Former Employees Accuse Kaspersky Lab of Faking Malware

An anonymous reader writes: Reuters reports that two former employees of Moscow-based Kaspersky Lab faked malware to damage the reputations of their rivals. The alleged campaign targeted Microsoft, AVG, Avast, and others, tricking them into classifying harmless files as viruses. The ex-employees said co-founder Eugene Kaspersky ordered some of the attacks as retaliation for emulating his software. The company denied the allegations, and Kaspersky himself reiterated them, adding, "Such actions are unethical, dishonest and their legality is at least questionable." The targeted companies had previously said somebody tried to induce false positives in their software, but they declined to comment on the new allegations. "In one technique, Kaspersky's engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal." The alleged attacks went on for more than 10 years, peaking between 2009 and 2013.

Free alternatives?

[WSOGMM]

There don't seem to be very many good free alternatives other than microsoft's default package. I've wondered if it's possible for me to make my own security system, but I've never given it a good amount of thought.

If classification is the name of the game, couldn't you use some machine learning techniques based on what malware does and write your own classifier?

Re:Free alternatives?

[idbeholda]

http://tot-ltd.org/techinf.htm...

Project I've been working on for the past 15 years. Take it or leave it.

Re:Free alternatives?

[TWX]

There don't seem to be very many good free alternatives other than microsoft's default package. I've wondered if it's possible for me to make my own security system, but I've never given it a good amount of thought.

If classification is the name of the game, couldn't you use some machine learning techniques based on what malware does and write your own classifier?

If I remember right Thunderbyte Antivirus did something much like that. At some point Thunderbyte was bought-out and I honestly have no idea what happened after that.

In my opinion, the best approach for malware that is pulled-in by the user is to restrict what the user can do to the computer. Yes, that means annoying issues installing software such that a privileged account has to be logged into, but it also means that if the user makes serious mistakes the solution is to back up their non-executable data, delete their account and its files, and recreate and restore the data.

On all of my Windows boxes I set up the user to have only minimal permissions. I reserve administrative functions for an admin account.

Re:Free alternatives?

[znrt]

There don't seem to be very many good free alternatives other than microsoft's default package.

at risk of stating the obvious ... er ... linux? :)

I've wondered if it's possible for me to make my own security system, but I've never given it a good amount of thought.

it's possible. it's also hard. start giving it some good amount of thought and stop making yourself a target by using the 'default package'. it will be easier from there ...

Re:Free alternatives?

I think the future is something like VxStream Sandbox and friends in combination with regular AV, where you analyze the executable and then based off that determine if it's malicious or not.

https://www.hybrid-analysis.com/sample/80fa9c88d1919af88fc44292c1df7e486a40482aba596618c33b90946edae8c8?environmentId=1

It's trivial to make an executable undetectable on virustotal, you have tools out there that do it for you. And if you look at MSE / Defender, it's near the bottom of end of the spectrum compared to other anti virus solutions.

Re:Free alternatives?

[sims+2]

Thanks ill give it a try next time I run across an infected system.

Re: Free alternatives?

[corychristison]

In regards to Thunderbyte, they were acquired by Norman ASA (www.norman.com). In 2014, Norman ASA was acquired by AVG.

Re:Free alternatives?

[Ungrounded+Lightning]

There don't seem to be very many good free alternatives other than microsoft's default package.

Signature-based anit-malware solutions require an industrial-scale operation to identify new threats and add them to the signatures. That's very costly: Those workers have to eat, so they have to be paid somehow.

Since Microsoft is pretty much the only company with a revenue stream that is substantially improved by protecting Microsoft systems generally, it is similarly pretty much the only operation that can profit by spending such industrial-scale money deploying new defences "for free".

But there are still a few who find ways to make it possible. One of the best after-infection malware-removal tools out there is Malwarebytes. They distribute a stripped-down, manually-operated, nagware version of their product for free, in the hopes that you'll subscribe to the full-function version (to get additional functionality, including automated scheduled execution, and/or spare your attention from constantly closing their popups that covered your working window. B-) )

Re:Free alternatives?

[dcollins117]

A hacker can really screw with someone without elevating to admin. All the juicy stuff is in the user accounts anyway. In a few seconds they can get your financial information, passwords, email contacts, the screenplay you're working on, any photos of an adult nature that happen to be there...

In contrast, the admin account is quite dull. You already know what's on that. I get the point that once you get admin you can install your badware and stick around for a while, but once you've got all the really good stuff is in the user accounts why bother.

