Is Your Antivirus Made By the Chinese Government?

← Back to Stories (view on slashdot.org)

Is Your Antivirus Made By the Chinese Government?

Posted by samzenpus on Monday April 18, 2011 @12:08AM from the great-security-wall dept.

guanxi writes "Huawei, a large Chinese telecom and IT company with close ties to the Chinese military has faced obstacles doing business in other countries, because governments are concerned about giving them access to critical infrastructure. Huawei Symantec is a joint venture with one of the world's largest IT security companies which sells security products in the US. Would the Chinese or other governments take the opportunity to create back doors into western IT networks? Wouldn't they be crazy not to?"

117 of 196 comments (clear)

Min score:

Reason:

Sort:

We'd never do such a thing by tomalpha · 2011-04-18 00:11 · Score: 5, Insightful

Would the Chinese or other governments take the opportunity to create back doors into western IT networks? Wouldn't they be crazy not to?
Would the US or other Western governments take the opportunity to create back doors into Chinese IT networks? Wouldn't they be crazy not to?
1. Re:We'd never do such a thing by qpqp · 2011-04-18 00:17 · Score: 4, Interesting
  
  Would people continue to be stupid enough to install Symantec software to allow them to?
2. Re:We'd never do such a thing by jimicus · 2011-04-18 00:20 · Score: 5, Insightful
  
  Certainly used to be the case that Symantec Enterprise AV wasn't too bad. Small footprint, didn't hog system resources, didn't clutter up the desktop with pointless "I'm still here! Aren't I wonderful!" alerts.
  Too much, in fact. As a sysadmin I regularly had people ask me to install AV or (in one or two cases) go out and install a third-party AV product, thinking I'd shipped them a PC with no AV.
3. Re:We'd never do such a thing by ThePromenader · 2011-04-18 00:23 · Score: 3, Funny
  
  Well, if everyone's going to be getting into everyone else's back door, the best we can hope for is an all-round reacharound.
  
  --
  
  No, no sig. Really.
  
  ThePromenader
4. Re:We'd never do such a thing by arth1 · 2011-04-18 00:26 · Score: 1
  
  Too much, in fact. As a sysadmin I regularly had people ask me to install AV or (in one or two cases) go out and install a third-party AV product, thinking I'd shipped them a PC with no AV.
  As a sysadmin, I defer questions like that to the IT staff that does windows. I certainly won't install clamav or similar on any of the workstations I get people -- it's a complete waste of good bits and cycles.
5. Re:We'd never do such a thing by somersault · 2011-04-18 00:33 · Score: 2
  
  Someone should tell the RIAA/MPAA about the illegal filesharing these governments are taking part in. Will be fun to watch the ensuing apocalypse.
  
  --
  which is totally what she said
6. Re:We'd never do such a thing by pmontra · 2011-04-18 00:54 · Score: 3, Insightful
  
  Who needs the backdoors supposedly made by Symantec when they already installed the ones supposedly made by Microsoft? Or a BIOS or hardware itself?
7. Re:We'd never do such a thing by Anonymous Coward · 2011-04-18 00:55 · Score: 1
  
  Except the RIIAA/MPAA is in the pocket of big government.
  If A is B then B is A amirite.
8. Re:We'd never do such a thing by ObsessiveMathsFreak · 2011-04-18 00:57 · Score: 1
  
  What opportunity? When was the last time the Chinese bought anything from the West.
  
  --
  May the Maths Be with you!
9. Re:We'd never do such a thing by TheRaven64 · 2011-04-18 00:57 · Score: 1
  
  There are lots of ways that malware can target Linux. There are very few ways that malware can target Linux that antivirus software will protect you from. This is almost equally true of you substitute 'Windows' or 'Mac OS X' for Linux.
  
  --
  I am TheRaven on Soylent News
10. Re:We'd never do such a thing by BagOCrap · 2011-04-18 01:05 · Score: 1
  
  Well, if everyone's going to be getting into everyone else's back door, the best we can hope for is an all-round reacharound.
  I once tried to explain that to my other inmates...
  
  --
  -- Chaos, panic, pandemonium... My job here is done!
11. Re:We'd never do such a thing by the_womble · 2011-04-18 01:09 · Score: 1
  
  Are other governments crazy to use proprietary software from American companies, given that the US would be crazy not to use it to spy on them?
12. Re:We'd never do such a thing by Anonymous Coward · 2011-04-18 01:22 · Score: 1
  
  What opportunity? When was the last time the Chinese bought anything from the West.
  Didn't they buy up a crapload of the USA's debt?
13. Re:We'd never do such a thing by zach_the_lizard · 2011-04-18 01:24 · Score: 1
  
  Science use, 3D work (Maya runs natively under Linux), perhaps CAD work (no AutoCAD, but others), maybe programming work. There're plenty of other uses.
  
  --
  SSC
14. Re:We'd never do such a thing by ArcherB · 2011-04-18 01:24 · Score: 1
  
  Would the Chinese or other governments take the opportunity to create back doors into western IT networks? Wouldn't they be crazy not to?
  Would the US or other Western governments take the opportunity to create back doors into Chinese IT networks? Wouldn't they be crazy not to?
  American companies are not owned by the US government. China is a communist country. By definition that means that Chinese companies are owned by the Chinese government.
  So, if the Chinese were buying their network security products from the US government, I would fully expect them to put back doors in. Since US companies are not owned by the US government, the I fully expect them NOT to. On the other hand, if you buy anything from the Chinese, you are effectively buying from the Chinese government, meaning I would definitely want to thoroughly investigate the code and compile myself before installing any software written by the Chinese government. Then again, if I'm going to do that, I may as well write my own.
  In other words, you are comparing apples to oranges.
  
  --
  There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
15. Re:We'd never do such a thing by SniperJoe · 2011-04-18 01:30 · Score: 3, Funny
  
  Oh come on, that's easy: http://en.wikipedia.org/wiki/United_States_Congress
16. Re:We'd never do such a thing by zoom-ping · 2011-04-18 01:45 · Score: 2
  
  Oh yeah? What about all the 1.1 trillion US dollars in bonds that the Chinese have bought?
17. Re:We'd never do such a thing by no+known+priors · 2011-04-18 01:45 · Score: 4, Insightful
  
  China is in no way communist. It's as capitalist as they come. They only thing "communist" about them is the name of the party in power. What's the similarity between the economic and political systems of the former USSR (along its 70 odd year life), Cuba (over the last 50 odd years), Vietnam since 1975, PRC since '49, North Korea since the '50s, and Romania, East Germany, and other Eastern European "Warsaw Bloc" countries when they were "communist"?
  Oh wait, fuck all. Apart from, most of the time, the party in power having the word "communist" in its name.
  Sure, there are many companies that are owned by the government in China. There are also a lot more that aren't. That's part of the reason you hear all these cases of people dying from contaminated milk products and the like. Capitalists making a killing. Saving money at any cost.
  Wikipedia (not a great source for most political ideas) says:
  
  The only communist state which still traditionally follows Marxist-Leninist doctrine and maintains a largely planned economy is Cuba, which describes itself as "a socialist state guided by ideas of Marx, Engels and Lenin and in transition to a communist society".
  
