Anti-virus companies should spot and block state-sponsored intrusion, said a Finnish anti-virus vendor.
F-Secure said it was reacting to revelations that the Egyptian authorities may have bought and employed a German surveillance system to use on its citizens, as suggested in documents taken from former Government buildings.
F-Secure said the documents came from the headquarters of the Egyptian State Security but admitted they had yet to be confirmed as genuine. The papers suggested the security services had received offers to use a product called FinFinder.
According to Elaman, the German company that makes the suite, FinFinder offers governments a tools to tap into user or business computers.
Under the heading “Governmental security solutions”, Elaman offered products such as FinSpy, “which guarantees full and real-time remote access and control of the target's computer”, and FinFly, which is “an infection proxy used to deliver intrusion software”.
The possibility Egypt used the software raised questions about the independence of security companies and how they should treat states' snooping activity?
Should Government trojans be blocked?
F-Secure questioned if such tools should be treated like criminal viruses, trojans and security threats.
“It would be a slippery slope to stop detecting government trojans,” F-Secure chief research officer Mikko Hypponen wrote at the vendor's blog.
“If the US Government would ask us not to detect something and we complied, then what? Should we avoid detecting hacking software used by goverments ... of which country? Germany? UK? Israel? Egypt? Iran?"
“We are in the business of selling protection," he added. "We're selling products to protect our customers from attack programs - regardless of the source of such programs."
But because the code for FinFinder and other government-backed trojans were closely-guarded secrets, F-Secure said it can't add them to its list of malware signatures.
“The obvious question here is: do we detect FinFisher? And the answer is: we don't know, as we don't have a sample at hand we could use to confirm this,” said Hypponen.
“It's perfectly possible that we have already received a sample of FinFisher or some similar tools from our customers. However, if that has happened, we have been unable to distinguish them from 'normal' criminal trojans. We don't have any known government intrusion tools in our possession.”