Dodging Russian Spies, Customers Are Ripping Out Kaspersky (thedailybeast.com) 366
From a report: Multiple U.S. security consultants and other industry sources tell The Daily Beast customers are dropping their use of Kaspersky software all together, particularly in the financial sector, likely concerned that Russian spies can rummage through their files. Some security companies are being told to only provide U.S. products. And former Kaspersky employees describe the firm as reeling, with department closures and anticipation that researchers will jump ship soon. "We are under great pressure to only use American products no matter the technical or performance consequences," said a source in a cybersecurity firm which uses Kaspersky's anti-virus engine in its own services. The Daily Beast granted anonymity to some of the industry sources to discuss internal deliberations, as well as the former Kaspersky employees to talk candidly about recent events.
All together? (Score:5, Funny)
All of them simultaneously and at the same place?
Re: (Score:2, Offtopic)
Re: (Score:2)
Re: (Score:3, Interesting)
Citations [Re: All together? (Score:5, Insightful)
Citation needed.
http://time.com/4783932/inside-russia-social-media-war-america/ [time.com]
https://www.nytimes.com/2017/09/07/us/politics/russia-facebook-twitter-election.html [nytimes.com]
https://www.newyorker.com/magazine/2017/03/06/trump-putin-and-the-new-cold-war [newyorker.com]
https://www.newsmax.com/Politics/james-clapper-absolutely-russia-interfered/2017/05/30/id/793102/ [newsmax.com]
http://www.nationalreview.com/article/448931/vladimir-putin-russian-election-interference-american-incompetence-weakness-helped-it [nationalreview.com]
I'd lay off the magic mushrooms.
Yeah, I know-- don't bother saying it: you're not going to read any of these because "that's all fake news because the mainstream media lies". Yeah. When you dismiss everything that confronts your entrenched position, yes of course you will never change your mind.
Re:All together? (Score:4, Interesting)
Some security companies are being told to only provide U.S. products
Given the choice between Kaspersky and the FSB vs Symantec Endpoint Security, I'd feel better protected by Kaspersky + FSB.
Re:All together? (Score:5, Interesting)
Exactly. Given the choice, I'd rather be spied on by a government that has no power over me than by the government-friendly US based companies.
It's sad that threat modeling has to be done with something as mundane as AV software, but it's rather true. If you're someone with unpopular opinions, the last thing you want is your own government seeing what you're up to. If you're doing R&D work that some cheap third world country is going to copy and sell here thanks to crappy treasonous trade deals then it's best to not be spied on by foreigners because industrial espionage is a very real thing.
BTW, industrial espionage is also a reason to avoid "cloud computing" at all costs for any data you actually care about, especially business plans and product research, unless it's encrypted with a key only you control and that key has never seen a Windows 10 machine.
Re: All together? (Score:2, Insightful)
Not just govt. unfriendly opinions/activities. A lot of US intelligence agencies are private companies that also do work for the corporate sector. If you're being spied on by the NSA and/or CIA, the chances are that the same intel may be available to corporate competitors/hostile corporations. Also, a lot of active CIA employees moonlight for corporations. You're much better off with a non US affiliated software security company.
Re: (Score:3)
Including all your financial information when it's been shown the FSB has deep links and connections to the Russian Maffia?
Re:All together? (Score:5, Insightful)
Some security companies are being told to only provide U.S. products
Given the choice between Kaspersky and the FSB vs Symantec Endpoint Security, I'd feel better protected by Kaspersky + FSB.
True, I was really pissed when Arris and Symantec activated SEP without my permission, and wouldn't allow me access to the internet unless I clicked to allow them access to the kingdom.
Took a few phone calls to both to clear that up.
But protection isn't the issue here with Kaspersky.
So what we have is the idea that Kaspersky is great, and all of the concerns about it are lies. That Israel is lying, the USA is lying, that the owner who is/was KGB and other executives who are FSB at Kaspersky are an exception to the rule that once you are in that world, you never leave that world, and that when you give a program where you give the providers of the program the keys to the kingdom, that given the background of th eactors, that they won't exploit what you gave them permission to exploit? https://www.extremetech.com/in... [extremetech.com]
It all boils down to a matter of trust. I take it that you trust the Russians and the FSB/KGB much more than you trust anyone in the USA? I surely don't, and the concerns about Kaspersky have been around a lot longer than Hillary's emails.
Re:All together? (Score:5, Insightful)
For Chriissakes the ACs are Russians
Re: (Score:3)
And that explains how these ACs can cool our homes in the summer. It's very cold in Russia!
