45 comments

[ 2.6 ms ] story [ 79.8 ms ] thread
How would this protect against a rootkit?
The program can not be disabled or uninstalled once it is locked, even if you are an administrator. The only way to disable or uninstall the program is with the password that was set to block the webcam.
I don't believe that. If you're administrator, then by design you have access to pretty much "everything", unless your code is running as SYSTEM, or something crazy like that.

iana windows user but this is not passing the smell test.

Also, how does it handle rootkits?

Try to uninstall it without unlocking it first and let me know how you make out. It's a free download. This was done by design for parental control reasons.
Don't have a Windows box, but sounds like fun discovering how to disable it.

* If locked, I assume it prevents access even by changing the USB port?

* Does it prevent other use of the USB ports (flash drives, etc)?

* Does it prevent all cameras, or just the camera identified while the software was running?

* If locked, I assume it prevents access even by changing the USB port? Yes

* Does it prevent other use of the USB ports (flash drives, etc)? No

* Does it prevent all cameras, or just the camera identified while the software was running? Prevents all cameras.

Keylogger?
No keylogger protection for the password, that's in the works for the next version.
So if I boot off a LiveCD and mount the hard drive without starting Windows, what's stopping me from locating and removing this application?
That's the only way to uninstall it without the password.
Would you be willing to back up that claim by offering some cash (I suggest at least $2500) to whoever can prove you wrong?
That the program can not be uninstalled once it is locked?
More generally, that it cannot be disabled/bypassed short of using a boot disk. A "winner" should be able to turn the webcam on without the password when run with administrator privileges.
I am probably just going to give the product away for free, but continue to support it. If any bugs are found I will patch them.

If I decide to continue monetizing the product I will definitely consider the contest. Thanks for your feedback.

(comment deleted)
Maybe it encrypts part of the webcam driver? This still would not be effective, though.
Does anything protect against a rootkit?

(seriously asking)

Every method requires an entry point. Like re-flashing an device requires an uncompromised bootloader. You would need an entry point very close to the hardware.

I would say its possible, but not realistic except for very simple devices.

Yeah, when you have a rootkit that's active, there are signals you can look at to claim from a range of "there is most certainly a rootkit" to "there is a small possibility that there is a rootkit".
As a starting point, the protection layer has to have a higher privilege level than the operating system, e.g. hypervisor.
A piece of tape over the lens?
The website advertises that it "Block[s] access with parental controls and signal jamming". How the hell is this supposed to work? Very, very suspicious.
The program starts the stream of frames and then blocks/jams it after receiving the first frame.
"Completely prevents the NSA or hackers from monitoring" That is an insane claim.
I agree. I purchased this web site recently and didn't make any changes to the home page including claims. The only thing I did since I purchased the site was develop a new version.
That is actually more interesting... can you tell us about what exactly you bought, why you bought it, who you bought it from, etc?
I purchased it on flippa: https://flippa.com/3098750-security-software-application-web....

I purchased the domain name (thunderdefense.com) and the source code for the original version. I completely scraped the original source code since the program did not do anything it claimed to do and developed a completely new version.

So you're ShowHNing something that you bought...
I'm ShowHNing something I developed from scratch.
(comment deleted)
Very suspicious: - All of your logos are fake at the top. (GeoTrust != Symantec, that seal was taken offline a year ago and is clickable) - Pretty obvious you bought the Facebook likes - Download is probably a virus, I'll check once I'm off my phone.
Definitely not a virus. I purchased this web site recently and didn't make any changes to the home page so it's very possible the Facebook likes were bought. The only thing I did since I purchased the site was develop a new version. I removed the original logos.
This feels like making money off of FUD
Not really, I'm actually considering giving it away for free and developing a paid enterprise version.

If anyone here is interested in a free license key please email HN@thunderdefense.com

Relax, the site is obviously meant to be a joke on a real issue …

Although webcam blocking is relatively easy with stickers etc. Microphone blocking on the other hand without disabling a microphone is tricky to impossible … and all other sensors are usually impossible to block.

Obviously you don't see the benefits. Have you tried the program?
The banner across the top provides some strongly negative feelings. Awards and ratings are often meaningless.

The shield logo confused me. I thought it was for some other company but was missing some text - "approved by CORP" perhaps. So I web-searched it, and it's your logo.

The claims range from nonsensical to deliberate lies.

> Blocks government agencies

This is a remarkable claim! If a well funded government agency is targetting me are you really saying that your software will prevent them getting access to the microphone?

The footer text makes me trust the product even less.

I'm genuinely confused about this: what the fuck is going on? It feels like a mishmash of stuff. I'd be interested to know how many customers you get.

I agree, I changed the banner. That's how I originally purchased the site so I didn't make any changes to the home page including the claims.

But I am confident in saying that the program can protect your webcam and microphone since I developed the current version from scratch.

If anyone can prove me wrong feel free. This is a fun project about a real issue and concern. The previous owners were using clickbank to market it, hence the footer.

> I changed the banner

Yeah, now it says "No one" instead of "government agencies" which is still wrong. Government employees are someone, and they can still access it.

Also, permission in that line is spelled wrong

Yeah no one including government employees can access it unless they know the password of course.

Thanks for the spelling correction.