Re:Free alternatives?

"Temple Of Transgression"

So does it run on Temple OS or just talk directly to God?

Re:Free alternatives?

[snookiex]

Some obscure group of dudes that call themselves "Temple of Transgression" and develop an antivirus (ok, ok, only the frontend) in VB6 are fighting hard for not being taken seriously.

Why is TT Livescan written in VB6, instead of another programming language? VB6 is still widely used, just like most other programming languages. In terms of development, VB6 is geared towards rapid GUI development. Combined with the fact that most of our coding is designed to be as efficient as possible, VB6 is the best option. Shortly before 32-bit support is to be phased out for Windows, we will make a new version available. It will most likely be written in Delphi.

And no, I didn't know "VTE Virus Scanner".

Re:Free alternatives?

well there's Clamav + Clamwin, but yeah for an email server they are fine but for warezing.... nope. Clamav won't catch sophisticated viruses.

Re:Free alternatives?

[idbeholda]

And if you actually read further, you'll notice a few URLs listed.

http://tot-ltd.org/blacklist/
http://tot-ltd.org/whitelist/
http://tot-ltd.org/files-wl/
http://tot-ltd.org/installatio...
http://tot-ltd.org/ports
http://tot-ltd.org/API
http://tot-ltd.org/packer.db

Re:Free alternatives?

[idbeholda]

No, leave that to Terry Davis. Besides, any sane person knows that next to L Ron Hubbard and HP Lovecraft, King James was the greatest fiction writer of all time.

Re:Free alternatives?

[mattb47]

Microsoft Security Essentials / Windows Defender has been falling behind for years now. It used to be pretty good. But now, it unfortunately doesn't catch a lot newer malware. Microsoft dropped the ball and stopped putting the proper R&D into their product.

Bitdefender Free is my new favorite these days:
http://www.bitdefender.com/sol...

Fast, effective, and low impact. Bitdefender Free is not free for commercial use, however. And they don't have a free version that support Windows 10 yet. Bitdefender scores at or near the top in most AV comparison tests for malware detection.

Best free commercial AV is Avast for Business:
https://www.avast.com/avast-fo...

Not quite as low-impact as Bitdefender, and not quite as effective, but it's OK. I've used Avast for years as well. (It used to be my standard free AV, and I still use it on some systems.) Their free business AV is basically their paid AV business product stripped down to just AV, not firewalls, and anti-spam, and other cruft. The Windows firewall is just fine these days, and is you have a decent mail server spam isn't a problem. (And there are other decent free anti-spam products, like Cloudmark Desktop One.) So a plain-old just-AV product is fine with me. Includes a cloud-based console system as well, so you can centrally keep track of your AV clients -- which is GREAT for a free product.

Good luck!

Re:Free alternatives?

[kernel_user]

your web page looks *very* outdated.. It's probably not correlated to the quality of your software, but it gives the impression that nothing has changed for .. 15 years. Also, there are no mention of any OS ? I assume it's running some version of MS Windows.. but .. who knows ?

Re:Free alternatives?

[idbeholda]

"What versions of Windows will TT Livescan run under? Windows 98 through Windows 10."

I don't see anyone clamoring to pay my bills either, so I'm not really inclined to care what I use beyond notepad.

Re:Free alternatives?

There don't seem to be very many good free alternatives other than microsoft's default package. I've wondered if it's possible for me to make my own security system, but I've never given it a good amount of thought.

If classification is the name of the game, couldn't you use some machine learning techniques based on what malware does and write your own classifier?

Free alternative: distrowatch.com

Windows itself is malware.

http://www.technobuffalo.com/2013/08/22/nsa-windows-8-exploit/
http://www.technobuffalo.com/2013/07/11/microsoft-gave-the-nsa-direct-backdoor-access-to-outlook-skype/
http://winsupersite.com/windows-10/how-stop-windows-10-upgrade-downloading-your-system
http://www.extremetech.com/computing/195592-with-windows-10-microsoft-could-move-to-a-subscription-based-model
http://www.extremetech.com/computing/205320-microsoft-windows-10-will-be-the-last-version-of-windows
https://www.youtube.com/watch?v=5GU5uv28a3I
http://techrights.org/2015/07/31/vista-10-anticompetitive/

https://www.youtube.com/watch?v=wwRYyWn7BEo

http://tech.slashdot.org/comments.pl?sid=7814945&cid=50277265

http://tech.slashdot.org/comments.pl?sid=7803015&cid=50272331

Re:Free alternatives?

