Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Your Antivirus Made By the Chinese Government?

Posted by samzenpus on from the great-security-wall dept.

guanxi writes "Huawei, a large Chinese telecom and IT company with close ties to the Chinese military has faced obstacles doing business in other countries, because governments are concerned about giving them access to critical infrastructure. Huawei Symantec is a joint venture with one of the world's largest IT security companies which sells security products in the US. Would the Chinese or other governments take the opportunity to create back doors into western IT networks? Wouldn't they be crazy not to?"

36 of 196 comments (clear)

  1. We'd never do such a thing by tomalpha · · Score: 5, Insightful

    Would the Chinese or other governments take the opportunity to create back doors into western IT networks? Wouldn't they be crazy not to?

    Would the US or other Western governments take the opportunity to create back doors into Chinese IT networks? Wouldn't they be crazy not to?

    1. Re:We'd never do such a thing by qpqp · · Score: 4, Interesting

      Would people continue to be stupid enough to install Symantec software to allow them to?

    2. Re:We'd never do such a thing by jimicus · · Score: 5, Insightful

      Certainly used to be the case that Symantec Enterprise AV wasn't too bad. Small footprint, didn't hog system resources, didn't clutter up the desktop with pointless "I'm still here! Aren't I wonderful!" alerts.

      Too much, in fact. As a sysadmin I regularly had people ask me to install AV or (in one or two cases) go out and install a third-party AV product, thinking I'd shipped them a PC with no AV.

    3. Re:We'd never do such a thing by ThePromenader · · Score: 3, Funny

      Well, if everyone's going to be getting into everyone else's back door, the best we can hope for is an all-round reacharound.

      --

      No, no sig. Really.

      ThePromenader
    4. Re:We'd never do such a thing by somersault · · Score: 2

      Someone should tell the RIAA/MPAA about the illegal filesharing these governments are taking part in. Will be fun to watch the ensuing apocalypse.

      --
      which is totally what she said
    5. Re:We'd never do such a thing by pmontra · · Score: 3, Insightful

      Who needs the backdoors supposedly made by Symantec when they already installed the ones supposedly made by Microsoft? Or a BIOS or hardware itself?

    6. Re:We'd never do such a thing by SniperJoe · · Score: 3, Funny

      Oh come on, that's easy: http://en.wikipedia.org/wiki/United_States_Congress

    7. Re:We'd never do such a thing by zoom-ping · · Score: 2

      Oh yeah? What about all the 1.1 trillion US dollars in bonds that the Chinese have bought?

    8. Re:We'd never do such a thing by no+known+priors · · Score: 4, Insightful

      China is in no way communist. It's as capitalist as they come. They only thing "communist" about them is the name of the party in power. What's the similarity between the economic and political systems of the former USSR (along its 70 odd year life), Cuba (over the last 50 odd years), Vietnam since 1975, PRC since '49, North Korea since the '50s, and Romania, East Germany, and other Eastern European "Warsaw Bloc" countries when they were "communist"?

      Oh wait, fuck all. Apart from, most of the time, the party in power having the word "communist" in its name.

      Sure, there are many companies that are owned by the government in China. There are also a lot more that aren't. That's part of the reason you hear all these cases of people dying from contaminated milk products and the like. Capitalists making a killing. Saving money at any cost.

      Wikipedia (not a great source for most political ideas) says:

      The only communist state which still traditionally follows Marxist-Leninist doctrine and maintains a largely planned economy is Cuba, which describes itself as "a socialist state guided by ideas of Marx, Engels and Lenin and in transition to a communist society".

      --
      Appended to the end of comments you post. The maximum is 120 characters.
    9. Re:We'd never do such a thing by Anonymous Coward · · Score: 3, Informative

      Except that, well, the government has COMPLETE and total control over every industry. The fact that they let SOME companies operate without direct everyday oversight in no way changes the fact that the government can, at any time, tell them to do something and they will do it. So, schmucky mcmoron, try not to convince people that the Chinese Government does not have control over these companies, when, in fact, they have complete control.

    10. Re:We'd never do such a thing by dkleinsc · · Score: 2

      That's part of the reason you hear all these cases of people dying from contaminated milk products and the like. Capitalists making a killing. Saving money at any cost.

      Another way of thinking about this is that the modern-day Chinese capitalists are doing exactly what every other country's capitalists did regularly during their countries early industrial period. The British capitalist's abuses along the same lines (e.g. adulterated bread) was part of Karl Marx's evidence that pure capitalism necessarily led to suboptimal outcomes. The American capitalist's abuses along the same lines (e.g. sick cattle getting sold as premium beef) was vividly described by Upton Sinclair. The list goes on.

