Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should Kaspersky Lab Show Its Source Code To The US Government? (gizmodo.com)

Posted by EditorDavid on from the closed-source-world-problems dept.

Today the CEO of Kaspersky Lab said he's willing to show the company's source code to the U.S. government, testify before Congress, and even move part of his research work to the U.S. to dispel suspicious about his company. The Associated Press reports: Kaspersky, a mathematical engineer who attended a KGB-sponsored school and once worked for Russia's Ministry of Defense, has long been eyed suspiciously by his competitors, particularly as his anti-virus products became popular in the U.S. market. Some speculate that Kaspersky, an engaging speaker and a fixture of the conference circuit, kept his Soviet-era intelligence connections. Others say it's unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President Vladimir Putin. No firm evidence has ever been produced to back up the claims...

Like many cybersecurity outfits in the U.S. and elsewhere, some Kaspersky employees are former spies. Kaspersky acknowledged having ex-Russian intelligence workers on his staff, mainly "in our sales department for their relationship with the government sector." But he added that his company's internal network was too segregated for a single rogue employee to abuse it. "It's almost not possible," he said. "Because to do that, you have to have not just one person in the company, but a group of people that have access to different parts of our technological processes. It's too complicated." And he insisted his company would never knowingly cooperate with any country's offensive cyber operations.
A key Democrat on the Senate Armed Services Committee has told ABC that "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure." Meanwhile, Slashdot reader Kiralan shares this article from Gizmodo noting Kaspersky Lab "has worked with both Moscow and the FBI in the past, often serving as a go-between to help the two governments cooperate." But setting the precedent of gaining trust through source code access is dangerous, as is capitulating to those demands. Russia has been making the same requests of private companies recently. Major technology companies like Cisco, IBM, Hewlett Packard Enterprise, McAfee, and SAP have agreed to give the Russian government access to "code for security products such as firewalls, anti-virus applications and software containing encryption," according to Reuters. Security firm Symantec pointedly refused to cooperate with Russian demands last week. "It poses a risk to the integrity of our products that we are not willing to accept," a Symantec spokesperson said in a statement.

84 of 182 comments (clear)

  1. Buy American? by Frosty+Piss · · Score: 2

    Beyond the paranoia, shouldn't American strive to buy American if there is an available competing product? I'm not "flag waving", but it does seem like at least one way to contribute to the American economy in some way.

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Buy American? by Anonymous Coward · · Score: 3, Insightful

      What happens when you buy American? The "American" company that has it's actual headquarters in Ireland or the Bahamas (on paper at least) shifts it's profits into a Swiss bank account and then funnels the money back via a subsidiary in the Netherlands, helping no-one but their C-level executives.

    2. Re:Buy American? by sit1963nz · · Score: 2, Insightful

      The same argument then applied to every country who buys anything FROM the USA.

      There is over US$2 Trillion in exports to be put at risk by other countries doing the same.

      Does the USA really want to be locked out of 80% of the worlds economy and 94% of the worlds customers ?

    3. Re:Buy American? by Frosty+Piss · · Score: 1

      The same argument then applied to every country who buys anything FROM the USA.

      I'm talking about sales to the Federal Government. Private entities can buy from whoever they like within the law.

      --
      If you want news from today, you have to come back tomorrow.
    4. Re:Buy American? by Frosty+Piss · · Score: 1

      Maybe if the american AV companies didn't make such a horrible bloated POS that kills half of your PCs performance. It's probably not written in america anyways. Probably from India

      Windows Defender works great and gets good reviews even from Windows haters. But you're right, it was probably written in India, or at least by H1B Indians in Redmond...

      --
      If you want news from today, you have to come back tomorrow.
    5. Re:Buy American? by sit1963nz · · Score: 1

      Again, all other countries do the same.

      So that ends up including Health, Education, Military, Law and Order, etc etc. Worse is that governments end up dictating software to the private entities, for example if all government documents had to be in Latex or Open Office formats, private businesses would move over to that software accommodate the governments needs. Why do you think Microsoft works so hard to keep governments using their software ?

      So its not as simple as you make out.

    6. Re:Buy American? by fuzzyfuzzyfungus · · Score: 2, Interesting

      It isn't just AV outfits. I don't know how much arm-twisting this originally may have involved; but Microsoft will let suitably qualified government customers look at the code. Given that the people who don't respect your copyrights have access to pirated versions anyway; and you don't really want "Security" to be an automatic winning argument against using your product, I imagine that it's not too hard a case to make.

