F-Secure says "NO!" to Government Trojans Backdoors / Survillence Malware
Hi All,
Hope this makes everyone clear.
Check this site out as well.
http://www.f-secure.com/weblog/archives/letter-to-antivirus-companies.pdf
Does F-Secure's antivirus turn a blind eye to spook spyware? CEO hits back Malware is malware, says top Finn
Antivirus maker F-Secure has responded to privacy campaigners' concerns over the handling of spook-grade surveillance malware – by insisting its security software slays government spyware wherever it can.
In an open letter to the Bits of Freedom team, F-Secure president and chief exec Christian Fredrikson said his firm stands by its 2001 vow to not discriminate in favor of intelligence agencies when block potentially malicious code.
Earlier this month, the campaigners wrote [PDF] to F-Secure, which headquartered in Helsinki, Finland, demanding to know if the biz had "ever been approached ... by a government requesting that the presence of specific software is not detected, or if detected, not notified to the user of your software."
Now Fredrikson has shot back: "If we would be approached by a government asking us not to detect a specific piece of malware, we would not comply with their request.
"To us, the source of the malware does not come into play when deciding whether to detect malware."
The letter sent by the privacy warriors was part of an open call to antivirus vendors to disclose their policies.
The campaign, backed by top computer security expert Bruce Schneier, asked companies to come clean on whether they would turn a blind eye to a particular strain of spyware should a government ask.
According to Fredrikson, the company has in fact encountered government-sponsored malware samples. The firm cited the 2011 saga of R2D2, a secretive package that was allegedly deployed by German police to listen in on VoIP calls.
Once detected, however, the firm said that it grants no special favors to the g-men's software. Fredrikson denied that F-Secure has ever been asked by government agencies to allow spyware through its security checks.
"If it's malware, we will protect our customers from it. Our decision-making boils down to a simple question: would our customers run this program on their system or not," the F-Secure boss continued.
"Obviously the answer for governmental trojans would be a 'no'." ®
Comments
-
PDF excerpt. Base on the given URL:-
http://www.f-secure.com/weblog/archives/letter-to-antivirus-companies.pdf
Re: Your policy on the use of software for the purpose of state surveillance
Amsterdam, 25 October 2013
Dear X,
We, the undersigned, an international coalition of digital rights organizations and
supported by academics, are writing to you to express the concerns of worried
citizens who entrust you with the security of their computer systems.
Several governments are planning to grant or have granted law enforcement with
the authority to remotely break into computers, both foreign and domestic, in
order to conduct surveillance in the course of investigations. In order to
adequately breach the security of users' personal computers, law enforcement
agencies must exploit vulnerabilities in users' software and install malware that
will collect data from the targeted computers.
As a manufacturer of anti virus software, your company has a vital position in
providing security and maintaining the trust of internet users as they engage in
sensitive activities such as electronic banking. Consequently, there should be no
doubt that your company's software provides the security needed to maintain this
trust.
The consumers and companies whose systems you protect should be able to rely
on the detection and removal of viruses and malware, regardless of their origin.
Therefore, we would like to ask you to clarify your policy on this subject. More
precisely we would appreciate a response to the following questions:
1. Have you ever detected the use of software by any government (or state
actor) for the purpose of surveillance?
2. Have you ever been approached with a request by a government,
requesting that the presence of specific software is not detected, or if
detected, not notified to the user of your software? And if so, could you
provide information on the legal basis of this request, the specific kind of
software you were supposed to allow and the period of time which you
were supposed to allow this use?
3. Have you ever granted such a request? If so, could you provide the same
information as in the point mentioned above and the considerations which
led to the decision to comply with the request from the government?
4. Could you clarify how you would respond to such a request in the future?
Please let us know if you feel that you cannot, or cannot fully,
answer any of the above questions because of legal constraints imposed upon you
by any government. If you feel you cannot answer any of the questions above,
please reply "no response" to this question.
Your response on this matter would be greatly appreciated. Please send your
answer before the 15th of November 2013 to the office of Bits of Freedom.
