NSA Trapdoor Access Built into Windows Drivers ADVAPI.DLL | |
horusthagod User ID: 34344821 United States 06/15/2013 09:05 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 16499015 United States 06/15/2013 09:19 AM Report Abusive Post Report Copyright Violation | I pretty much knew someone was since windows xp....my old man always believed the government trying to sue MS back in the 80s-90s was a smoke screen to make people think they were "enemies". Beware what you type and do is always a good policy. |
Anonymous Coward User ID: 41628322 Australia 06/15/2013 09:23 AM Report Abusive Post Report Copyright Violation | These DLL files are binaries, so no way you can just look inside. Quoting: Anonymous Coward 13497866 The only way to actually see what this file does would be to decompile it using a decompiler for the language it was written in. First we should determine what language this particular DLL was written in in that case, which is basically impossible. SInce it is quite old (Win95 era), most likely would be C and not the newer OOP languages like C++ or C#. But it could be anything really, might be even Malbolge :) No, reverse engineers can easily analyze the DLL with a disassembler. |
Anonymous Coward User ID: 41701347 Turkey 06/15/2013 09:30 AM Report Abusive Post Report Copyright Violation | |
Gunnz, lots of Gunnz User ID: 41688329 Australia 06/15/2013 09:31 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 33568463 Belgium 06/15/2013 09:34 AM Report Abusive Post Report Copyright Violation | The only way to actually see what this file does would be to decompile it using a decompiler for the language it was written in. First we should determine what language this particular DLL was written in in that case, which is basically impossible. SInce it is quite old (Win95 era), most likely would be C and not the newer OOP languages like C++ or C#. Quoting: Anonymous Coward 13497866 No, reverse engineers can easily analyze the DLL with a disassembler. you're essentially restating what he stated. but both of you have the specifics wrong: you can't decompile to a specific language, you can't analyze easily by disassembly, but you can disassemble and profile it. |
Anonymous Coward User ID: 41628322 Australia 06/15/2013 09:40 AM Report Abusive Post Report Copyright Violation | The facts: The key itself could never have been a backdoor in the strong sense (meaning, its presence alone wouldn't have granted access to the NSA). At best, it would have facilitated the installation of a backdoor. The smoking gun would have been such an installed backdoor (in the form of a cryptographic service provider), but one was never found. Microsoft gave an explanation for the key. Unfortunately, that explanation can't be confirmed or denied. The saga ended in a question mark, not an exclamation mark. |
Anonymous Coward User ID: 41701347 Turkey 06/15/2013 09:43 AM Report Abusive Post Report Copyright Violation | If you are so paranoid about NSA or anyone else accessing your computer why don't you just learn more about it? Quoting: Just A Thought 93768 This article is total BS. Granted Windows (like EVERY operating system) is not 100% secure. But there isn't built in NSA backdoors in ANY version of Windows. Are there vulnerabilities? You bet. Just like there are in every operating sytem available to the public. Yes, that includes Linux. Just google "hack <insert any operating system here>" and you will find countless websites with all kinds of discussions on security holes in every operating system. What your computer to be 100% secure? Then rub a lamp! How do you know there is no NSA backdoors in windows you shill? |
Anonymous Coward User ID: 41701347 Turkey 06/15/2013 09:46 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 1435876 United States 06/15/2013 09:46 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 41628322 Australia 06/15/2013 09:48 AM Report Abusive Post Report Copyright Violation | The only way to actually see what this file does would be to decompile it using a decompiler for the language it was written in. First we should determine what language this particular DLL was written in in that case, which is basically impossible. SInce it is quite old (Win95 era), most likely would be C and not the newer OOP languages like C++ or C#. Quoting: Anonymous Coward 13497866 No, reverse engineers can easily analyze the DLL with a disassembler. you're essentially restating what he stated. but both of you have the specifics wrong: you can't decompile to a specific language, you can't analyze easily by disassembly, but you can disassemble and profile it. No, you can decompile to a specific language, but it wouldn't have necessarily been a good decompilation (and certainly wouldn't have been a reproduction of the original source code). The symbol table wasn't stripped from the DLL in question, and that would've helped a bit. Where he's wrong is saying that a C/C++ decompiler is the ONLY way to see what the DLL does. This is false by the presence of disassemblers. Also, BOTH my "reverse engineers can easily analyze" and your "you can't analyze easily by disassembly" depend on the interpretation of 'easily', obviously. What an amateur considers extremely difficult a pro could consider easy. |