      --
      I am officially gone from /. Long live http://www.soylentnews.com/
    11. Re:We'd never do such a thing by Moryath · · Score: 5, Insightful

      Antivirus programs are an important part of any sytem to protect you against virus infection. They work well against almost every virus.*

      *-more than a week old
      *-that hasn't already infected the system
      *-that doesn't exploit something in the system running lower level than the AV program
      *-that doesn't exploit some hole in the code of the AV program itself
      *-that doesn't successfully evade detection just-long-enough to shut down the AV program from behind
      *-that doesn't successfully exploit people via social engineering and scareware tactics

    12. Re:We'd never do such a thing by ron_ivi · · Score: 2

      Occasionally we document it when we do, like the NSA back door in Lotus Notes: http://www.heise.de/tp/artikel/2/2898/1.html

      OTOH, sometimes we don't; like when we blew up the Soviet pipeline with software trojans: http://www.damninteresting.com/the-farewell-dossier

      But regarding Windows and this anti-virus software? C'mon - you can pretty much bet that every country in which Microsoft has software developers already has their own back doors (disguised as accidental security bugs). How else can you explain that OS having so many more QA resources than comparable scale OS's (linux, bsds, unixes, etc) but having so much worse a security reputation.

    13. Re:We'd never do such a thing by DNS-and-BIND · · Score: 3, Informative

      Bzzt wrong. China is still capital-C Communist. They just released their new Five-Year Plan, for Pete's sake. The difference is that after Mao died, Deng Xiaoping hijacked the people's revolution onto the capitalist road. For those of you who didn't go to university and hence weren't exposed to Marxism, "capitalist roaders" are a heresy of Communism. They still want to achieve socialism, but by the wrong methods. According to Mao, the Soviet Union suffered this fate after Stalin died.

      The Chinese government still directly controls huge swathes of the Chinese economy. Companies are owned by the state and operate for its benefit. Americans having trouble with this unfamiliar idea could perhaps think of Amtrak, or the conversion of General Motors into an arm of the federal government a few years ago. The baby milk scandals are due to a lack of enforcement mechanisms. In so many words, there are few laws and fewer inspectors. Moreover, Chinese culture places no value on people you don't know - they might as well not exist, so who cares if you poison them or not? This is how you get crowds of people standing around gawking at accident victims instead of rendering aid (first one to help has to pay the victim's hospital bills).

      Unfortunately, there are those out there to whom socialism is an unassailable holy concept, and when a communist country takes the capitalist road, an attempt is made to classify the whole shebang as EEEVIL in order to make capitalism look bad. It's like old Soviet documentaries about the United States that focused on the poor and homeless, in order reinforce the conclusion that was preordained anyway.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    14. Re:We'd never do such a thing by GameboyRMH · · Score: 2

      Well if /home is mounted noexec that's absolutely right. They can click on DancingBunnies.sh all they want.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    15. Re:We'd never do such a thing by AK+Marc · · Score: 2

      AV *is* a backdoor. So I'm sure there's nothing wrong in the Huawei Symantec AV now. But if there were a war, then the next update would be a backdoor. And the updates are automatic by default and it'd have mostly trust by then (whether explicit trust, or trust by ignorance).

      --
      Learn to love Alaska
  2. Probably by Moderator · · Score: 2, Interesting

    "Would the Chinese or other governments take the opportunity to create back doors into western IT networks? Wouldn't they be crazy not to?"

    Yeah, but it's probably happening at layer 2 and 3, since a lot of American networks are being offshored to Japan who in turn hires the cheapest third country nationals (Chinese CCNA's) to administrate. Add this to the fact that there is a lot of counterfeiting of Cisco hardware anyway, and there's no reason to hide a backdoor in plain site within an AntiVirus program.

    --
    The World is Yours.
  3. Re:I don't think Symantec would risk treason by Spad · · Score: 2

    I don't think they are that stupid

    You've obviously never used Symantec's products...

  4. I don'tt have an "antivirus" by Eunuchswear · · Score: 2, Funny

    Why would I need one?

    If I did need such a bizzare thing how on earth could it be made to work?

    --
    Watch this Heartland Institute video
  5. ClamAV, Open Source Antivirus by Compaqt · · Score: 2, Insightful

    OK, the usual caveats apply about logic bombs hidden in open source, but still, at least when the source is open you have a fighting chance at discerning a backdoor.

    http://www.clamav.net/lang/en/

    There's a Windows version, too (Immunet):
    http://www.clamav.net/lang/en/about/win32/

    --
    I'm not a lawyer, but I play one on the Internet. Blog
    1. Re:ClamAV, Open Source Antivirus by rbrausse · · Score: 4, Informative

      But ClamAV is one of the worst engines out there. If one need's an antivirus tool (it would be a fair point to call all of them snake oil) use a package with a higher detection rate.

  6. Instead of back doors... by geobeck · · Score: 4, Funny

    Why not just make Symantec products such bloated resource hogs they slow down western computers, reducing US productivity as workers wait for their cursor to follow every mouse movement?

    Um... How long has Symantec had ties to China?

    --
    Find environmentally and socially responsible products on http://buy-right.net
  7. My First reaction is... by Fallen+Andy · · Score: 4, Insightful
    Holy Fuck ....

    I don't often say that, being a polite englishman, but - so many of the USB telecoms dongles using UMTS/HSPA are *made* by Huawei (here in Greece from last night, the WIND dongle i was using ...)

    But after a moments thought, how would i be reassured if it was U.S. manufactured? or indeed anywhere else?

    Chill out dudes - most of what you see is manufactured by 4-5 manufacturers with names like FoxConn, Compal etc...

    ...and conspiracy theories aside, I personally see the Chinese as being 21st century versions of what happened in my own country in the 19th...

    Mind the alligators and have a nice day

    Andy

    1. Re:My First reaction is... by JasterBobaMereel · · Score: 4, Insightful

      Made in China - checked by the NSA, found to be clean

      Made in the USA - checked by the NSA, backdoor working correctly ...

      --
      Puteulanus fenestra mortis
    2. Re:My First reaction is... by dbIII · · Score: 2

      Also guys remember that the aeroplane you flew in some time ago was made by a company with very close ties to the US military. In other words "close ties to military" really means buggerall in some cases and this looks like one of them.

  8. Witch-hunt by DNS-and-BIND · · Score: 4, Insightful

    I am shocked to see such jingoism on Slashdot. Just look at the summary, it drips with a false "us/them" mentality. On one side, the side of goodness and light, "the West" (whatever that means) and on the other side, "the Other", which takes the form of the main villain of the 21st century, those scary Chinese. It is simply assumed that "the Chinese" will sabotage any network they come in contact with...because...well, because uh...why, exactly? It's just the Western mindset of "everyone is always out to get us" that requires the creation of these scarecrows. Much like the McCarthy witch-hunt, this is going in search of a scary monster that doesn't exist. There was no WMD in Iraq, there were no communists in the State Department, and the Chinese are not out to get us. The parallels between these situations are eerily similar.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    1. Re:Witch-hunt by ti1ion · · Score: 4, Insightful

      So, why exactly is the parent comment moderated as a "troll?" It only points out the obvious! Oh, wait, it's the mock sarcasm, that must be it. Although, perhaps the author genuinely felt that this "sophisticated" tech audience, that delights in ripping apart knee-jerk statements/policies on other topics, would so easily join the herd on this ridiculous topic.

      Upon reading the summary, my first thought was writing "Oh no! The Chinese! The Chinese! Protect your wives and daughters against the Chinese!" What a bunch of nonsense.

      American corporations have been making and selling computer software for decades -- how many here are worried about government bugs in that software? Should the Chinese buy US made software? How about the Russians, or anyone else? How is it that Windows has 90% percent market share all over the world and governments are not screaming to have it removed? Talk about an opportunity to install secret access! And, if we assume the US government *has* been installing secret bits into US made software, what makes the US (from a foreigner's perspective) any better than China?

      And the most amusing thing about this is that it was the US that pushed, and pushed hard, to open China to US trade. When Nixon made his trip to China, it was historic. So, after opening Pandora's Box, the US desperately wants to close it. Got it. Nothing shows decline like trading confidence for fear.

      That's right, the Chinese are coming to get you. And you know what, you are so stupid (look at your education system!) that you wouldn't even be able to figure it out! That's what this story indicates to me. Forget actually having the knowledge and integrity to prove something, we'll just go on accusations. After all, everyone knows Linux is made by/for Communists and is anti-American. It's also full of security holes and opens the user up to all sorts of expensive lawsuits because those Linux Commies stole code from the good, America loving, closed-source corporations that only have the end user's best interests in mind when creating exceptional software.

    2. Re:Witch-hunt by TheRaven64 · · Score: 4, Insightful

      It is simply assumed that "the Chinese" will sabotage any network they come in contact with...because...well, because uh...why, exactly? It's just the Western mindset of "everyone is always out to get us" that requires the creation of these scarecrows.

      Because we've learned from history? It used to be that people flying to France on business were advised not to discuss anything commercially sensitive on their flights - Air France had a habit of allowing bugging of the business class seats and commercial information was passed on to other French companies. We almost certainly did the same thing on British Airways flights, although we seemed to be better at not getting caught.

