USS Clueless Stardate 20010604.1739

  USS Clueless

             Voyages of a restless mind

Main:
normal
long
no graphics

Contact
Log archives
Best log entries
Other articles

Site Search

Stardate 20010604.1739 (On Screen): I've been asked to comment on this story, about a "law enforcement tool" colorfully known as D.I.R.T. (Data Interception by Remote Transmission). What you're looking at here differs little from Backdoor SubSeven and its kin (like Back Orifice). It also represents about as much of a threat (which is considerable, if and only if you're stupid).

From a legal standpoint, this tool violates Federal Law, and I believe simply offering it is a felony, even if it's being offered only to law enforcement authorities. (I spent twenty minutes trying to find a summary of the relevant law and couldn't, so I may be wrong about this.) Even if that's so, I don't anticipate any prosecutions here, since the law is applied a bit selectively sometimes.

I do know for certain that this could not legally be used even by a law enforcement agency without a search warrant. (I'm not certain it's legal even with one. A warrant doesn't give a cop the right to commit any arbitrary felony.) Any information gotten using it without a warrant would be inadmissable in a court of law, and if the violation of civil rights was sufficiently grievous the entire case could be dismissed.

But the real question is the how much of a danger it represents to each of us, and it has to be understood that the best defense against this is essentially the same as against any major trojan: never run any executable you receive by email (even if from someone you know well, because it may have been sent from their machine without their knowledge). Despite the claims that D.I.R.T. can be embedded in Word documents and Excel spreadsheets, any modern version of Office now contains protections which ask you if you want to run code before it actually gets used. Always say "no". (And how many child-porn-freaks send Excel spreadsheets to each other, anyway?) Equally, if someone sends you, say, "Anna_K_nude.jpg.exe", it's not generally a good idea to run it in hopes of seeing a bit of jailbait skin.

But if you're running Win 95/98/ME and are really paranoid, then you shouldn't be running Win 95/98/ME. Upgrade to Win2K or WinXP and (this is important) do not routinely run as "administrator". If a non-administrator inadvertantly tries to run something infected with a trojan, the trojan would fail its install with a security violation. This applies equally to email attachments, embedded code in .DOC files, autostart code on a CD, or anything whatever. No matter what the encapsulation, for this or any such trojan to work it has to invade system files, and as a non-administrator you (and any program you inadvertantly run) are not permitted to do so.

The third defense is to use an external firewall. Despite their claims to be able to disable soft firewalls on the particular computer (about which I'm more than doubtful) there's nothing they can do to an external firewall.

I'm really not very impressed with this whole thing, actually. But perhaps that's because I understand a bit about marketing fluff. Anyone selling something always tries to make it seem bigger and more important than it really is, especially if it's being pitched to people who are not technically sophisticated.

Update: it turns out to be a scam, anyway. (discuss)

Captured by MemoWeb from http://denbeste.nu/entries/00000040.shtml on 9/16/2004