Kaspersky Source Code In the Wild

← Back to Stories (view on slashdot.org)

Kaspersky Source Code In the Wild

Posted by Soulskill on Monday January 31, 2011 @10:04AM from the somebody-get-attenborough-to-find-it dept.

mvar writes "The source code of an older version of 'Kaspersky Internet Security' has been circulated on the internet. The code was created in late 2007 and was probably stolen in early 2008. Names contained in the source indicate that the stolen code was probably a beta version of the 2008 software package – the current release is Kaspersky Internet Security 2011. According to a Russian language report by CNews (Google translation), the code was copied by a disgruntled ex-employee. The thief has reportedly been trying to sell the code on the black market for some time, and Kaspersky says that the code archive already appeared in various private forums last November."

112 of 154 comments (clear)

Min score:

Reason:

Sort:

And, in other news... by NewtonsLaw · 2011-01-31 10:11 · Score: 1

And, in other news, Microsoft has released Windows 95 to rapturous applause.
Is there a difference?
How many people (perhaps apart from malware writers) will really be affected by this disclosure of the source for some 4-year-old software?
1. Re:And, in other news... by nicholas22 · 2011-01-31 10:13 · Score: 4, Insightful
  
  This probably comes as news to you (you're not a developer, are you?) but when you build new software, you basically build upon older code. So yes, even the extreme scenario you talk about, would cause some headaches to Microsoft.
2. Re:And, in other news... by armanox · 2011-01-31 10:24 · Score: 1
  
  Not as much as you imply, seeing that the DOS-based platform and Windows 9x were both abandoned in favor of the NT-based platform (which traces back to OS/2).
  
  --
  I'm starting to think GNU is the problem with "GNU/Linux" these days.
3. Re:And, in other news... by hairyfeet · 2011-01-31 10:27 · Score: 4, Informative
  
  Actually MSFT releasing the Win9X source would be WONDERFUL news, because if you haven't tried it Win9X can make a great embedded OS with better driver support and lower specs than pretty much any embedded OS out there.
  And as for why anyone would care about TFA, that's simple: Often you don't "throw the baby out with the bathwater" and significant portions of the code will be reused. This means the black hats pretty much have a roadmap to use to trash Kaspersky AV. Even if they didn't use much of the previous code it most likely will allow them to see how the Kaspersky AV team treats PC resources like memory, giving them a good idea of where the weak spots are. Bad news for Kaspersky users I'd say.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
4. Re:And, in other news... by Beardo+the+Bearded · 2011-01-31 10:33 · Score: 3, Insightful
  
  Here's the thing.
  The people who write malware already have this code. They might not have the C source, but they've got a good handle on the IO flow and undoubtedly have it in assembly. Is this a game-changer for the malware writers? Not even remotely. Even if this was the source code for the latest version from 2011, it wouldn't change anything.
  "They" have access to the exact same software that we have. They can download Avast! or AVG or Kaspersky or MSE and write the malware to be untraceable under those security suites. Hell, if they really wanted it they could find disgruntled employees or cleaning crews and get access to the repositories for cash monies.
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
5. Re:And, in other news... by joshki · 2011-01-31 10:34 · Score: 1
  
  NT actually traces its roots to VMS, not OS/2...
  
  --
  I do not read or respond to AC's. If you want a discussion, log in. Otherwise, don't waste your time.
6. Re:And, in other news... by belmolis · 2011-01-31 10:41 · Score: 1
  
  The designer of NT came from a VMS background but NT was not based on VMS code.
7. Re:And, in other news... by calzakk · 2011-01-31 10:45 · Score: 1
  
  Not necessarily true. I worked for an AV company several years ago. While the legacy product was in maintenance, a completely new version was in development and used very little code from the original product.
8. Re:And, in other news... by commodore6502 · 2011-01-31 10:57 · Score: 1
  
  >>>The designer of NT came from a VMS background but NT was not based on VMS [or OS/2] code.
  FTFY. And Netscape's designers came from their previous creation Mosaic for Amiga, Mac, and PC, but Netscape was not based on Mosaic code. Many moons later the Mozilla Suite spun-off from the never-released Netscape 5, and eventually became Seamonkey, but lo the users were not happy with Seamonkey's bloat, so they split-off the browser half and called it Firefox. And it was good.
  Thus spake the book of mozilla. (Meanwhile I continue to believe Internet Explorer never actually existed, despite claims that it was released with Windows 95 Service Pack 1.) (And netscape devolved to a low-end dialup service: http://www.getnetscape.com/ )
  
  --
  Information wants to be expensive AND wants to be free. So you have Value vs. Cheap distribution fighting each other.
9. Re:And, in other news... by Samantha+Wright · 2011-01-31 11:16 · Score: 1
  
  That page you linked to is insane. "Enhanced security"? From Windows 9x and its legendarily bad TCP stack, not likely. "Advanced next generation hardware support"? What about all those WDMI-only drivers from the current generation, guys? Or using more than 256 MB of RAM? Or a hard drive with more than 20 GB capacity? It's schizophrenia at its best!
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
10. Re:And, in other news... by DarkOx · 2011-01-31 11:34 · Score: 1
  
  That may be so, but its not the bottom in kernel level stuff anyone is interested in the Windows code base leaking for (well some crackers and other criminals might be) there are plenty of FOSS kernels that are every bit as good on NT to choose from. What's good about Windows is the stack of libraries. Lots of those are present in WIndows 9x and the complete source to Windows 95 even today would be of great use to someone who wanted to support win32 subsystems on top of some other platform.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
11. Re:And, in other news... by davidshewitt · 2011-01-31 11:34 · Score: 1
  
  Embedding Win9X does not sound like a good idea security-wise if the device is going to go anywhere near the internet.
12. Re:And, in other news... by DarkOx · 2011-01-31 11:37 · Score: 1
  
  Not really, the old Navigator was just called the Mozilla suite until Firefox shipped. The Seamokey project is run by a group that still wanted to continue development of the suite, which by the way is now no bigger than today's bloaty Firefox, used the same engine so displays pages exactly as well but offers more features and is an all around SUPERIOR browser. Firefox was good when it was actually smaller but these days is pretty pointless. What the should do is keep the FF name because its well marketed drop the FF and TB projects and rebrand Seamonkey as Fire Fox.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
13. Re:And, in other news... by joshki · 2011-01-31 11:47 · Score: 1
  
  There are a whole lot of people who disagree with you. NT was VMS, reimplemented.
  