      What I wonder more about is how much this access actually helps those who have it. Antivirus products in particular, and reasonably complex software in general, receive vendor updates that can, and sometimes do, substantially alter their behavior quite frequently(and often in response to serious security holes, so you can't just adopt a blanket policy of sitting on all updates for 18 months); so if you want to stick to the carefully hand-reviewed stuff, you'll be so far out of date that random botnets and commercially motivated attackers will be nibbling on you; but if you want timely signature updates and security patches you essentially end up trusting the vendor to not slip something nasty into some urgent auto-update.

    7. Re:Buy American? by chuckugly · · Score: 1

      Yeah security software in particular tends to also be pretty complex, with a lot of hooking, filtering, and other kernel shenanigans along with service level support and user mode hooking. I guess source would help in looking for obvious remote backdoors a lot, but actual full on analysis would be probably beyond most if not all enterprises and probably a lot of state agencies.

    8. Re: Buy American? by nick_davison · · Score: 4, Insightful

      So the federal government should only buy American where comparable American products exist?

      But you start playing the protectionist game and other countries' governments may return the favor you've shown to their economies by ordering non American whenever a comparable product exists.

      How well do you think Lockheed and Boeing will do when they're shut out of all European defense contracts because EADS, British Aerospace and SAAB all make comparable products?

      How much do you think the already massively cost overrunning F-35 will cost when you can only spread the development cost over US only sales? It's a project that only got off the ground because they figured in export sales to people like the U.K.

      It seems ironic that one faction within the US believes that a free market with minimal government involvement to skew that market is the key to success... except when it's politically expedient to add extra federal process to avoid a free market.

    9. Re:Buy American? by gravewax · · Score: 1

      protectionism begets retaliatory protectionism. You want to be real sure you are going to be on the winning end of that before you start such a war.

    10. Re:Buy American? by someone1234 · · Score: 1

      Probably for the same reason (US government means CIA/NSA too), Kaspersky is rightfully anxious.
      Russian or US, these governments are all the same, i wouldn't even be surprised if some hackers are on both payrolls.

      --
      Patents Drive Free Software as Hurricanes Drive Construction Industry
    11. Re:Buy American? by davester666 · · Score: 1

      Not only that, but just seeing the source is no guarantee. The gov't would have to inspect the source AND compile it and then use that executable. As well as examine all the various virus definition files and only use the ones they have examined. And then somehow make sure Kaspersky isn't holding back some of them and isn't intentionally using an incorrect virus def file (say one that lets through a Russian gov't virus).

      --
      Sleep your way to a whiter smile...date a dentist!
    12. Re:Buy American? by butzwonker · · Score: 1

      As far as I can see many Americans are worried about illegal NSA surveillance. I'll leave it open whether that's reasonable or unreasonable, but at least for those people it makes perfect sense not to run US antivirus software and instead use software from Russia, Romania, etc.

      By the same token, my answer to the headline question is No. The only effect of giving source code to the US government is that it will be handed over to the NSA who will then analyze it for weaknesses. (I'm fairly confident that they already have done that will all antivirus software, though, so in the end it won't matter much. But anticipatory obedience is generally not a good way to deal with government wishes.)

    13. Re: Buy American? by dougdonovan · · Score: 1

      obviously the us govt does not have the tech savvy balls to access kaspersky. if you have to ask, you are wrong. the courts...will support the evidence, they dont know any better.

    14. Re:Buy American? by thegarbz · · Score: 1

      As a resident of the Netherlands I think you're completely wrong. We also benefit a bit along with the C-levels :-)

    15. Re:Buy American? by Errol+backfiring · · Score: 1

      You must be the one watering the plants.

      If you can read Dutch, this article explains you only need a chair and a plant to use the Dutch tax haven.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    16. Re:Buy American? by cstacy · · Score: 1

      >> The same argument then applied to every country who buys anything FROM the USA.

      > I'm talking about sales to the Federal Government. Private entities can buy from whoever they like within the law.

      If you suspect a foreign entity (from Russia in the present case), what should a buyer in another country think about foreign products from the USA?

      They should think it may contain backdoors/vulnerabilities and possibly even be deliberately compromised by the United States government. And I can assure you that they DO already think this. Why the United States government -- particularly the military -- is basing the security of its IT infrastructure on a product from a Russian company with close ties to the KGB is just incomprehensible.

