Not what you were looking for? Ask our experts!
Reply
Regular Contributor
Tech0utsider
Posts: 1,452
Registered: ‎07-29-2008

Policeware

Does Norton detect and block/remove policeware?
=\
Symantec Employee
davecole
Posts: 50
Registered: ‎04-07-2008

Re: Policeware

tech0utsider, what are you defining as "policeware"? if they are using a standard keylogger that we have an antispyware/antivirus definition for, it will certainly be detected. additionally, if it is unknown yet its behavior is sufficiently suspicious, such as hooking the keyboard, then it would be detected and removed by SONAR, our heuristic/behavior-blocking defenses. did you have a specific application in mind?

 

--dave

Super Spyware Scolder
jAW
Posts: 172
Registered: ‎05-19-2008

Re: Policeware

Hi,

 

Note that Norton works locally in the computer. Policeware installed on an internet service providers network to intercept emails and log communication will not be detected by any antivirus/firewall software installed on your computer.

 

For anything running locally on the computer it is as davecole said.

 

jAW

Super Spyware Scolder
jAW
Posts: 172
Registered: ‎05-19-2008

Re: Policeware

[ Edited ]

Hi,

 

As a follow up question for davecole and perhaps a clarification on what the question might have originated from.

 

In the wikipedia article on the link below it is stated that Symantec willingly chose to ignore a trojan created by the FBI (Magic Lantern). What is the current status of the Norton programs toward those government made "threats"?

 

http://en.wikipedia.org/wiki/Magic_Lantern_(software)

 

jAW

 

Looks like the forum does not accept that link, it will remove the last ) which will bring up the wrong page.

Message Edited by jAW on 10-15-2008 06:26 AM
Message Edited by Tony_Weiss on 10-15-2008 09:31 PM
Regular Contributor
Tech0utsider
Posts: 1,452
Registered: ‎07-29-2008

Re: Policeware


davecole wrote:

tech0utsider, what are you defining as "policeware"? if they are using a standard keylogger that we have an antispyware/antivirus definition for, it will certainly be detected. additionally, if it is unknown yet its behavior is sufficiently suspicious, such as hooking the keyboard, then it would be detected and removed by SONAR, our heuristic/behavior-blocking defenses. did you have a specific application in mind?

 

--dave


Government deployed programs and data mining efforts.

=\
Regular Contributor
Tech0utsider
Posts: 1,452
Registered: ‎07-29-2008

Re: Policeware


jAW wrote:

Hi,

 

Note that Norton works locally in the computer. Policeware installed on an internet service providers network to intercept emails and log communication will not be detected by any antivirus/firewall software installed on your computer.

 

For anything running locally on the computer it is as davecole said.

 

jAW


Well won't the two-way firewall detect or at least log suspicious activity?

=\
Super Spyware Scolder
jAW
Posts: 172
Registered: ‎05-19-2008

Re: Policeware


Tech0utsider wrote:

Well won't the two-way firewall detect or at least log suspicious activity?


Hi,

 

No, not since the programs I refer to only are installed on the ISP servers and intercepts traffic rather than trying to connect to your PC. You will not notice this and are pretty much defensless against it, you will have to put your hope to your ISP's security. But then again, it's not much you can do about that type of "threat" and it not likely to be used by someone who only want to hijack a creditcard or something. I do not think it is a problem for "the average Joe".

 

Then you have things like the FRA law in Sweden, that is even worse. If you have something to hide that is. :smileywink:

 

jAW

Regular Contributor
Tech0utsider
Posts: 1,452
Registered: ‎07-29-2008

Re: Policeware


jAW wrote:

Tech0utsider wrote:

Well won't the two-way firewall detect or at least log suspicious activity?


Hi,


...I do not think it is a problem for "the average Joe".

 

jAW


Well thats me. Thanks for the help. 

=\
Symantec Employee
davecole
Posts: 50
Registered: ‎04-07-2008

Re: Policeware

it's an interesting topic and there's no quick answer to your question. the subject matter is admittedly tricky at times and we consider each application on its own merits (i.e. the question is somewhat broad and there's no blanket answer). we look at factors such as the level of disclosure, opt-in/opt-out, privacy impact, system performance/stability impact, and other attributes. 

 

it's been a long time since magic lantern and many things have changed. in truth, dealing with all of the spyware/adware outfits forced us and most security vendors to carefully consider our policies on how we handle programs that are not outright malicious, but are still unwanted or at least unexpected. our end goal is to protect our customers the best we can and give them complete contol over their system. as one example, you'll note that we detect and remove the phorm cookie, which is used by some ISPs for ad targeting.

 

lastly, with heuristics & behavior blocking taking a central role in protection today, the landscape is very different than it was before.even if there was no explicit signature for such a program, if its behavior was objectionable enough the app would still be convicted and removed (unless of course we had reviewed it and explicitly decided to whitelist it).

 

--dave

Regular Contributor
Tech0utsider
Posts: 1,452
Registered: ‎07-29-2008

Re: Policeware


davecole wrote:

it's an interesting topic and there's no quick answer to your question. the subject matter is admittedly tricky at times and we consider each application on its own merits (i.e. the question is somewhat broad and there's no blanket answer). we look at factors such as the level of disclosure, opt-in/opt-out, privacy impact, system performance/stability impact, and other attributes. 

 

it's been a long time since magic lantern and many things have changed. in truth, dealing with all of the spyware/adware outfits forced us and most security vendors to carefully consider our policies on how we handle programs that are not outright malicious, but are still unwanted or at least unexpected. our end goal is to protect our customers the best we can and give them complete contol over their system. as one example, you'll note that we detect and remove the phorm cookie, which is used by some ISPs for ad targeting.

 

lastly, with heuristics & behavior blocking taking a central role in protection today, the landscape is very different than it was before.even if there was no explicit signature for such a program, if its behavior was objectionable enough the app would still be convicted and removed (unless of course we had reviewed it and explicitly decided to whitelist it).

 

--dave


A more specfic question: Does Norton detect fraudlent versions of programs such as Magic Lantern? 

=\