Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky's Exploit-Proof OS Leaves Security Experts Skeptical

Posted by timothy on from the trust-maybe-but-certainly-verify dept.

CWmike writes "Eugene Kaspersky, the $800-million Russian cybersecurity tycoon, is, by his own account, out to 'save the world' with an exploit-proof operating system. Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a 'digital Pearl Harbor' or 'digital 9/11' from hostile nation states like Iran, this sounds like the impossible dream come true — the cyber version of a Star Wars force field. But on this side of that world in need of saving, the enthusiasm is somewhat tempered. One big worry: source. 'The real question is, do you trust the people who built your system? The answer had better be yes,' said Gary McGraw, CTO of Cigital. Kaspersky's products are among the top ranked worldwide, are used by an estimated 300 million people and are embraced by U.S. companies like Microsoft, Cisco and Juniper Networks. But while he considers himself at some level a citizen of the world, he has close ties to Russian intelligence and Vladimir Putin. Part of his education and training was sponsored by the KGB, he is a past Soviet intelligence officer (some suspect he has not completely retired from that role) and he is said have a 'deep and ongoing relationship with Russia's Federal Security Service, or FSB,' the successor to the KGB and the agency that operates the Russian government's electronic surveillance network."

6 of 196 comments (clear)

  1. openBSD has a bsd licence by nzac · · Score: 4, Insightful

    I know its not exploit proof but becoming a platinum sponsor and insisting they spend the money on code review. Then make custom modifications to remove all functionality and you should get close.

    If the people buying and operating these systems really cared about security I am sure they could piece together a far more secure solution at the expense of cost and convenience from current software.

  2. Two things by Gonoff · · Score: 4, Insightful

    1 - The cold war is over. Capitalism won (not democracy).
    2 - If I had a choice between something checked by the Russians, the US and the Chinese, the only one I would flat out reject would be the Chinese one. I see US spooks as no more concerned with my happiness and wellbeing than Russian ones.

    --
    I'll see your Constitution and raise you a Queen.
    1. Re:Two things by circletimessquare · · Score: 4, Insightful

      the american spooks will fuck you up for doing something against their geopolitical agenda

      so will the russians. but in addition, the russian spooks will fuck you up for doing something against the russian political status quo (and of course, the chinese too)

      america has going for it a genuinely much better tolerance for political dissent. you can say things about obama you can't say about putin or hu jintao. and that matters, it really matters

      but if you want to belittle that difference, you probably live in the west and have a well established antiestablishment attitude

      ok, now try that same antiestablishment attitude against moscow... in moscow. or against beijing... in beijing. exactly: your attitude just tells us you don't appreciate what you have

      in short, there is no nation you can fully trust. only differences in degrees. and the usa currently leads the list of trustworthiness of the superpowers. not that the usa doesn't have a lot of room for improvement. and not that it can't backslide. but currently it's the shinest piece of crap on top of the shit pile

      --
      intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  3. Very simple... by ArcadeNut · · Score: 4, Insightful

    If it's man made and accessible, it's exploitable.

    Thinking otherwise is foolish.

    --
    Visit the Arcade Restoration Workshop @ http://www.arcaderestoration.com
  4. Re:Just because you're paranoid.... by farble1670 · · Score: 5, Insightful

    pre-cold war:

    USSR-based companies: in bed w/ the USSR government
    US-based companies: in bed w/ whoever pays them

    post-cold war:

    Russian-based companies: in bed w/ whoever pays them
    US-based companies: in bed w/ whoever pays them

  5. Pearl Harbor vs. 9/11 by aNonnyMouseCowered · · Score: 4, Insightful

    "Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a 'digital Pearl Harbor' or 'digital 9/11' from hostile nation states like Iran"

    I'm worried by this blurring of distinctions in the historical significance of the two events. Whatever your political persuasion, Pearl Harbor was a de facto declaration of war. It was a strike against a military target carried out by a true nation state. The "9/11" terrorist attack was something else. It was carried out by an independent group that at worst can be described as being in an alliance of convenience with some foreign government.

    By confusing our figures of speech for two clearly different types of cyberattacks, the danger is that the same counterattack methods will be used for both. Treating "9/11" as an act of war, and not simply as a well-coordinated distributed terrorist attack, led to a trillion-dollar War on Terror. On hindsight did it make sense to send out a nation's armies to deal with a few hundred suspected terrorists? Wouldn't it have been better if the intelligence agencies dealt with the issue, resorting to large military strikes only when the intelligence and situation warranted?

    So now will the hometowns/countries of suspected Anonymous members be the target of the same massive disruption of IT services that US would launch in retaliaton for a supposed cyberattack from Iran or China?