  --
  Appended to the end of comments you post. The maximum is 120 characters.
18. Re:We'd never do such a thing by Anonymous Coward · 2011-04-18 01:49 · Score: 3, Informative
  
  Except that, well, the government has COMPLETE and total control over every industry. The fact that they let SOME companies operate without direct everyday oversight in no way changes the fact that the government can, at any time, tell them to do something and they will do it. So, schmucky mcmoron, try not to convince people that the Chinese Government does not have control over these companies, when, in fact, they have complete control.
19. Re:We'd never do such a thing by zoom-ping · 2011-04-18 01:53 · Score: 1
  
  How about bonds for 1.1 trillion USD?
20. Re:We'd never do such a thing by datapharmer · 2011-04-18 02:05 · Score: 1
  
  pretty sure you just defined "totalitarian" not communist, thereby affirming what the parent wrote...
  
  --
  Get a web developer
21. Re:We'd never do such a thing by dkleinsc · 2011-04-18 02:41 · Score: 2
  
  That's part of the reason you hear all these cases of people dying from contaminated milk products and the like. Capitalists making a killing. Saving money at any cost.
  Another way of thinking about this is that the modern-day Chinese capitalists are doing exactly what every other country's capitalists did regularly during their countries early industrial period. The British capitalist's abuses along the same lines (e.g. adulterated bread) was part of Karl Marx's evidence that pure capitalism necessarily led to suboptimal outcomes. The American capitalist's abuses along the same lines (e.g. sick cattle getting sold as premium beef) was vividly described by Upton Sinclair. The list goes on.
  
  --
  I am officially gone from /. Long live http://www.soylentnews.com/
22. Re:We'd never do such a thing by Moryath · 2011-04-18 02:43 · Score: 5, Insightful
  
  Antivirus programs are an important part of any sytem to protect you against virus infection. They work well against almost every virus.*
  *-more than a week old
  *-that hasn't already infected the system
  *-that doesn't exploit something in the system running lower level than the AV program
  *-that doesn't exploit some hole in the code of the AV program itself
  *-that doesn't successfully evade detection just-long-enough to shut down the AV program from behind
  *-that doesn't successfully exploit people via social engineering and scareware tactics
23. Re:We'd never do such a thing by FatGath · 2011-04-18 03:11 · Score: 1
  
  Right, because the US Government is owned by American companies.
24. Re:We'd never do such a thing by djdanlib · 2011-04-18 03:26 · Score: 1
  
  +1 Unfortunately True
25. Re:We'd never do such a thing by ron_ivi · 2011-04-18 03:29 · Score: 2
  
  Occasionally we document it when we do, like the NSA back door in Lotus Notes: http://www.heise.de/tp/artikel/2/2898/1.html
  OTOH, sometimes we don't; like when we blew up the Soviet pipeline with software trojans: http://www.damninteresting.com/the-farewell-dossier
  But regarding Windows and this anti-virus software? C'mon - you can pretty much bet that every country in which Microsoft has software developers already has their own back doors (disguised as accidental security bugs). How else can you explain that OS having so many more QA resources than comparable scale OS's (linux, bsds, unixes, etc) but having so much worse a security reputation.
26. Re:We'd never do such a thing by DNS-and-BIND · 2011-04-18 03:58 · Score: 3, Informative
  
  Bzzt wrong. China is still capital-C Communist. They just released their new Five-Year Plan, for Pete's sake. The difference is that after Mao died, Deng Xiaoping hijacked the people's revolution onto the capitalist road. For those of you who didn't go to university and hence weren't exposed to Marxism, "capitalist roaders" are a heresy of Communism. They still want to achieve socialism, but by the wrong methods. According to Mao, the Soviet Union suffered this fate after Stalin died.
  The Chinese government still directly controls huge swathes of the Chinese economy. Companies are owned by the state and operate for its benefit. Americans having trouble with this unfamiliar idea could perhaps think of Amtrak, or the conversion of General Motors into an arm of the federal government a few years ago. The baby milk scandals are due to a lack of enforcement mechanisms. In so many words, there are few laws and fewer inspectors. Moreover, Chinese culture places no value on people you don't know - they might as well not exist, so who cares if you poison them or not? This is how you get crowds of people standing around gawking at accident victims instead of rendering aid (first one to help has to pay the victim's hospital bills).
  Unfortunately, there are those out there to whom socialism is an unassailable holy concept, and when a communist country takes the capitalist road, an attempt is made to classify the whole shebang as EEEVIL in order to make capitalism look bad. It's like old Soviet documentaries about the United States that focused on the poor and homeless, in order reinforce the conclusion that was preordained anyway.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
27. Re:We'd never do such a thing by DarwinSurvivor · 2011-04-18 04:09 · Score: 1
  
  AHA, so black is my computer!!!
28. Re:We'd never do such a thing by linuxwolf69 · 2011-04-18 04:42 · Score: 1
  
  Pretty sure his point was that as a sysadmin, he only cares about the linux machines. He lets the "IT staff that does windows" handle windows A/V
29. Re:We'd never do such a thing by flyingkillerrobots · 2011-04-18 05:09 · Score: 1
  
  Yes. But that's not our problem.
  
  --
  "It is a good thing for an uneducated man to read books of quotations..." -Winston Churchill
30. Re:We'd never do such a thing by GameboyRMH · 2011-04-18 05:12 · Score: 2
  
  Well if /home is mounted noexec that's absolutely right. They can click on DancingBunnies.sh all they want.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
31. Re:We'd never do such a thing by ThePromenader · 2011-04-18 05:23 · Score: 1
  
  Except the RIIAA/MPAA is in the pocket of big government.
  No, the RIAA and the government are trying to get into each other's pockets - that's called a 'double half-reacharound'.
  
  --
  
  No, no sig. Really.
  
  ThePromenader
32. Re:We'd never do such a thing by DNS-and-BIND · 2011-04-18 06:58 · Score: 1
  
  Funny, the death throes of capitalism have been preached since oh...about 1917 or so. To the barricades, comrades! Surely, communism won't kill 100,000,000 people in this century like it did last century. We'll get it right this time for sure!
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
33. Re:We'd never do such a thing by Anonymous Coward · 2011-04-18 07:03 · Score: 1
  
  Said it before, and I'll say it again. China has been called "the world's first truly mature fascist state" (can't remember who said it, unfortunately).
  
