- (Reuters) - Antivirus software vendors said Monday they
don't want to create a loophole in their security products to let the FBI
or other government agencies use a virus to eavesdrop on the computer communications
of suspected criminals.
-
- Under a project code named "Magic Lantern,"
the U.S. Federal Bureau of Investigation is creating an e-mail-borne virus
or Trojan horse that hides itself on the computer and captures all keystrokes
made, including passwords that could be used to read encrypted mail, according
to a report on MSNBC in November.
-
- Despite subsequent reports to the contrary, officials
at Symantec and Network Associates said they had no intention of voluntarily
modifying their products to satisfy the FBI. Spokesmen at two other computer
security companies, Japan-based Trend Micro and the U.S. subsidiary of
U.K.-based Sophos made similar statements.
-
- All four antivirus companies said they had not contacted
or been contacted by the U.S. government on the matter.
-
- The FBI declined to confirm or deny the report about
"Magic Lantern," when it was first published by MSNBC and a spokesman
was not available for comment Monday.
-
- "We're in the business of providing a virus-free
environment for our users and we're not going to do anything to compromise
that security," said Tony Thompson of Network Associates.
-
- "Symantec's first priority is to protect our customers
from malicious and illegal attacks," Symantec Chief Executive John
W. Thompson said in a statement. "We have no intention of creating
or leaving a hole in our software that might compromise that security."
-
- If antivirus vendors were to leave a hole for an FBI-created
Trojan horse program, malicious hackers would try to exploit the hole too,
experts said.
-
- "If you leave the weakness for the FBI, you leave
it for everybody," said Fred Cohen, an independent security expert
and digital forensics professor at the University of New Haven.
-
- From the industry perspective, leaving a hole in antivirus
software would erode public confidence and damage the reputation of the
vendor, sending customers to competing companies, the vendors said.
-
- The government would have to convince all antivirus vendors
to cooperate or the plan wouldn't work, since those not cooperating would
have a market advantage and since they all share information, a Symantec
spokeswoman said.
-
- "The thought that you would be able to convince
the industry as a whole to do this is kind of naive," she said.
-
- Symantec and Networks Associates, both of which have
investments in China, would not jeopardize their footings in that market,
said Rob Rosenberger, editor of Vmyths.com, a Web site that debunks virus
hoaxes.
-
- "If (the Chinese) thought that the company was a
tool of the CIA, China would stop using those products in critical environments,"
Rosenberger said. "It is in the best interest of antivirus vendors
not to heed the call of the FBI."
-
- "We always try to cooperate with the authorities
when it's appropriate. Having said that, our No. 1 goal is to protect our
customers," said Barbara Woolf of Trend Micro. "I've heard reports
that the government is upset this got out and is going back to the drawing
board."
-
- Appeasing the U.S. government would be difficult for
vendors that have parent companies and customers outside the United States,
they said.
-
- "If the laws of the land were to change to permit
this kind of activity, then we would abide by the law," said David
Hughes, president of Sophos' U.S. subsidiary.
-
- But "how would a vendor provide protection for customers
outside of the specific jurisdiction?" Hughes said. "If we were
to do this for the U.S. government we'd also have to do it for the government
of any other nation that would want to do something similar."
-
- Copyright © 2001 Reuters Limited. All rights reserved.
|