Eugene Kaspersky: "Our Business Is Saving the World From Computer Villains"

← Back to Stories (view on slashdot.org)

Eugene Kaspersky: "Our Business Is Saving the World From Computer Villains"

Posted by samzenpus on Wednesday May 20, 2015 @07:23AM from the listen-up dept.

blottsie writes: While the nature of Kaspersky's relationship with the Kremlin remains, at the very least, a matter of contention, his company's influence is anything but hazy. On top of their successful antivirus business, Kaspersky Lab researchers have discovered key details about the now-infamous Stuxnet virus, which was deployed by the U.S. and Israel against Iran's nuclear facilities. Kaspersky analysts later uncovered Flame, which the Washington Post found was another American-Israeli cyberweapon against Iran. All of this is on top of building a highly successful antivirus business. In a new interview with the Daily Dot, Kaspersky elaborates on thoughts about his company, his wealth, and the state of modern cybersecurity.

17 of 288 comments (clear)

Min score:

Reason:

Sort:

This would be a first post... by Anonymous Coward · 2015-05-20 07:30 · Score: 5, Funny

If it was not posted from a machine running bloody Kaspersky security tools!
So 20 years from now... by TWX · 2015-05-20 07:31 · Score: 2

...we'll have Kaspersky bloatware slowing down new computers belonging to average people, much like how we have Norton bloatware doing that?

--
Do not look into laser with remaining eye.
1. Re:So 20 years from now... by HornWumpus · 2015-05-20 08:34 · Score: 2
  
  What other 'reformed' virus authors do you allow to install software on your PC?
  Even if Norton was perfect, they still have decades to go before I'd consider trusting them. I'd install software from 'Cryptolocker LLC' first.
  
  --
  John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Sate business by sinij · 2015-05-20 07:39 · Score: 2, Informative

In Russia, there is no such thing as independent large corporation, there are only nominally privately owned, and formally state owned corporations. While Kaspersky does some good work, they should be treated the same way as NIST is in USA, with a primary mission to protect and advance state interest.
"Kaspersky's relationship with the Kremlin" by Nutria · 2015-05-20 07:43 · Score: 4, Informative

Kaspersky Lab researchers have discovered key details about the now-infamous Stuxnet virus, which was deployed by the U.S. and Israel against Iran's nuclear facilities. Kaspersky analysts later uncovered Flame, which the Washington Post found was another American-Israeli cyberweapon against Iran.
Anyone who thinks that Kaspersky isn't in bed (voluntarily or not) with the Kermlin is delusional.

--
"I don't know, therefore Aliens" Wafflebox1
1. Re:"Kaspersky's relationship with the Kremlin" by Vokkyt · 2015-05-20 07:48 · Score: 2
  
  Kaspersky probably is in bed in some way with the Kremlin, it has nothing to do with the quotes you listed.
  Pretty much everyone figured it was a US/Israeli combo for Stux and Flame, not just Kaspersky.
2. Re:"Kaspersky's relationship with the Kremlin" by ITRambo · 2015-05-20 10:14 · Score: 2
  
  Kaspersky is in bed with the Kremlin in the sense that Symantec is in bed with the NSA, IMO. It's a company response to friendly pressure from their national governments to expose information that suits their purposes. If it was deeper than that, international companies like Kaspersky would quickly become local firms as customers shop elsewhere.
Kaspersky is not special by shihonage · 2015-05-20 07:45 · Score: 3, Insightful

Their program will slow down your computer with all kinds of security theater "features", but like any other antivirus, it will fail to root out most viruses written in the past 8 years once they've been executed and implanted themselves as a rootkit.
1. Re:Kaspersky is not special by techno-vampire · 2015-05-20 16:37 · Score: 2
  
  I don't remember claiming that *nix systems were immune to malware.
  
  Agreed. I run a Linux-only household, except for one Windows laptop that my sister uses because some of the programs she needs for school won't run properly under Wine. I don't run ClamAV or anything like that because I'm not in the habit of downloading random Windows programs and sending them to friends. Right now, almost all of the malware writers are targeting Windows for two reasons. First, that's where most of the potential profit is. Second, there are a lot of anti-social script kiddies out there either using cheat-sheets or cookbooks to write malware programs to exploit vulnerabilities that other people discovered; they've no clue how to fine one of their own. And, those who aren't using the cheat-sheets are using programs that create custom malware for them, so that all they have to do is select a security flaw and a payload and the rest is done for them. And guess what: all of those script kiddies are writing malware for Windows because they can't get their hands on what they'd need to write Linux malware, and wouldn't know how to do it on their own anyway.
  
  And there's another factor here: Linux has much more security designed into it than Windows does, making it a harder target to attack. Yes, I know that there are still people out that who hate SELinux because it was problematic ten or fifteen years ago, but it does make it harder for a malicious program to do its job. And, of course, the fact that most Linux users get their software from their distro instead of downloading files from various third-parties and hoping they're safe helps a lot.
  
  Sorry to go on so long, but once I got started there was just more and more that I realized needed saying.
  