Re: (Score:3)
Well, the problem here is that ALL the nation states are spying on us, including America. So the NSA/Israel hates Kaspersky because they've detected their Stuxnet-based malware. Kaspersky actually put out this paper [securelist.com] describing just how hard it is to attribute anything to any specific actor. You can say that's Russian so you don't have to even listen (which is a bit silly in an article from the Daily Beast, especially if you know Chelsea Clinton's relationship with it) but that doesn't mean they're wrong.
Re:All together? (Score:5, Insightful)
It just astonishes me how many places these Russian troll farms end up. I've been on some pretty obscure forums of late, and when the topic of Russia comes up, all of a sudden you have these streams of messages about how bad the US is, or how Russia isn't a threat to anyone. I think back over the last five or six years about all the posters I just sort of disregarded at the time as being nutty conspiracy theorists ranting on about the evils of the US government, and now I wonder if at least some portion of those posters really are just Russian trolls. They've pulled off some pretty interesting, if odd stunts, like duping Texan secessionists.
Re: (Score:3)
Re: All together? (Score:3, Funny)
Much obliged, Comrade Wang.
Re: (Score:3)
Thanks Ivan.
Re: (Score:3)
The real trust problem is the need to trust a closed-source application for security.
Re: (Score:2)
Not if you were anti-Putin in Russia you wouldn't.
Re: (Score:3, Funny)
unintended consequence (Score:4, Interesting)
Unintended consequences of the "wrong" candidate winning. The media's bitterness is not because the wrong candidate won, but because they were shown via the election results that they had less power than they thought they did.
Re:unintended consequence (Score:5, Insightful)
Yes, and thankfully their FUD doesn't work anymore.
Kaspersky is popular because it wins at independent tests run by experts. The New York Times, the Wall Street Journal and their parrots should either hire some real security experts, people who can understand low level code, or simply keep being laughable.
If they believe that Kaspersky is trying to access sensitive information and send anything related to it through the Internet, they should prove it through its function, not because a spy told you so. Such as Kaspersky dealing with Stuxnet on a technical level instead of silly stories about espionage.
Re: (Score:2, Insightful)
The New York Times, the Wall Street Journal and their parrots should either hire some real security experts, people who can understand low level code
That would be a good idea if their agenda was to uncover the truth. Unfortunately, those organizations have made it clear that they're an unofficial branch of the Democratic party, so don't expect them to stray from the red scare narrative; they will ignore or twist facts shamelessly to serve their masters. They don't care if a good company with a good product is decimated in the process.
Nowadays, there's probably more truth and unbiased articles in the newsletter of the Flat Earth Society than in the New Y
Re:unintended consequence (Score:5, Insightful)
The Wall Street Journal, owned by Rupert Murdoch is an unofficial branch of the Democratic Party?
Riiiight. The drugs are good over here.
Re: (Score:3)
It's ironic Lucm, that Republicans and Democrats agree that Trump is a moron, and yet you still cannot accept that you made a mistake in voting for him.
>...Perhaps its time to simply admit the mistake in voting for Trump.
I'm not sure what "you" refers to here.
In general, the people voting for Trump didn't like him (Really! Look at the numbers). They voted for Trump because they thought that it was more important to vote for a person with the expressed ideological position agreeing with them than it was to vote for somebody that they liked or thought was smart or competent.
To a very very good approximation, they didn't vote for Trump; they voted against Clinton.
Re: (Score:3)
Well it's not a secret. On their own website there's even a timeline of the NYT endorsements of Democrats candidates:
https://www.nytimes.com/intera... [nytimes.com]
But the cozy relationship between the DNC and media goes far beyond that. Look at the leaked DNC emails.
For instance, here's one email where the Clinton campaign members discuss the questions that CNN will ask Trump:
From: Dillon, Lauren
Sent: Monday, April 25, 2016 12:00 PM
To: Freundlich, Christina; Roberts, Kelly; Sarge, Matthew; Graham, Caroline; Walker, Eric; Bauer, Nick; Brinster, Jeremy
Subject: RE: Trump Questions for CNN
CNN said the interview was cancelled as of now but will keep the questions for the next one :(
Good to have for others as well.
Updated here:
- Who helped you write the foreign policy speech you're giving tomorrow? Which advisors specifically did you talk to? What advice did they give you? Did they give you any advice that you chose not to take?
