![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||
|
I found more refs and put the detection section (back) in. Does that look more balanced to you? The see also seems ok to provide some more linking to similar geopolitical malware. More categories might also help. Thanks for keeping the standards high, regards Widefox; talk 14:52, 3 September 2012 (UTC)
Could we better define the components:
Is that right? some sources are more lax, which confuses the issue...but we can do better...something like "is a surveillance software toolkit with products FinSpy on the desktop and FinSpy mobile on mobile devices. Widefox; talk 17:03, 3 September 2012 (UTC)
Well… Capturing encrypted data is not surprising nor impressive at all! That would be the case if the software could decrypt it automatically... — Preceding unsigned comment added by 84.168.61.96 ( talk) 17:23, 16 January 2013 (UTC)
Obviously it would capture the encrypted data at the point where the user software is attempting to decrypt it. If this comes through say Windows Update because of some backdoor Microsoft was coerced by the government to put in, it could do that trivially. Only software with completely custom encryption system would stay safe but screen capturing and key logging gets around that. The only completely secure system is one where it works as the user requires from day 1 and won't have any mechanism for running new software (or adding anything on it really, unless you can inspect the update source code or have a network of experts do it) on it - pretty much limited to 1998 style web experience, which TBH was better than web these days for consumption purpose rather than advertising/tracking/privacy invasion which is the real focus of JavaScript and HTML5.
And since there's Big Money & Power behind this spytool, the default assumption should be that if you got infected, you have to trash every component of the computer that has updateable firmware. With enough resources it *does become feasible* to install firmware on various devices (these days devices can have excess memory for the firmware or it could be gained by compression or removal of rarely used code). One of first known examples of this may be the Lamer_Exterminator virus from 1989, if the "reset residency" feature is interpreted to that effect.
Consumers should require Microsoft to have a secure hardware certification for Windows devices that won't take in any new updates (including CPU microcode) unless the user goes to do something extreme like hook in a specially formatted stick with the firmware updates and do the updates inside BIOS, after having requested this while logged on.
https://de.wikipedia.org/wiki/FinFisher explains more details and different names under which it appears. German secret services use a modified version mockingly named "Staatstrojaner" (state trojan) by the German public. There is more to it than meets the eye. — Preceding unsigned comment added by 2003:C0:DF30:6F00:6457:A270:A6F9:46E1 ( talk) 21:18, 15 November 2019 (UTC)