A great free alternative is to simply install a Linux distro and never use Windows again.

Re: Free alternatives?

I really tried to like clamwin, but the amount of false positives was insane: 200 txt files that I wrote got flagged as various malware.

Re:Free alternatives?

[donak]

I've been using MalwareBytes (as suggested above) then installing Comodo Internet Security http://comodo.com/ (free for personal use) if needed, and finally CCleaner from Piriform http://piriform.com/ to rescue peoples PCs after disaster has struck.
I'm thinking of making it a standard "pack" of software for anyone who asks at the Library where I volunteer.

Re:Free alternatives?

no, it really isnt

Anti-Virus Companies All Suck

[Frosty+Piss]

It would not surprise me if *ALL* so-called antivirus software companies did this, with very few exceptions.

Re:Anti-Virus Companies All Suck

[U2xhc2hkb3QgU3Vja3M]

You know, Burke, I don't know which species is worse. You don't see them fucking each other over for a goddamn percentage. - Ripley

Re:Anti-Virus Companies All Suck

[invictusvoyd]

It would not surprise me if *ALL* so-called antivirus software companies did this, with very few exceptions.

What ?!! don't you know that " Such actions are unethical, dishonest and their legality is at least questionable " ?

Re:Anti-Virus Companies All Suck

A coworker of mine a few years back told me something similar.

He is from Romania and I guess a lot of this comes from that region. He said that he has friends that work at Kaspersky who admitted to him just as much.

The way he put it (to make a long story short) is: "they are an excellent anti-virus company, maybe even the best one out there, but they have to cause alarm to solve it to stay relevant in people's minds" When no new crap is thrown around, nobody notices the man cleaning up. He said he was told they all do this and that most, if not all, of it is more or less harmless to average user.

Re:Anti-Virus Companies All Suck

my clean pc or whatever there name is now is one. Same on the NHL network for running there ad's

Re: Anti-Virus Companies All Suck

[Redbehrend]

Every year it's about one of them doing something similar. I love kaspersky, why you ask? It finds what others don't, it's developed in the wild west where everyone hacks everyone aka Russia. So you know it's better than our stuff and I have yet seen a kgb type exploit exposed and used by 3rd parties unlike our (us and gov) exploits that are found and used all the time by hackers. You also hear results from it example " all the computers but the kaspersky and bitdender, etc... computers got the virus" when I talk to security professionals about rare outbreaks. For the average consumer I think it's a great value. P.S. I never got why everyone loves Microsoft anti-virus, crap gets by all the time I should know I have to fix it.

Re: Anti-Virus Companies All Suck

After reading this article, you might want to rethink what "It finds what others don't" really implies.

Re: Anti-Virus Companies All Suck

[rtb61]

Finding computer virii that others don't can also be pretty suspicious. That obvious have copies of each others software and they obviously are quite capable of coding computer virii, in fact they all claim to know more about them than anyone else. So crafting one to get past the competition and infect as many computers as possible would be one of the best possible marketing strategies.

Not that I would suspect Kapersky Labs ahead of the others. I would honestly place all software security companies in the same category as inherently suspicious in their behaviour. They require crime and corruption to survive and grow in order for them to survive and grow, solve the security problem and they are right out of business, continue to treat the symptoms without curing the problem means profits forever. The only real solution to security has to come from FOSS because for FOSS it is nothing but a cost burden, solve security and they save money.

Re: Anti-Virus Companies All Suck

I thought that business ethics just meant that whatever you can get away with is "ethical" (as long as it increases profit margins).

Why would this be bad?

[xxxJonBoyxxx]

>> chief task was to reverse-engineer competitors' virus detection software to figure out how to fool them into flagging good files as malicious

Why is this a bad thing? This is pretty much what a large chunk of the "grey hatter" world does on a regular basis (figure out how to trick AV). Shouldn't we be cheering on a little AV-on-AV competition instead of letting them all group-think themselves into a pool of mediocre results?

(This is also why running different AV engines in your network has generally been a good defense-in-depth measure in the past...I don't WANT them all to agree.)

Re:Why would this be bad?

AV companies are supposed to be the "good guys" working towards "making the world a safer place". They have an image to maintain.

Their software runs with full privileges on millions of computers and is permanently connected to the Internet.
If they turn out to be your run-of-the-mill evil company run by rotten people, then how could you possibly trust them to protect you?