  By that, I assume they mean Mussolini's original vision of fascism, where the interests of the state and of business were totally entwined. That, and other undeniably fascist leanings of the Chinese government in general.
  
  (To be fair, many "traditional" communist governments also exhibited similar tendencies, though it could be argued that "true" communism has never been implemented. I'd argue that "true" communism *can't* be implemented because it rests on a stupidly idealised view of human behaviour that requires fascist-like control to make people fit, totally subverting and destroying itself in the process- but that's something different altogether. China as it stands today isn't even "communist" by the flawed traditional measure).
34. Re:We'd never do such a thing by Dogtanian · 2011-04-18 07:28 · Score: 1
  
  Yes, there is huge difference between US gov and Chinese gov.
  He didn't say that there wasn't. He said that the US government would probably take advantage of a similar opportunity, thats all.
  
  Of course, given the somewhat rudimentary level of your political insight...
  
  You are a fag.
  ...it's hardly surprising that you don't get that. :-)
  
  --
  "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
35. Re:We'd never do such a thing by AK+Marc · 2011-04-18 07:39 · Score: 2
  
  AV *is* a backdoor. So I'm sure there's nothing wrong in the Huawei Symantec AV now. But if there were a war, then the next update would be a backdoor. And the updates are automatic by default and it'd have mostly trust by then (whether explicit trust, or trust by ignorance).
  
  --
  Learn to love Alaska
36. Re:We'd never do such a thing by praxis · 2011-04-18 08:08 · Score: 1
  
  That's not the point.
  The point is that when you have an active project with a shared repository that the world has read-access to and developers that constantly work with the code and hence look at changes made as they are made, then you would have to control or buy out every developer in order to sneak in a nefarious change. The odds of malicious code existing in an open environment as such are much lower than in a propriety closed-source environment.
37. Re:We'd never do such a thing by jc42 · 2011-04-18 08:26 · Score: 1
  
  Would the Chinese or other governments take the opportunity to create back doors into western IT networks? Wouldn't they be crazy not to?
  Would the US or other Western governments take the opportunity to create back doors into Chinese IT networks? Wouldn't they be crazy not to?
  Then there's the observation that the security folks have been making from the very beginning: If you are actually serious about computer security, you don't install any software unless you have the source and you've compiled it yourself. This especially applies to the security software itself, though it applies to everything installed on every machine.
  If your organization's security team is installing software from anything other than the source code, there are only two possible explanations: 1) They're incompetent; or 2) They understand that their job is "security theater" rather than actual security, and are acting appropriately to impress management without actually providing any added security over what your computers came with.
  When there's a real security team, it doesn't matter whether any government agency has imposed backdoors on the software. The security people will analyze the code, discover the backdoors, and close them. They are highly likely to do this by sharing the source with their colleagues in the general security community, to invoke the "many eyes" process and to keep each other up to date on what that vendor is foisting on their customers. They're also likely to have tools of their own that they don't tell anyone about, which is watching the installed software to catch it at mischief.
  (And, of course, there is also the famous Ken Thompson "Reflections on Trusting Trust" paper, which introduced the fun topic of whethert your compiler can be trusted to not introduce backdoors. And there's the added question of what's hiding in the firmware. Nobody ever said that real security is easy. ;-)
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
38. Re:We'd never do such a thing by fibonacci8 · 2011-04-18 09:47 · Score: 1
  
  Only on Friday http://www.youtube.com/watch?v=CD2LRROpph0
  
  --
  Inheritance is the sincerest form of nepotism.
39. Re:We'd never do such a thing by guanxi · 2011-04-18 10:35 · Score: 1
  
  Are other governments crazy to use proprietary software from American companies, given that the US would be crazy not to use it to spy on them?
  Yes and intended to be an unavoidable conclusion. If you think it's hard for the US to secure systems, imagine if you're another gov't. What would you install? All FOSS (and after you review it all)?
40. Re:We'd never do such a thing by guanxi · 2011-04-18 10:42 · Score: 1
  
  At any rate, it's been argued that the capitalism == freedom and small state fallacy is partly why the US was happy to encourage China to become so economically powerful- they assumed that they'd become more free, democratic and like the West.
  You talk as if it's all over and written in the history books, but the story is ongoing. I see no reason why the people of China won't seize their liberty and self-determination from their authoritarian government like so many others have done. Even now, they advance it every day.
41. Re:We'd never do such a thing by guanxi · 2011-04-18 10:46 · Score: 1
  
  The US does not.
  We most certainly do. The government wouldn't be doing its job if it didn't, and we do also have done many well-documented things that weren't part of the job, unfortunately.
42. Re:We'd never do such a thing by CastrTroy · 2011-04-18 12:39 · Score: 1
  
  what if the instructions on the website tell them to open a command prompt and type
  
  sh DancingBunnings.sh
  
  Many people are stupid enough to do it if you promise they'll see something funny.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
43. Re:We'd never do such a thing by arth1 · 2011-04-18 15:27 · Score: 1
  
  Compiling is a good example.
  As for "is a little protection really worth losing", there is NO protection at all. None.
  AV programs for Linux only detect Windows viruses (and two old concept viruses and a worm that are so old that they don't even work on modern Linux systems). Nothing else. Nada.
  Some of them are even worse than nothing, in that they will classify perfectly legal and standard Linux software like netcat, cracklib and telnet(!) as malware and try to delete them.
  AV sortware for Linux can be useful on e-mail and file servers where Windows users have access, but on a Linux workstation, they're utterly pointless.
  As an AV software author, I say this with some authority.
44. Re:We'd never do such a thing by GameboyRMH · 2011-04-19 00:45 · Score: 1
  
  What will happen is the user will most likely say "durr wut is command prompt?"
  To do that they'd have to place DancingBunnies in the correct location, open a terminal, and run that command with correct capitalization. How many users would be able to do that?
  The ability to run scripts with sh/bash is a vulnerability though. Hopefully like WINE it will soon perform checks to make sure it isn't executing something that it shouldn't.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
Yet another reason by Anonymous Coward · 2011-04-18 00:13 · Score: 1, Interesting

NOT to have anything to do with Symantec. Besides the products being over-bloated and under-performing now consumers need to worry about being part of the Chinese anti-American fight?
No thank you.
1. Re:Yet another reason by betterunixthanunix · 2011-04-18 00:55 · Score: 1
  
  ...because things were different when the FBI was pressuring Symantec to deliberately whitelist FBI viruses and malware?
  
  --
  Palm trees and 8
Probably by Moderator · 2011-04-18 00:14 · Score: 2, Interesting

"Would the Chinese or other governments take the opportunity to create back doors into western IT networks? Wouldn't they be crazy not to?"
Yeah, but it's probably happening at layer 2 and 3, since a lot of American networks are being offshored to Japan who in turn hires the cheapest third country nationals (Chinese CCNA's) to administrate. Add this to the fact that there is a lot of counterfeiting of Cisco hardware anyway, and there's no reason to hide a backdoor in plain site within an AntiVirus program.