Yours sincerely,
• Access - International
• Article 19 - UK
• Axel Arnbak – Netherlands
• Bits of Freedom – Netherlands
• Bart Jacobs – Netherlands
• Bruce Schneier – US
• Claudio Guarnieri – Italy
• Digital Courage – Germany
• Digitale Gesellschaft e.V. – Germany
• Föreningen för Digitala Fri- och Rättigheter (DFRI) – Sweden
• DRI – Ireland
• European Digital Rights (EDRi) – Europe
• E.J. Koops – Netherlands
• Electronic Frontier Foundation – United States
• Free Press Unlimited – Netherlands
• Internet Protection Lab – Netherlands
• ISOC – Netherlands
• Iuridicum Remedium - Czech Republic
• Jaap-Henk Hoepman - Netherlands
• Netzpolitik.org – Germany
• Open Rights Group – UK
• Panoptykon Foundation – Poland
• Privacy International – UK
• Privacy First – Netherlands
• Vrijschrift / ScriptumLibre– Netherlands
-
URL:- http://www.bof.nl/bof_uk.html
About Bits of Freedom
Activities - International network - Board - Recommendation Committee
ACTIVITIES
Since January 2003, Bits of Freedom co-ordinates the publication of EDRI-gram, a biweekly newsletter in English about privacy and civil rights in Europe. EDRI-gram is made under responsibility of European Digital Rights, a European umbrella-organisation of 16 privacy and digital rights organisations from 10 European countries.
Since autumn 2001 Bits of Freedom publishes a (Dutch) digital newsletter with national news about privacy and digital civil rights, from a legal, political or technical viewpoint. Topics are dealt with in depth in a series of dossiers (only available in Dutch).
In order to promote and enhance public awareness of privacy and digital civil rights, Bits of Freedom gives lectures at conferences, organises workshops and organises its own events.
From March to May 2004 Bits of Freedom raised attention for the fact that the Dutch e-voting equipment, manufactured by Nedap and used for many years by almost 80% of the Dutch voters is based on closed source, without a paper trail. The government of Ireland invested 40 million Euro in Nedap voting equipment, with the purpose of using it for the first time in the European and local elections on 10 June 2004.
Thanks to a successful appeal on the freedom of information, the Irish citizens for trustworthy e-voting managed to obtain copies of tests on the reliability and accuracy of the equipment, carried out by security firm Zerflow in 2002. The tests were not encouraging, showing in some versions the votes were actually counted with the help of MS Access 97, a product for which Microsoft discontinued the support in 2001.
After fierce public debate, the Irish government set up the Independent Commission on Electronic Voting to review the secrecy and accuracy of the Nedap system. In its report, published on 1 May 2004, the commission concludes "that it is not in a position to recommend with the requisite degree of confidence the use of the chosen system at elections in Ireland in June 2004". "[..] the Commission has not been able to satisfy itself as to the accuracy and secrecy of the system [..]".
The Irish government cancelled the use of the e-voting equipment after that, but the Dutch responsible minister declined any relevance for the Dutch situation. When it comes to internet voting, the appeal for transparency was more successful; on 21 June 2004 the Ministry of Internal Affairs announced this software will be released under a GNU/GPL license.
Bits of Freedom published a detailed annual report about 2003, including a financial overview. This report is only available in Dutch.
In October 2003 Bits of Freedom organised the second presentation of the Dutch Big Brother Awards. Since 1998, over forty ceremonies have been held in sixteen countries. Privacy and civil liberties groups have given out hundreds of awards to some of the most powerful government agencies, individuals and corporations in those countries.
The Big Brother Awards are generally given to government agencies, private companies and individuals that have excelled in the violation of privacy in their country. In the Netherlands in 2003, the winners were:- Minister of Justice Piet Hein Donner, for seeming to have a personal mission in the destruction of the right to privacy. "Isn't it so that Donner repeatedly mentions the necessity of a shift in the balance between privacy and safety? Isn't the same Minister of Justice a dedicated promoter of mandatory identification for new-born babies (be it that the age by now is 14 years)?", said member of the jury Lodewijk Asscher;
- Several major lawyer firms that have used the services of investigation office Mariendijk to extract very privacy-sensitive information from banks and social security offices under false pretence;
- The Immigration and Naturalisation Service for the storage of all e-mails of all employees for an undetermined period of time.
- The legal proposal to introduce compulsory identification for all persons from the age of fourteen.
Other members of the European association EDRI supported the campaign by translating the model-letter in their language, and making national inquiries. In Austria and Belgium similar actions took place at the airports. More infomrmation about this campaign is available in English via the EDRI-website.
Other succesful actions of Bits of Freedom were: a campaign against the European Copyright Directive, Spot the Cam and the presenation of the Big Brother Awards.