Anonymous Coward User ID: 7776735 Norway 06/15/2013 09:50 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 7776735 Norway 06/15/2013 09:52 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 7776735 Norway 06/15/2013 09:52 AM Report Abusive Post Report Copyright Violation | |
Eric889 User ID: 39876145 United States 06/15/2013 09:53 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 36539884 United States 06/15/2013 09:56 AM Report Abusive Post Report Copyright Violation | yesterday, was chilling here on the glp, had probably posted already...off and on for a couple of hours already, noticed a Norton on screen notification that some dll file was "safe" and i was thinking whaa? i didn't even leave this page, much less "download" something. and it had an unlikely name, something like peachy sunshine (dot) dll... i'd look for it but those notices don't persist, and i shrugged it off to an onscreen exploit, as if someone hid a button and i moused over it. any idea, anyone? |
Anonymous Coward User ID: 10434959 Thailand 06/15/2013 10:07 AM Report Abusive Post Report Copyright Violation | I was messing with an office computer that uses Advast. It popped up showing a new feature which allows users to remote control other people's computers. Seriously, does anyone really think there is an OS that does not have backdoors? These OS's nowadays our over a gigabyte in size, so they have at a minimum of 100's millions of bytes of code. It would be nothing to slip in a few backdoors in that mess and no one would ever find it. Also think about these security updates that happen every week. It would be nothing to have one of them open up a backdoor. It does not even have to be the OS. Advast is free as well as a lot of other programs. We all should remember to old axiom of being beware of someone giving free gifts. Why do they give these programs away ? Who is paying them to make these free programs like Facebook, ubuntu, Advast, youtube, twitter, etc ... It is clear to me they give these programs away because they really want to dominate the market (who can compete with free) and after they achieve this, they can control you because you have no alternatives. They control you by spying on you because knowledge is power. |
Anonymous Coward User ID: 39726675 United States 06/15/2013 10:10 AM Report Abusive Post Report Copyright Violation | |
Billxam User ID: 19542178 United States 06/15/2013 10:11 AM Report Abusive Post Report Copyright Violation | How NSA access was built into Windows Quoting: Anonymous Coward 276823 Duncan Campbell 04.09.1999 Careless mistake reveals subversion of Windows by NSA. The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA. Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:Windowssystem directory of your computer. ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run cryptographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do. Really. ADVAPI.dll is on none of my systems, Win XP Pro, Win XP Media, Win XP home, Win 7 (64 bit)home ultimate, Win Vista home running on various AMD and Intel processor commercial and hand built machines. Now, after my clever researching I can report to the thread that I am now of the opinion that the article may, repeat may be correct given that A. Many authors list it as part of a virus and B. Many authors list it as a needed package. So the scenerio I see is this. Article is written "ADVAPI.dll is NSA spyware!!!!!!!!!!!!!!!!!!!!!!!!". The reader then looks and son of a bitch, it's there. So they delete it or unregister it all without knowing that a previous security update killed the NSA trap door. Opps, now Windows is throwing errors like crazy and the reader re-enables it, thus re-activating the trap door. Either way, this stinks like a fresh cat turd. advapi.exe is added as a result of the NETDEVIL.12 (NetDevil 1.2) VIRUS. This process is a security risk and should be removed from your system. If found on your system make sure that you have downloaded the latest update for your antivirus application. Non-system processes like advapi.exe originate from software you installed on your system. Since most applications store data in your system's registry, it is likely that your registry has suffered fragmentation and accumulated invalid entries which can affect your PC's performance. It is recommended that you. [link to www.processlibrary.com] advapi3.dll is a malware-associated dynamic link library (dll). Legitimate dll files contain a set of executable functions that can be used by Windows applications. Malware-associated dlls contain malicious code that causes damage to your PC. [link to www.exterminate-it.com] ADVAPI32.dll ADVAPI32.dll is part of Microsoft® Windows® Operating System and developed by Microsoft Corporation according to the ADVAPI32.dll version information. ADVAPI32.dll's description is "Advanced Windows 32 Base API" ADVAPI32.dll is digitally signed by Microsoft Windows Component Publisher. ADVAPI32.dll is usually located in the 'C:\WINDOWS\system32\' folder. None of the anti-virus scanners at VirusTotal reports anything malicious about ADVAPI32.dll. If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page. [link to www.freefixer.com] Proud to be UnV'd There is one constant in life: If you build something worth having, someone will try to take it or destroy it. Proud member of A Brotherhood Against Totalitarian Enactments, Americans Who Hate Aging, proud supporter of attractive women. |
Anonymous Coward User ID: 39726675 United States 06/15/2013 10:12 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 26646277 United States 06/15/2013 10:24 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 41628322 Australia 06/15/2013 10:31 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 41742620 Thailand 06/15/2013 10:33 AM Report Abusive Post Report Copyright Violation | Really. ADVAPI.dll is on none of my systems, Win XP Pro, Win XP Media, Win XP home, Win 7 (64 bit)home ultimate, Win Vista home running on various AMD and Intel processor commercial and hand built machines. It's now called advapi32.dll remember to have 'show protected files' & 'hidden files' option checked in folder options etc |
Anonymous Coward User ID: 41716799 United States 06/15/2013 10:35 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 41742620 Thailand 06/15/2013 10:38 AM Report Abusive Post Report Copyright Violation | Don't have ADVAPI.DLL on my windows 7. Anyone else know where to find it so I can delete it? Quoting: Anonymous Coward 41716799 It's now called 'advapi32.dll' and really... do not delete anything in the Windows folder or your PC will go bang. Don't worry about it... unless you have blueprints, industrial inside info, political info, or blackmailable material... |
Anonymous Coward User ID: 13497866 Netherlands 06/15/2013 10:39 AM Report Abusive Post Report Copyright Violation | The only way to actually see what this file does would be to decompile it using a decompiler for the language it was written in. First we should determine what language this particular DLL was written in in that case, which is basically impossible. SInce it is quite old (Win95 era), most likely would be C and not the newer OOP languages like C++ or C#. Quoting: Anonymous Coward 13497866 No, reverse engineers can easily analyze the DLL with a disassembler. you're essentially restating what he stated. but both of you have the specifics wrong: you can't decompile to a specific language, you can't analyze easily by disassembly, but you can disassemble and profile it. No, you can decompile to a specific language, but it wouldn't have necessarily been a good decompilation (and certainly wouldn't have been a reproduction of the original source code). The symbol table wasn't stripped from the DLL in question, and that would've helped a bit. Where he's wrong is saying that a C/C++ decompiler is the ONLY way to see what the DLL does. This is false by the presence of disassemblers. Also, BOTH my "reverse engineers can easily analyze" and your "you can't analyze easily by disassembly" depend on the interpretation of 'easily', obviously. What an amateur considers extremely difficult a pro could consider easy. Your are right. It is not the only way. But it is a possible way to get some idea of the actual code. |
Silent Human User ID: 41505352 Denmark 06/15/2013 10:40 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 41716799 United States 06/15/2013 10:41 AM Report Abusive Post Report Copyright Violation | [link to www.mail-archive.com] Funny how programmers were talking about removing it back in 1999! The NSA backdoor was discovered long before Snowden leaked information. |
Anonymous Coward User ID: 41581800 United Kingdom 06/15/2013 10:44 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 41716799 United States 06/15/2013 10:46 AM Report Abusive Post Report Copyright Violation | Don't have ADVAPI.DLL on my windows 7. Anyone else know where to find it so I can delete it? Quoting: Anonymous Coward 41716799 It's now called 'advapi32.dll' and really... do not delete anything in the Windows folder or your PC will go bang. Don't worry about it... unless you have blueprints, industrial inside info, political info, or blackmailable material... I want to remove it anyway. They have no right to spy on me. |