-A number of Republicans and think tanks including the Heritage Foundation have suggested tying defense spending to GDP, most often suggesting defense should be funded at 4 percent GDP. Is that something you would do/we'll see in your plan?
- You've said you look to Ambassador John Bolton for military advice and called him "terrific," but he was one of the architects of the Iraq war. How do you explain your praise for Bolton if you also claim the war was a mistake? What advice have you taken from him?
[...]
https://wikileaks.org/dnc-emai... [wikileaks.org]
Another example, a CNN analyst asking the DNC to approve her editorial points:
From: Maria Cardona [mailto:Maria.Cardona@deweysquare.com]
Sent: Wednesday, May 18, 2016 10:21 AM
To: Patrice Taylor; Miranda, Luis
Subject: URGENT - DRAFT CNN OPED ON NV
Importance: High
I want to make sure it is not to heavy handed. Please let me know asap! Thanks!!
https://wikileaks.org/dnc-emai... [wikileaks.org]
Is Kaspersky Software on Voting machines? (Score:5, Interesting)
Given Putin kills, imprisons, arrests people and businesses who oppose him, and given Russia's cyber attacks on the USA, you have to consider that Kaspersky may not have a choice in the matter. With so many KGB people involved there, it's probably better to be safe than sorry here and remove their software. There is actual evidence (see link below citing an Israeli hack into Kaspersky).
I wonder how many of those voting machines in the USA have Kaspersky anti virus installed on them, how many computers dealing with election rolls, and absentee ballots and vote counting. Can you really risk Russian software on voting systems when you know Russia has attacked the elections?
https://www.theguardian.com/technology/2017/oct/11/israel-hack-uncovered-russian-spies-use-kaspersky-lab-2015-report-us-software-federal-government
"While the Israeli spies were inside Kaspersky’s systems, they observed Russian spies in turn using the company’s tools to spy on American spies, the New York Times reports. That information, handed to the US, led to the decision in September to end the use of the company’s software across the federal government by December."
"But it still leaves many further questions unanswered. Crucially for Kaspersky, the Israeli hack apparently failed to provide enough information to determine whether it was a willing, or even knowing, participant in the Russian espionage."
"The Russian government exercises tight control over domestic and foreign high-tech industries operating within its borders. In June 2017, it began demanding the source code for certain software imported, ostensibly to search for “backdoors” inserted by foreign intelligence agencies. In practice, it’s widely believed that the Russian security agency scans the source code for undisclosed vulnerabilities it can use to improve its own hacking prowess."
Re:Is Kaspersky Software on Voting machines? (Score:5, Interesting)
This is ridiculous. The whole world uses US software that provides full access to US three letter agencies, but now it is a big issue that Kaspersky happens to be a Russian company.
The only proof I have seen is talk about a security vulnerability discovered by Israeli intelligence in Kaspersky, which they reported to the US government. There is absolutely no proof of it being intentionally put there. Considering that Kaspersky does provide their source code to US based agencies, it is not very likely they would place anything intentionally and risking loosing their business. It doesn't make sense.
For common people in the US, it is probably safer to use Kaspersky rather than any US based software. Though it won't stop the three letter agencies from spying on you - they can do this through your OS, your smartphone, your TV set, through your ISP or your email provider ... Kaspersky won't help you much.
Re: (Score:3, Insightful)
Antivirus software is second only to the operating system in terms of privilege and therefore makes an ideal attack vector. I bet most AV software is more than capable of maliciously stealing files, keystrokes, or planting a trojan if they were so directed.
Re: (Score:2, Informative)
I don't consider Russia an adversary;
Russia has never taken my money and lied to me about what it was being used for. Russia has never used my tax dollars to commit heinous acts of torture. Russia has never arrested my countrymen over what they choose to put in their own bodies.
Washington is our adversary.
Re:Is Kaspersky Software on Voting machines? (Score:5, Insightful)
If you truly don't care about Russian aggression and think that the grass is so green over there then you would _emigrate_ to Russia. You'd discover that Russia's treatment of it's drug users, lies to it's population and use of your tax rubles are far far worse than the USAs.
But you wont do that because you prefer whining to acting on it and because deep down you know Russia is worse four it's citizens than the U.S for everyone who isn't in Putin's list of favorites.
Re: (Score:2)
You mean like Snowden?
Re: (Score:3)
Re: (Score:3)
Oh really? Russia's destabilization of eastern europe in their mission to retake their "zone of influence" _hasn't_ impacted my relatives there or defense spending here in western europe & the USA? Clearly, it has and your claims are false.