I don't want Kaspersky's crap anywhere near my machines if they can't even be trusted to cooperate with their own colleagues.

Re:Why would this be bad?

Why is it bad to inject fake malware reports to have your competitors quarantine important system files as being infected when they aren't? did you seriously just ask how that's a bad thing?

Lets say it's your PC that gets borked because your AV lost it's mind and flagged some of your OS core files as infected... is it a good thing then?

No grey hat is trying to trick AV software into false positives, it's quite the opposite, they try to slip past or through the AV, and if they are a true grey hat, they send a nice fancy report of how they did it to the company to either : A) have them fix it or b) get sued. It's usually B by the way.

This little dirty trick could potentially cause millions in damages to an enterprise network. Is that still a good thing? This little dirty trick could convince people to stop using those AV suits entirely (think McAfee) putting them, and the rest of us, at risk. Still a good thing?

What the hell man.

Re:Why would this be bad?

[xxxJonBoyxxx]

>> run-of-the-mill evil company run by rotten people

I didn't realize Symantec or Trend micros were a good companies run by nice people. Maybe McAfee could be a character witness for them. :)

>> how could you possibly trust them to protect you?

If a "security" company doesn't have the technical expertise to figure out the difference between real and fake viruses (as it seems a number of these companies couldn't), I'm not sure how much protection they're offering anyway. I guess I'd rather watch the egress traffic from the software of the the technically-savvy company than sleep knowing I got my AV software from the brightly-colored company who bought me a steak dinner at the conference.

Re:Why would this be bad?

They are not simply doing research on competing AV. They were posting, anonymously, common files to blacklists like VirusTotal. They chose files that would cause the system to crash if removed. So then other AV software, that didn't know about these fake entries in the blacklist, would break people's computers. This was very sinister, and not the first time an anti-virus company has been caught proliferating damaging software. They are harming people's computers just to make their competitors look bad. It's astonishing they would do this considering how much harm they did to everyone, and how little good they did for themselves.

Re:Why would this be bad?

[quantaman]

>> chief task was to reverse-engineer competitors' virus detection software to figure out how to fool them into flagging good files as malicious

Why is this a bad thing? This is pretty much what a large chunk of the "grey hatter" world does on a regular basis (figure out how to trick AV). Shouldn't we be cheering on a little AV-on-AV competition instead of letting them all group-think themselves into a pool of mediocre results?

(This is also why running different AV engines in your network has generally been a good defense-in-depth measure in the past...I don't WANT them all to agree.)

Because those files belonged to end users, Kaspersky was using their competitors' software as malware.

Re:Why would this be bad?

[cdrudge]

Because it's not a little AV-on-AV competition. Competition is when companies push each other to try to improve their product over the others, not purposefully throwing more hurdles in the way of the competitor.

If they did what was accused, they maliciously submitted false information that would be shared around the industry because they knew the competition would detect it as an infected file. It didn't improve Kaspersky's accuracy, nor did it help the accuracy of anyone else's scanner detecting real threats. It only resulted in competitors looking bad for false positives, and having to spend additional efforts filtering samples.

Re:Why would this be bad?

>I didn't realize Symantec or Trend micros were a good companies run by nice people.

I'm glad you didn't, and I'm sure they aren't, but they at least manage to appear halfway competent.

>If a "security" company doesn't have the technical expertise to figure out the difference between real and fake viruses (as it seems a number of these companies couldn't), I'm not sure how much protection they're offering anyway. I guess I'd rather watch the egress traffic from the software of the the technically-savvy company than sleep knowing I got my AV software from the brightly-colored company who bought me a steak dinner at the conference.

You make it sound like an easy problem. As if offering significant protection merely required a couple experts giving half a damn for a month or two. Of course they are offering very little protection. It's trivial to bypass an AV, just ask all the skids on those "leet haxor" forums.
People who use AVs buy it because of the PR, not because of the real world stats.

Re:Why would this be bad?

[TechyImmigrant]

They are not simply doing research on competing AV. They were posting, anonymously, common files to blacklists like VirusTotal. They chose files that would cause the system to crash if removed. So then other AV software, that didn't know about these fake entries in the blacklist, would break people's computers. This was very sinister, and not the first time an anti-virus company has been caught proliferating damaging software. They are harming people's computers just to make their competitors look bad. It's astonishing they would do this considering how much harm they did to everyone, and how little good they did for themselves.

