[dannyobrien]

Hey, Danny O'Brien from EFF here. You're absolutely right: the best defense against malware attacks of any kind is to increase the level of protection that systems have, whether that's read-only distributions, compartmentalization approaches like <a href="https://qubes-os.org/">Qubes</a>, or just generally fixing the vulnerabilities that malware must exploit to take control.

Detekt is mostly about a different and earlier part of the problem: allowing groups that may be currently targets of illegitimate state surveillance to confirm that they have been infected by specific tools that we know to be used by state attackers, and therefore confirm that they are indeed under this specific sort of surveillance.

Up until now getting to the point of confirming that fact, has mostly relied on manual examination by experts. If an activist or journalist suspects they may be under surveillance or infected with malware, they need to navigate the usual challenges to fixing a malware infection, plus they need to eliminate the (often far more probable) case that they are infected with the usual petty criminal spyware.

This is about being able to positively identify a relatively small number of cases of targeted illegitimate surveillance, out of a ecosystem of hundreds of thousands of potential targets, and a huge array of potential exploiters of vulnerabilities. Right now all the organizations supporting Detekt (EFF, Amnesty International, Privacy International and Digitale Gesellschaft) receive queries about potential infection cases from all around the world: now we can scale up a little the first step of that triage we conduct. The positive identifications that come out of Detekt we can take further, and base, for instance, the <a href="http://www.washingtonpost.com/business/technology/us-citizen... cases against the Ethiopian government</a> in the UK and US that PI and EFF are conducting.

[secfirstmd]

Just to back up what Danny is saying here.

As part of a number of groups that do digital and physical security training for journalists and human rights defenders, most of us have/do recommend the use of live CDs like TAILS etc. Unfortunately my experience has shown that it is very very difficult to get anything other than a small percentage of journalists or HRDs using them for any period of time - especially in countries where IT literacy levels are low. Linux (and also PGP) is just too much of a cultural shift for most people. I mean even a security conscious guy like Glen Greenwald didn't even bother to learn PGP or Live CD usage in the first few months of Snowden reaching out to him.

It is a gap in capability that many of us (including Danny at EFF) are working on day and night to try and bridge though!