  --
  I do not read or respond to AC's. If you want a discussion, log in. Otherwise, don't waste your time.
14. Re:And, in other news... by Sarten-X · 2011-01-31 12:10 · Score: 1
  
  Right... Because the computer I built as a recipe box for my kitchen certainly needs 8 GB of RAM, 3 TB disk space, and a video card that can ray-trace 1080p in real time.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
15. Re:And, in other news... by hairyfeet · 2011-01-31 12:19 · Score: 1
  
  Why is that? We are talking about an embedded OS not some desktop where you could surf with the thing. Most likely you would simply have a VPN connection to the main server to say process CC info for a purchase. And don't forget we are not talking vanilla Win9X but a stripped down version with only enough files/features to run the single app you are using it for.
  So I think you and the rest of the guys here are looking at it the wrong way. You can't judge this by running vanilla win9X on the net because the thing would only go to a single address and perform a single function so you would have to physically hack the machine or break into the corporate network from the other side, no different than any other kiosk.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
16. Re:And, in other news... by Samantha+Wright · 2011-01-31 13:15 · Score: 1
  
  So what are you trying to say? That a Win98 box is "next generation" compared to most embedded systems? 'cause otherwise, the fact stands that the EOS guys are spinning total BS.
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
17. Re:And, in other news... by h4rr4r · 2011-01-31 13:16 · Score: 1
  
  No but it should be running a better OS. No issue at all getting linux into something like that, pretty common in the embedded world already.
18. Re:And, in other news... by h4rr4r · 2011-01-31 13:17 · Score: 1
  
  Still no reason to go adding the risks that come with win9x. Lots of better options available.
19. Re:And, in other news... by morgauxo · 2011-01-31 16:38 · Score: 1
  
  NT was built on Multics code, extended with concepts from VMS
20. Re:And, in other news... by malloc · 2011-01-31 16:45 · Score: 2
  
  This means the black hats pretty much have a roadmap to use to trash Kaspersky AV. Even if they didn't use much of the previous code it most likely will allow them to see how the Kaspersky AV team treats PC resources like memory, giving them a good idea of where the weak spots are. Bad news for Kaspersky users I'd say.
  The moment you give someone your binary you've given them your code, just in a harder to read format. Any black-hat that cares will merely read the disassembly. Original source code not required.
  -Malloc
  
  --
  ___________________ I want to be free()!
21. Re:And, in other news... by armanox · 2011-01-31 16:52 · Score: 1
  
  It would probably be a boon to the WINE project, if nothing else.
  
  --
  I'm starting to think GNU is the problem with "GNU/Linux" these days.
22. Re:And, in other news... by Sarten-X · 2011-01-31 17:22 · Score: 1
  
  I'm saying that arbitrary hardware requirements do not have any relation to how well something actually does its job, and the examples you gave are ridiculously off-base for an embedded system in the first place.
  As an example, ATMs get new anti-counterfeiting devices all the time (certainly often enough to refer to any particular device as "next-gen"), yet they run old operating systems without significant problems. Sure, there's the occasional virus, but the overall rate of infection is far lower than desktop PCs, even after the latest antivirus updates. Would running a new OS make the ATM any better at handing out money? No.
  Think about each component of a modern OS, and determine whether it really needs to be on an embedded system. Does an ATM really need wireless functionality, or even TCP at all? What about support for rendering HTML? Is generic TWAIN support more cost-effective and bug-free than a custom driver? What about file and printer sharing? They're all potential attack vectors, so removing unneeded components is necessary. Newer operating systems have more components, and they're more tightly integrated. That means more unpredictable security overall, which just costs more to install and maintain.
  Few embedded systems are simply a desktop computer in a fancy box. There are many design challenges, and every device is different. While I'm sure there are cases where an embedded system needs to store 20 GB inside itself, it's not the kind of issue that comes up often.
  As another example of how different embedded systems are, consider an impressive bit of embedded mastery: Apollo 11's Automated Guidance Computer. That machine was responsible for landing humans on the moon. It did its job almost perfectly. Assuming it were running at full capacity throughout the entire flight, Apollo 11 ran fewer calculations than a few minutes playing World of Warcraft.
  Excessive hardware is merely excessive.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
23. Re:And, in other news... by Sarten-X · 2011-01-31 17:24 · Score: 1
  
  It currently runs Debian, stripped down to about 100 megs, and that's with only removing packages. A friend of mine (who is more familiar with the Linux internals) says that figure can easily be cut in half. The spare hard drive I stuck in the box is 2 GB, so I'm not particularly worried. Text recipes don't take that much space.
  The first version I set up actually ran Windows 98, because I had originally written my recipe program in Visual Basic. It has since been translated to a language that causes less pain, and the OS was changed shortly thereafter, purely because I love the FHS.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
24. Re:And, in other news... by Samantha+Wright · 2011-01-31 17:46 · Score: 1
  
  Hold up: we're not talking about visiting natural satellites here. The page advertises EOS for web kiosks and FTP servers. An FTP server is probably something you want to have considerable disk space for, web kiosks by their very nature have to be user-accessible (and thus virus-prone!), and both are going to be relying on that TCP stack. So you may want to look more closely before making generalisations about the typical usage of the word "embedded".
  
  Check out this quote: "EOS is Secure. Security for both you and your customers. We can build systems that resist tampering from your customers and your competitors. We secure your (and our) intellectual property against intrusion."
  
