DamianTV
11-06-2013, 04:32 PM
http://www.theregister.co.uk/2013/11/05/av_response_state_snooping_challenge/
Of course they do. Now they're going to be on record for doing so.
Security guru Bruce Schneier has joined with the Electronic Frontier Foundation and 23 other privacy and digital rights activists to call on antivirus firms to publicly state they do not turn a blind eye towards state-sponsored malware.
Antivirus vendors have been given until 15 November to go on the record about detection of state-sponsored malware, with early indictions pointing towards a somewhat weary "of course we detect it" response.
Meanwhile neutral observers of the security software market point out there's no need for spy agencies to ask for their malware to be whitelisted by vendors because defences aren't that strong in the first place.
An open letter (PDF) to the industry from Schneier et al follows recent revelations that the NSA uses malware and exploits to track users of the Tor anonymity service or otherwise monitor the communications of surveillance targets.
The existence of the NSA's Tailored Access Operations (TAO) hacking squad unit has been an open secret for years, but recent revelations have fleshed out the details and revealed that NSA hackers have procedures that mean they generally only resort to malware only in cases where it's unlikely their malicious code will be detected.
Effective security scanners might therefore be a factor when the NSA decides whether or not to run malware-based attacks – even though nobody seriously believes antivirus alone can be relied upon to defend against state-sponsored malware.
"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking," the privacy activists and security experts wrote in an open letter to antivirus companies. "Consequently, there should be no doubt that your company's software provides the security needed to maintain this trust."
The letter (extract below) challenges antivirus vendors to be clear about their detection of governmental surveillance-ware, requesting a response by 15 November.
...
Story continues on Link above.
Of course they do. Now they're going to be on record for doing so.
Security guru Bruce Schneier has joined with the Electronic Frontier Foundation and 23 other privacy and digital rights activists to call on antivirus firms to publicly state they do not turn a blind eye towards state-sponsored malware.
Antivirus vendors have been given until 15 November to go on the record about detection of state-sponsored malware, with early indictions pointing towards a somewhat weary "of course we detect it" response.
Meanwhile neutral observers of the security software market point out there's no need for spy agencies to ask for their malware to be whitelisted by vendors because defences aren't that strong in the first place.
An open letter (PDF) to the industry from Schneier et al follows recent revelations that the NSA uses malware and exploits to track users of the Tor anonymity service or otherwise monitor the communications of surveillance targets.
The existence of the NSA's Tailored Access Operations (TAO) hacking squad unit has been an open secret for years, but recent revelations have fleshed out the details and revealed that NSA hackers have procedures that mean they generally only resort to malware only in cases where it's unlikely their malicious code will be detected.
Effective security scanners might therefore be a factor when the NSA decides whether or not to run malware-based attacks – even though nobody seriously believes antivirus alone can be relied upon to defend against state-sponsored malware.
"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking," the privacy activists and security experts wrote in an open letter to antivirus companies. "Consequently, there should be no doubt that your company's software provides the security needed to maintain this trust."
The letter (extract below) challenges antivirus vendors to be clear about their detection of governmental surveillance-ware, requesting a response by 15 November.
...
Story continues on Link above.