Two words: Magic Lantern. The scariest paragraph in the article:
At least one antivirus software company, McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn’t inadvertently detect the bureau’s snooping software and alert a criminal suspect.
Needless to say, I won’t be using McAfee’s antivirus software on my computers.
The weird thing is that a system like this relies on poor security on the victim’s machine in order to be installed successfully. Does this mean that the FBI, which is responsible for investigating and fighting some computer-related crime, has an incentive not to help vendors find and close security holes? If the FBI relies on a particular buffer overflow to implant their trojan on the computers they want to snoop, do they keep the vendor in the dark or encourage them to leave the security hole in their software? This approach is fraught with major problems …