  Does that sound like Windows 98 to you? It sounds like system policies to me.
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
25. Re:And, in other news... by vegiVamp · 2011-01-31 20:43 · Score: 1
  
  There's a very limited number of people who can actually read large swathes of disassembled code, though, and I believe the majority of that already small number has more interesting things to do than see what makes another antivirus suite tick.
  Well, until Kapersky manages to tick one of them off, that is.
  
  --
  What a depressingly stupid machine.
26. Re:And, in other news... by DrXym · 2011-01-31 22:48 · Score: 1
  
  How many people (perhaps apart from malware writers) will really be affected by this disclosure of the source for some 4-year-old software?
  The answer is lots of people. Customers of Kaspersky may suddenly discover themselves infected with malware that sidesteps, disables or otherwise interferes with their AV or firewall software. Other people might receive emails offering "free" and apparently legit Kaspersky software which subsequently holds their machine to ransom, or installs a bot. And everyone else who suddenly finds new botnets springing up spamming and DDOS'ing with wild abandon thanks to a flood of compromised machines appearing.
27. Re:And, in other news... by DrXym · 2011-01-31 22:54 · Score: 1
  The issues with Mozilla / Seamonkey were largely usability issues but there were some performance issues too:
  
  More buttons, menus etc. Firefox was designed to create a clean, minimalist browser experience. The Mozilla suite was cluttered with functionality for email, composition etc.
  Runtime overhead. The more complex UI meant more chrome overlays, more registered components, more cruft. This meant the suite took longer to start and respond. Of course on the flip side if you did run Thunderbird / Firefox side by side your runtime overhead was probably higher than the combined suite.
  Increase headaches for development, QA and release trying to release basically 3x the UI when the browser was the primary component. By splitting the projects, it means they can follow their own more natural development lifecycles.
  I used to love the whole Mozilla suite but I understand why the split was made and I think it was the right thing to do. I continued to use Thunderbird but these days the amount of spam I get means I've more or less given up on a thick client email. It's easier to route my POP account through gmail where the spam gets efficiently stripped out for me.
28. Re:And, in other news... by Sarten-X · 2011-02-01 00:29 · Score: 1
  
  Also industrial control and monitoring, remote instrumentation and telemetry, smart appliances, and research.
  An FTP server probably needs a TCP stack, but it likely doesn't need support for laptop power management. On the other hand, a remote monitor might need to run with a backup battery, but communicate over a serial line. Again, embedded systems involve a lot of choices. The field of embedded machines is enormous, and there is certainly no single OS (and especially no single configuration) that will fit all needs.
  What I get from that quote is that the custom configuration EOS is promoting eliminates several attack vectors. As an example, look right underneath, where it's mentioned that Plug and Play is disabled. Even if the case is compromised, modifications to the machine wouldn't work easily. It sounds like protecting against both known and unknown bugs by adopting a minimalist strategy. There's less stuff, so less stuff can go wrong.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
29. Re:And, in other news... by DaveRichmond · 2011-02-01 00:31 · Score: 1
  
  You forgot the part where one of the internal timers overflows after about 30 days and it crashes. Then again, 30 minutes is typically a good uptime for windows 9x.
30. Re:And, in other news... by commodore6502 · 2011-02-01 00:33 · Score: 1
  
  >>>Win9X can make a great embedded OS with better driver support and lower specs than pretty much any embedded OS out there.
  >>>
  Embedded OS? Why not just run DOS directly, and get rid of the Win95 shell?
  We used VxWorks on our Pentium-based system.
  
  --
  Information wants to be expensive AND wants to be free. So you have Value vs. Cheap distribution fighting each other.
31. Re:And, in other news... by commodore6502 · 2011-02-01 00:38 · Score: 1
  
  >>>the old Navigator was just called the Mozilla suite
  It's in-house codename was Seamonkey.
  
  --
  Information wants to be expensive AND wants to be free. So you have Value vs. Cheap distribution fighting each other.
32. Re:And, in other news... by commodore64_love · 2011-02-01 01:29 · Score: 1
  
  Hey!
  Linux fans - Can I use Ubuntu Live CD to virus-check my Windows XP machine? It goes to desktop and then freezes almost immediately.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
33. Re:And, in other news... by dave420 · 2011-02-01 02:03 · Score: 1
  
  Forget it. You will never win this one. Explaining that it doesn't run *anything* other than what you tell it to, and that it's not the desktop version, is pointless. Their minds are made up.
34. Re:And, in other news... by hesaigo999ca · 2011-02-01 02:07 · Score: 1
  
  Most app companies do build on old code, EXCEPT AV companies, because not only do they need to change their signatures all the time, but also because viruses and malware mutate all the time their attack vectors, so the AV companies follow suit, changing the path where you will install, the registry keys, the names of files and folders....the list goes on, all to avoid detection by the malware people, and the malware people do the same with their apps, creating dynamic dlls, changing the code constantly to avoid signature detection, even splitting dlls into chunks and adding them to ends of other files, or hidden inside header data to then be reused to create the compiled code...all in an effort to be creative in evading detection.
  Ironically enough, both sides use the same tactics to circumvent the other...sort of like cpt. kirk using cloaking technology against the klingons...priceless...
35. Re:And, in other news... by tehcyder · 2011-02-01 03:15 · Score: 1
  
  Windows 9x is "next generation" compared to MS-DOS.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
36. Re:And, in other news... by tehcyder · 2011-02-01 03:18 · Score: 1
  
  I had originally written my recipe program in Visual Basic.
  It takes a brave man to write a sentence like that on slashdot.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
37. Re:And, in other news... by mikechant · 2011-02-01 03:34 · Score: 1
  
  It would probably be a boon to the WINE project, if nothing else.
  Not really...
  You're forbidden from working on Wine if you've ever seen Windows source code:
  http://wiki.winehq.org/DeveloperFaq#head-fed5011434f62ae1a88baebfb8193a37ea795101
38. Re:And, in other news... by malloc · 2011-02-01 05:01 · Score: 1
  
  I don't disagree but I think, by the same token, people that can't (or are too lazy to) read the assembly are less likely to have the m4d sk1lls (or attention span) to do something very serious with/to the anti-virus program. But, as you say, once you get into "ticked the general populace off" territory (instead of just "highly-skilled dude working for evil overlord for big$" territory), having the easier-to-read source laying around won't help.
  