      At least now they are going to audit the software. Unfortunately, they will miss things.
      (They would also miss things if it were USA-produced software, so the question there is whether
      the things they miss would become known to the cyber-enemies as quickly.)

      I doubt they will maintain configuration control: random new un-audited unverified versions of the software
      will be routinely installed on the government computers; perhaps slightly less so on the military networks.
      Even though the military tries to lock things down, people still connect unauthorized things.
      Most of the government doesn't even pretend to lock anything down and cybersecurity is a bad joke.

      What is needed is a clean-room secure build by the government for the government.
      It should be secret source, because StO is in fact a valid part of the security profile in this context.
      (And anyone else, private or foreigners, ought to be able to use it, too.
      If they feel like trusting the USA intelligence agencies more than Kaspersky.)

    17. Re:Buy American? by thegarbz · · Score: 1

      Can you caution paywall that next time to save me the hassle? But yes, that's kind of how the Belastingdienst works.

    18. Re:Buy American? by fuzzyfuzzyfungus · · Score: 1

      Unless you grovelled quite carefully over every new batch of virus signatures and heuristics(not necessarily a good idea if it delays protection against viruses that could already be hitting your gullible users; and not necessarily an easy task, if the number of occasions when an AV vendor has accidentally broken the OS or some common program by misidentifying it as a virus is anything to go by); even a fully 'non-malicious' antivirus program could turn very unpleasant very fast with the wrong update.

      Be a real pity if some parts of your PKCS 11 stuff generated some false positives and the 'sample submissions' happened to include key material, no?

    19. Re: Buy American? by easyTree · · Score: 1

      Never buy American. More CO2 is used per unit work. Think of the environment!

      --
      Requiem for the American Dream
    20. Re: Buy American? by easyTree · · Score: 1

      Agreed. One only needs to look at the way unconscious xenophobia (arguably a bug in our psyche) may be exploited and escalated to gain additional permissions by unscrupulous government.

      --
      Requiem for the American Dream
    21. Re:Buy American? by chuckugly · · Score: 1

      Modern AV is not even primarily based on old fashioned signatures; this is a common misconception. Top tier AV vendors still include and devote significant resources to signature based protection but it's just one facet of the overall defense. Reviewers that concentrate on testing against the sort of threats signature based portions of AV protection excel against probably don't help with killing this misconception. Other means of determining the validity of a process image or data include crowd sourced reputation, behavior analysis, on demand local sandboxing, IDS, and a host of other techniques.

      However I believe your basic points stand; modern anti-malware packages are difficult to analyse due to being complex, multifaceted, and subject to rapid innovation and other change. They are also constantly treading a very fine line between protection and facility. For instance one very popular AV product will reliably block online games and other such rapidly mutating applications if the application vendor in question fails to digitally sign even a single module. Personally I'm OK with this but I know many gamers who have had strong negative reactions to it after the game vendor (Trion in the cases I've seen) has failed in this way.

    22. Re: Buy American? by aliquis · · Score: 1

      If you believe in competition and competitiveness then no.

  2. You must answer, "Yes"... by Captain+Ramage · · Score: 1

    Well, come on now, you really must answer, "Yes" if you are for open source and the ability of the user(s) to review the code. After all, isn't the U.S. Government right now saying that they don't trust the code? Or, they've got concerns, at least?

  3. Re:Trump is cool by gweihir · · Score: 2, Interesting

    No moderation option "-1 Moron", so posting it instead.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  4. Closed source security software by fred6666 · · Score: 5, Insightful

    Why should anyone trust closed source security software in the first place?

    1. Re:Closed source security software by Gravis+Zero · · Score: 1

      Nobody should have to trust any closed source software. Trusting Microsoft is a huge mistake because they have a horrible track record when it comes to writing secure software. Kaspersky Lab on the other hand actually has a good record for being an excellent anti-virus program. I would trust Kaspersky Lab over Microsoft but I don't have to trust either of them, so I don't.

      --
      Anons need not reply. Questions end with a question mark.
    2. Re:Closed source security software by Xenographic · · Score: 1

      I honestly agree with this. I think they should be demanding the source to all security relevant products, if for no other reason than that they can control and analyze them. When software is feature complete, business types love to shove it into maintenance mode, leave a skeleton crew to do security updates and in general lower the quality with each new release by trying to milk it.