Add to that Russia's military support of that murderous bastard Assad. That support _didn't_ allow the bastard to gas and bomb any and all that opposed him (but starting by massacring the moderates first) instead of pushing for or even just allowing for democratic cha
Don't be deliberately stupid (Score:4, Insightful)
Using software from your main adversary is profoundly bad security. The same is true when Russia uses US software.
Antivirus software is second only to the operating system in terms of privilege and therefore makes an ideal attack vector. I bet most AV software is more than capable of maliciously stealing files, keystrokes, or planting a trojan if they were so directed.
I don't consider Russia an adversary;
Then you are stupid.
I don't mind people being stupid-- people are stupid sometimes; it happens. I do mind people being deliberately stupid because being stupid is the only way that they can defend their ideology.
If your idiotic ideology telling you "Washington is our enemy" and that means Russia is fine, you might consider changing your ideology to one that allows you to actually see the real world.
Re: Is Kaspersky Software on Voting machines? (Score:5, Insightful)
Why is this ridiculous?!? A country believes they discovered another country's (adversarial one) spy vector. And YOU think it's perfectly sane to not say or do anything about it?
Re: (Score:2)
https://www.theguardian.com/technology/2017/oct/11/israel-hack-uncovered-russian-spies-use-kaspersky-lab-2015-report-us-software-federal-government [theguardian.com]
The only proof I have seen is talk about a security vulnerability discovered by Israeli intelligence in Kaspersky, which they reported to the US government.
Uh, the "discovery" by Israeli intelligence that you're dismissing was not merely "a security vulnerability," but was watching Russians exploiting that security vulnerability and rifling through files.
This was not theoretical.
Re: (Score:2)
...and so the popularist isolationism begins in the tech sector.
Trump wanted 'America first', he wanted to extricate America from as much of the rest of the world as possible, and this is just one way to do it. Good luck using the alternatives though - I predict "American's tech productivity drops 10% since October 2017".
Experts? (Score:2)
Kaspersky is popular because it wins at independent tests run by experts.
You forgot the air quotes around "experts"
Re: (Score:3)
Yes, and thankfully their FUD doesn't work anymore.
Kaspersky is popular because it wins at independent tests run by experts. The New York Times, the Wall Street Journal and their parrots should either hire some real security experts, people who can understand low level code, or simply keep being laughable.
If they believe that Kaspersky is trying to access sensitive information and send anything related to it through the Internet, they should prove it through its function, not because a spy told you so. Such as Kaspersky dealing with Stuxnet on a technical level instead of silly stories about espionage.
Your virus software has to have root level access to every file on your system. If you want to access all the files on a computer clandestinely, providing AV software is a fine way to do it. Your AV software provider better be a friend. Now for your demands for a smoking gun, look up Harold Thomas Martin III.
You're welcome, Boris.
Trusting Third Parties (Score:2)
Your virus software has to have root level access to every file on your system. If you want to access all the files on a computer clandestinely, providing AV software is a fine way to do it. Your AV software provider better be a friend.
This is exactly why I'm dubious of any third party AV product. I might not like Microsoft but at least their interests somewhat align with my own as malware is nothing but a cost to them. I have no reason to trust any third party AV vendor. They have no fundamental incentive to actually solve the problem because if there is no malware then they have no product to sell. In my experience all of them have a long track record of making products that cost a lot of money and don't work very well even under th
Re: (Score:3)
I agree, except at the point where you are willing to trust Microsoft... Windows 10 shows us that Microsoft does not hold our privacy sacrosanct in the least. The leaked NSA tools further prove that relying on Microsoft is not going to protect you from being spied upon, by our gov't AND foreign entities. Even this whole Kaspersky fiasco shows that further NSA tools are likely being stolen, AS THEY ARE BEING WRITTEN!
At the very least, use Linux. Linux may have backdoors too [youtube.com], but at least it's open source, so
Sure is gunna be unfortunate (Score:5, Insightful)
When it turns out that US AV companies do exaaactly the same shit, because all AV vendors do it.
At least Kaspersky actually made decent detection products.
Enjoy the farce that is Norton & McAfee
Re:Sure is gunna be unfortunate (Score:5, Insightful)
Re: (Score:2)
Depends on your threat model. Are you more worried about US or Russian intelligence services stealing your secrets, or about criminal hackers and ransomware?
If you are forced to use Windows then it's probably no worse an option for most people than any other anti-virus product.