An OS based AV should have white list signatures for essential OS files. This attack shouldn't be a problem if the host has defense in depth.

Re:Why would this be bad?

[rch7]

How dumb it would be to trust KGB guys to do anything in your computer in the first place?
"There is no such thing as a former KGB man" - V. Putin. They all cooperate with their authorities. Even if somebody would not want, they are obliged to do that if they want to do business in Russia and stay alive.

Re:Why would this be bad?

[CohibaVancouver]

They have an image to maintain.

Kaspersky is run by ex-KGB men. What would possibly go wrong?

(Yeah, yeah. I know here on Slashdot the NSA and CIA are one-thousand times worse than the KGB and GRU ever were, but spare me.)

Re:Why would this be bad?

[TheRealQuestor]

>> run-of-the-mill evil company run by rotten people

I didn't realize Symantec or Trend micros were a good companies run by nice people. Maybe McAfee could be a character witness for them. :)

>> how could you possibly trust them to protect you?

If a "security" company doesn't have the technical expertise to figure out the difference between real and fake viruses (as it seems a number of these companies couldn't), I'm not sure how much protection they're offering anyway. I guess I'd rather watch the egress traffic from the software of the the technically-savvy company than sleep knowing I got my AV software from the brightly-colored company who bought me a steak dinner at the conference.

There is no McAfee any longer. It is now Intel Security.

I actually find Bitdefender Free to be a better alternative to Micrososft's free package. It's about as light weight and finds stuff MS's misses. And it's free.

Re:Why would this be bad?

Figure out how to quote, or go back to the *chan boards, moron.

Re:Why would this be bad?

[AaronW]

That was one reason I chose to use Kaspersky. Once my license expires... never again. With all the crap coming out of Russia I don't think I'd go with them again anyway. Almost all of the spam RBL hits on my mail server are from Russia, the rest are from China. I wish I could just firewall off both countries.

Re:Why would this be bad?

It's not clear from TFA. The video says they didn't anonymously upload the files to virustotal, but used communication channels between antivirus makers to provide fake samples. If the latter is the case, shouldn't it be easy to prove Kaspersky is to blame?

Ad blockers are the new anti-virus.

If you could only install one you'd be better off installing an ad blocker than an anti-virus product.

People telling you different are trying to sell you something :)

Re:Ad blockers are the new anti-virus.

-1, Needs Moar APK

Re:Ad blockers are the new anti-virus.

[U2xhc2hkb3QgU3Vja3M]

People telling you different are trying to sell you something :)

Maybe they are, but I'm not seeing their messages!

Re:Ad blockers are the new anti-virus.

[U2xhc2hkb3QgU3Vja3M]

I would like to subscribe to your newsletter but only if this HOSTS FILES thingy is moocow approved, because we're all cows.

Re:Ad blockers are the new anti-virus.

Hosts files suck because they don't support wildcards. You have to know the full hostname of all the ad servers in advance. It's much better to set up your own local name server and have it act authoritative for entire ad domains. So when DoubleClick adds another pool83.east-19.srv.doubleclick.net to their server farm, you're already blocking it without having to change anything or wait for some spamming weirdo to release an updated host file.

Re:Ad blockers are the new anti-virus.

My HOSTS file is a symbolic link to my rainbow tables database of every word, ever.

Re:Ad blockers are the new anti-virus.

[Zontar+The+Mindless]

My hosts file is a symbolic link to an image of Natalie Portman covered in hot grits, holding a copy of Lotus Notes and a machine gun.

Re:Ad blockers are the new anti-virus.

I didn't realise that ad blockers stopped Crytowall email attachments.

I recommend clients use ad blockers, but not having a reliable AV is just callous.

Re:Ad blockers are the new anti-virus.

DNS eats power, cpu cycles, ram as a local separate server especially. DNS redirect poisoning security issue too. To fix that you have to double your overheads literally by using tcp instead of udp. DNS rules tables are also a lot harder to understand for regular users as opposed to hosts files simple setup internally by comparison.

Re:Ad blockers are the new anti-virus.

Host files do by blocking email server address. You never get it at all.

FUD...

... with how rotten companies are these days you can never tell if its a genuine issue or some other competitor running a smear campaign.

Either way there's no perfect AV software and as always the arms race will continue.

Is this really a good strategy?

What Kaspersky expects from users:
  "woah this non-Kaspersky AV is crap it gives false positives!!"

Reality:
  "woah, Kaspersky is crap it doesn't detect this virus that this other AV found!!"