  --
  ___________________ I want to be free()!
39. Re:And, in other news... by hairyfeet · 2011-02-01 09:39 · Score: 1
  
  It just goes to show you how rabid the blind hate and fanboyism is here on Slashdot. I mean when you point out the entire OS is fitted onto a 16Mb flash and hardwired to ONLY run a single app and connect to a single address and they STILL think it "is a security risk"?
  I'd sure as hell hate to have these guys work on anything at any of my SMBs as they are probably the type that thinks you can just slap any Linux or Mac on the net with no firewall or anything because "its not Windows and is safe from viruses" or some such rot. Shame we have so many here that don't seem to understand basics like it is impossible to infect files that don't exist or to do a malware driveby when it only goes to a single address on a corporate network. Just ridiculous.
  But as someone who actually built a couple of boxes using embedded Win98 it is actually VERY nice. I was able to use a fanless SFF 200MHz P1 with 32Mb of RAM as a frontend for a VB6 GUI that hooked into a DB at the main office. It was incredibly quiet, instant on thanks to the compact flash card replacing the HDD, only used a max 18w of power, could run in an un-air conditioned warehouse, and thanks to embedded Win98 I could just use the off the shelf drivers for the box.
  For devices such as kiosks, warehouse PCs, etc it actually works quite well and allows you to use really cheap throw away hardware to make really tough industrial PCs.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
Pretty useless now by ArchieBunker · 2011-01-31 10:12 · Score: 4, Interesting

Code to a 4 year old anti virus app, whats that going to be worth? Kaspersky was great until a few years ago. Then one release made my parents older p4 system near unusable. It went from firefox loading in a few seconds to close to 30 seconds. Forums were filled with the same complaints and no real fixes. I changed to Avast and its been great.

--
Only the State obtains its revenue by coercion. - Murray Rothbard
1. Re:Pretty useless now by nicholas22 · 2011-01-31 10:17 · Score: 1
  
  Avira is also good. But Kaspersky is even better. You should use it with more modern hardware. Otherwise stick with Avast and all is good.
2. Re:Pretty useless now by giorgist · 2011-01-31 10:26 · Score: 2
  
  Simply it would be interesting to see if they have an GPL code or any questionable code in there.
  Open source using companies can be procecuted if the wrong thing slips in.
  Closed source companies can't be ...
  
  See Oracle Vs Google.
  
  G
3. Re:Pretty useless now by ic3p1ck · 2011-01-31 10:56 · Score: 1
  
  Well, if your assertion is correct, then wouldn't the 4 year code be worth quite a lot? Seeing as it is a better version before it went downhill?
4. Re:Pretty useless now by Patch86 · 2011-01-31 12:01 · Score: 1
  
  I know it's never likely to be popular on these message boards, but I've actually been having a good experience with Microsoft Security Essentials on the one machine I've tried it on. I've got other machines with AVG Free and avast! on, and MSE has come across relatively simple and light-weight. I'm told it has reviewed pretty well in AV testing too.
  Not that I have any complaints from any of the main free AV programmes I've used, but it's nice to see another decent option in the line up.
5. Re:Pretty useless now by h4rr4r · 2011-01-31 13:18 · Score: 1
  
  Buy a faster computer just to run anti-virus?
  You windows kids make me laugh.
6. Re:Pretty useless now by h4rr4r · 2011-01-31 13:19 · Score: 1
  
  Sure they can. Quite common to run strings against binaries to see what you get. The busybox folks have sued more than one closed source vendor.
7. Re:Pretty useless now by h4rr4r · 2011-01-31 13:23 · Score: 1
  
  Or maybe use a better OS. Upgrading a PC just for antivirus is a hilarious concept.
8. Re:Pretty useless now by triffid_98 · 2011-01-31 14:14 · Score: 1
  
  I used to be a big fan of Kaspersky, but their 2010 update is a real piece of junk. A failed update should not cause a corrupted database that it can't rollback from. It also should not give up and force you to manually download updates from their support website.
  And yet this exact thing kept happening every few months like clockwork until I gave up and dumped it. When it worked, it worked very well, but dang.
9. Re:Pretty useless now by dudpixel · 2011-01-31 14:53 · Score: 1
  
  Avira is also good. But Kaspersky is even better. You should use it with more modern hardware. Otherwise stick with Avast and all is good.
  (emphasis mine)
  not according to av-comparatives.org. kaspersky has slipped behind quite a bit while avast and avira are still front-runners.
  
  --
  This seemed like a reasonable sig at the time.
10. Re:Pretty useless now by xtracto · 2011-02-01 01:06 · Score: 1
  
  IIRC Antivirus software is divided in the "app engine" and the "virus signatures" so, Kaspersky might be using the same engine that is in the source code but only updated the virus signatures in the new versions.
  
  --
  Ubuntu is an African word meaning 'I can't configure Debian'
11. Re:Pretty useless now by markhb · 2011-02-01 02:40 · Score: 1
  
  I got hit with something nasty a few years ago, and the first thing it did was disable my CA Antivirus (provided by my ISP) from updating. Lo and behold, there was no way that I could find to manually update CA AV at all. I finally was able to clean the machine using Kaspersky's online virus scanner, and I was sufficently happy with it that I bought the product; I'd be perfectly happy with the occasional manual database download if the alternative was having no way to update the signatures, ever.
  
