Malware to fight crime? AV companies say no

Software tools designed to watch users probably violate German user rights

What if the good guys started using the tools of the bad guys to catch the bad guys, but other good guys stopped them from doing that?

German police officials have expressed interest in developing software tools to help them watch computer users who may be involved in crime. The tools might include types of software similar to those used in online fraud and theft schemes, such as programs that record keystrokes, logins, and passwords. Security companies, however, are asserting that they wouldn't make exceptions to their software to accommodate, for example, Trojan horse programs planted by law enforcement on users' computers.

Magnus Kalkuhl, a virus analyst with Kaspersky Lab Ltd., said on Thursday at CeBIT that Germany confirmed in January it plans to invest €200,000 (US$264,000) in the idea and fund two programmers. The project has been informally dubbed the "Bundestrojaner," which translates literally from German to English as "Federal Trojan."

Two recent court rulings in Germany, however, have thrown doubt on whether use of such technology -- without knowledge of the targeted users -- would comply with German law regarding searches, Kalkuhl said.

Germany's Chaos Computer Club said last month it opposes the government program and such online searches and monitoring violate a user's fundamental rights.

The issue may be moot if online criminals use antivirus or antimalware security software, which are designed to detect Trojan horses and viruses and scrub them from a machine.

While it could be compelled to help law enforcement with changes in the law, Kaspersky wouldn't modify its software to allow a clandestine police program to infect a computer. Such a change would be at odds with what its software is intended to do, Kalkuhl said.

"The decision is based on what the program does, not who wrote it," Kalkuhl said at CeBIT.

F-Secure Corp., a security company based in Helsinki, decided in 2001 that it also wouldn't modify its software at the request of law enforcement, said Mikko Hypponen, chief research officer. For example, granting an exception for French police would open a door to requests from other countries, he said.

"Where would you draw the line?" Hypponen said. "We are not going to draw the line at all."

Copyright © 2007 IDG Communications, Inc.

How to choose a low-code development platform