Re:Is this really a good strategy?

[U2xhc2hkb3QgU3Vja3M]

Second reality (no, not the one from Future Crew):
"Wow Kaspersky are fucking assholes, I'm not going to use their software anymore."

Re:Is this really a good strategy?

[Vlad_the_Inhaler]

You are missing the point, and it was even in the article.
Those false positives occasionally led to vital Windows components being quarantined, I remember a reboot loop caused this way.

Re:Is this really a good strategy?

This is only possible if third-party installers can add or modify files that are vital to Windows, which is hard to believe. Is this really the case? If Windows has no OS/app separation then it is seriously flawed.

Re:Is this really a good strategy?

Antivirus software demands permission to run as root so it can properly quarantine and delete infected files that are modified or added by malicious software running as administrator (which gets that right by either manipulating the users, or a privilege escalation script). At this level of permission, no OS has OS/app separation.

Re:Is this really a good strategy?

[kernel_user]

See rootless in OS X El Capitan: http://apple.stackexchange.com... http://www.quora.com/Can-someo...

Moscow-based

Was there a need to point that out?

Re:Moscow-based

[U2xhc2hkb3QgU3Vja3M]

If they really wanted to point it out, they would have made a link to Google Maps.

Re:Moscow-based

[Infiniti2000]

Why not? Microsoft is noted as the "Redmond, Washington-based company." When legality is in question, it's critical to know where the companies are based. What is legal in Russia is very different than what's legal in the U.S., or even Washington state.

Is anyone surprised??

The fear mongering and marketing ploys of business today is disturbing. Would not put anything past a web security company to taint the water of other competitors for an advantage. Just as I would not be surprised to find a security company producing targeted malware that affects only certain products.Wink, Wink.
At least most people have learned that your almost just as safe with a free version of security as the paid. The only real security they provide is the definitions of known malware circulating. Everything else just produces false positives or lame attempts at suppressing potential malware signatures. Now, Kaspersky is not any worse then a Symantec, or Trend Micro or any of the dozen's of anti malware companies out there. This is only one tale of what one company might be doing.
In fact for me I never run live security monitoring ever! I use Malwarebytes frequently and have yet to be infected with anything. If you keep up on updates, stop using malware magnets like Flash player. You run far less risk of ever getting anything nasty. I know plenty of idiots who click on everything and can infect the most protected device on earth. I also know some who run no security and have no problems. What is the key? Being smart and self protecting about your internet use.

Ethics?

"Such actions are unethical, dishonest and their legality is at least questionable."

Remember Enron? Yeah, what they did was somewhat unethical as well. Remember the subprime crisis? Plenty of ethically shady bankers in that as well. Stop pretending you care at all, because you don't. You only have to appear like you didn't know for PR reasons.

Re:Ethics?

[tnk1]

He may or may not know.

What is important is that he has responsibility for the actions of his company. He will need to show without a shadow of a doubt that this was a totally rogue action that was not at all encouraged by their company directives OR their culture.

It is possible that there was one guy or a group of folks who did this on their own completely against the policies and the implied culture of Kaspersky Labs. If so, then maybe he's not responsible.

However, it's hard to believe that someone would do this without at least a cultural acceptance of these sorts of actions inside the company. You need to ensure that you have ethical people working for you, and that you make it very clear that this sort of thing is NOT accepted and certainly not rewarded. And the leadership should be asking questions, and not encouraging a "plausible deniability" atmosphere of "anything goes as long as they can't pin it to me".

So yeah, the company may not be responsible, but it won't simply be a matter of whether Eugene Kaspersky gave an order to do it. It may be that Kaspersky Labs is staffed by people who are unethical or are encouraged to be unethical. In which case, they may not be legally liable, but they should certainly become pariahs.

Provably impossible

[Ungrounded+Lightning]

... where you analyze the executable and then based off that determine if it's malicious or not.

That's provably impossible. It's trivial to convert it to the halting problem.

Re:Provably impossible

[TechyImmigrant]

... where you analyze the executable and then based off that determine if it's malicious or not.

That's provably impossible. It's trivial to convert it to the halting problem.

They worked that out centuries ago when securing castles. That's why the guards shout "Halt! Who goes there?"

Greasy

This is really greasy behaviour.

For the BEST custom hosts file?

See subject & APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o...