Re: (Score:3)
Re: (Score:2)
There was a story about 10 years ago where antivirus companies acknowledged they skipped flagging signatures of US government spyware.
Re: Sure is gunna be unfortunate (Score:3)
So what exactly is your point? Since the US does it, they should stay silent on the Russians doing them? A "I know you are spying on me, but that's OK because I spy on you too?"
Re: (Score:2)
At least Kaspersky actually made decent detection products.
Yeah, almost twenty years ago. AVP is the absolute worst AV from the standpoint of performance impact. Used to be the best, who knows what happened, maybe it was all the added spyware.
Re: (Score:2)
And no guarantee they are not selling it to the Russkis. As Lenin put it, "A Capitalist will sell you the rope you hang him with".
The current opensource (Score:3)
The problem is that the current open source implementation,
CalmAV,
was bought by and is currently developed by... Cisco.
Okay, it's opensource, so at least independent researcher can go and check whether it contains any underhanded code.
But still, it's not an international cooperation of several vendors.
Also, currently it's not the top performing of the pack.
On the other hand, that doesn't prevent me from using it.
How to make any antivirus software safer? (Score:2)
I'd like to hear more technical information about the issue and whether there are steps that can be taken to reduce the risk of installing *any* antivirus software. Given that any such package is going to be targeted, perhaps we need to be able to run them in a kind of sandbox that would prevent dialing home and logging. More transparency about how it is being updated, and possibly providing a scanning api to allow the operating system or an open source application to take over document loading might be wel
Re:How to make any antivirus software safer? (Score:5, Insightful)
You simply can not. Not Possible.
AV software needs to have full kernel level access to be able to protect you. As soon as you make a "safe space" for yourself, it's another place where malware can and will hide. Either you give full access to the hardware, not just the OS, or there is no way to actually protect the system. That's what makes things like the Intel management engine which has full control of your hardware, but no oversight by the OS or the user is so dangerous. It's why the NSA made intel to implement switches so they can disable Intel ME on NSA computers.
AV software need to phone home: to get virus definition updates and nowadays more importantly react fast to new networked threats by uploading possibly dangerous files. They have honeypots which do this all over the internet for years of course. However crowdsourcing new threats is much much more effective, since the really dangerous Malware, e.g. Stuxnet which was found by kaspersky, is targeted, not just spammed anymore.
The actually new and "best" high end products from Silicon Valley make the uploading of files from customers their main selling point: they claim only this way they can protect their enterprise clients. Kaspersky comparatively is low end consumer AV for the unwashed masses. The most expensive products like carbon black simply don't work if you're not uploading all your private files to a US company which is in deep with the US government agencies. All of the other AV companies in the US are too: google Project CAMBERDADA which shows what AV companies need to be attacked to subvert by the NSA. All the US/UK AV companies are suspiciously absent since they don't need to be reverse engineered: like any other US/UK based company they are working hand in hand with the intelligence services.
As a normal user in the West, I far more fear my own government's agencies, be it FBI, CIA, NSA, GCHQ, DGSE, BND, whatever, than a foreign agency far away: the domestic agency can actually directly harm me, fine me, incarcerate me, etc. than some agency in a country on another continent. And they have actually far more reason to do all that to me.
The end result:
AV software is a fundamentally flawed product due to all of this and simply shouldn't be used on any computer where you want to have a marginal expectation of privacy since you cannot protect yourself and use such a software.
Re: (Score:2)
Desktop AV needs kernel access, but scanning on gateway devices (mail filters, http filters etc) does not, you can run the scanning engine in a sandbox and pass the files you want to scan into it. Worst case an AV could false negative a known piece of malware, but then there's nothing to stop you running multiple engines chained together.
This is actually the only instance where i run AV, and it cuts down on a lot of the junk email i receive.
Re: (Score:2)
You know I can't remember the last time a virus actually spread via some gateway device, as opposed to USB stick, pre-installed on some driver CD, etc.
Gateway scanning is no where near as effective which is why most corporations take both approaches.
Re:How to make any antivirus software safer? (Score:5, Insightful)
AV software is a fundamentally flawed product
Actually, it's our OS fundamentals that are flawed. In a properly designed system, the AV would not need full access to everything. Of course I'm talking 1970s "properly designed" here, not 2000s "ship half-ready to customer, then patch" philosophy. Sorry, I think they re-branded it "Agile Development".
AV is a workaround, a hack, for serious weaknesses in our fundamental systems design. That your e-mail system can access business secret documents when you open the wrong mail - that is the actual problem that needs solving. We have AV for the same reason we have condoms - there's a lot of STDs and for most of them we don't have good vaccinations.
