Thursday, August 21, 2008

Beware Good Spyware or "The road to hell is paved with good intentions"

A new anti-piracy software solution was recently presented in this article.

Marketed as "an intelligence gathering tool", the described software "rather than trying to prevent unauthorized use of software, collects data on how and where it is used, and then stealthily sends it back to the software's maker".

Oh, dear. The old phantoms of AV industry keep coming back over and over again in the form of good worms, good spyware, and "white-listing" panacea against all the bad guys.

To better understand this one, it might help recalling the Magic Lantern key logger, developed by FBI.

At that time, it was reported that "other proposed high-technology responses to the threat of terrorism are coming from industry, Congress and elsewhere ... a controversial system installed on a criminal suspect's computer by the government to capture the encryption passwords of a criminal suspect is nearing its second phase; the F.B.I. has acknowledged that it is developing a similar monitoring system, called Magic Lantern, that could be installed remotely."

Sounds familiar, doesn’t it? Just a different "good intention".

Indeed, exactly as St. Bernard of Clairvaux (circa 1150) once said "L'enfer est plein de bonnes volontés ou désirs".

And yeah, just to recall what was the professional response to the Magic Lantern idea (Graham Cluley, Sophos Anti-Virus Inc.): "We have no way of knowing if it was written by the FBI, and even if we did, we wouldn’t know whether it was being used by the FBI or if it had been commandeered by a third party."