FREE & adds speed, security, + reliability, doing more with less, more efficiently vs. browser addons & locally installed DNS servers @ home + fixes DNS' redirect security issues - obtaining its data vs. online threats & adbanner blocking from 10 reputable sites in the security community, using a tool you already have (hosts)!

* :)

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus per this VERY recent testing of them all http://www.av-test.org/en/news...

&

It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

+

In its 32-bit model also https://www.virustotal.com/en/...

---

"The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"...

APK

P.S.=> By "yours truly" - "The Lord of Hosts" so-to-speak:

PERTINENT QUOTE/EXCERPT:

"The image this title brings to mind is of a mighty military commander, one who can at a mere word summon rank upon rank of protective power" from https://answers.yahoo.com/ques... & THAT WORD = hosts!

(Accept NO substitutes!)

...apk

Re:For the BEST custom hosts file?

Ah, there you are apk. I thought maybe you went on vacation.

Re:The summary is a mess

[CohibaVancouver]

The summary is a mess

Then read the effing linked Reuters article. It's pretty clear.

No, can't DIY for actual antivirus. But ...

[raymorris]

DIY _really_ isn't an option for anti-virus. You can get some protection by having good backups, good host security such as SELinux, and maybe even a host-based IDS similar to Tripwire watching for any changes, but AV (scanning files looking for potentially malicious ones) is a big, big job. Lots of things are DIY, but AV isn't one of them.

I just started work for a company that does something related. We have a full time TEAM of people just entering new threats all day long. Another team maintains the backend of the engine, and another team does the GUI - all full-time. Plus some man-hours to maintain the systems used to find and enter vulnerabilities, source control systems, the test network, WA, etc. With 20-30 full time developers, you can have something roughly as effective as one of the major brands after several years of development effort.

NSA FUD demonising Russia

Dice has an ongoing policy of running stories that demonise Iran and Russia, and lionise Israel and Saudi Arabia. Go check Slashdot's history across the last two years if you don't believe me.

The GRAIN of truth here is the tedious fact that many anti-trojan programs throw up false-positives (quite deliberately) when spotting common code-morphing, or too many DLL hooks in a .exe. CLEAN game cracks used to play pirate copies are notorious for being FALSELY flagged as trojan infected code- and you can guess who pays for this state of affairs.

The NSA infamously produced a 'witness' to Saddam's NON-EXISTENT WMD program, and this witness (later fully discredited in even the press Dice wishes you to read) was the justification for Tony Blair's invasion of Iraq. Part of the job of the NSA is to CREATE fake witnessed to claimed malfeasance by target nations and companies. So here we have "BORIS THE CODER" telling us what 'bad boys' Putin's software companies are.

Which of you Betas are so mega-stupid, you'll fall for Dice's crude psy-ops tricks.

Why are Americans so fucking stupid?

"The company denied the allegations, and Kaspersky himself reiterated them,"

WTF? So Kaspersky "reiterated" the allegations? Fucking American idiots.

Absolute FUD

Kaspersky is one of the only anti-virus you can trust. And the best at detecting malware.

I know for certain, from a McAfee employee, that they collect info in the telemetry for NSA. This is done in the consumer's version of the software, and can be disabled only for corporations.

AdBlock+ = inferior & 'souled-out' vs. hosts

Can adblock+ do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites/servers (past ads)
2.) Protect vs. fastflux botnets + stop C&C communique
3.) Protect vs. dynamic dns botnets + stop C&C communique
4.) Protect vs. DGA botnets + stop C&C communique
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phish
10.) Protect vs. caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up surfing by adblocks & hardcoded fav. sites
14.) Work on anything webbound (ie email programs) multiplatform.
15.) Give you easily controlled data
16.) Do all that & block ads better than addons more efficiently in cpu cycles + memory usage

* ANSWER ="NO" to each above on ab+ doing it + hosts = already on every device natively.

APK

P.S.=> Ab+ does less than hosts & less efficiently - hosts do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

Ab+'s 128mb memory inefficiency http://cdn.ghacks.net/wp-conte... (hosts consume 3-11mb using my program initially).

+

ClarityRay defeats it by dumping addons in use in a browser via native browser methods!

+

Ab+'s paid to not do its job http://finance.yahoo.com/news/...

Ab+ adds complexity from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

What's best?

APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

&

It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

+

In its 32-bit model too https://www.virustotal.com/en/...