      Inserting back doors into networks is just the next step in this same approach. We assume that they're doing it, because we've been doing it for the last few decades and it would be surprising if any country that had the capability to do so didn't.

      --
      I am TheRaven on Soylent News
    3. Re:Witch-hunt by KnownIssues · · Score: 3, Interesting

      Cold War II. Now that we can't rely on the Soviet Union to instill fear and hate and competition in us, we've had to find the next imaginary (or at least, self-created) threat. If the Chinese are a "threat" to anything it's our imagined political and economic importance in the world. In that sense, the threat might be real. Rather than convince ourselves that we will maintain our position by virtue of being more ethically pure than them, perhaps we should focus on improving our own economic and political position.

    4. Re:Witch-hunt by Anonymous Coward · · Score: 2, Informative

      Hate to say it, but you'll need to check some facts.
      China is an autocratic state- as a result they have hands in the corporate boardroom of any business that operates there- which results in a scenario where the possibility of "sabotaged" gear not only possible, but likely. False Us vs Them mentality?? I can point to a scary number of hacks against American and South Korean interests which have been traced roughly to China and North Korea. Hell, China has an entire military division that devotes itself to web-warfare- just check out the most recent Janes edition....
      So- hate to burst your bubble- but they are infact out to get us. They just deny it with a smile.

  9. I can still access the tiananmen square wiki page by Drakkenmensch · · Score: 2, Funny

    So I'm gonna guess mine isn't.

  10. Prejudice by RyanFenton · · Score: 2, Interesting

    Presumed dishonorability = prejudice.

    In know we tend to always paint our current perceived rivals as THE MOST EVIL THING EVAR, but China is pretty much the same thing as most groups of people - some corrupt, some fairly virtuous and kind to their fellow human beings, and a whole lot of mix in between.

    China has had a lot of revolutions and shifts - and as their demographics continue to change, they're in the middle of several now, and they'll have more. Pretending that they're just bogey-men isn't going to help anything, or improve those shifts in anyone's favor.

    Judgements with reason and evidence can be fair... but conjecture and prejudice aren't helpful.

    Ryan Fenton

    1. Re:Prejudice by Stradivarius · · Score: 2

      Presumed dishonorability = prejudice.

      The worry about Chinese espionage is not prejudice.

      First, nobody's presuming dishonorability. They're presuming that nation-states will do what they have always done, whether from the West or East, which is espionage. There's a long history, even among supposed Western allies like the French and the US, or the US and Israel, of spying on each other. The spying isn't always for strictly "national security" concerns either, it has also included economic espionage performed to advantage companies from the spying country.

      Second, if you consider espionage dishonorable; given that every nation does it, that would make all nations "dishonorable", in which case worrying about it isn't prejudice against any particular player, it's just reality.

      Re: the Chinese in particular... if countries where industry is privately-owned do economic espionage, do we really expect that a country where the major industries are state-owned would not? Especially given the enormous advantage it would provide over having to invent technologies the hard way? Do we think the Chinese would worry less about their national security concerns than we do about ours? Would not backdoors in foreign equipment be a potent countermeasure in the event of military conflict?

      Do the Chinese get a disproportionate share of media attention for espionage? Probably - it's not like the other world powers have stopped doing these sorts of things. Media attention tends to go in fads, and the incredible rate of economic growth the Chinese have had in recent years has brought a lot of attention. But it doesn't mean the threat isn't real.

  11. dont worry by pinkishpunk · · Score: 2

    symantec antivirus products dont spare enough cpu cycles for the backdoor to do any real work, so you should be perfectly safe, its a good as locked up.

  12. Outsourcing is an inherent security problem... by gestalt_n_pepper · · Score: 2

    ...and always has been. You get software coded in India, who then themselves outsource to Pakistan, Vietnam, etc. and they put in backdoors. You get chips made in China and they put in backdoors or transmitter capability. You give financial information to India or the Phillipines and they can hold it hostage for either money or political concessions. Only a damn fool, a politician, or an executive focused on this quarter's bonus is dim enough to think otherwise.

    --
    Please do not read this sig. Thank you.
  13. Japan? by khasim · · Score: 4, Insightful

    Yeah, but it's probably happening at layer 2 and 3, since a lot of American networks are being offshored to Japan who in turn hires the cheapest third country nationals (Chinese CCNA's) to administrate.

    Japan? Why Japan? Most companies I now (including the one I work at) have gone straight to China. And the network is via China's telco. And the guys running the systems are Chinese.

    This isn't "back door". This is inviting them in the front door and giving them the keys to house so they can look after it for you.