA is not "testing the boundaries" of the constitution, they are breaking them. The NSA is a criminal organization.

            • (Score: 2) by Phoenix666 on Friday November 21 2014, @04:40PM

              by Phoenix666 (552) on Friday November 21 2014, @04:40PM (#118525) Journal

              The NSA is a criminal organization.

              And the politicians and companies that enable them are co-conspirators. As such, they all need to be swept up under RICO laws. Of course, that will never happen because the government will never enforce our laws against itself. So it falls to us citizens to once again assert our rights however we might. Let's not forget that the government is not the law, but a set of people we the citizens have hired to enforce our laws. They have failed miserably, and have fallen into the criminality we were hoping to prevent. Time to clean house, raze DC, and start over again.

              This time, perhaps we can move the capitol to someplace more centrally located and with better weather. I vote for Santa Fe.

              --
              Washington DC delenda est.
              • (Score: 2) by JNCF on Saturday November 22 2014, @01:51AM

                by JNCF (4317) on Saturday November 22 2014, @01:51AM (#118662) Journal

                Man, I was totally with until that last line.

                This time, perhaps we can move the capitol to someplace more centrally located and with better weather. I vote for Santa Fe.

                Why are we going through all the trouble of burning the capital down if we're just gonna make a new one? I don't doubt that we can make a less corrupt centralized government, I just don't think we can keep it that way. Power corrupts, and if we give a federal government any amount of power they will use it to grasp for more. There is no law we can write that they can't reintrepret. Jefferson's proposed solution to this problem was just to throw a revolution every century or two, but I think we should at least try to make a decentralized government work. If it doesn't, we can always go back Jefferson's plan :)

  • (Score: 2) by FatPhil on Thursday November 20 2014, @06:31PM

    by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Thursday November 20 2014, @06:31PM (#118191) Homepage
    This looks like it's trying to enumerate badness:
    https://github.com/botherder/detekt/tree/c4939eefe2dd96540f32c76b1cdee66b2ea421d8/rules

    And we all know how well enumerating badness works...
    http://www.ranum.com/security/computer_security/editorials/dumb/
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    • (Score: 3, Interesting) by Arik on Friday November 21 2014, @06:40PM

      by Arik (4543) on Friday November 21 2014, @06:40PM (#118552) Journal
      I agree completely. 'Enumerating badness' is a neat way to put it.

      Way back in the stone ages when I fancied myself a DOS developer, I put together what *I* thought was a great antivirus system. It started with a custom bootloader, and verified before loading the kernel. And it kept a table of all the executable files on the disk, on a hidden partition, and interrupted the kernel whenever something was executed to make sure it was 1) on the list and 2) matched crc and attributes checks.

      If 1 failed you got a popup telling you this is a new file. If you installed it from a trusted source then 'add' otherwise 'block. Once the crc was calculated and added to the list it would also be set RO at the file system level, while 'blocking' would result in the execution failing, then a file rename to a non-executable extension and a note added to the log file.

      This was in the early days of AV scanners and what prompted me to write this system was a virus that had gone around a local BBS and actually 'destroyed' several HDDs. I got mine back, but only with a low-level format utility from Seagate that most would not have even known to look for. None of the scanners had done any good and I wanted to build a system that would work, so I naïvely just thought I would build it.

      It actually worked pretty well. Stopped everything I could find to test against it. I used to download files I knew were infected with the latest junk just to watch fhem fail. If I'd been a little harder worker I might have gotten it packaged up and sold it to someone that could market it, but I doubt it - by the time I had it working in the non-polished good-enough-for-me stage where I could demonstrate it, everything had to go to Windows, and Windows absolutely refused to coexist with what I was doing.

      So, scanners suck, but scanners are what you get.

      --
      If laughter is the best medicine, who are the best doctors?
  • (Score: 0) by Anonymous Coward on Thursday November 20 2014, @08:11PM

    by Anonymous Coward on Thursday November 20 2014, @08:11PM (#118228)

    Anyone here care to load some known spyware onto a test box and see what the detection rate is?

    (But please name or link the progs you tested against, obviously)

  • (Score: 2) by cafebabe on Friday November 21 2014, @08:02PM

    by cafebabe (894) on Friday November 21 2014, @08:02PM (#118583) Journal

    Human rights charity Amnesty International has released a tool [theguardian.com] to detect and remove known government spyware programs.

    Given that Microsoft is part of the Prism program, I presume this software deletes Windows installs.

    --
    1702845791×2