In autumn 2002, Bits of Freedom organised a campaign against the (Dutch transposition of) the European Copyright Directive. The campaign brought together a large number of lawyers, cryptographers, representatives of computer user groups, universities and libraries and was aimed against the ban on circumvention of technical measures to protect film and music.
In the campaign, that resulted in an extra round of parliamentary questions for the Minister of Justice, Bits of Freedom demanded attention for the fact that the law wasn't just going to forbid breaking digital locks to make illegal copies, but that the proposed law would also make it illegal to make a perfectly legal private copy, once the material was protected.
Another example of an event that attracted a lot of media-attention for Bits of Freedom in 2002 was Spot the Cam. This was a short campaign in October 2002 with the purpose of making the public look back at the ubiquitous surveillance camera's. As part of the street-furniture, camera's have become invisible. During the campaign, a number of volunteers walked through the inner-city of Amsterdam, equipped with a digital camera and a sketchbook to write down the exact location andany other possibly relevant information. The locations were then entered onto a digital map of Amsterdam, showing at least 300 surveillance camera's. One of the main conclusions of the project was that the operators of the cams are highly invisible, and that it is unclear what happens with the images.
In February 2002 Bits of Freedom organised the first presentation of the Dutch Big Brother Awards, following other annual international presentations by privacy and civil liberties groups in the United Kingdom, the United States, Austria, Germany, Switzerland, France, Hungary and Denmark.
The Big Brother Awards are generally given to government agencies, private companies and individuals that have excelled in the violation of privacy in their country. In the Netherlands in 2002, the winners were:- The National Institute of Public Health and Environment for storing identifiable blood samples of 1,4 million children without parental consent;
- The Netherlands Organisation for Applied Scientific Research (TNO) for the development of the Automatic Aggression Detection video processing software which was demonstrated by TNO using video footage of the uprising against Milosevic in Belgrade;
- The State Secretary of Transport, Public Works and Water Management Monique de Vries for breaking open an EU compromise on data retention for telecommunication companies;
- The Commission Mevis for proposing far-reaching demands on banks, insurance companies and telecommunication companies to track, store and disclose customer data for law enforcement
INTERNATIONAL NETWORK
Bits of Freedom is a founding member of European Digital Rights, an association of 16 privacy and civil rights groups from 10 different European countries. The collaboration is important to expand activities in Brussels to defend civil rights in the information society focussing on data retention, privacy, the impact of anti-terrorism measures on freedom, copyright, freedom of speech and spam. Since November 2003, EDRI has a director EU-affairs, based in Brussels. Andreas Dietl acts as consultant and ambassador for European Digital Rights, attends relevant meetings, workshops and conferences, and reports about recent developments in EDRI-gram. At the second annual assembly in Berlin on 10 June 2004, 2 new members were admitted from Germany, and a new board was elected with Ian Brown as president (UK), Rikke Frank Jørgensen (Denmark, vice-president), Andreas Krisch (Austria, treasurer), Lena Nalbach (Austria) and Sjoera Nas (Bits of Freedom, Netherlands).
Bits of Freedom is also member of GILC, the Global Internet Liberty Campaign, a coalition of some 65 privacy and civil liberty groups from Europe, North- and South America. Finally, BOF also works together on an ad-hoc basis with the American Civil Liberties Union (ACLU) and with the Electronic Privacy Information Center (EPIC).
BOARD
Bits of Freedom was founded as a non-profit organisation on 1 April 2000. Since that time, the board is made up of Karin Spaink, Johan 'Julf' Helsingius and Frank Kuitenbrouwer.
Karin Spaink
Karin Spaink is an author and column-writer. About her involvement with digital civil rights, she says:
"In the middle of 1995, I got involved with civil rights issues on the net, basically because Scientology raided my provider over a homepage that one of their customers had put on-line. That raid brought about a whole cascade of questions: are homepages the responsibilty of their makers, or of those through which systems they are served? Are internet providers to be regarded as publishers, or as common carriers? Is a complaint enough on the net to make a provider pull a page? How does censorship on the net work?
Through these questions, I became involved in freedom of speech issues. Meanwhile, I have learned a lot about the net, won two court cases concerning it, write and lecture about the net quite regularly, and have become involved in various organisations who strive to put the net to a political and educational use, to educate people about the net, or to define and defend civil rights on the net."