    3. Re:Closed source security software by AHuxley · · Score: 1, Interesting

      Security software helps find nation state efforts
      Longhorn: Tools used by cyberespionage group linked to Vault 7
      https://www.symantec.com/conne...
      Equation Group https://en.wikipedia.org/wiki/...
      Stuxnet https://en.wikipedia.org/wiki/...
      Operation Socialist https://en.wikipedia.org/wiki/...

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:Closed source security software by rtb61 · · Score: 1

      There is a real catch for closed source proprietary code security software, everyone knows exactly what the NSA/CIA will do, look for bugs and keep the results secret, so they can hack in any time they want, not matter the consequences in the interim, pack of morons. For Kaspersky there is nothing to win, they will never buy the software and when the lobbyists instruct the political appointees to lie, they will. They will discover a direct link in Kaspersky software to the KGB, Soviet Union and Stalin, talk about it for months on end, back doors, keyloggers, all insiders leaks, to destroy Kaspersky's reputation and then months and months latter pretend nothing happened. There is definitely nothing for Kaspersky to win here.

      --
      Chaos - everything, everywhere, everywhen
    5. Re:Closed source security software by sad_ · · Score: 1

      and who's to say they will show the actual source? maybe they'll clean it up before handing over.

      --
      On a long enough timeline, the survival rate for everyone drops to zero.
    6. Re:Closed source security software by swb · · Score: 1

      I'm sure there's some requirement to not just *see* the source, but to build it independently with the same toolchain and make sure you get the same executables.

      The problem with Kaspersky is that like all AV it's self-updating with definitions and program updates, it's not a static executable.

    7. Re:Closed source security software by cstacy · · Score: 1

      Nobody should have to trust any closed source software. Trusting Microsoft is a huge mistake

      The government doesn't trust Microsoft ; they have access to the source and audit it.
      Well, they sort-of trust them. And they sort-of audit it. Sometimes.

      You are aware that SE Linux is originally a product of the US military (DARPA) I assume?

      Of course, they're not auditing any software perfectly. I don't know how much the different
      parts of the government look at any of these systems. Probably not as thorough and ongoing as one would wish.

    8. Re:Closed source security software by RockDoctor · · Score: 1

      I honestly agree with this. I think they should be demanding the source to all security relevant products

      The word "security" is superfluous in this sentence. Where does "security" start? Or stop?

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  5. Doesn't matter by mhkohne · · Score: 3, Insightful

    Even if Kaspersky shows the source today and intends to be completely upright in their dealings, they are still susceptible to govt interference. The govt could nully them into doing it's bidding, or could plant it's own people on the team.

    Just as I understand China not wanting to take MS at it's word, we should probably not rely on these guys.

    --
    A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
    1. Re:Doesn't matter by Anonymous Coward · · Score: 5, Insightful

      So we shouldn't trust a Russian company because they may or may not have ties to the Russian government to do "bad things"

      But we have plenty of evidence the NSA has actually done real bad things and forced US companies to help and enable them to do it.
      So clearly we can't use any American software either.

      Where should we get our software from now?

    2. Re:Doesn't matter by Frosty+Piss · · Score: 2

      Just as I understand China not wanting to take MS at it's word ...

      Hah! I get it, MS Word!

      --
      If you want news from today, you have to come back tomorrow.
    3. Re:Doesn't matter by Darkling-MHCN · · Score: 1

      Correct.

      Every virus program is measured by its ability to quickly and effortlessly release updates to combat new threats, so who knows what new threats Kapersky might counter in a time of war.

      The major difference between the NSA and Russia is NSA will want every computer in the USA to keep functioning whereas in a time of war Russia would want every computer in the USA to stop functioning.

    4. Re:Doesn't matter by BlueStrat · · Score: 2

      The major difference between the NSA and Russia is NSA will want every computer in the USA to keep functioning whereas in a time of war Russia would want every computer in the USA to stop functioning.

      Not sure that's been true for some time, if ever regarding the USA (government) wanting every computer in the USA to keep working. I believe just the opposite, that the US government views the US population as at least as much, if not more, of a threat than any foreign state, and wants the ability to hack into and/or shut down any civilian/private/individual network or computer in the US, and is so afraid of the population that it's willing to sacrifice security vs foreign states to obtain it.

      So far they've demonstrated a willingness...nay, a blatantly-cavalier attitude towards allowing back-door-able bugs to remain or be deliberately inserted into software to compromise & weaken security sold to and used by the general public.