--
The World is Yours.
1. Re:Probably by w0mprat · 2011-04-18 08:53 · Score: 1
  
  But it's so easy to hide a backdoor in plain sight you might as well not called it plain sight.
  
  http://underhanded.xcott.com/
  
  It's possible to have code that looks and even functions innocently but does something nasty. You can bet this is the technique used. If discovered, it just looks like a regular vulnerability - a coding mistake.
  
  --
  After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Does Symantec even work? by Anonymous Coward · 2011-04-18 00:16 · Score: 1

I mean, we use it here but honestly...it's mostly for show and doing little things. It's the stuff on the backend and decent architecture that makes things work.
Re:I don't think Symantec would risk treason by Spad · 2011-04-18 00:17 · Score: 2

I don't think they are that stupid
You've obviously never used Symantec's products...
I don'tt have an "antivirus" by Eunuchswear · 2011-04-18 00:18 · Score: 2, Funny

Why would I need one?
If I did need such a bizzare thing how on earth could it be made to work?

--
Watch this Heartland Institute video
1. Re:I don'tt have an "antivirus" by koolfy · 2011-04-18 00:37 · Score: 1
  
  Maybe it would be like something that checks if the file you downloaded comes from a trusted platform, maybe do checksums..
  
  Something clever enough to understand the context from which the file comes from, and give it only as much privileges as it deserves/needs.
  
  Something that could understand the risk of a proprietary software, "trusted" or not, in critical parts of the system, and the benefits of an opensource one.
  Maybe even, if it's clever enough analyse its traffic and source code, but that's a lot to ask, and it may simply rely on other, more competent and independent, neutral entities to spot backdoors in the code/protocol.
  
  Something like... the user ?
  
  --
  Segmentation Fault in "Life, Universe and Everything" at line 42. Don't Panic.
2. Re:I don'tt have an "antivirus" by Anonymous Coward · 2011-04-18 00:47 · Score: 1
  
  Blaming the user for being an idiot is like blaming the sky for raining, or the earth for quaking. It's part of the natural landscape, and while no engineering solution is perfect, you can do better than point your finger and scream shrilly "it's not my fault, you should have read the manual!"
3. Re:I don'tt have an "antivirus" by Eunuchswear · 2011-04-18 01:08 · Score: 1
  
  But I obviously do need a speel chequer.
  
  --
  Watch this Heartland Institute video
4. Re:I don'tt have an "antivirus" by datapharmer · 2011-04-18 02:41 · Score: 1
  
  or IDPS
  
  --
  Get a web developer
5. Re:I don'tt have an "antivirus" by smithmc · 2011-04-19 05:07 · Score: 1
  
  Between December 1974 and her death in March 1982, Ayn Rand collected a total of $11,002 in Social Security payments.
  And why shouldn't she? She paid into the system (and probably quite a bit more than $11K); wasn't she entitled to get it back?
  
  --
  Downmodding is the refuge of the weak. Don't downmod, make a better argument!
ClamAV, Open Source Antivirus by Compaqt · 2011-04-18 00:19 · Score: 2, Insightful

OK, the usual caveats apply about logic bombs hidden in open source, but still, at least when the source is open you have a fighting chance at discerning a backdoor.
http://www.clamav.net/lang/en/
There's a Windows version, too (Immunet):
http://www.clamav.net/lang/en/about/win32/

--
I'm not a lawyer, but I play one on the Internet. Blog
1. Re:ClamAV, Open Source Antivirus by rbrausse · 2011-04-18 00:39 · Score: 4, Informative
  
  But ClamAV is one of the worst engines out there. If one need's an antivirus tool (it would be a fair point to call all of them snake oil) use a package with a higher detection rate.
2. Re:ClamAV, Open Source Antivirus by hitmark · 2011-04-18 00:49 · Score: 1
  
  What about false positives? Or having the audacity to report a simple ad cookie multiple times to inflate the detection hit counter?
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
3. Re:ClamAV, Open Source Antivirus by JasterBobaMereel · 2011-04-18 00:51 · Score: 1
  
  Anti-Virus
  - Spots only known viruses ... meaning that new viruses, i.e the ones you are most likley to see, get through
  - Spots known virus like activity.... meaning will cause false alarms, whilst letting viruses using new expoits through
  It's much better to make it difficult or impossible for people to run random software sent to them ... rather than make this commonplace
  Logic bombs in Open-Source - are very hard to do (and not be easily seen), and could just as easily be in closed source ...
  
  --
  Puteulanus fenestra mortis
4. Re:ClamAV, Open Source Antivirus by rbrausse · 2011-04-18 01:08 · Score: 1
  
  What about false positives?
  do you remember 9/1?
5. Re:ClamAV, Open Source Antivirus by hitmark · 2011-04-18 01:28 · Score: 1
  
  Heh, i was mostly aiming it at the "higher detection rate" AV packages where the detection rate ends up being inflated by false positives and over-reporting "threats" that are more annoyances that have gotten news media coverage...
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
6. Re:ClamAV, Open Source Antivirus by Compaqt · 2011-04-18 01:28 · Score: 1
  
  Well, I'm not necessarily claiming it's the best. But it does allow you to inspect the code to look for a backdoor.
  Some might find this handy:
  59 Open Source Tools That Can Replace Popular Security Software
  
  --
  I'm not a lawyer, but I play one on the Internet. Blog
7. Re:ClamAV, Open Source Antivirus by npsimons · 2011-04-18 03:03 · Score: 1
  
  But ClamAV is one of the worst engines out there.
  I see this claim all the time, and I always have to wonder: what evidence is there for this claim?
  
  If one need's an antivirus tool (it would be a fair point to call all of them snake oil) use a package with a higher detection rate.
  Really? Please name a few, or even just one, that a) are open source, b) don't consume resources like the machine is some dedicated virus scanning box and c) can easily be integrated to any mail server (at a minimum they have to not require a GUI and run on Linux/BSD).
  
  --
  Nathan's blog
8. Re:ClamAV, Open Source Antivirus by npsimons · 2011-04-18 03:46 · Score: 1
  
  I'll give you the best form of evidence - anecdotal :). I used to work in the virus research lab of a major anti-virus firm. All virus samples received by us were scanned by a large range of products automatically to aid research. We kept Clam in because it didn't use much in the way of resources, but it was next to useless for detecting stuff compared to the big boys.
  I've always wondered why this is. Why don't more people submit viruses when they find them, even if with other tools? Even if you argue that people aren't paid to, I'm sure *some* sysadmins somewhere would like to not have to deal with a virus again, and therefore would submit it for inclusion in the clam database.
  One thing that does bother me, though, is that ClamWin only offers the choices to delete or quarantine a virus, not remove it from a file.
  
