Wednesday, July 18, 2007

Fedware - The New Frontier In Malicious Software

Malware (malicious software) is scary enough. A rootkit can give an attacker unfettered access to your system and your most sensitive data. A keystroke logger can capture the passphrases that you use to encrypt files and volumes. These days, especially on Windows, you absolutely must have security software that continuously scans for the viruses and worms and install the malicious pieces of code. But what about when it's the federal government doing the attacking?

Recent high-profile prosecutions have revealed that, for example, the DEA employs keystroke loggers to give them access to the encrypted files of suspected manufacturers of illegal drugs, and if the DEA is doing it you can bet the farm that the FBI and Secret Service are as well. So here's the question: How do you protect yourself against over-zealous law enforcement agencies installing Fedware on your computers? And more importantly, will your security software manufacturer protect you or expose you?

Oh sure, if you're up to no good a rootkit is sort of like a wiretap, ordered by a court and used for evidence gathering. But we know that the Bush Administration, under the guise of fighting terror, has instructed the DoD and FBI to illegally monitor all sorts of groups--peaceniks and protesters--that aren't exactly out there cooking crystal-meth to feed to your kids. So what do you do to protect yourself.

Unfortunately, the answer may ultimately lie with the company whose security software you choose, and when a Federal order comes down many vendors, such as CheckPoint (ZoneAlarm) and McAfee (Norton), will quietly ignore Fedware and won't tell you about it. Hell CheckPoint goes so far as to 'whitelist' borderline software from vendors that request an exemption. But really...should you even trust what a vendor says about their policy on detecting Fedware? After all, they're in the business of selling you a security package, and if they reveal that they're...essentially...not secure, why would you stick with their product?

Ironically, the solution to this problem may lie with the open-source software community. A high-quality, thoroughly reviewed, well-understood, open-source security package may be your only defense against Fedware because, in the end, there would be nobody that could be ordered to intentionally sabotage the product.

TAGS: , ,

No comments: