[TriLUG] spyware

Mike M linux-support at earthlink.net
Sat Apr 17 10:18:20 EDT 2004


On Sat, Apr 17, 2004 at 09:00:32AM -0400, sholton wrote:
> >On Fri, 2004-04-16 at 15:25, Mike M wrote:
> 
> >Well, decide right now, how paranoid you need to be.
> 
> It's useful, in discussions such as these, to consider the
> challence from the mal-war writer's point of view.
> 
> There are different strategies if I am targeting you or 
> if I am targeting 'just anyone'.
> 
spyware is often the work of an insider.

It seems with spyware the stakes are higher and that you
may be targeted either specifically or as part of a dragnet
operation.  If you're managing
sensitive data or large amounts of money, your paranoia 
should increase. 

*nix permissions are useless with spyware.  A browser that logs
keystrokes and outputs collected information that is the result of
either the upstream developer's or the package maintainer's intent
is not probable but still possible.

This is all pretty high paranoia stuff I'm considering.  Identity
theft was the intent of a local bank holdup recently, so that tells
you that the evil ones are going to incredible lengths to
upset all the new networked conveniences.  In light of this it seems 
that we should feel paranoid.

The live-cd model offers a relatively 
easy way to simply avoid spyware when your paranoia feelers
are tingling.  The only problem is getting high trust software
on the live-cd.  Of course the software must be open source. I'd
like to see the OpenBSD process and mindset applied to that
source.  Since this model is vapor at this time, the alternative
is to trust a certain Knoppix CD and just stick with it.
-- 
Mike

Moving forward in pushing back the envelope of the corporate paradigm.



More information about the TriLUG mailing list