  --
  Good, inexpensive web hosting
but... but... but... by Gravis+Zero · 2015-05-20 08:21 · Score: 2

but i'm a computer supervillain, you insensitive clod!

--
Anons need not reply. Questions end with a question mark.
What's /. opinion on AV? by Eloking · 2015-05-20 08:25 · Score: 2

Just wondering if I'm the only one around here not using any AV for a long time. AFAIK, you can only get your virus on the internet (unless I'm underestimating USB's key viruses). And with gmail (and other huge mail provider) boosted with virus check procedure, Secured browser like Chrome pimped with Adblock and keeping myself far from the "dark side" of the web, I've never had any problem. Add to this the new lite Microsoft Security Essential (intagrated in Win8) to the lot and I'm surprised those company are still in business.
Or am I naive?

--
Elok
1. Re:What's /. opinion on AV? by Gravis+Zero · 2015-05-20 08:35 · Score: 2
  
  Just wondering if I'm the only one around here not using any AV for a long time.
  you aren't but if you are using Windows and no AV then you are a fool.
  
  AFAIK, you can only get your virus on the internet (unless I'm underestimating USB's key viruses).
  you absolutely are underestimating USB key viruses! stuxnet infected airgapped computers using a USB key.
  
  Chrome pimped with Adblock and keeping myself far from the "dark side" of the web, I've never had any problem
  while this helps it won't keep you completely safe.
  
  Add to this the new lite Microsoft Security Essential (intagrated in Win8) to the lot and I'm surprised those company are still in business.
  i'm not surprised at all. windows defender only detects ~75% of malware. at any given time, MS is about a year behind the AV curve.
  there is a good chance you are infected with some malware.
  
  --
  Anons need not reply. Questions end with a question mark.
2. Re:What's /. opinion on AV? by Zaelath · 2015-05-20 11:14 · Score: 2
  
  you aren't but if you are using Windows and no AV then you are a fool.
  you absolutely are underestimating USB key viruses! stuxnet infected airgapped computers using a USB key.
  'm not surprised at all. windows defender only detects ~75% of malware. at any given time, MS is about a year behind the AV curve.
  On the other hand, nothing detected Stuxnet until many years after it was distributed, and it's a horrible example of general public USB virus. It's like suggesting people should build fallout shelters because they have any chance at all against a nation state.
  On top of that, AV does /nothing/ for 0-day.
  How you act and how attractive you are influence your likelihood of attack more than any other factor. If your behaviour is so risky that you need doubleplusgood AV then perhaps you should be doing that kind of thing in a Virtual Machine on a segregated network instead of the same machine you do your banking on, because you WILL get infected.
  Like any other security measure, AV is a layer of protection, and for that reason MS Essentials does an acceptable job for {most|cautious|honest} people. Your grandparents that click on /every/ link and open /every/ attachment emailed to them "in case" may need a paid solution, or better still, an Apple computer since they're still a much smaller target than Windows.
Re:Antivirus business by Shoten · 2015-05-20 08:34 · Score: 2

And do they have a a successful antivirus business?
They must, because they're a fairly prominent sponsor of the Ferrari Formula 1 team.
Now, the only question I have about that is whether they know they're sponsoring Ferrari, or if they just know they're sponsoring "the only car that's completely red."

--

For your security, this post has been encrypted with ROT-13, twice.
Re:AdBlock = Inferior vs. hosts + 'Souled-Out' by bouldin · 2015-05-20 14:38 · Score: 2

Protect vs. DGA botnets + stop communique to C&C servers
Sorry, this is still incorrect. The whole point of a Domain-Generating Algorithm is to evade domain name blocking and takedowns.
By the time you add known DGA domain names to a blocklist, they are already defunct, and the malware has moved on to new domain names.
Re:Hosts can block any domain name by bouldin · 2015-05-21 02:34 · Score: 2

Hosts can block any domain name
Not true, a hosts file is trivial to bypass. Any piece of software can send TCP/UDP 53 traffic to a DNS server and resolve the name itself.

Question #2: Is that what YOU DO WITH YOUR DGA BOTNET, Mr. Expert (who speaks for all botnet masters like himself)?
I don't run botnets, but I do understand what a domain-generating ALGORITHM is. The algorithms are seeded with the current time, so the list of domains is always changing.
Now, if you reverse engineer the algorithm out of the malware, you could theoretically build a list of all domain names the malware will use in the future, but usually when I hear about reverse engineering a DGA, it's because microsoft and other companies have pre-registered those domain names as part of a botnet takedown. At any rate, you clearly don't understand what you're talking about.
Re:Weasel, you have failed again... apk by bouldin · 2015-05-21 13:24 · Score: 2

Actually, I found a good reference for malware that does perform DNS directly. See page 9 at OpenDNS - DNS Role in Botnets.
They reference malware using custom DNS servers, and also malware tunneling messages through the DNS protocol.
Here's a quote:

At present time, there are few to no effective countermeasures cited by the security community to detect or prevent DNS-based botnet communications. Some larger, security-aware organizations could use techniques such as "split horizon" DNS. This will force internal hosts to send their DNS requests only through the network DNS server.
So there you go - a network solution. But the malware they mention completely bypasses OS hosts files.