It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by sadisticwoman
(original post by sadisticwoman here)
...But if you use Common Sense 2009, you can use Windows without having to pay for an anti-virus that includes shady executables in their software.
Originally posted by BSndsMPBlk47
I Googled "Common Sense 2009" and "Common Sense 2008." I also checked Sourceforge and Freshmeat. All I can find are torrent downloads.
This discussion has taken an interesting turn. I think the initial issue, the EXE in question, has not yielded any hard evidence of conspiracy or subversion, but the Symantec reaction, and the subsequent investigation by various members here of corporate collusion and such, is very interesting, and should give those who hadn't previously consider such issues pause for thought. The business of maintaining the consumer software ecology is quite an incestuous little symbiosis.
Originally posted by Ian McLean
This discussion has taken an interesting turn. I think the initial issue, the EXE in question, has not yielded any hard evidence of conspiracy or subversion, but the Symantec reaction, and the subsequent investigation by various members here of corporate collusion and such, is very interesting, and should give those who hadn't previously consider such issues pause for thought. The business of maintaining the consumer software ecology is quite an incestuous little symbiosis.
Originally posted by goleminaThe AV software is a SO MUCH MORE DIRECT a pathway... don't you think?
Originally posted by oatie
UGH there seems to be a key logger in the code..odd
I think it may be stealing personal information and sending it to Africa
also the code was written by Mark Russinovich. If anyone cares enough to reasearch him and see his relation to symantec go right ahead.
UGH there seems to be a key logger in the code..odd
I think it may be stealing personal information and sending it to Africa
also the code was written by Mark Russinovich. If anyone cares enough to reasearch him and see his relation to symantec go right ahead.
Originally posted by baahl
I'm going to kick this horse one more time.
Symantec AV runs a kernel mode driver that intercepts everything going to or coming from the drive and I suspect that their firewall software runs a kernel mode network filter... even if not there is basically no protection between drivers so accessing the network or altering the flow of network code (including bypassing winpcap, etc) is trivial from components that they already have deployed and accepted by their user base. By loading a driver from any vendor you are basically saying "I trust you to do whatever you want to my computer".
A (well executed) key logger or data miner running in kernel mode would be invisible from userland and wouldn't show up on a protocol analyzer installed on the machine(an external one would still pick it up).
Driver development is more esoteric and much harder to debug than generic win32 development, which would reduce the number of people who could successfully reverse engineer the software. Further since this software has a much bigger footprint and would be legitimately interacting with all they subsystems required any imaginable form of malware tracking down bad code would be difficult if not impossible...
My point here is that they already have the perfect vector to do whatever malicous thing they want to do. And Magic Lantern, or whatever they are calling it now, is probably also a kernel mode component. So (symantec) sending out user mode malware would be dumb. Of course, everybody knows that the world is full of stupid people so it isn't impossible but it seems extremely unlikely. It is especially unlikely if it is being done in cooperation with the government, because in that case the primary risk is discovery by end users not discovery by other vendors or by law enforcement.
[edit on 12-3-2009 by baahl]
The company pulled the patch after three hours and then unwittingly laid the groundwork for conspiracy theorists after it started deleting forum posts related to the matter. The company was not censoring the posts, but fighting off a spam attack, according to Kyle.
"At the same time we were pulling down the patch a spammer created a new account on our forum and minutes after that there were 200 new users all targeting the same thread," he said. "Within the first hour there were like 600 posts to that thread. Obviously it was a bot creating this."
The posts were written with poor grammar and broken English and some were vulgar and nonsensical. It is possible, though, that Symantec could have inadvertently deleted some legitimate posts while it was purging the spam, Kyle said.
The patch for 2006 and 2007 versions of Norton Internet Security and Norton Antivirus, a program dubbed "PFST.exe," (Product Information Framework Trouble Shooter) was distributed to collect anonymous statistics on matters such as how many computers are using the products and what operating system they are running, Jeff Kyle, group product manager for Symantec consumer products, said Tuesday.
Updated 2:45 p.m. PDT with link to forum site and explanation, Washington Post reporting that hackers created malicious related sites that appear in Google search.