Tool from Amnesty to detect spyware. Can F-Secure?

Advocate

Tool from Amnesty to detect spyware. Can F-Secure?

The big security news today is Amnesty's release of the tool Detekt,  a free tool that scans your Windows computer for traces of known surveillance spyware.

 

"The Detekt software was needed as standard anti-virus programs often missed spying software, it said." in an article.

 

From https://github.com/botherder/detekt/ is says it can find:

    - DarkComet RAT
    - XtremeRAT
    - BlackShades RAT
    - njRAT
    - FinFisher FinSpy
    - HackingTeam RCS
    - ShadowTech RAT
    - Gh0st RAT

 

So the question to F-Secure: Should we use this tool or is F-Secure software capable of detecting these?

 

http://www.amnesty.org/en/news/detekt-new-tool-against-government-surveillance-questions-and-answers...

https://resistsurveillance.org/

https://github.com/botherder/detekt/releases/latest

3 REPLIES 3
Superuser

Re: Tool from Amnesty to detect spyware. Can F-Secure?

I guess another question might be, is Detekt compatible with F-Secure, and indeed, other AV vendors' products?
Highlighted
Regular Member

Re: Tool from Amnesty to detect spyware. Can F-Secure?

BBC raises questions about it:

 

Prof Alan Woodward from the University of Surrey, who advises governments on security issues, wondered how easy it would be for Amnesty and its partners to maintain Detekt.

"It's not really their core business," he said. "Are they going to keep updating the software because the spyware variants change daily?"

He also questioned how useful it would be against regimes that used specially written software rather than commercial versions that were well known and documented.

Advocate

Re: Tool from Amnesty to detect spyware. Can F-Secure?

Haven't heard of any compatibility issues other than for Windows 8.1 64-bit, which might be solved by setting compatibility mode to Windows 7 or 8 for the program.

 

It's a portable program with all dependencies included in the exe file (26 MB).

No detections on Virustotal so far. Latest Virustotal report for Detekt 1.6 which currently is the latest:

https://www.virustotal.com/en/file/d834b02a19ef243fddc78b594278328500c5ff27ecff2ddb94b4649fcdbfec95/...

 

An interesting change from the first versions is that now it says it can (only) detect these:

  • FinFisher FinSpy
  • HackingTeam RCS