... apk

PrivacyBadger = ABP code & inferior vs. hosts

Can PrivacyBadger do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites/servers (past ads)
2.) Protect vs. fastflux botnets + stop C&C communique
3.) Protect vs. dynamic dns botnets + stop C&C communique
4.) Protect vs. DGA botnets + stop C&C communique
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phish
10.) Protect vs. caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up surfing by adblocks & hardcoded fav. sites
14.) Work on anything webbound (ie email programs) multiplatform.
15.) Give you easily controlled data
16.) Do all that & block ads better than addons more efficiently in cpu cycles + memory usage

* ANSWER ="NO" to each above on PrivacyBadger doing it + hosts = already on every device natively.

APK

P.S.=> PrivacyBadger does less than hosts & less efficiently - hosts do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

PrivacyBadger's Adblock+ codebase 128mb memory inefficiency http://cdn.ghacks.net/wp-conte... (hosts consume 3-11mb using my program initially).

+

ClarityRay defeats it by dumping addons in use in a browser via native browser methods!

+

PrivacyBadger adds complexity from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

What's best?

APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

&

It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

+

In its 32-bit model too https://www.virustotal.com/en/...

... apk

Ublock = inferior & inefficient vs. hosts

Can ublock do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites (past ads)
2.) Protect vs. fastflux botnets + stop C&C communique
3.) Protect vs. dyndns botnets + stop C&C communique
4.) Protect vs. DGA botnets + stop C&C communique
5.) Protect vs. downed DNS (4 reliability)
6.) Protect vs. redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phishing
10.) Protect vs. caps
11.) Get you by dnsbl
12.) Keep you off dns request logs
13.) Speed up surfing by adblocks & hardcoded favs
14.) Work on anything webbound (ie email programs) multiplatform.
15.) Give you easily controlled data
16.) Do those & block ads better than addons more efficiently in cpu + memory use

* ANSWER ="NO" to each on UBlock doing it as well or @ all!

APK

P.S.=> UBlock does less than hosts & less efficiently - hosts do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

Ublock's NOT as efficient:

Hosts @ 3mb-11mb w/ current data vs. threats + ads - test yourself using my program.

UBlock uses 63++ MB -> http://www.ghacks.net/2014/06/...

SCREENSHOT -> http://cdn.ghacks.net/wp-conte...

+

ClarityRay defeats it detecting it by dumping addons in use in a browser via native browser methods to do so!

+

UBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

What's better?

APK Hosts File Engine 9.0++ SR-2 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

+

In its 32-bit model also https://www.virustotal.com/en/...

... apk

Ghostery = 'souled-out' & inferior vs. hosts

Can ghostery do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites (past ads)
2.) Protect vs. fastflux botnets + stop communique to C&C servers
3.) Protect vs. dynamic dns botnets + stop communique to C&C servers
4.) Protect vs. DGA botnets + stop communique to C&C servers
5.) Protect vs. downed DNS (reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phishing
10.) Protect vs. bandwidth caps
11.) Get you by a dnsbl
12.) Keep you off dns request logs
13.) Speed up surfing by adblocks & hardcoded fav. sites
14.) Work on anything webbound (e.g. stand-alone email programs) multiplatform.
15.) Give you easily controlled data
16.) Block ads more efficiently in cpu + memory use vs. addons

* ANSWER ="NO" to each on Ghostery doing all that let alone as well as hosts do!

APK

P.S.=> Addons do FAR less than hosts do & FAR less efficiently - hosts by way of comparison, do MORE w/ less + Hosts start w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate (as 1st resolver queried):

Ghostery (Advertiser owned) - "Fox guards henhouse" -> http://en.wikipedia.org/wiki/G...

Addons add complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

ClarityRay DETECTS browser addons like Ghostery & blocks them (not hosts) via native browser methods.

What's better than ghostery by FAR?

APK Hosts File Engine 9.0++ SR-2 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

&

It's GUARANTEED safe & clean per it being checked by 57 antivirus programs recently in BOTH its 64-bit model https://www.virustotal.com/en/...

+

In its 32-bit model also https://www.virustotal.com/en/...

... apk

Kaspersky unethical?

Known KGB company that helped Iran fight attacks against its secret nuclear bomb program. I'm not surprised.

"Dilbert" or John Dvorak or someone else suggested

[eric_harris_76]

Anti-virus companies could (or have an incentive to) create virus-infected software and release it into the world, and then come up with detection for them faster then their competitors.

Don't recall if it was a joke, speculation, or a vague accusation, much less who made it. (It was years ago.)

So this claim seems more than a little familiar.