  --
  Save Maine's economy: write stuff down. All comments are exclusively my own, not my employer.
12. Re:Pretty useless now by triffid_98 · 2011-02-01 03:07 · Score: 1
  
  Manual database download = press update button? fine. Manual database download = navigate through the vendors site looking for download-able updates = not fine. I can't think of any reason for this besides sloppy coding. Corrupted updates completely disabling the AV protection until I happen to notice, also = not fine.
Pay developers more! by nicholas22 · 2011-01-31 10:12 · Score: 4, Funny

Another disgruntled employee. I wonder why he is disgruntled...
1. Re:Pay developers more! by djdanlib · 2011-01-31 10:40 · Score: 3, Funny
  
  Perhaps he has only misplaced his gruntle, and is not fully disgruntled.
2. Re:Pay developers more! by leswt · 2011-01-31 12:42 · Score: 1
  
  So one should always keep ones employees gruntled!
3. Re:Pay developers more! by dudpixel · 2011-01-31 14:57 · Score: 1
  
  it clearly states he was disgruntled. I therefore assume he had his gruntle stolen and that's why he went and stole the code off them. you know, in a "you take my gruntle I'll take your code" kind of way...
  
  --
  This seemed like a reasonable sig at the time.
4. Re:Pay developers more! by SnarfQuest · 2011-02-01 04:03 · Score: 1
  
  What would it take to regruntle him? If losing his gruntle causes him to jump into the deep end, then getting his gruntle back might bring him back to his senses. Maybe it would make a good movie, like "How Timmy Got his Gruntle Back"?
  
  --
  Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
Stolen?? by Jaxoreth · 2011-01-31 10:13 · Score: 5, Funny

I wish them luck recovering it so they don't have to rewrite it from scratch.
(Copyright infringement is not theft.)

--
In general, it is safe and legal to kill your children. -- POSIX Programmer's Guide
1. Re:Stolen?? by nicholas22 · 2011-01-31 10:16 · Score: 1
  
  Bhahahaha, what are you smoking man? What on earth makes you think they would rewrite everything?? This is the real world.
2. Re:Stolen?? by Rockoon · 2011-01-31 10:26 · Score: 1
  
  woooooooooooosh!!
  
  --
  "His name was James Damore."
3. Re:Stolen?? by amiga3D · 2011-01-31 10:45 · Score: 2
  
  Why.....if their source code was stolen then they don't have it anymore. If their source code is gone they will have to rewrite it. Unless they recover it somehow.
  Get it yet?
4. Re:Stolen?? by Opportunist · 2011-01-31 10:48 · Score: 1
  
  I bet now they wish that software could be multiplied easily. If that was only possible, I'd have this great idea where you could create a copy of your software, then store it somewhere safe in case some thief gets in, empties out your servers and makes it away with that big bag with that huge $$ sign on it.
  I'll be rich when this finally becomes possible!
  Dammit, I should have patented it before posting here...
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re:Stolen?? by onkelonkel · 2011-01-31 11:16 · Score: 1
  
  "You keep using that word. I do not think it means what you think it means."
  
  Reactionary - extreme conservatism or rightism in politics; opposing political or social change.
  
  --
  None of them can see the clouds; The polished wings don't care.
6. Re:Stolen?? by gilbert644 · 2011-01-31 11:27 · Score: 3, Insightful
  
  Here's another one: Identity theft. Language evolves. Deal with it.
7. Re:Stolen?? by Jaxoreth · 2011-01-31 11:52 · Score: 1
  
  Here's another one: Identity theft. Language evolves. Deal with it.
  Calling copyright infringement theft is a deliberate attempt to equate infringers with criminals (or the result of having been influenced by same) -- not an accidental evolution of language -- whereas identity theft is, in fact, a crime.
  Furthermore, if someone copies your code then at worst you've "lost sales" but at least your program still works. If someone steals your identity, then your identity itself is compromised (in its function as a unique identifier) and your ability to use your identity is reduced. So yes, you have lost something, and 'theft' is not an inappropriate term.
  
  --
  In general, it is safe and legal to kill your children. -- POSIX Programmer's Guide
8. Re:Stolen?? by DittoBox · 2011-01-31 12:38 · Score: 1
  
  The legal and economic definitions of theft indicate the loss of a physical item. If I steal something from a store, that item needs to be replaced. If I infringe your copyright by downloading your music, you've at worst lost a sale. The economic impact is a lot less because you're not actually losing real goods that already have work invested into them.
  Is it wrong? Yes.
  Does it suck? Yes.
  Is it a theft. No.
  
  --
  Good. Cheap. Fast. Pick Two.
9. Re:Stolen?? by bad_fx · 2011-01-31 12:42 · Score: 1
  
  WTS: Sense of humour, stolen from nicholas22. Barely used.
10. Re:Stolen?? by dudpixel · 2011-01-31 14:55 · Score: 1
  
  whoosh
  
  --
  This seemed like a reasonable sig at the time.
11. Re:Stolen?? by noidentity · 2011-01-31 15:15 · Score: 1
  
  Language devolves. Deal with it.
  
  There, fixed that for you.
12. Re:Stolen?? by Anonymous Coward · 2011-01-31 17:08 · Score: 2, Informative
  
  Here's another one: Identity theft. Language evolves. Deal with it.
  Heck no... framing bank fraud as "identity theft" puts the onus on the victim instead of where it properly belongs.
13. Re:Stolen?? by noidentity · 2011-01-31 17:24 · Score: 1
  
  Maybe they stole some copies and kept them on backup tapes. So they just have to steal them back to their machines.
14. Re:Stolen?? by Anonymous Coward · 2011-01-31 21:01 · Score: 1
  
  Identity theft is not theft either. Language may evolve, but that doesn't change the law.
15. Re:Stolen?? by Ginger+Unicorn · 2011-02-01 00:04 · Score: 1
  
  Newspeak gets plusgood, Winston. Bellyfeel it.
  
  --
  (1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
16. Re:Stolen?? by xtracto · 2011-02-01 01:07 · Score: 1
  
  (Score:3, Insightful)
  Here's another one: Identity theft. Language evolves. Deal with it.
  So, today is the "we are in pro of theft = copyright infringement day" in slashdot??
  mhm
  
  --
  Ubuntu is an African word meaning 'I can't configure Debian'
The bad news is by cyberfin · 2011-01-31 10:13 · Score: 1

Kaspersky users might need to think about ditching their antivirus. The good news is Ubuntu will welcome them with open arms.