  --
  Nathan's blog
9. Re:ClamAV, Open Source Antivirus by rbrausse · 2011-04-18 04:25 · Score: 1
  
  But ClamAV is one of the worst engines out there.
  I see this claim all the time, and I always have to wonder: what evidence is there for this claim?
  okay, according to Shadowserver somewhere in the middle
  
  If one need's an antivirus tool (it would be a fair point to call all of them snake oil) use a package with a higher detection rate.
  Really? Please name a few, or even just one, that a) are open source, b) don't consume resources like the machine is some dedicated virus scanning box and c) can easily be integrated to any mail server (at a minimum they have to not require a GUI and run on Linux/BSD).
  a) only clam, I wasn't aware that open source is a prerequisite for using software
  b)/c) I used trendmicro on mail gateways, usable without X11 and with a quite small resource foot print
10. Re:ClamAV, Open Source Antivirus by npsimons · 2011-04-18 05:49 · Score: 1
  
  a) only clam, I wasn't aware that open source is a prerequisite for using software
  Okay, maybe not required, but I have a very strong preference for software I can check for back doors.
  
  b)/c) I used trendmicro on mail gateways, usable without X11 and with a quite small resource foot print
  I was honestly curious about what people recommend for AV, as it's something I'm not really familiar with. I'll have to look into trendmicro, thanks!
  
  --
  Nathan's blog
11. Re:ClamAV, Open Source Antivirus by rbrausse · 2011-04-18 06:18 · Score: 1
  
  as a side note: I used this product as of company policies. If you're free to choose other vendors take a look at F-Secure and Kaspersky, too. I never had them running in real-world environments but both are nice (CAVE: I installed them only on test systems) and widely used.
GE and Westinghouse Broadcasting by retroworks · 2011-04-18 00:20 · Score: 1

And we thought we had the edge, with our own military industrial complex producing TV sitcoms.

--
Gently reply
a little paranoid? by Simulant · 2011-04-18 00:20 · Score: 1

Seems like there are already plenty of reasons to avoid Symantec. Just sayin'....
Instead of back doors... by geobeck · 2011-04-18 00:22 · Score: 4, Funny

Why not just make Symantec products such bloated resource hogs they slow down western computers, reducing US productivity as workers wait for their cursor to follow every mouse movement?
Um... How long has Symantec had ties to China?

--
Find environmentally and socially responsible products on http://buy-right.net
My First reaction is... by Fallen+Andy · 2011-04-18 00:26 · Score: 4, Insightful

Holy Fuck ....
I don't often say that, being a polite englishman, but - so many of the USB telecoms dongles using UMTS/HSPA are *made* by Huawei (here in Greece from last night, the WIND dongle i was using ...)
But after a moments thought, how would i be reassured if it was U.S. manufactured? or indeed anywhere else?
Chill out dudes - most of what you see is manufactured by 4-5 manufacturers with names like FoxConn, Compal etc...
...and conspiracy theories aside, I personally see the Chinese as being 21st century versions of what happened in my own country in the 19th...
Mind the alligators and have a nice day
Andy
1. Re:My First reaction is... by JasterBobaMereel · 2011-04-18 00:52 · Score: 4, Insightful
  
  Made in China - checked by the NSA, found to be clean
  Made in the USA - checked by the NSA, backdoor working correctly ...
  
  --
  Puteulanus fenestra mortis
2. Re:My First reaction is... by dbIII · 2011-04-18 01:35 · Score: 2
  
  Also guys remember that the aeroplane you flew in some time ago was made by a company with very close ties to the US military. In other words "close ties to military" really means buggerall in some cases and this looks like one of them.
Witch-hunt by DNS-and-BIND · 2011-04-18 00:27 · Score: 4, Insightful

I am shocked to see such jingoism on Slashdot. Just look at the summary, it drips with a false "us/them" mentality. On one side, the side of goodness and light, "the West" (whatever that means) and on the other side, "the Other", which takes the form of the main villain of the 21st century, those scary Chinese. It is simply assumed that "the Chinese" will sabotage any network they come in contact with...because...well, because uh...why, exactly? It's just the Western mindset of "everyone is always out to get us" that requires the creation of these scarecrows. Much like the McCarthy witch-hunt, this is going in search of a scary monster that doesn't exist. There was no WMD in Iraq, there were no communists in the State Department, and the Chinese are not out to get us. The parallels between these situations are eerily similar.

--
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
1. Re:Witch-hunt by erroneus · 2011-04-18 00:45 · Score: 1
  
  Yes. The USA no longer wears a white hat and as it turns it, never really did. But the Chinese are slightly more evil. They have an established reputation for luring companies (like Symantec) into business deals and then after getting what they wanted, cut ties and go out on their own. This has happened more times than can be counted starting with seizures of manufacturing facilities of companies that were previously invited into China to set up shop there and moving on to various technologies most notably high speed rail. Soon we will see a competing Chinese airliner based in no small part on technologies it will steal from Boeing.
  And the fact that nearly everything is being made in China anyway, it should be of little surprise to see "knock-offs" of the same quality and design of the popular brands of everything... it happens a LOT already.
2. Re:Witch-hunt by ti1ion · 2011-04-18 01:11 · Score: 4, Insightful
  
  So, why exactly is the parent comment moderated as a "troll?" It only points out the obvious! Oh, wait, it's the mock sarcasm, that must be it. Although, perhaps the author genuinely felt that this "sophisticated" tech audience, that delights in ripping apart knee-jerk statements/policies on other topics, would so easily join the herd on this ridiculous topic.
  Upon reading the summary, my first thought was writing "Oh no! The Chinese! The Chinese! Protect your wives and daughters against the Chinese!" What a bunch of nonsense.
  American corporations have been making and selling computer software for decades -- how many here are worried about government bugs in that software? Should the Chinese buy US made software? How about the Russians, or anyone else? How is it that Windows has 90% percent market share all over the world and governments are not screaming to have it removed? Talk about an opportunity to install secret access! And, if we assume the US government *has* been installing secret bits into US made software, what makes the US (from a foreigner's perspective) any better than China?
  And the most amusing thing about this is that it was the US that pushed, and pushed hard, to open China to US trade. When Nixon made his trip to China, it was historic. So, after opening Pandora's Box, the US desperately wants to close it. Got it. Nothing shows decline like trading confidence for fear.
  That's right, the Chinese are coming to get you. And you know what, you are so stupid (look at your education system!) that you wouldn't even be able to figure it out! That's what this story indicates to me. Forget actually having the knowledge and integrity to prove something, we'll just go on accusations. After all, everyone knows Linux is made by/for Communists and is anti-American. It's also full of security holes and opens the user up to all sorts of expensive lawsuits because those Linux Commies stole code from the good, America loving, closed-source corporations that only have the end user's best interests in mind when creating exceptional software.
3. Re:Witch-hunt by TheRaven64 · 2011-04-18 01:12 · Score: 4, Insightful
  
  It is simply assumed that "the Chinese" will sabotage any network they come in contact with...because...well, because uh...why, exactly? It's just the Western mindset of "everyone is always out to get us" that requires the creation of these scarecrows.
  Because we've learned from history? It used to be that people flying to France on business were advised not to discuss anything commercially sensitive on their flights - Air France had a habit of allowing bugging of the business class seats and commercial information was passed on to other French companies. We almost certainly did the same thing on British Airways flights, although we seemed to be better at not getting caught.
  Inserting back doors into networks is just the next step in this same approach. We assume that they're doing it, because we've been doing it for the last few decades and it would be surprising if any country that had the capability to do so didn't.
  