In that sense, AV is not fundamentally flawed, because in a fundamentally non-flawed world, we wouldn't even have it. It's an at-least-this-works-most-of-the-time solution because we can't be arsed to tackle the real issues.
Re: (Score:2)
Amen, Brother
It's going to take most IT folks another 5 years to wake up to the need for capability based security... and another 5 years until they get it.
Re: (Score:3)
The problem is that this level of sandboxing is incredibly anti-user and anti-developer. Basically any OS should do what the user wants and by extension the easiest way for malware to access the machine is to simply ask the dumb meathead sitting in the chair.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
As a normal user in the West, I far more fear my own government's agencies, be it FBI, CIA, NSA, GCHQ, DGSE, BND, whatever, than a foreign agency far away: the domestic agency can actually directly harm me, fine me, incarcerate me, etc. than some agency in a country on another continent. And they have actually far more reason to do all that to me.
Why do they have a reason to harm you? That's pretty interesting. The question is of course, since you have in essence said that you have a reason to be fearful of everything in the US, does it not make sense to move to Russia, where there is nothing to be afraid of?
Dooooood! The internet is not a secure place, it is designed to not be secure, it is designed to spread out data. Almost any alterations made to it to make it actually secure would destroy it.
The lesson is, if you are doing anything illega
Re: (Score:2, Insightful)
I'd like to hear more technical information about the issue and whether there are steps that can be taken to reduce the risk of installing *any* antivirus software...
The main reason you have to run anti-software sits between the keyboard and the chair, and runs a common sense blocker plug-in.
Perhaps anti-virus wouldn't be even necessary if there were less users infected with anti-intelligence.
...I don't think anybody really believes they can trust antivirus software or any other software for that matter.
What's that? The main reason couldn't hear you, they were busy installing a Beyonce flash player. Yeah, of course it's legit...
Re:How to make any antivirus software safer? (Score:5, Insightful)
Perhaps anti-virus wouldn't be even necessary if there were less users infected with anti-intelligence.
So tired of this bullshit argument.
I've been working in infosec for 20 years.
For about half of that time, I also said that "lusers" are the main problem.
Then one day I grew up and realized that they are just being humans and that's a bullshit excuse for not doing my job properly by complaining that water is wet and gravity sucks.
Guess what? We're paid good money for solving exactly these problems. If you can't bring a rocket to the moon because of gravity, you don't belong into rocket science. If you can't build a ship that floats because water is so difficult to work with, you don't belong into shipbuilding. And if you can't deal with people being people, you don't fucking belong into information security.
Re: (Score:2)
Re: (Score:2)
Agreed! Tom's comment deserves special recognition.
Re: (Score:2)
If you can't bring a rocket to the moon because of gravity, you don't belong into rocket science.
Yes but that doesn't change the fact that gravity is fundamentally your biggest problem. Also users are more like anti-gravity, or rather gravity that gets stronger in opposite ways than you expect where the further the distance from the mass the stronger it gets.
That's kind of how the whole "build a better idiot" thing works.
Re: (Score:2)
Perhaps anti-virus wouldn't be even necessary if there were less users infected with anti-intelligence.
So tired of this bullshit argument.
if you can't deal with people being people, you don't fucking belong into information security.
The main reason you have to run anti-software sits between the keyboard and the chair, and runs a common sense blocker plug-in.
And If you can't deal with reading posts, you have no fucking business in responding to them.
Apparently a bunch of slashdotters can't care to read parent posts before moderating "retorts", so writing straw man fallacies is an easy way to get +5...
Re: (Score:2)
I'd like to hear more technical information about the issue and whether there are steps that can be taken to reduce the risk of installing *any* antivirus software...
The main reason you have to run anti-software sits between the keyboard and the chair, and runs a common sense blocker plug-in.
Perhaps anti-virus wouldn't be even necessary if there were less users infected with anti-intelligence.
Well, As much as I agree that a lot of users aren't all that smart, I don't want to delve too deeply into victim blaming. I've seen some pretty smart people fall for some well crafted, and even not so well crafted exploits.
...I don't think anybody really believes they can trust antivirus software or any other software for that matter.
What's that? The main reason couldn't hear you, they were busy installing a Beyonce flash player. Yeah, of course it's legit...
Yeah, because nice straw man. Plenty enough people get pwned without being a dumb pop culture addict who spends all their time on FB looking to share shit.
