Talk:FinFisher

Detection and see also
I found more refs and put the detection section (back) in. Does that look more balanced to you? The see also seems ok to provide some more linking to similar geopolitical malware. More categories might also help. Thanks for keeping the standards high, regards Widefox ; talk 14:52, 3 September 2012 (UTC)

Better definition?
Could we better define the components:
 * FinFisher is the toolbox
 * FinSpy the desktop malware
 * FinSpy mobile the mobile malware

Is that right? some sources are more lax, which confuses the issue...but we can do better...something like "is a surveillance software toolkit with products FinSpy on the desktop and FinSpy mobile on mobile devices. Widefox ; talk 17:03, 3 September 2012 (UTC)


 * Seems right. My confusion arose from the use of FinSpy in the first article I read. At first I thought there was no article and started writing it, then discovered this article and made the FinSpy a redirect. We should clarify the terms as you suggest. The University of Toronto researchers seem to get it right and can be used as a source, I think. I suppose we could be more aggressive in gathering information from the company itself. I called it a suite, of software, but toolbox just means the same thing. It's pretty high-tone so suite seems to fit. User:Fred Bauder Talk 11:46, 4 September 2012 (UTC)
 * I think FinSpy may be the specific tool for gaining access, probably several tools. User:Fred Bauder Talk 11:48, 4 September 2012 (UTC)

"Capture even encrypted data"
Well… Capturing encrypted data is not surprising nor impressive at all! That would be the case if the software could decrypt it automatically... — Preceding unsigned comment added by 84.168.61.96 (talk) 17:23, 16 January 2013 (UTC)

Obviously it would capture the encrypted data at the point where the user software is attempting to decrypt it. If this comes through say Windows Update because of some backdoor Microsoft was coerced by the government to put in, it could do that trivially. Only software with completely custom encryption system would stay safe but screen capturing and key logging gets around that. The only completely secure system is one where it works as the user requires from day 1 and won't have any mechanism for running new software (or adding anything on it really, unless you can inspect the update source code or have a network of experts do it) on it - pretty much limited to 1998 style web experience, which TBH was better than web these days for consumption purpose rather than advertising/tracking/privacy invasion which is the real focus of JavaScript and HTML5.

And since there's Big Money & Power behind this spytool, the default assumption should be that if you got infected, you have to trash every component of the computer that has updateable firmware. With enough resources it *does become feasible* to install firmware on various devices (these days devices can have excess memory for the firmware or it could be gained by compression or removal of rarely used code). One of first known examples of this may be the Lamer_Exterminator virus from 1989, if the "reset residency" feature is interpreted to that effect.

Consumers should require Microsoft to have a secure hardware certification for Windows devices that won't take in any new updates (including CPU microcode) unless the user goes to do something extreme like hook in a specially formatted stick with the firmware updates and do the updates inside BIOS, after having requested this while logged on.

German product
https://de.wikipedia.org/wiki/FinFisher explains more details and different names under which it appears. German secret services use a modified version mockingly named "Staatstrojaner" (state trojan) by the German public. There is more to it than meets the eye. — Preceding unsigned comment added by 2003:C0:DF30:6F00:6457:A270:A6F9:46E1 (talk) 21:18, 15 November 2019 (UTC)