--
"I'm taking this loop off." - Jack O'Neill
1. Re:The bad news is by MonsterTrimble · 2011-01-31 10:31 · Score: 1
  
  What? Actually, the Ubuntu Forums are very clean and helpful. I have never seen anyone badmouth somebody.
  
  Oh wait, you wanted to be fed.. My bad.
  
  --
  I call it 'The Aristocrats'
2. Re:The bad news is by sqlrob · 2011-01-31 10:37 · Score: 4, Funny
  
  That won't work. The source for Ubuntu has already leaked.
3. Re:The bad news is by Beardo+the+Bearded · 2011-01-31 10:41 · Score: 1, Insightful
  
  You know what?
  Ubuntu can get viruses just as easily as other OSes. The Apache servers that control botnets aren't running IIS. Wine is a weak point, and Flash is a cross-platform single-point-of-failure. How many times have you blindly added a repository based on what some random untrusted person on the Internet tells you to do? I know I have.
  The only reason that it's not as 0wn3d as Windows is that Windows was easy pickings and has huge market share. Now the bad guys are going to focus on smartphones because that's where the easy targets are. (A computer that's always on, is usually glitchy, and you can't look around in it because the telcos lock it down from you? Awesome!)
  Selling Ubuntu as a secure OS is simply incorrect. It's more secure by virtue of both user capabilities and user-only access, but anything that is connected to the Internet is always subject to OMGPWNIES.
  If you are going to use Windows, apparently the best AV is MSE.
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
4. Re:The bad news is by cyberfin · 2011-01-31 10:45 · Score: 1
  
  Damn. You're right.
  
  --
  "I'm taking this loop off." - Jack O'Neill
5. Re:The bad news is by Opportunist · 2011-01-31 10:51 · Score: 1
  
  You don't spend much time on Ubuntu boards, do you?
  I've seen questions that make me cringe (after years and years of support, you usually can stomach even questions that eventually lead up to "Are you really, really sure it is plugged in?"), but the people there answer even the tenth identical question with the same stoic patience as the first time.
  I can't remember seeing a RTFM or LMGTFY on a Ubuntu board.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
6. Re:The bad news is by Anonymous Coward · 2011-01-31 10:51 · Score: 1
  
  Certain people keep saying the only reason there's no such thing as Linux malware is market share.
  The fact that applications running on Linux can't alter system files has absolutely nothing to do with it.
  Prove it. Release your exploit already.
  BTW, Wine is notoriously bad at running malware.
7. Re:The bad news is by Opportunist · 2011-01-31 10:54 · Score: 3, Funny
  
  Dammit, now Linux is hellish insecure!
  Why didn't anyone inform the community? That's so irresponsible!
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
8. Re:The bad news is by sqlrob · 2011-01-31 10:59 · Score: 2
  
  Drop an executable in ~, change ~/.profile and ~/.bashrc to put those directories first, pwned.
  Easy to clean, true, but if you're not looking for it, it's not there. Also defeatable by mounting home noexec but how many user installs do that?
9. Re:The bad news is by Anonymous Coward · 2011-01-31 11:21 · Score: 1
  
  You seem to be confused about how botnets are currently being controlled.
  Hint: It's not through Apache.
10. Re:The bad news is by uglyduckling · 2011-01-31 11:29 · Score: 1
  
  Yes, and ...yes.
11. Re:The bad news is by djp928 · 2011-01-31 12:06 · Score: 1
  
  This is mainly because Wine is notoriously bad at running anything.
  
  --
  Making fun of dumb people since 2009
12. Re:The bad news is by Omestes · 2011-01-31 17:55 · Score: 1
  
  Are you kidding?? I tried to install ubuntu 10.10 today. It crashed twice during install and once after install...
  Probably a bad burn... Burn it at an insanely low speed, and verify (I use ImgBurn, generally). I went through this with a Windows 7 a week ago, I burned over 5 DVDs with varying speeds and never got one to actually work. They were from an official source, using an official downloader, even (Digital River, we got the student discount shortly after release, and they lied about sending the actual install media we paid for), and they all passed an MD5 and other hash checks, AND verified through ImgBurn.
  Oddly a copy I "pirated" (is it pirating if I have a purchased license?) from Pirate Bay worked the first time.
  Upon installing it, I spend the next day download updates. Their might not have been 241 of them, but there was over 100. Around five of which wouldn't install since they were installing out of order (all of which were .Net updates). It made me really wish that MS would use something sane like Synaptic.
  Damn bad RAM.
  On my Nettop I just installed XP, which didn't work since it wasn't SP3. It wouldn't update, period. Then I installed Vista (sadly don't have another 7 license, don't want to spend $70-100 for it), spend two full days updating it, same .Net madness as on Windows7. Going to install an up-to-date "pirated" copy of XP (have a valid license, why is piracy always more convenient than official channels?) when Newegg send me my new HDD, I'm sure it will be as, if not more, hellish as installing Vista or Win7.
  Ubuntu needed 200 updates because you had an old install DVD/image. It happens, all OSs do this. It happened on my last fresh install of OS X too. It happened on my last install of Ubuntu, my last install of Kubuntu, and my last install of OpenSuse. OS installation is generally the nastiest bit of most OSs, but most Linux distros have a leg up with things like Synaptic. Windows would rock if they just got rid of NTFS (defraging is obsolete, or at least should be), and got some sort of decent package management, perferably system-wide and not just for MS software.
  
  --
  A patriot must always be ready to defend his country against his government. -edward abbey
13. Re:The bad news is by unapersson · 2011-01-31 21:46 · Score: 1
  
  That's still not an example of modifying system files. So you're dropping an executable in root then running some code to edit some files so you can run the executable. Isn't there some kind of circular reference problem there?
14. Re:The bad news is by sqlrob · 2011-02-01 05:59 · Score: 1
  
  You can't modify the system files. Notice I said run from ~, not /.
  Arbitrary file write in a browser or plugin or mail client, and you're in, compromise. Granted, just for that user but that's all you need for most personal systems. It's more than good enough for a botnet - you can make connections out and harvest any e-mail addresses / private data from ~.
  There's actually an additional hole in *nix that's not present in Windows (or more accurately, Firefox on those systems). You can write a browser plugin in home in Unix but not in Windows; only an elevated admin can write the plugin in Windows.
Copied, not stolen... by Anonymous Coward · 2011-01-31 10:24 · Score: 1

"The source code of an older version of 'Kaspersky Internet Security' has been circulated on the internet. The code was created in late 2007 and was probably copied in early 2008. Names contained in the source indicate that the copied code was probably a beta version of the 2008 software package - the current release is Kaspersky Internet Security 2011. According to a Russian language report by CNews (Google translation), the code was copied by a disgruntled ex-employee. The copier has reportedly been trying to sell the code on the black market for some time, and Kaspersky says that the code archive already appeared in various private forums last November."
Now, isn't that better?
1. Re:Copied, not stolen... by exomondo · 2011-01-31 12:27 · Score: 1
  
  We all know what 'stolen' means in the context of data, it means 'copied without permission of the owner', im sorry you fail to understand that.
2. Re:Copied, not stolen... by Anonymous+Psychopath · 2011-01-31 19:35 · Score: 1
  
  Tomayto, tomahto. If it were your credit card number being passed around and being used to buy goat porn, you'd probably tell your credit card company it was stolen. Even if some self-rationalizing freeloader came along and pointed it that it can't be stolen since it's still in your wallet. Semantics, at least in this case, really are unimportant.
  
  --
  Eagles may soar, but weasels don't get sucked into jet engines.
I just stopped using anti-virus by blahbooboo · 2011-01-31 10:28 · Score: 1

I changed from XP to Windows 7 and skipped anti-virus on my computer. Gmail screens all my documents I receive for viruses, chrome browser has pretty good security, applications I download are from legitimate sources, good backup and archiving, and the occasional malwarebytes scan (yet to find anything in 18 months). Why did I go this route? Well I found I had malware despite having a fully updated Mcafee AV on my XP computer. I realized safe computing and a modern OS would likely be enough for an educated user -- thus far it has been.
1. Re:I just stopped using anti-virus by Opportunist · 2011-01-31 10:46 · Score: 3, Informative
  
  It's a very good start. Brain 1.0 is still the best virus scanner out there.
  Still, there are threats that can't be defeated that way. Scenario: Exploit in a major flash application that affects all possible plugins (since they are essentially the same with different interfaces to the browser), an iframe hidden in a webpage on a, say, hotel homepage you happen to visit because you are planning your vacation, infection complete. If you happen to dislike plugins, browsers themselves can have their loopholes (IIRC the MHTML hole already made it to /. today), not to mention that browsers do also rely on APIs in the end, which are the same, no matter what browser you use.
  I'm not saying get a AV tool. All I say is that there are still vectors you cannot defeat just by being careful. A system's security is the minimum of the user's and the system's ability. Not the average.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re:I just stopped using anti-virus by calzakk · 2011-01-31 10:49 · Score: 1
  
  Consider this: the legitimate source's website is hacked, and all its downloads are infected with new malware not yet seen in the wild. This remains unnoticed for several days, during which time the malware has been downloaded by hundreds or even thousands of users. By the time the AV companies get a sample, it's too late for all those downloaders...
3. Re:I just stopped using anti-virus by blahbooboo · 2011-01-31 11:03 · Score: 1
  
  Consider this: the legitimate source's website is hacked, and all its downloads are infected with new malware not yet seen in the wild. This remains unnoticed for several days, during which time the malware has been downloaded by hundreds or even thousands of users. By the time the AV companies get a sample, it's too late for all those downloaders...
  Sure these things can happen. But they are very rare. Risk am willing to take over the slow down AV software packages add to my nice clean system
4. Re:I just stopped using anti-virus by blahbooboo · 2011-01-31 11:06 · Score: 1
  
  It's a very good start. Brain 1.0 is still the best virus scanner out there.
  Still, there are threats that can't be defeated that way. Scenario: Exploit in a major flash application that affects all possible plugins (since they are essentially the same with different interfaces to the browser), an iframe hidden in a webpage on a, say, hotel homepage you happen to visit because you are planning your vacation, infection complete. If you happen to dislike plugins, browsers themselves can have their loopholes (IIRC the MHTML hole already made it to /. today), not to mention that browsers do also rely on APIs in the end, which are the same, no matter what browser you use.
  I'm not saying get a AV tool. All I say is that there are still vectors you cannot defeat just by being careful. A system's security is the minimum of the user's and the system's ability. Not the average.
  I also use Flash Block :)
  
  You do make a very good point about flash as is your point that nothing is ever full proof. I felt after having done the "right thing" and getting malware, coupled with Mcafee not even allowing me to uninstall it completely, I was sick of the game and decided to try Brain 1.0.
5. Re:I just stopped using anti-virus by steelfood · 2011-01-31 11:23 · Score: 4, Insightful
  
  But that's not what an AV is for, despite the industry trying to market it as such. Antivirus software is reactionary. The company has to receive an unknown virus and analyze it before they can put the virus in the next definition file update. And any heuristics module included is typically useless against all but the most basic attacks.
  AV is at best a catch-all for uncontrolled or uncontrollable situations. Office computers, shared family home machines, etc. that are subject to illogical users' whims would benefit from AV. But AV cannot stop zero-day exploits, cannot prevent malicious JS, and is completely useless against a determined attacker with physical access to a machine.
  Proper computer security addresses each attack vector separately. A properly-configured software firewall will take care of most of the threats though the network. In fact, hiding behind a NAT will take care of 99% of the zero-day threats; whitelisting outbound traffic is just good security practice. Noscript and safe surfing habits will guard against anything coming in through the browser. Obviously, preventing unauthorized physical access to the system requires physical security.
  All AV will do is maybe stop that infected autorun from your kid's buddy's flash drive, or delete that exe file you accidentially downloaded from a questionable site you were surfing. But that's what's it's really there for:all the cases you don't really know or expect to have to guard against.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
6. Re:I just stopped using anti-virus by Haedrian · 2011-01-31 12:06 · Score: 1
  