Be
Re: (Score:2)
I'd like to hear more technical information about the issue and whether there are steps that can be taken to reduce the risk of installing *any* antivirus software.
In the end, it is largely a matter of trust.. If your AV provider has access It's Software, it pretty much has access to your whole computer. 99 percent of us could use any AV software out there, and it would be no problem. We don't really have anything the proverbial "they" have interest in.
Now that other 1 percent..... If you have something on your computer that the "they" are interested in, you might have a problem. If you have say, kiddie pr0n on it, you have the local groups who might be really int
Re: (Score:2)
It's a matter of whom you trust. Check out the laws of the country of origin and the persons who run the company. If you can't trust any software, then you cannot use a computer. It's as simple as that.
It's about mitigating risk.
I would put the risk of state-level espionage well below the idiot behind the keyboard that forces IT/Security to install anti-virus/malware software to begin with.
2017, and the masses still haven't learned. I swear they'll click on anything. Yes, of course that Windows pop-up for a Kardashian baby-watch app was totally legit. I mean, why wouldn't Microsoft want you to know...
*facepalm*
The twisted irony of trusting that the largest threat to an organization is quite often thei
Re: (Score:3)
2017, and the masses still haven't learned. I swear they'll click on anything. Yes, of course that Windows pop-up for a Kardashian baby-watch app was totally legit. I mean, why wouldn't Microsoft want you to know...
Yes, why wouldn't Microsoft? It preloaded their home computer with a dozen application it deemed useful (ok, was paid for including, but users don't know that) and it serves them personally relevant information (sorry, paid-for ads, but that's not marked anywhere) wherever it can, say on Bing or whatever their current attempt at social networking is. It also made several attempts to put important announcements (advertisement) directly on the desktop of their computers.
From a non-IT user, the scenario does n
Re: (Score:2)
Because laws mean so much in this day and age where "too big to fail" lets you break regulations and laws with impunity, and secure yourself a bailout and a golden parachute.
The utter contempt with which almost all corporations look at tax laws gives you a good indication for their respect for the rule of law.
Reputation loss and thus loss of future business - now that is something they might care about. But laws? Please.
Re: (Score:2)
Now spying is a concern (Score:5, Insightful)
all of a sudden. What happened to "I've got nothing to hide."?
Re: (Score:2)
all of a sudden. What happened to "I've got nothing to hide."?
I expect the banks are quite rightly concerned the Russians will use the data on their customer's tax cheating as 'kompromat' to blackmail them but then to be fair to the banks they've never pretended they have nothing to hide which is why we have had the concept of bank secrecy almost as long as we've had banks. I expect expect many other kinds of companies are concerned with trade secrets escaping to Russia which I'd think is a legitimate concern. A more interesting question to ask, however, is does anybo
Re: (Score:2)
The American government are the biggest advocate for the removal of this software. The message is still consistent.
Re: (Score:2)
Well, on the balance, I'd sooner have the NSA spying on me than the FSB, with all those ties to Eastern European organized crime. I can't sort out why anyone ever put Russian AV software on their computer. Why not write their credit card info on some sandwich boards and put them around town.
Re: (Score:2)
Re: (Score:2)
It didn't. But the difference between this red scare and the previous two ones is that nowadays there is a lot more trade between the USA and Russia. Nowadays there are companies that would directly benefit from a red scare if they manage to link their competitors - even if that link is imaginary - to the Russian government. SpaceX tried to do that to the ULA, this whole Kaspersky stuff is probably driven by Symantec.
Re: (Score:2)
this whole Kaspersky stuff is probably driven by Symantec.
Or just some state official who follows Trumps advise to put American companies first...
"Follow the money" is always a good idea.
Re: (Score:2)
_Gifts_ to Russia peaked during WWII when Stalin pretended to be an ally. Gifts ended when Stalin went back on his promises and annexed eastern Europe.
Russia, over the past century has generally preferred to advance it's own interests over that of it's neighbors (often violently) and has thus been an enemy much more often than a friend.
Re: (Score:2)
Oh fuck me. Here I was thinking the Iron Curtain, the Berlin Wall, the Warsaw Pact, along with the US and later NATO policy of containment were all part of a large scale geopolitical struggle that flew just below war level of hostility, and through various proxies wars, did involve direct gunfire between Soviet and US proxies. But now it turns out that it was just some politicians!
Fuck me, you Russian trolls are getting more frantic as you get outed.