      They keep telling us through their actions that they consider the US population enemies and potential enemies. If they persist, many in the population will begin to believe it themselves, and act accordingly.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    5. Re:Doesn't matter by cstacy · · Score: 1

      So we shouldn't trust a Russian company because they may or may not have ties to the Russian government to do "bad things"

      But we have plenty of evidence the NSA has actually done real bad things and forced US companies to help and enable them to do it.
      So clearly we can't use any American software either.

      Where should we get our software from now?

      If you are a government / military, you should write it yourself.
      Or only use specific versions that you have audited and trust.

  6. Not just the government! by Tony+Isaac · · Score: 1, Insightful

    The real value of anti-virus software is not the source code, it's the data--the signatures it looks for to spot malware. I'm fine with them keeping their database proprietary. But why not make the source code freely available...unless they have something to hide!

    1. Re:Not just the government! by Zemran · · Score: 1

      Something to hide? You mean like normal business practice? I am far more worried about the way they are rolling over.

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    2. Re:Not just the government! by Opportunist · · Score: 1

      It's easy to write code that morphs, but hard (in my opinion impossible) to write it in such a fashion that it cannot be identified.

      Back when morphing code was still en vogue (back when malware writers put in some effort into their work, today it's mostly the same shoddy hacks that any other commercial software is), part of my job was to develop routines that could identify morphing malware. With some it was easy, with some it was hard (and I distinctly remember one particularly nasty bugger that we could only implement in such a way that we had to whitelist quite a few game copy protection mechanisms that curiously had similar routines...) but it was far from impossible to design detection routines for them.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. What difference does it make? by Tony+Isaac · · Score: 1

    Let's say they release some source code. Who could prove that the executable that customers use, was compiled from that source code, without modification?

    1. Re:What difference does it make? by Kjella · · Score: 1

      Let's say they release some source code. Who could prove that the executable that customers use, was compiled from that source code, without modification?

      Reproducible builds is a pretty big thing for open source too, for example Debian. As long as you have information about the build environment (compiler name and version, build flags, source path), the vast majority of packages will now give the exact same binary. If not there are typically small differences due to various system parameters that can be diff'ed and deciphered. How easy it would be for Kaspersky's code only they know, but with the US government's resources it should be no problem to verify the result.

      --
      Live today, because you never know what tomorrow brings
  8. What to learn from this article by guruevi · · Score: 1, Flamebait

    a) Don't trust Symantec, they've got stuff to hide in their source code whether it's NSA-stuff or sloppy code.
    b) You can probably trust Kaspersky for most things except NSA-stuff.

    I've personally never trusted Symantec and I always thought Kaspersky was good enough for the home, I never considered them to be a serious contender in the enterprise-market. I have serious reservations about most US-based closed source (security) software and closed system hardware manufacturers. The NSA persuaded a relatively small (10k employees) employer of mine to install taps with full cooperation of Cisco and IBM, so any of these larger companies must have ties if not outright taps in the software.

    What we really need is for these companies to open-source their stuff.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:What to learn from this article by Gravis+Zero · · Score: 1

      What we really need is to only use open-source stuff.

      FTFY.

      --
      Anons need not reply. Questions end with a question mark.
    2. Re:What to learn from this article by hduff · · Score: 1

      Yes. The CIA has developed its Open Source OS. Feel free to use it.

      --
      "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
    3. Re:What to learn from this article by king+neckbeard · · Score: 1

      No, it's because an enemy of my enemy is slightly less of an enemy to me. That's why Snowden was safe in Russia. He is an enemy of the US government, and so is the Russian government.

      --
      This is my signature. There are many like it, but this one is mine.
  9. No fucking way by Dunbal · · Score: 2

    The government is free to write its own anti-virus software.

    --
    Seven puppies were harmed during the making of this post.
  10. Would a US company do the same? by Zemran · · Score: 2

    How many US companies would want to show their source code to the Russian government? The Russia government has a far more trustworthy record in this area. Most malware now is based on code from the NSA. I think Kaspersky should not trust the US government and by doing so they become less trustworthy. If they rolled over on this how can we trust them not to allow changes to their code?

    --
    I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
  11. of course they shouldn't by Yurka · · Score: 1

    They are (to the extent it is applicable to anything that's Russian) a private company, at least on the US market, and they can hide or disclose whatever parts of the code they want, unless there's a subpoena or a search warrant. But by the same token, of course no agency in their right mind, much less a government agency, can possibly contemplate using anything developed by a KGB man.