  Not recommended.
  A bunch of malware nowadays appears on:
  1. Hacked Websites
  2. Advertising
  Yeah, if you disable JavaScript and Flash you might have a 'safe experience'. But then if your favourite news website gets hacked, you'll catch a virus.
  Its not worth it , truly. Or, your flash drive might get infected from someone (there was a printing bureau which actually had this sort of worm on their pcs - infected tons of people).
7. Re:I just stopped using anti-virus by LordLimecat · 2011-01-31 15:33 · Score: 1
  
  So... how much do you trust that flash plugin you got? How about silverlight?
  And McAfee is really quite mediocre as AVs go. Avast | AVG | MSSE are all far better.
Re:Obey husbands more! by Archangel+Michael · 2011-01-31 10:55 · Score: 1

In Soviet My House, wife beats me!

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Disgruntled employee steals? by ZappedSparky · 2011-01-31 11:01 · Score: 1

I have a lovely stapler at home.
Re:or by Opportunist · 2011-01-31 11:02 · Score: 2

Linux is not inherently more secure. Why would it be?
You might notice now and then that an exploit gets discovered in a Linux program. BIND and sendmail have for some time been the poster child for "yet another Linux security hole". Even BIND 9 has its issues. Now, why BIND and sendmail? Are they so horribly insecure compared to the rest of the system?
No. But compromising them is profitable. Simple as that.
Likewise, finding security holes in Windows is profitable. The average Windows user is less clued than the average Linux user. And that's not up for discussion. Not because Linux would need more knowledge, simply because to use Linux you'd first of all have to know it exists, something the average Joe Randombrowser doesn't even know, or he mistakes Linux for some sort of odd interface that runs on top of Windows.
Porting all those Joes to Linux now does not solve the problem. Because the problem stays the same: As long as users allow everything, disable all security and hand over root credentials to any program in exchange for Dancing Pigs, the system is powerless to defend against this.
And THIS is the core problem of security today. Not a hole in the technical security, it's a hole in the user's ability and awareness of security.
If you now move all those Joes to Linux, all that will change is that the same kind of malware crap we see today for Windows will start to pop up for Linux. The only reason why there is not more malware for Linux is simply that the market is too small. It's a bit like the game market. Why is there not more games for Linux? Simple: More money in making games for Windows. Simply because it's a bigger market.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Like Netscape.... by mr_lizard13 · 2011-01-31 11:22 · Score: 1

Like Netscape, who released their source code so a bloated, unwieldy application could be improved upon and re-released as something that's actually functional, it seems Kaspersky are following suit. Good on them.

--
"We live in a global world" - Harvey Pitt, former Securities and Exchange Commission Chairman
Someone... by Windwraith · 2011-01-31 11:46 · Score: 1

Someone check this out to see the quality of this closed code!
Code quality is often a excuse for commercial software to sell VS OSS, and I am interested on how "higher" the quality of this stuff is.
No antivirus software... by alexborges · 2011-01-31 12:27 · Score: 1

Works nowdays anyhow so... i really dont care.
Besides, im on Linux.

--
NO SIG
here is the source code: by rent · 2011-01-31 13:35 · Score: 5, Funny

I visited some of these forums today, and fair enough.. the source code is there. Here is what I found: #include <stdio.h> #include <kaspersky.h> char make_prog_look_big[1600000]; main() { if (detect_cache()) disable_cache(); if (fast_cpu()) set_wait_states(lots); set_mouse(speed, very_slow); set_mouse(action, jumpy); set_mouse(reaction, sometimes); printf("Please wait, Kaspersky is scanning your computah)\n"); if (system_ok()) crash(to_dos_prompt); else system_memory = open("a:\swp0001.swp", O_CREATE); while(1) { sleep(5); scan_a_single_file(); sleep(5); update_progress_bar(); sleep(5); if (rand() < 0.9) crash(complete_system); } return(unrecoverable_system); } }
1. Re:here is the source code: by Rizimar · 2011-01-31 14:45 · Score: 1
  
  How long ago was this source leaked? Because when I compile it, I get Windows 95.
Kaspersky security?? by translab · 2011-01-31 14:41 · Score: 1

Been using Kaspersky for home and business for over ten years. Given that this is a company whose primary business is security, I find it beyond comprehension that a 'disgruntled employee' could steal and distribute source code. Trust destroyed...
1. Re:Kaspersky security?? by _Shad0w_ · 2011-01-31 18:24 · Score: 1
  
  Why? You have to balance security with usability - in this case the ability to actually do your job - which fundamentally means you have to trust your developers with your source code.
  If you're a larger company you can break your code down and only allow people access to the module they're working on, for smaller to mid sized companies that's not such a viable option; people generally work on whatever bit of code needs working on. I doubt Kaspersky actually employees that many developers.
  That's assuming it was a developer, it could just as easily have been a systems administrator; controlling their access is often even more difficult because their roles often mean they can circumvent security restrictions. You can audit events like that, of course, but that's usually an after-the-fact thing.
  A lot of roles entail a level of implied trust. Sometimes that trust gets betrayed.
  
  --
  Yeah, I had a sig once; I got bored of it.
Hope Kapersky Fails for Thier Prvacy Comment by BrendaEM · 2011-01-31 23:25 · Score: 1

If memory serves me correctly, someone at Kapersky stated that they didn't believe that people were entitled to privacy.
I wish nothing but the worst for their company.

--
https://www.youtube.com/c/BrendaEM