Slashdot Mirror
US Agency Revokes All State Discounts For Kaspersky Products (thebaltimorepost.com)
The U.S. General Services Administration has removed Kapersky Lab from its list of approved vendors for federal systems, which also eliminates the discounts it previously offered to state governments. Long-time Slashdot reader Rick Zeman writes:
"The agency's statement suggested a vulnerability exists in Kaspersky that could give the Russian government backdoor access to the systems it protects, though they offered no explanation or evidence of it," reports the Washington Post. Kaspersky, of course, denies this, offering their source code up for U.S. Government review... "Three current and former defense contractors told The Post that they knew of no specific warnings circulated about Kaspersky in recent years, but it has become an unwritten rule at the Pentagon not to include Kaspersky as a potential vendor on new projects."
"The lack of information from the GSA underscores a disconnect between local officials and the federal government about cybersecurity," the Post reports, adding that "the GSA's move on July 11 has left state and local governments to speculate about the risks of sticking with the company or abandoning taxpayer-funded contracts, sometimes at great cost."
The Post also quotes a cybersecurity expert at a prominent think tank -- the Center for Strategic and International Studies -- who believes that "it's difficult, if not impossible" for a company like Kaspersky to be headquartered in Moscow "if you don't cooperate with the government and the intelligence services."
"The lack of information from the GSA underscores a disconnect between local officials and the federal government about cybersecurity," the Post reports, adding that "the GSA's move on July 11 has left state and local governments to speculate about the risks of sticking with the company or abandoning taxpayer-funded contracts, sometimes at great cost."
The Post also quotes a cybersecurity expert at a prominent think tank -- the Center for Strategic and International Studies -- who believes that "it's difficult, if not impossible" for a company like Kaspersky to be headquartered in Moscow "if you don't cooperate with the government and the intelligence services."
They all cooperate to some degree with all larger governments. They do not have a choice, governments have far too much power simply because they are large customers. Assuming otherwise is exceptionally naive. Of course, there are limits. No AV vendor will allow known government malware (US, Chinese, Russian, etc.) through. They cannot afford that. Making it easier for unknown malware is a different thing. In the end, as long as the exposure-risk for them is small, AV vendors will cooperate with the criminally-minded government agencies that modern governments seem to treasure so much. Governments, unfortunately, are yet again in the process of becoming the enemy of not only their own citizens, just like history never happened.
The one thing we can now be reasonably sure of is that Kaspersky will now stop cooperating with the US government, which, in my book, makes their products better than what the competition has.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The possibility that Kapersky Lab is beholden to the Russian government is real.
Yes, yes, I know the same can be said for American based "security" companies, but it's more likly they are beholden to American spy agencies.
If you want news from today, you have to come back tomorrow.
"The agency's statement suggested a vulnerability exists in Kaspersky that could give the Russian government backdoor access to the systems it protects, though they offered no explanation or evidence of it," reports the Washington Post. Kaspersky, of course, denies this, offering their source code up for U.S. Government review... "Three current and former defense contractors told The Post that they knew of no specific warnings circulated about Kaspersky in recent years, but it has become an unwritten rule at the Pentagon not to include Kaspersky as a potential vendor on new projects."
I'm not a security expert, but I don't know that this would necessarily sooth me. For example, perhaps the "backdoor" is devilishly obscured. Or, perhaps future exploits of a particularly tricky and secret nature will mysteriously not be added to whatever library Kaspersky's stuff uses. And then there is the issue of regular software updates, does the US government have to check the code with a fine tooth comb every time - this alone would be problematic.
I mean, come on! To imagine that the Russians would not at least TRY to leverage the Kaspersky install base is ignorant.
If you want news from today, you have to come back tomorrow.
Well then, we'll just switch to the cheaper Chinese stuff.
Have gnu, will travel.
"...they're going to use Symantec? Score!"
https://www.us-cert.gov/ncas/a...
Software built by Russian companies is backdoored by Russian spooks.
Software built by American companies is backdoored by American spooks.
Software built by Chinese companies is backdoored by Chinese spooks.
Does this surprise anyone at all?
Yeah, good thing Hillary wasn't elected. She wouldn't have been a proper doormat for Putin.
National origin doesn't matter, people simply can't have full faith in closed source. All this propagandizing does is make modern man more equivalent to the cave man. If Kaspersky is offering source review with compilation on trusted systems, with sample submissions and the like running through trusted networks, then it's probably more trustworthy than others. People will remain clubbing it out like cave men, until they fundamentally change their markets and valuations, along with their software. Software bound to the confines of a society thriving on corruption bleeds that same corruption. Our own abhorrence towards such a state of being should inspire us to try and change it for the better, despite the likelihood of ending up as its victims ourselves.
For those of you not familiar with Swedish politics, the Sweden "Democrats" are anything but. They're right-wing/racist/ultra-nationalist, with their origins in the White Power movement and the Swedish Nazis. (Fun fact: Sweden never outlawed the Nazi Party.) They're a minority in the Riksdag, and every other party with seats refuses to co-operate with them on any matter.
The irony here is that SD are anti-EU and pro-Russian and they're attempting to score political points pretending to be against something that damages the EU and benefits Russia.
Our network is a critical infrastructure.
Nearly all communication ends up on the internet in some way.
A nation wide internet outage would cripple us, and make us prone to physical attack and demoralized the nation.
This isn't the 1980's where networked computers are used by a few egg heads to discuss Star Trek anymore.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Must of what? Apples?
"It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap