Talk:Magic Lantern (spyware)

Template:Project FBI

A few questions:

1. Wouldn't ctrl+alt+del on a windows box show the program running, and let you shut it down? If not, why not?

Only assuming the program runs 'honestly.' It's more than likely this software would run under a rootkit, which would hide it from Windows at all. SnoopJeDi (talk) 18:40, 19 November 2007 (UTC)[reply]

1. Wouldn't your firewall notify you if this program wanted to call out? (Everyone should have a firewall, IMHO, yes, even if you're on dialup; WinME 4.90.300 for instance tries to call out occasionally, regardless of what options the user sets about updating everything manually; that's the version pre-installed on my box; no, I don't know if any patches for that have been released).

Again, only assuming this program runs traditionally, because the firewall relies on the OS. If the latter is deceived, so is the former. Any separate hardware monitoring the network (a packet sniffer between the box being logged and the internet, for example) should be able to detect this phone-home behavior. SnoopJeDi (talk) 18:40, 19 November 2007 (UTC)[reply]

1. If no to both of the above, what is the program? A plugin to, say, Systray or Windows Explorer?
2. Are people using linux at less risk (they tend to be "under the hood" of their computers more)?

Linux is just as susceptible to rootkits as Windows. There is no true innate benefit to using one over the other with regards to this, but it is true that Linux users on the average tend to be more aware of their computers and would probably pick up on this more often. SnoopJeDi (talk) 18:40, 19 November 2007 (UTC)[reply]

1. Are people using Macs at less risk? (any way to find out if the FBI has ported the prog to macs?)

Beau regards, a good article otherwise. I know the FBI is keeping mum about it, "of course." --Koyaanis Qatsi

Again, the only protection any operating system would gain is the separation from being a mainstream target. Linux and Mac are often toted as free of spyware, etc., but the bulk of this is because they are seen as secondary targets, not comprising the bulk of computers. SnoopJeDi (talk) 18:40, 19 November 2007 (UTC)[reply]

Ad 1+3: Only if ML ran as an application. There are other ways. What about replacing the keyboard driver with a custom version?

Ad 2: With admin rights, there are ways around these, too. Note that latest worms (e.g. "Goner") try to disable personal firewalls and virus scanners.

As to whether Linux or Mac (or BeOS or FooOS) users are at less risk: Obscurity of an operating system, hardware platform, or mail program may save you, but MacOS is not nearly scarce enough that the FBI won't bother to write a version for it.

As with all viruses/worms/security threats good practices may prevent problems. Linux was one of the first "home" OSs encouraging the use of a not-all-powerful account for things like reading mail — but newer Windowsii and MacOS X followed suit. Compromising an account and trojanising at least some of the tasks done from an account is certainly possible; but without admin rights modifications can be much less stealthy.

The lack of all-out virus vectors on Unix has also done its bit. --Robbe

Why remove the paragraph on the "badtrans" virus? --KQ 02:10 Sep 27, 2002 (UTC) __________________________________

Is there a list of these anti-virus companies that DO succumb to being ignoranuses about the FBI scanners and overlook them during their own scans?

SOPHOS is just one that DOES look for these types of apps, are there others?

Revelations 04:58, 8 February 2006 (UTC)[reply]

I saw an interesting term coined by ZD-net [1] called Fedware. I wonder if it would be useful to run with this term to describe software written by the US-federal government. The concern is that Fedware may be excluded from spyware scanners. --Joewski 07:53, 18 July 2007 (UTC)[reply]