Apparently France has some new legislation surrounding pirated software. I applaud reasonable approaches to combating piracy, but it appears that France may be ready to make public the answer to the question “Will Anti-virus ignore government Trojan horse programs?”

I first saw the story at http://yro.slashdot.org/story/10/08/05/152255/Tech-Specs-Leaked-For-French-Spyware and the story was picked up from http://www.techdirt.com/articles/20100804/04205910492.shtml. If this is true it could pit the rest of the European Union and virtually the entire antivirus industry against France.

Hadopi http://en.wikipedia.org/wiki/HADOPI_law refers to both the High Authority for Copyright Protection and Dissemination of Works on the Internet legislation and the French governmental organization tasked with enforcing France’s new law. Already most of the European Union has indicated that they feel the law violates the EU constitution. The technical specifications of a plan to enforce the Hadopi law were leaked and appear to call out for software, that most reasonable people would call spyware, to be installed upon the computers of French Citizens.

From an antivirus perspective this is a very thorny issue. France certainly lacks the right to mandate their software is installed on any computers outside of France and the customers of antivirus companies will certainly want to know if someone is attempting to install this “spyware” on their computer. Detection of the program will almost certainly be universal and it is unlikely that antivirus companies are going to make a “France Only” version of their software. It certainly isn’t out of the question however. At one time there was a different version of some Microsoft products for the Indian market because India wouldn’t allow the products to be sold with maps that showed a border with Pakistan that the Indian government did not agree with. I suspect that no antivirus companies are going to make France specific antivirus product though.

The very nature of heuristics is such that the program is likely to be detected even if signatures do not detect it, unless the program is white listed. I doubt that AV companies are going to white list such a program.

To anyone with a slight degree of sophistication it is obvious that the criminal element would exploit vulnerabilities in the software so as to take over the spyware, whether it is to harm the user or to interfere with the government.

The idea is almost certain to be doomed from the start and is almost certainly only an excuse for some bureaucrats to waste French tax payer’s money pretending that they were actually doing anything at all.  It appears that this idea is not uniquely mine http://www.thefrenchpaper.com/index.php/news/view/my-fellow-bureaucrats-are-slackers.

However the final product comes out, ESET and all antivirus vendors will be paying very close attention to whether or not it serves their global customers if the program isn’t flagged.

 Randy Abrams
Director of Technical Education
ESET LLC