Policeware

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

tech0utsider, what are you defining as "policeware"? if they are using a standard keylogger that we have an antispyware/antivirus definition for, it will certainly be detected. additionally, if it is unknown yet its behavior is sufficiently suspicious, such as hooking the keyboard, then it would be detected and removed by SONAR, our heuristic/behavior-blocking defenses. did you have a specific application in mind?

 

--dave

Hi,

 

Note that Norton works locally in the computer. Policeware installed on an internet service providers network to intercept emails and log communication will not be detected by any antivirus/firewall software installed on your computer.

 

For anything running locally on the computer it is as davecole said.

 

jAW

Hi,

 

As a follow up question for davecole and perhaps a clarification on what the question might have originated from.

 

In the wikipedia article on the link below it is stated that Symantec willingly chose to ignore a trojan created by the FBI (Magic Lantern). What is the current status of the Norton programs toward those government made "threats"?

 

http://en.wikipedia.org/wiki/Magic_Lantern_(software)

 

jAW

 

Looks like the forum does not accept that link, it will remove the last ) which will bring up the wrong page.

Message Edited by jAW on 10-15-2008 06:26 AM
Message Edited by Tony_Weiss on 10-15-2008 09:31 PM

davecole wrote:

tech0utsider, what are you defining as "policeware"? if they are using a standard keylogger that we have an antispyware/antivirus definition for, it will certainly be detected. additionally, if it is unknown yet its behavior is sufficiently suspicious, such as hooking the keyboard, then it would be detected and removed by SONAR, our heuristic/behavior-blocking defenses. did you have a specific application in mind?

 

--dave


Government deployed programs and data mining efforts.


jAW wrote:

Hi,

 

Note that Norton works locally in the computer. Policeware installed on an internet service providers network to intercept emails and log communication will not be detected by any antivirus/firewall software installed on your computer.

 

For anything running locally on the computer it is as davecole said.

 

jAW


Well won't the two-way firewall detect or at least log suspicious activity?


Tech0utsider wrote:

Well won't the two-way firewall detect or at least log suspicious activity?


Hi,

 

No, not since the programs I refer to only are installed on the ISP servers and intercepts traffic rather than trying to connect to your PC. You will not notice this and are pretty much defensless against it, you will have to put your hope to your ISP's security. But then again, it's not much you can do about that type of "threat" and it not likely to be used by someone who only want to hijack a creditcard or something. I do not think it is a problem for "the average Joe".

 

Then you have things like the FRA law in Sweden, that is even worse. If you have something to hide that is. :smileywink:

 

jAW


jAW wrote:

Tech0utsider wrote:

Well won't the two-way firewall detect or at least log suspicious activity?


Hi,


...I do not think it is a problem for "the average Joe".

 

jAW


Well thats me. Thanks for the help. 

it's an interesting topic and there's no quick answer to your question. the subject matter is admittedly tricky at times and we consider each application on its own merits (i.e. the question is somewhat broad and there's no blanket answer). we look at factors such as the level of disclosure, opt-in/opt-out, privacy impact, system performance/stability impact, and other attributes. 

 

it's been a long time since magic lantern and many things have changed. in truth, dealing with all of the spyware/adware outfits forced us and most security vendors to carefully consider our policies on how we handle programs that are not outright malicious, but are still unwanted or at least unexpected. our end goal is to protect our customers the best we can and give them complete contol over their system. as one example, you'll note that we detect and remove the phorm cookie, which is used by some ISPs for ad targeting.

 

lastly, with heuristics & behavior blocking taking a central role in protection today, the landscape is very different than it was before.even if there was no explicit signature for such a program, if its behavior was objectionable enough the app would still be convicted and removed (unless of course we had reviewed it and explicitly decided to whitelist it).

 

--dave


davecole wrote:

it's an interesting topic and there's no quick answer to your question. the subject matter is admittedly tricky at times and we consider each application on its own merits (i.e. the question is somewhat broad and there's no blanket answer). we look at factors such as the level of disclosure, opt-in/opt-out, privacy impact, system performance/stability impact, and other attributes. 

 

it's been a long time since magic lantern and many things have changed. in truth, dealing with all of the spyware/adware outfits forced us and most security vendors to carefully consider our policies on how we handle programs that are not outright malicious, but are still unwanted or at least unexpected. our end goal is to protect our customers the best we can and give them complete contol over their system. as one example, you'll note that we detect and remove the phorm cookie, which is used by some ISPs for ad targeting.

 

lastly, with heuristics & behavior blocking taking a central role in protection today, the landscape is very different than it was before.even if there was no explicit signature for such a program, if its behavior was objectionable enough the app would still be convicted and removed (unless of course we had reviewed it and explicitly decided to whitelist it).

 

--dave


A more specfic question: Does Norton detect fraudlent versions of programs such as Magic Lantern? 

i believe the answer would be yes but i’m admittedly not 100% certain what you’re referring to. do you have a specific program you are concerned about or a link to web page?


davecole wrote:
i believe the answer would be yes but i'm admittedly not 100% certain what you're referring to. do you have a specific program you are concerned about or a link to web page?

No. I am just wondering if Norton can detect legit versions over counterfeit versions exploited for illegal data mining.