Johan Helsingius
Johan 'Julf' Helsingius has during the past 20 years built a reputation as renowned I~T, network and internet-pioneer. He was involved in the founding of the first business provider in Finland and involved in the construction of the first network-connections of the first pan-European provider, EUnet. Until it's demise in 2002, Helsingius was CTO (Chief Technology Officer) of KPN Qwest. Amongst internet users, Helsingius is best known as the founder of the anonimous relay-service for e-mail, anon.penet.fi. Under immense legal pressure, he was forced to close down the gateway in 1996.
Frank Kuitenbrouwer
RECOMMENDATION COMMITTEE
Bits of Freedom is proud of its Recommendation Committee, made up of experts with a legal or managerial background and high level of involvement.The committee currently consists of 8 members.
Bert Bakker, Member of Parliament for the social-liberal party (D66) since 1994 and spokesperson ICT and Media.
Prof. Mr. Egbert J. Dommering, Director of the Amsterdam Institute for Information Law (IViR), and managing partner of Stibbe Lawyers in Amsterdam.
Fred Eisner, management consultant for internet businesses, expert in public administration. Former chairman of the association of dutch internetproviders (NLIP) and founder of EURO-ISPA.
Herman van Gunsteren, professor of political theory and legal philosophy at Leiden University. He has written extensively on citizenship, the role of conflict and the demise of politics and is fascinated by the interplay between values, visions, and the ongoing transformation of political regimes.
Paul Kuypers, writer and culture critic. Former director of political and cultural debating centre De Balie in Amsterdam.
Bert Mulder, consultant for IT-issues. Founder of the thinktank 'InformatieWerkPlaats'. Mulder regularly lectures both in the Netherlands as well as internationally, has several academic fellowships and organises many strategy-meetings for managementteams.
Alexander Patijn, worked for the Ministry of Justice. He represented The Netherlands in many international meetings and negotiations of the European Union, the Council of Europe and the ICAO. He has been particularly involved in the preparation of legislation on computer crime and privacy.
Doke Pelleboer, CEO of internet provider XS4ALL since the summer of 2001. Before he was a member of the managementteam of the business-line Internet services van KPN Telecom, the national telephony incumbent.
Jit Peters, professor of constitutional law and former Dean of the Faculty of Law of the University of Amsterdam.
Professor Corien Prins, professor Law and Information Science at the faculty of law of Tilburg University. In her research, Prins concentrates on electronic commerce, privacy and anonimity, agents, and starting points for IT policy.
Beate Rössler, teacher at the Metaphysics group of the faculty of Humanities of the University of Amsterdam. Rössler studied philosophy in Tuebingen, Germany, London, Oxford and Berlin and promoted in 1998 at the Berlin Free University. Her most recent publication is Der Wert des Privaten (Frankfurt: Suhrkamp 2001). -
Because ....
F-SECURE
WE WILL PROTECT YOU!
http://www.youtube.com/watch?v=zox2tRYK2M0&feature=player_embedded
-
We Protect You: Timo Hirvonen, Anti-malware Analyst
This is a guest post from an expert from F-Secure Labs. Enjoy!
My name is Timo Hirvonen and I work in the F-Secure Labs as Anti-malware Analyst. I have two major areas of focus in my work: exploit prevention and F-Secure DeepGuard.
Exploit analysis and prevention is my passion, and I love the challenge it offers.
I find fighting against exploits important; nowadays exploit kits are the main infection vector so no matter how safely and wisely you browse you might still get infected. By stopping the exploits, we block the attacker from executing any code on the victim’s computer, which in turn protects against many kinds of threats: ransomware, banking trojans – you name it.
The second cool part of my job is working with the F-Secure DeepGuard technology. I try my best to make sure it offers our Security Response the best possible tools to fight current and also future malware. The main idea behind DeepGuard is simple but extremely powerful: it monitors the behavior of unknown applications. Modern malware evolves quickly, and often each user gets infected by a unique copy of the malware. This poses a challenge for traditional detection technologies.
For DeepGuard, however, this is not a problem since there is one trait that all malware have in common: they exhibit malicious behavior. It is really an awesome technology, and we have had great results in protecting our users from serious threats like the infamous banking trojan Zeus.
Working in the F-Secure Labs was a dream of mine even as a teenager. I have now been with F-Secure for little over two years, and I can say it feels great to first work hard with all the talented the people in the Labs to solve some challenge, and then get the reward of seeing the fruit of your labor protecting all our users out there.
I can truly say that my job is a dream come true.
You can try out Deep Guard as part of our Internet Security 2013
-