  --
  I am TheRaven on Soylent News
4. Re:Witch-hunt by Dr_Barnowl · 2011-04-18 01:43 · Score: 1
  
  They have an established reputation for luring companies into business deals and then after getting what they wanted, cut ties and go out on their own.
  Like Microsoft? Seriously, the above could refer to any cut-throat capitalist enterprise.
  What people are really ticked off about is that the Chinese have learned all our dirty tricks, which just doesn't seem fair to, after we generously sent them all our manufacturing capacity n'all.
5. Re:Witch-hunt by Inda · 2011-04-18 01:46 · Score: 1
  
  "The West" from where I'm sitting means: USA.
  
  There is not a hatered of the Chinese in the UK. Most of us have enjoyed their cheap shit over the past ten years and their food is lovely.
  
  The USA needs an enemy to feel important. When they work out that they are the enemy, the world will be a better place.
  
  --
  This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
6. Re:Witch-hunt by KnownIssues · 2011-04-18 01:49 · Score: 3, Interesting
  
  Cold War II. Now that we can't rely on the Soviet Union to instill fear and hate and competition in us, we've had to find the next imaginary (or at least, self-created) threat. If the Chinese are a "threat" to anything it's our imagined political and economic importance in the world. In that sense, the threat might be real. Rather than convince ourselves that we will maintain our position by virtue of being more ethically pure than them, perhaps we should focus on improving our own economic and political position.
7. Re:Witch-hunt by Anonymous Coward · 2011-04-18 02:03 · Score: 1
  
  I am so frustrated with people who don't realize it's us vs them. BECAUSE IT IS. They want our jobs, our way of life, etc, and they'll do everything they can to get there. And they DON"T CARE if it takes the way we currently live away from us. I don't begrudge them that desire. What I begrudge is us HELPING THEM! Why are we helping a direct competitor? WHY!? I hear all the time that I have to look out for other people, look out for someone else. I want to look after Americans first. If it's good for us, then we can do it, and if it helps other people so much the better.
8. Re:Witch-hunt by erroneus · 2011-04-18 02:15 · Score: 1
  
  They should have patented the dirty tricks.
9. Re:Witch-hunt by Anonymous Coward · 2011-04-18 03:09 · Score: 2, Informative
  
  Hate to say it, but you'll need to check some facts.
  China is an autocratic state- as a result they have hands in the corporate boardroom of any business that operates there- which results in a scenario where the possibility of "sabotaged" gear not only possible, but likely. False Us vs Them mentality?? I can point to a scary number of hacks against American and South Korean interests which have been traced roughly to China and North Korea. Hell, China has an entire military division that devotes itself to web-warfare- just check out the most recent Janes edition....
  So- hate to burst your bubble- but they are infact out to get us. They just deny it with a smile.
10. Re:Witch-hunt by nmosfet · 2011-04-18 07:10 · Score: 1
  
  They want our jobs, our way of life, etc, and they'll do everything they can to get there. And they DON"T CARE if it takes the way we currently live away from us.
  
  Let me get this straight, you think that you are entitled to the "western lifestyle" and that no one is allowed to take that away from you even if they worked to get it? Are you racist by any chance or just psychotic?
  Also, everyone else in the world wants the "western lifestyle" (which isn't even a strictly limited resource; there are reource limitations that come into play in very limited aspects but it is generally worked around by, and even promotes innovation, like right now what is going on with electric cars and alternative energy; improvements in quality of living over there will also allow more minds to work on the problems in society, but i digress). That is why people immigrate here. Do you hate all non americans?
  
  Why are we helping a direct competitor?
  I take it you don't understand economics. US does hundreds of billions of dollars of trade with China both ways. They sell stuff to us, we sell stuff to them. By buying stuff from them, we not only get inexpensively produced items, we increase the buying power there, allowing them to buy more of our products (esp high end products like Apple), and hence increases revenues of US corporations and jobs over here. Similarily, the Chinese also want us to have jobs and more spending power as it increases the amount of stuff we would buy from them. Trade increases the standards of living for both parties involved.
11. Re:Witch-hunt by nmosfet · 2011-04-18 07:22 · Score: 1
  
  they tried but we had prior art
12. Re:Witch-hunt by AK+Marc · 2011-04-18 07:49 · Score: 1
  
  The US needs a villain. Politics only works when we have someone to agree to fight. Whether the Irish, the Jews (wait, that was another country), the Japanese, the Mexicans, the Blacks, the Russians, the Muslims, the Chinese, etc. We have to hate someone. You can't get votes from happy people. You only get votes from scared or angry people (better both). So everyone with power in the US requires we hate someone to keep their power.
  
  So it isn't racism or such, as much as rabid insane nationalism pushed by everyone with any power in the US. Nationalism is the worst quality in the US right now. It blinds us to the solutions others already employ. It pushes us to irrational fear and hatred. And it keeps us placated for those in power to continue to hold their power.
  
  --
  Learn to love Alaska
13. Re:Witch-hunt by AK+Marc · 2011-04-18 08:00 · Score: 1
  
  I like the western lifestyle. That's why I left the US. Let's see how western the lifestyle is in the US in 15 years when 50% of the budget and rising is debt service.
  
