Slashdot Mirror

← Back to Stories (view on slashdot.org)

Office Depot, Best Buy Pull Kaspersky Products From Shelves (bleepingcomputer.com)

Posted by msmash on from the shape-of-things-to-come dept.

Catalin Cimpanu, reporting for BleepingComputer: Both Office Depot and Best Buy have removed Kaspersky Lab products from shelves. The ban has been in effect since mid-September, and the two chains are offering existing Kaspersky customers replacement security software. The first store to remove Kaspersky products from shelves was Best Buy, on around September 8. At the time, the FBI was pressuring the private sector to cut ties with the Russian antivirus maker, which was the subject of a Senate Intelligence Committee on the suspicion it may be collaborating with Russian intelligence agencies. Kaspersky vehemently denied all accusations. A week after Best Buy removed Kaspersky products from shelves, the Department of Homeland Security (DHS) issued a Binding Operational Directive published ordering the removal of Kaspersky Lab products off government computers. A day later, Office Depot announced a similar decision to ban the sale of Kaspersky products in its stores. Additionally, Office Depot is letting customers exchange their Kaspersky copy with a one-year license for McAfee LiveSafe.

3 of 155 comments (clear)

  1. Re:Kaspersky may well be innocent by mysidia · · Score: 5, Informative

    Russian government has many more instruments at their disposal to convince businesses and individuals to "cooperate"

    While that might be true; I doubt they would risk it.

    Probably you are at a MUCH higher risk if you replace Kaspersky software with McAfee LiveSafe, just because the McAfee offering is crap.

    Also, the risk of VULNERABILITIES in your AV product is at a much higher risk than an intentional backdoor existing (IMO).

    Personally; I use neither antivirus product favoring WebRoot instead, but I have some respect for Kaspersky, and nobody's shown any evidence specific to Kaspersky that they could not be trusted.

  2. Re:Kaspersky may well be innocent by Gravis+Zero · · Score: 3, Informative

    The problem is that open source projects can be contributed to by anyone, including state sponsored bad actors.

    You're not even wrong! However, it requires someone accept the contribution and never have someone notice the flaw. In the closed source model, nobody will ever have the chance to notice the flaw. Also, with a bit of pressure, a business will insert whatever blatantly evil code a state-sponsored actor insists on.

    Heartbleed. Tell me that the Heartbleed bug, the heartbeat function it fucked up the security on, and the RFC the heartbeat function was based on weren't all state sponsored.

    I can tell you for a certainty that shitty code occurs in the wild without the help of any state-sponsorship. OpenSSL was neglected but hey, thanks for the conspiracy theory!

    --
    Anons need not reply. Questions end with a question mark.
  3. Re:Kaspersky may well be innocent by F.Ultra · · Score: 3, Informative

    Yes but #1 that is code from the part of NSA whose job it is to increase security and #2 that code has been verified and vetted from top to bottom, it's not like they supplied a binary blob. Not to mention that the code itself have been heavily altered by the community over the years.