12 hours later (Score:2)
Security consultants found out all other anti-virus do the same time.
-Scan for virus
-Upload samples
- Delete virus
15 hours later
Security consultants now recommend PC without anti-virus.
Titling (Score:5, Insightful)
"Dodging Russian Spies..." not only sounds like "Dodgy Russian Spies", but it also presents a reason before an actual fact on a news/article/post header. This is a perfect example of psychologically loaded news, more even so than clickbait but it actually also is clickbait as they go for the "cold-warish" juicy part of the topic first.
Now seriously, stop doing titles like this, and don't enable them by allowing such stuff verbatim on slashdot from the original biased, flawed source.
or maybe... (Score:2)
The problem isn't so much in the horse and pony show, but in the fact that you install software on your devices which you bought from an external party and allow it to read all your data. I mean, if that is not a leap of faith, I don't know what qualifies as one.
Proper compartmentalisation would solve this issue. Let the virus scanner manage only incoming data, have defined communication channels for pattern updates, don't let it phone home. Keep your data in trusted DMS. Use non-rich data formats (why peop
Re: (Score:2)
Depends on the secret. Where you buried the body? Definitely not something you want in a searchable medium.
But it can actually be as simple as having properly defined boundaries. If I convert all e-mails that my top-secret people need to read into plain ASCII text before sending them on, and remove any base64 encoded parts, the chance of getting a malware infection is reasonably low. Of course the convenience factor is low as well, but that's the trade-off. You want to work in a nuclear reactor? Here's your
Re: (Score:2)
Tackle the underlying problem (Score:2)
- remove MS WIndows.
Sad In A Way (Score:2)
Regardless of whether it's true that the FSB has some kind of backdoor access to Kaspersky products, the company is likely doomed. They might manage to eek out an existence primarily in Russia, but as a shell of the company in its glory days.
While US spy agencies don't do themselves any favors by publicly saying they want to have a backdoor to any and all encryption methods, the US and Russia are very different places. Get on Putin's bad side and you could find yourself being thrown in jail for (no pun inte
Re: (Score:2)
Doomed? Just because the US goes apeshit? Please. The US is a pretty big market, all right, but the rest of the world is plenty enough to keep an antivirus company afloat.
Re: (Score:3)
Until "the rest of the world" also decides that Putin cannot be trusted.
Banks and public entities in Europe are also looking to remove Kaspersky products. I've seen it on a number of projects already.
Re: (Score:2)
Odd. I haven't. And you'd think I'd be one of the first people to know something like this, considering I'm responsible for the security of a number of them...
Hmmm (Score:2)
When is the last time that happened in the US?
Not sure. You might want to ask Kim Dotcom if he could answer that for you. Or some old lady in West Trumplandia who ran afoul of the RIAA when her granddaughter downloaded a Disney movie improperly.
Only in America (Score:2)
I've taken a look and so far, I cannot find any non-US sources (or at least none that aren't VERY US-friendly, to put it mildly) that even talk about it.
It this like Creationism? Yet another thing the US goes apeshit over that nobody else with half a brain takes seriously?
Tell me it isn't so... (Score:2)
Given the government's open rejection of this company's products and the scuttlebutt about how they are a front for Russian spying, how's this a surprise?
Call it mass hysteria if you must, but who would want to leave this product in charge of you computers?
But what to pick to replace it? Yea, now that's a good question for a windows shop.
Translation (Score:2)
Those fuckin' Russkies want to play hardball, find our government trojans and report them to the users and don't let us install backdoors in their software!
Dodging Russian spies (Score:2)
...except these same paranoid people cheerfully carry around 24/7 a portable high-resolution audio and video recording device that we've all known can be activated remotely, have all their most personal and intimate data on it, as well as a GPS tracker AND PAY FOR THE BANDWIDTH THEMSELVES. /people
Re: (Score:2)
Well, "the best"... KAV is one of the top AV solutions out there right now, but there's quite a few good products [av-test.org] to choose from if you're really convinced you don't want KAV in your life.
Re: (Score:2)
The awful thing is, it is so bad, so poorly done. Going to do propaganda, at least do a reasonable effort. The thing is, what is really exposed, is not only how they cheat us but how they cheat each other. Those doing the leg work of propaganda seem to no longer care how many people they convince of anything, just how well they can convince the people paying them, how effective that propaganda is, even and especially when it isn't. The propaganda is no longer targeted at us but at the people paying for it.
Re: (Score:2)
Seriously no, you're not an American. You're pretty obviously a Russian troll.