  --
  Learn to love Alaska
14. Re:Witch-hunt by guanxi · 2011-04-18 11:29 · Score: 1
  
  As the author of the post, I'm glad someone raised this point, but either you didn't read the last sentence or it didn't have the effect (on you) that I intended.
  I'm aware of some anti-Chinese sentiment in the US (and from what I understand, it goes both ways), to which I'm strongly opposed -- it's not only ignorant, it's illiberal and unfair to the people of China, who deserve just as much as anyone else, and it leads to dangerous political decisions. It's also true that the Chinese government and possibly others in China have a pretty well-documented reputation for aggressive IT espionage, and several diverse, credible sources connect Huawei to the PLA.
  I hoped people would first be seized by the implications of Symantec's (indirect) relationship with the Chinese gov't, which are real and serious (but read on before you object). Perhaps I even meant to provoke a little. But I hoped that the last sentence would make people reconsider and that the more jingoistic their response, the more of a non-sequitur it would seem and the bigger its impact:
  Wouldn't they be crazy not to? That's not a question of good or evil, but of smarts and pragmatism. And you can't avoid the thought that if it's smart and pragmatic for the Chinese gov't, it's the same for others. And we know well that other gov'ts indeed do similar things, so are the Chinese wrong? It's pragmatism, not evil. I also hoped it would raise the question of just how widespread these threats are; how can anyone secure anything without completely DIY IT (which is impossibly expensive)?
  I think both issues are central questions of the day.
Re:Chi.comz fav back-door by ThunderBird89 · 2011-04-18 00:27 · Score: 1

[...] unkil Wong has a pheasant for you ....
How did you prepare it? I like mine with cranberry sauce and mashed potatoes.

--
Hyperbole: I use it liberally!
I can still access the tiananmen square wiki page by Drakkenmensch · 2011-04-18 00:27 · Score: 2, Funny

So I'm gonna guess mine isn't.
Prejudice by RyanFenton · 2011-04-18 00:30 · Score: 2, Interesting

Presumed dishonorability = prejudice.
In know we tend to always paint our current perceived rivals as THE MOST EVIL THING EVAR, but China is pretty much the same thing as most groups of people - some corrupt, some fairly virtuous and kind to their fellow human beings, and a whole lot of mix in between.
China has had a lot of revolutions and shifts - and as their demographics continue to change, they're in the middle of several now, and they'll have more. Pretending that they're just bogey-men isn't going to help anything, or improve those shifts in anyone's favor.
Judgements with reason and evidence can be fair... but conjecture and prejudice aren't helpful.
Ryan Fenton
1. Re:Prejudice by HungryHobo · 2011-04-18 00:58 · Score: 1
  
  I'd be very surprised if there aren't back doors into US made systems, hell wasn't there a crypto scheme a while back which was being pushed by the US government where it turned out that due to a relationship between 2 numbers in the spec there could be a master key which could only be known by whoever wrote them into the spec.
  I view it as stabilising, nothing like lots of trade and owing each other money to keep everyone smiling and not shooting, shooting your debtors is bad for business.
  Both sides having back doors into the others secrets just makes sure they're not worried the other is planning to attack them.
  It does surprise me how racist and protectionist many slashdot posters are. They're terrified of losing their job to someone abroad who's more competent so they've convinced themselves that the Chinese are incompetent and that it's (somehow)morally wrong for anyone but pure blooded Americans to get good jobs.
2. Re:Prejudice by bedwards · 2011-04-18 00:58 · Score: 1
  
  Presumed dishonorability = worst case scenario? The article is in a way right, but singling out the Chinese is prejudice. The article could just as easily end with;
  Wouldn't the Indian software developer be crazy not to put in a back door?
  Wouldn't the low - paid US code monkey be crazy not to give details of his work if paid enough?
  A good security regime assumes everyone possesses limitless dishonesty and incompetence without prejudice. To give a pretty minimal chance of data theft a security regime has to prevent data from ever leaving the site. That means packet monitoring firewalls that disallow anything that is not plain-text HTML into the cloud, no tele-commuting, no printers, operating systems loaded onto ROMs that do not allow code execution full stop, and modified PCs fitted with case alarms, no drives, and the USB connectors removed from the motherboards. That would do for a start
3. Re:Prejudice by Stradivarius · 2011-04-18 03:45 · Score: 2
  
  Presumed dishonorability = prejudice.
  The worry about Chinese espionage is not prejudice.
  First, nobody's presuming dishonorability. They're presuming that nation-states will do what they have always done, whether from the West or East, which is espionage. There's a long history, even among supposed Western allies like the French and the US, or the US and Israel, of spying on each other. The spying isn't always for strictly "national security" concerns either, it has also included economic espionage performed to advantage companies from the spying country.
  Second, if you consider espionage dishonorable; given that every nation does it, that would make all nations "dishonorable", in which case worrying about it isn't prejudice against any particular player, it's just reality.
  Re: the Chinese in particular... if countries where industry is privately-owned do economic espionage, do we really expect that a country where the major industries are state-owned would not? Especially given the enormous advantage it would provide over having to invent technologies the hard way? Do we think the Chinese would worry less about their national security concerns than we do about ours? Would not backdoors in foreign equipment be a potent countermeasure in the event of military conflict?
  Do the Chinese get a disproportionate share of media attention for espionage? Probably - it's not like the other world powers have stopped doing these sorts of things. Media attention tends to go in fads, and the incredible rate of economic growth the Chinese have had in recent years has brought a lot of attention. But it doesn't mean the threat isn't real.
4. Re:Prejudice by AK+Marc · 2011-04-18 08:04 · Score: 1
  
  They're terrified of losing their job to someone abroad who's more competent
  Competency isn't in question. I'm sure that in billions of Chinese, there's someone more competent than me. The issue is whether they are cheaper. And yes, for what I do, I'm sure they are cheaper, but there's value lost in having to have them telecommute. So where's the overall value land? Right now, I'm a better value. But that may change. Even if they were less competent, at some point they could be cheap enough that they'd be preferable to me. It's not a unreasonable fear. It's real and justified. And it happens every day.
  
  --
  Learn to love Alaska
5. Re:Prejudice by HungryHobo · 2011-04-18 21:54 · Score: 1
  
  It's not the fear of being outsourced that's unfair, it's all the things that often leads to.
  people are afraid so they tell themselves things like "all work from that country is crap" or "just about all of them are incompetent" or even "it's morally wrong to give my job to someone overseas" to try to make themselves feel safer.
  but they come to believe it.
  the initial worry is perfectly justified so skill up and get yourself some good blackmail material but the things people make themselves believe as a result often aren't justified.
  There's pretty much the same spread of ability in Chinese workers: I spent a fair portion of my undergrad neck and neck with one of a group of Chinese students doing the course for the top of the class, (he won in the later years) but there was pretty much the exact same spread amongst the other Chinese students as amongst the rest of the class: some more interested in partying, some who did well, some who did not so well.
It's only logical by Anonymous Coward · 2011-04-18 00:34 · Score: 1