    --
    I can assure you, the best way to get rid of dragons is to have one of your own.
  12. Offered in 2006 by AHuxley · · Score: 3, Informative

    "Russian anti-virus CEO offers up code for US govt scrutiny"
    http://hosted.ap.org/dynamic/s...
    "... ready to have his company's source code examined by U.S. government officials"

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re:Offered in 2006 by AHuxley · · Score: 3, Informative

      Cyber spying risks the future of the internet (Nov 7 2013)
      http://www.smh.com.au/it-pro/s...
      We are opening an office in [Washington] DC for this reason. We will send our source code, you can check our source code. You're welcome."

      --
      Domestic spying is now "Benign Information Gathering"
  13. solution: Eset NOD32 by elcor · · Score: 1

    Catches a lot, low footprint, Czechoslovakia is just awesome.

    1. Re: solution: Eset NOD32 by dunkelfalke · · Score: 1

      Can I borrow your time machine?

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    2. Re: solution: Eset NOD32 by elcor · · Score: 1

      oh god - does it suck now? (I admit I've been on mac since 2009)

    3. Re: solution: Eset NOD32 by dunkelfalke · · Score: 1

      It is not that good anymore, but that was not my point. Czechoslovakia has ceased to exist 25 years ago.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  14. It seems . . . by hduff · · Score: 1

    TFA: "A key Democrat on the Senate Armed Services Committee has told ABC that "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure.""

    The same could be said by any foreign government or individual about Microsoft or Apple operating systems.

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
  15. Re:Who would install Putin's "anti-virus" ? by hduff · · Score: 1

    I e-mailed all my gay clown porn to vlad247@aol.com. He wrote me back a nice thank you letter. I now run Kaspersky on all my devices without fear!

    Links or STFU.

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
  16. Why should they? by Snotnose · · Score: 1

    Seriously, let them decide "fuck the USA, we still have the rest of the world". Downside? Sales in the US fall. Upside? As the great lady sings "Are EE Ess Pee Ee See Tee".

    Give em the source. Downside? NSA says "damn, never thought of that.". Or "damn, they just found $NSA_Hack_Tool". Upside? Nothing I can think of, outside of sales in the US.

  17. Re:When he says he'l show it to the 'government' by sycodon · · Score: 1

    "sure, here's mode code right here. I promise it's the real thing"

    Regardless of the other arguments, who really thinks he will provide the real code?

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
  18. Re: Trump is cool by king+neckbeard · · Score: 1

    No, I want Trump shot into the sun, but at worst, Russia used journalism against America, which is GOOD for the people, albeit bad for the government.

    --
    This is my signature. There are many like it, but this one is mine.
  19. Spy-agencies power by manu0601 · · Score: 1

    It's unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President

    The funny part is that you can take this sentence, replace Russia by US, and state-owned by privately-owned, and it is still true.

  20. Re:Who would install Putin's "anti-virus" ? by king+neckbeard · · Score: 2

    Because Putin's anti-virus would be the one most likely to not have NSA backdoors, which is what an American citizen should be concerned about.

    --
    This is my signature. There are many like it, but this one is mine.
  21. Show of hands by DivineKnight · · Score: 1

    Who believes the US government doesn't have a full copy of the source already?

  22. For once... by MSG · · Score: 1

    For once, the answer to the headline is "yes."

    Yes, Kaspersky should show its source code to the US Government. They should show their source code to all of their users. All software should come with its source code. If you weren't convinced of that before, you should have been by the audit of Toyota's source code.

    http://www.safetyresearch.net/...

  23. They probably should by rsilvergun · · Score: 1

    it's the kind of positive make-work project that does good things for the local economy. The guys I know in the defense industry make 2-3x the going rate for the equivalent work (unless they're high-end math guys, Wallstreet gobbles those guys up for HFT).

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  24. Beware Of Backdoors by nick_davison · · Score: 2

    It's important that the US government, the primary creator of forced backdoors and exploits, can make sure code doesn't have... oh.

    Now, if you'll excuse me, I've got to go and patch everything in my home due the the huge cache of zero day exploits the NSA were hoarding, rather than reporting, until they got leaked.

  25. Paranoia by allo · · Score: 1

    Who to trust? American Software? Ask the NSA, they will recommend it.
    If the russians want to spy, they at least want to spy on the government not on the people.

