Slashdot Mirror

← Back to Stories (view on slashdot.org)

Office Depot, Best Buy Pull Kaspersky Products From Shelves (bleepingcomputer.com)

Posted by msmash on from the shape-of-things-to-come dept.

Catalin Cimpanu, reporting for BleepingComputer: Both Office Depot and Best Buy have removed Kaspersky Lab products from shelves. The ban has been in effect since mid-September, and the two chains are offering existing Kaspersky customers replacement security software. The first store to remove Kaspersky products from shelves was Best Buy, on around September 8. At the time, the FBI was pressuring the private sector to cut ties with the Russian antivirus maker, which was the subject of a Senate Intelligence Committee on the suspicion it may be collaborating with Russian intelligence agencies. Kaspersky vehemently denied all accusations. A week after Best Buy removed Kaspersky products from shelves, the Department of Homeland Security (DHS) issued a Binding Operational Directive published ordering the removal of Kaspersky Lab products off government computers. A day later, Office Depot announced a similar decision to ban the sale of Kaspersky products in its stores. Additionally, Office Depot is letting customers exchange their Kaspersky copy with a one-year license for McAfee LiveSafe.

17 of 155 comments (clear)

  1. Kaspersky may well be innocent by mi · · Score: 4, Insightful

    I'm perfectly willing to believe, the authors of the Kaspersky software and the owners of the company want to have to provide a good anti-virus and do not want to cooperate with Russia's spies. But the decision may not be up to them — Russian government has many more instruments at their disposal to convince businesses and individuals to "cooperate", than do the governments of free(er) countries.

    Yes, American government has some such instruments as well — just pick, who you trust more...

    --
    In Soviet Washington the swamp drains you.
    1. Re:Kaspersky may well be innocent by mysidia · · Score: 5, Informative

      Russian government has many more instruments at their disposal to convince businesses and individuals to "cooperate"

      While that might be true; I doubt they would risk it.

      Probably you are at a MUCH higher risk if you replace Kaspersky software with McAfee LiveSafe, just because the McAfee offering is crap.

      Also, the risk of VULNERABILITIES in your AV product is at a much higher risk than an intentional backdoor existing (IMO).

      Personally; I use neither antivirus product favoring WebRoot instead, but I have some respect for Kaspersky, and nobody's shown any evidence specific to Kaspersky that they could not be trusted.

    2. Re:Kaspersky may well be innocent by Rick+Schumann · · Score: 4, Insightful

      Do as we say or we'll confiscate your business, your assets, imprison your family, and beat you senseless

      That's about how I'd figure that conversation would go in Putin's Russia.

      The real question here is: In 2017, can we trust ANYTHING to run on our computers that we didn't compile ourselves, after personally vetting the sourcecode -- and then, can we trust the compiler to not be compromised, too? Really, honestly, seriously, I'm starting to feel like we're getting to that point -- and even if what we're running isn't compromised as soon as it's installed, there doesn't seem to be much of anything that can prevent the mahcine from being compromised externally, unless you're never connected to the Internet, ever -- and even then, security researchers keep exposing exploits that can compromise a computer that's completely air-gapped.

    3. Re:Kaspersky may well be innocent by Gravis+Zero · · Score: 3, Funny

      Yes, American government has some such instruments as well — just pick, who you trust more...

      I trust Linux more than either government. ;)

      --
      Anons need not reply. Questions end with a question mark.
    4. Re:Kaspersky may well be innocent by rahvin112 · · Score: 3, Interesting

      While that might be true; I doubt they would risk it.

      Why? What does the Russian Government have to lose?

      The fact that the ownership of Kapersky was shuffled around such that a guy with deep connections to the FSB (Former KGB) has significant control over the corp should scare anyone. This should be enhanced by the fact that the American government has apparently seen something so concerning that they are reacting to it with law enforcement assets and have bared it's use within the DOD.

      This isn't much different than ZTE's three top owners being top Army officials in the PRC along with deep connections to their spy apparatus. I'd be concerned about using any Tech where the top people and owners are all connected to and beholden to that states spy apparatus. For all the talk no one on the board of Microsoft or Cisco is a top retired general that's got deep connections with the NSA. From what we learned from Snowden the NSA does their backdoor stuff on the sly by diverting packages and installing compromised firmwares after it leaves the factory instead of writing the backdoor directly into the software.

