25 comments

[ 4.6 ms ] story [ 68.1 ms ] thread
This headline is misleading. Avast did the work. The police just gave the necessary legal approval.
Came here to see this comment. I was incredulous that police could have this sort of specialization.
Irrelevant. If it is authorised by the police, then they did it, and while Avast is the tech people behind it, attributing it to the police is more correct (it could've been some other tech company, but only the police can authorise such an attack).
> Irrelevant. If it is authorised by the police, then they did it, and while Avast is the tech people behind it, attributing it to the police is more correct (it could've been some other tech company, but only the police can authorise such an attack).

Doesn't the government have to authorize this kind of thing in order for it to proceed, as a prerequisite? Do we also say the government IPO-ed when a company IPOs? It can't happen without authorization. Just trying to understand this rationale.

Seems weird to give credit for allowing something versus the actual doing of the thing.

Well I don't know how France works but in the US, no the government doesn't need to authorize this. The police are required to follow the law just like everybody else. A judge could grant some sort of ex-parte legal judgement making an action legal. The police here just said "yeah we don't care." The article says the prosecutors gave the go ahead, my guess is that they said "Yeah we got all the evidence we need, shut her down" and that's what happened.
Cool story, just a tiny nitpick..

> The malware also has wormable properties

Malware doesn't have wormable properties, the bug being exploited to implement the worm is the thing that is 'wormable' in industry parlance. I think what they mean here is that the malware is a worm

I guess "wormable" implies it could duplicate to other computers via command & control instead of just duplicating to every computer it finds, but it's unclear.
I think that's a little pedantic. The wormable properties are the vulnerabilities the malware is exploiting. The vulnerability and malware could both be considered to have wormable properties.
Is this, like, a good thing? What other kinds of exploits are governments going to greenlight for the “good of the people?”
> Is this, like, a good thing? What other kinds of exploits are governments going to greenlight for the “good of the people?”

This is an exploit of the malware though, not some other third-party app that just happened to be on the same box.

Yes, this is a good thing, as long as it's done carefully and is fully limited to running a bot uninstall command. Most bot malware comes with uninstall commands built-in. This kind of thing has been done for decades.
It's good to ask these questions but this is similar to firefighting services accepting all the help they can get in an emergency.
That depends on how libertarian you are :). Unironically, Monero is the ultimate libertarian tool, being an anonymous , decentralised cryptocurrency.
By the time the AV companies get police involved there always seems to be a million infections. I guess they don’t have resources to do this often and locations are disparate, often coming from off limits regions for western police.

Still I often wonder what a well funded and legitimately defensive gov agency could be capable of accomplishing if they wanted to seriously take on this problem.

> By the time police get involved there always seems to be a million infections. I guess they don’t have resources to do this often.

According to the article, the police didn't do much of the actual work -- the police were only involved to give legal approvals necessary for Avast to avoid legal trouble.

Edit: Added the original quoted comment text, OP has since edited

Yeah thanks I tried to clarify. That’s very relevant, that an AV company had to tell them and do everything in the first place.

If they don’t have the advanced skill set needed to shut them down they can always contract it until they develop their own in-house experts.

Loving the fact that Monero tries hard to stick to, one CPU one vote!
Is an interesting line to cross - that a company you have no relationship with can make changes to your machine - admittedly in the name of good.

Imagine that flaw they found turned out to have been a trap and they bricked 850k devices.

Very much like the plot of the black Mirror episode "Hated in the Nation"
(comment deleted)
That's why they do it with careful monitoring and approval from law enforcement. If you tried to do this vigilante-style, no matter how good your intentions, you're asking for trouble.
There was that one guy who intentionally bricked devices.

I feel like being too lazy to update probably means you don’t care anyway.

However _your_ (infected) machine is causing havoc to other machines and infrastructure. The Police would have a right to, say, disable a burglar alarm that doesn't stop after a day, etc. It's the same sort of thing.
Microsoft has done the same in the past, takeover a botnet and the feds went to a judge to get approval to disable it on the infected machines.

It sounds silly in a way but legally seems like a good process.