  26. I'd like to see it happen by GeekWithAKnife · · Score: 1

    Today the CEO of Kaspersky Lab said he's willing to show the company's source code to the U.S. government, testify before Congress, and even move part of his research work to the U.S. to dispel suspicious about his company. The Associated Press reports:

    From real life to gaming VR I've never heard of anyone being able to dispel suspicious.

    --
    A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
  27. Trustworthy? by bradley13 · · Score: 3, Insightful

    "Kaspersky Lab cannot be trusted to protect critical infrastructure"

    Whereas the US government is totally trustworthy. /sarc

    --
    Enjoy life! This is not a dress rehearsal.
  28. connections by Tom · · Score: 2

    Some speculate that Kaspersky, [...] kept his Soviet-era intelligence connections.

    No shit. Of course he did, you have to be a total idiot not to have connections to the intelligence sphere of the country you are operating in if you own a company in the security industry.

    The question should not be if he has connections. That's a given. You think McAfee has no such connections? The question is if they affect the product he is selling in a technically meaningful way. That he keeps such connections for the purpose of sales is clear.

    But hey, digging deeper than a sensationalist quote has fallen out of fashion, hasn't it?

    --
    Assorted stuff I do sometimes: Lemuria.org
  29. Dear Leader Putin Does What He Likes by Maritz · · Score: 1

    Russia is a kleptocracy, and it's absurd to think they could not put the screw on Kaspersky. While they are based in or have assets in Russia, I certainly wouldn't use them. End of story.

    If Kaspersky resisted, it'd be bullets and polonium tea all around. Simple as that.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  30. Re: Trump is cool by king+neckbeard · · Score: 1

    I suppose traitor would be the closer answer. I'm opposed to my government because I give a shit about my country. I think we should release anything bad on Putin, Russian hackers should release anything bad on us, and rinse and repeat for every other country in the world. Then, we get plenty of sunshine, and the cockroaches scatter.

    --
    This is my signature. There are many like it, but this one is mine.
  31. Re: Trump is cool by king+neckbeard · · Score: 1

    Yeah, but he's a different kind of liar, which was slightly less disgusting to a portion of the population. Particularly, he told the truth on some issues, such as TPP. Had the Dems nominated Sanders, a lot of that appeal would have been gone.

    --
    This is my signature. There are many like it, but this one is mine.
  32. covfefe ! by DrYak · · Score: 1

    he will tweet a 3am patch for the backdoors

    Oh, then that's what Covfefe was !
    That's why "The president and a small group of people know exactly what he meant [by covfefe]" !
    It was a super secret code word to fix a vulnerability in Microsoft Windows before the Petya ransomware spreads ?

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  33. Re: Trump is cool by gweihir · · Score: 1

    Indeed. But Trump followers often resemble Trump, so that is not much of a surprise.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  34. Which US government? by WillAffleckUW · · Score: 1

    The Russian apparatchiks in the White House?

    Or the freedom fighters in Deep State?

    --
    -- Tigger warning: This post may contain tiggers! --
  35. Pointless by Stan92057 · · Score: 1

    What would be the point? they can upload security updates at any time to upload nefarious programs/functions. I get almost 6 Mb a day security updates from Norton how do i know they are not acting hand in hand what their government ? Or they are acting with someone else?

    --
    Jack of all trades,master of none
  36. It should show its source code to EVERYONE by hackel · · Score: 1

    Kaspersky Lab should show it's source code to *everyone*, not just the U.S. government. It's absurd to even contemplate relying on a security product for which the source code is not publicly available. This case should highlight how incredibly absurd it is that proprietary software still exists in our society.

  37. Re:Who would install Putin's "anti-virus" ? by king+neckbeard · · Score: 1

    But even in your metaphor, proximity matters. If I have two shields, one strong against the Scylla and weak against the Charybdis, one strong against the Charybdis and weak against the Scylla, and I'm sailing pasting the Scylla, I would be a fool to not choose the shield strong against the Scylla, even though it is weak against the Charybdis, because the Charybdis is too far away to be a real concern.

    Ultimately, I'd advise against using Windows altogether, but that's an entirely different conversation.

    --
    This is my signature. There are many like it, but this one is mine.
  38. Oceania by easyTree · · Score: 1

    Don't look at the NSA, look at the Russians!

    --
    Requiem for the American Dream
  39. Re: Trump is cool by king+neckbeard · · Score: 1

    It was good for US corporations, but bad for US workers.

    --
    This is my signature. There are many like it, but this one is mine.