Who would you trust to make a better antivirus, if not the people who make the viruses themselves?
Does your chewing gum... by bmo · 2011-04-18 00:34 · Score: 1

lose its flavor on the bedpost overnight?
Seriously. Infowars.com levels of paranoia is the best they can come up with to avoid Symantec products?
On rumors even.
Symantec should be avoided because their software suites have been turning the fastest machines into boat anchors and doorstops for 20 years.
If you're worried about the Chinese, how worried are/were you about _nsakey/key2?
--
BMO
dont worry by pinkishpunk · 2011-04-18 00:40 · Score: 2

symantec antivirus products dont spare enough cpu cycles for the backdoor to do any real work, so you should be perfectly safe, its a good as locked up.
they can, so they will by kubitus · 2011-04-18 00:46 · Score: 1

Echelon proofed to be too costly and difficult.
So place Trojan Boot Loaders into networking equipment and activate them via serial No through a Google ( or similar ) search engine answer to load some specific trojan coming along with the search engines answer.
secret services ? if can do it, they will do it!.
Not the biggest risk by HangingChad · 2011-04-18 00:49 · Score: 1

Would the Chinese or other governments take the opportunity to create back doors into western IT networks?
Let's face it, if a government is trying to spy on pc's around the world, they can do it without the need for someone to purchase a specific software product. The interesting question is if they even need to bother? Big corporations send your personal information and other sensitive data all over the planet. Server farms in India, Pakistan, Singapore and other low rent parts of the globe have your credit card records, medical records, anything they could want is just sitting right there. Wells Fargo might not backup your transaction records in Singapore, but what about the outsource provider they hire? There's no downside for them picking the low bidder, no encryption standards, no auditing.
Another big risk area is the potential for back doors in hardware components. Circuit boards, chips, things that might go into satellites, drone aircraft, or other military hardware. Supposedly the US makes those components locally, but what about all the defense contractors? None of them ever tempted to cut corners and buy components from overseas suppliers? Don't count on it. A hardware back door in mass produced PC's would be a much better spy tool than a software solution.
Our whimsical attitude toward data security is an IT Pearl Harbor just waiting for the sneak attack.

--
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Uh no, my AV is NOT made by China, by halfdan+the+black · 2011-04-18 00:49 · Score: 1

Because I don't have an anti-virus, I don't use MS Windows.
How long by __aaxtnf2500 · 2011-04-18 01:25 · Score: 1

How long does the PRC have to engage in massive coordinated intrusions into western military, defense contractor, and commercial computer systems until people get it through their head that this is no conspiracy theory and it the only reason the west puts up with it is the economic barrel the chinese have us over.
If a country has invested multiple billions of dollars into the development of weapons capable of killing most of the population of the united states, I will not install black-box security software developed in that nation.
Re:China is so bad... by idamaybrown · 2011-04-18 01:31 · Score: 1

Tibet & Taiwan may have a different opinion
Outsourcing is an inherent security problem... by gestalt_n_pepper · 2011-04-18 01:56 · Score: 2

...and always has been. You get software coded in India, who then themselves outsource to Pakistan, Vietnam, etc. and they put in backdoors. You get chips made in China and they put in backdoors or transmitter capability. You give financial information to India or the Phillipines and they can hold it hostage for either money or political concessions. Only a damn fool, a politician, or an executive focused on this quarter's bonus is dim enough to think otherwise.

--
Please do not read this sig. Thank you.
Japan? by khasim · 2011-04-18 02:27 · Score: 4, Insightful

Yeah, but it's probably happening at layer 2 and 3, since a lot of American networks are being offshored to Japan who in turn hires the cheapest third country nationals (Chinese CCNA's) to administrate.
Japan? Why Japan? Most companies I now (including the one I work at) have gone straight to China. And the network is via China's telco. And the guys running the systems are Chinese.
This isn't "back door". This is inviting them in the front door and giving them the keys to house so they can look after it for you.
Only one thing to do... by GameboyRMH · 2011-04-18 05:16 · Score: 1

Tag article "yellowperil" and close tab.

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
Yes, we did. by MrEricSir · 2011-04-18 05:25 · Score: 1

Yes, the US government did install a backdoor. It's not an AV though; it's called Windows.

--
There's no -1 for "I don't get it."
The correct response by graulund · 2011-04-18 06:01 · Score: 1

"The correct response is to say that there are indicators we cannot safely ignore that poor cybersecurity and weak responses to economic espionage have created an opportunity for significant intelligence breaches that we would be well advised to remedy." From: http://csis.org/publication/does-chinas-new-j-20-stealth-fighter-have-american-technology
Questions by conscarcdr · 2011-04-18 09:33 · Score: 1

I don't see any.
Very misleading indeed by grainofsand · 2011-04-18 12:36 · Score: 1

The /. headline screams "Is Your Antivirus Made By the Chinese Government?"
By the first paragraph that is watered down to an "IT company with close ties to the Chinese military".
The linked BBC article says nothing about Huawei being government owned, controlled or even related. The only tie the BBC mentions is that Huawei was founded (over 20 years ago) by an "ex-Chinese army officer".
I am not an apologist for the Chinese government nor am I necessarily in favour of Huawei being able to make investments outside of China but deliberately misleading reporting of reporting does not help anyone's understanding of the issues here.
The BBC got it right; /. didn't.

--
A dream is good. A plan is better.
You have to be an idiot to trust a Chinese company by WindBourne · 2011-04-18 17:19 · Score: 1

The CHinese gov. is in a cold war with the west. They show this daily with their manipulation of the yuan, their subsidization, their dumping, etc. More importantly, there is little doubt that the crackers in China are working for their gov. This is all the while they have the largest military build up in history.
Hell, even google has been cracked by insider spies.

It is time for American gov. and ideally, western gov. to pull back all of their hardware and require that they be manufactured in friendly nations.

--
I prefer the "u" in honour as it seems to be missing these days.
Re:What's that? by Builder · 2011-04-18 20:14 · Score: 1

Do you use Flash? Or Adobe Reader for PDFs ?
Get up to speed with your performance stats by Datomes · 2011-04-19 02:42 · Score: 1

Really, still using those outdated "Symantec is slow" crap. Get up to speed. Symantec has been kicking ass performance wise for a little while now. This isn't 2004. http://www.enpointe.com/images/assets/pdf/SEP2011-performance-testing-Enterprise-ed5%5B1%5D.pdf
Re:I don't think Symantec would risk treason by geekmux · 2011-04-19 03:25 · Score: 1

Nice. You completely missed my point. From what I've seen out of our Government over the last couple of decades, a lot of elected officials (up to and including the President) have pulled bullshit that would have not only gotten the average man fired, but probably also facing criminal charges and jail time, and yet they get away with it and continue to act in this manner of sheer arrogance. Why you ask? It's simple. Threats don't mean shit unless someone has the balls to ACT upon them.
The entire point here is don't sit here and throw around words like "treason" unless someone out there is prepared to ACT upon it. From what I've seen, "treason" and "impeachment" are probably two words that should be removed from the dictionary, because they sure as shit don't mean anything in our legal system anymore, especially for those who are "too big to fail".