      If Kapersky is truly using virus scanning to scan for files they want then they've created a tool with unparalleled power. Any computer with Kapersky software is having it's contents scanned and reported back to Russia and the Russian government is apparently able to review the database for targets. It would be trivial for them in such a situation to have the software grab the contents for them, after all it already has kernel Ring 0 access by virtue of it's status as a virus scanner. That's reason alone not to run windows.

    5. Re:Kaspersky may well be innocent by Anonymous Coward · · Score: 3, Insightful

      Pick the one that can hurt you the least. Who is the greater threat Russian secret police or American? Trust but verify. RR

    6. Re:Kaspersky may well be innocent by Archon · · Score: 4, Insightful

      "This should be enhanced by the fact that the American government has apparently seen something so concerning that they are reacting to it with law enforcement assets and have bared it's use within the DOD."

      Is this the same government that deliberately start wars and invade other countries based on their own propaganda (aluminum tubes and babies being pulled from incubators, anyone)? Yeah, I thought so. So now it's show your proof or GFY.

    7. Re:Kaspersky may well be innocent by Gravis+Zero · · Score: 3, Informative

      The problem is that open source projects can be contributed to by anyone, including state sponsored bad actors.

      You're not even wrong! However, it requires someone accept the contribution and never have someone notice the flaw. In the closed source model, nobody will ever have the chance to notice the flaw. Also, with a bit of pressure, a business will insert whatever blatantly evil code a state-sponsored actor insists on.

      Heartbleed. Tell me that the Heartbleed bug, the heartbeat function it fucked up the security on, and the RFC the heartbeat function was based on weren't all state sponsored.

      I can tell you for a certainty that shitty code occurs in the wild without the help of any state-sponsorship. OpenSSL was neglected but hey, thanks for the conspiracy theory!

      --
      Anons need not reply. Questions end with a question mark.
    8. Re:Kaspersky may well be innocent by F.Ultra · · Score: 3, Informative

      Yes but #1 that is code from the part of NSA whose job it is to increase security and #2 that code has been verified and vetted from top to bottom, it's not like they supplied a binary blob. Not to mention that the code itself have been heavily altered by the community over the years.

  2. They probably refused to ignore NSA malware by gweihir · · Score: 4, Insightful

    And now they are killed via a classical attack on their reputation, which may or may not be completely without merit. Of course, this only concerns the US market.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:They probably refused to ignore NSA malware by Narcocide · · Score: 4, Interesting

      It's also possible that the software is fine as delivered by Kaspersky as far as they know, but altered/backdoored covertly while in transit, somehow. The U.S. government has done as much to Cisco hardware that has been shipped worldwide, so it's not like there wouldn't be precedent.

    2. Re:They probably refused to ignore NSA malware by tinkerton · · Score: 3, Interesting

      That's the best explanation. Now everyone has received the warning. If you don't cooperate with the US three letter organisations we'll get you. They've got nothing on Kaspersky except that the software performed as expected and that is by detecting malware. Give it some time and every AV that is left on the market is forcibly unreliable.

  3. trumpistan by Anonymous Coward · · Score: 3, Interesting

    we take in products from hundreds of different countries, including digital products that are in the heart of infrastructure. we allow outsourcing of sensitive data processing all over the planet.

    but this one company is being singled out by the federal government and destroyed without a trial.

    lets look at companies who actually took money from Russian operatives to place political advertisements on their networks. Facebook, Google, Twitter, directly profited from Russian interference in the election, and will never face any consequences.

    this has nothing to do with protecting security, it is all about nationalism and isolation, Trump thinks that by cutting out foreign competition it will somehow provide an economic boost to domestic companies.

    what he doesnt seem to realize is that every isolationist country, from Japan to Russia, has a stagnating population and a stagnating economy. Interacting with the world is how China lifted itself out of poverty - us cutting ourselves off from the world is how we are going to sink into it.

  4. "off the shelves" = zero impact by xxxJonBoyxxx · · Score: 4, Insightful

    Remember when you'd buy software? With a disc in a cardboard package? From a retail store you'd have to enter?

    No? Me either.

  5. Re:What we can learn from this by DontBeAMoran · · Score: 3, Funny

    We have nice weather while Americans have tornados! The Cold War is over but The Warm War is working!

    --
    #DeleteFacebook
  6. They should've... by nwaack · · Score: 5, Insightful

    They should've just let themselves get hacked and had all their customer's information stolen. Then the IRS would've probably given them a multi-million dollar contract!

  7. Is there any actual proof of anything? by fredrated · · Score: 4, Insightful

    Or do we just trash businesses based on opinion?