Dodging Russian Spies, Customers Are Ripping Out Kaspersky

From a report: Multiple U.S. security consultants and other industry sources tell The Daily Beast customers are dropping their use of Kaspersky software all together, particularly in the financial sector, likely concerned that Russian spies can rummage through their files. Some security companies are being told to only provide U.S. products. And former Kaspersky employees describe the firm as reeling, with department closures and anticipation that researchers will jump ship soon. "We are under great pressure to only use American products no matter the technical or performance consequences," said a source in a cybersecurity firm which uses Kaspersky's anti-virus engine in its own services. The Daily Beast granted anonymity to some of the industry sources to discuss internal deliberations, as well as the former Kaspersky employees to talk candidly about recent events.

All together?

[Stormwatch]

customers are dropping their use of Kaspersky software all together

All of them simultaneously and at the same place?

Re:All together?

[Big+Hairy+Ian]

Bizarrely people would rather have Symantec reading their mail than the Russians

Re:All together?

[arglebargle_xiv]

Some security companies are being told to only provide U.S. products

Given the choice between Kaspersky and the FSB vs Symantec Endpoint Security, I'd feel better protected by Kaspersky + FSB.

Re:All together?

[K.+S.+Kyosuke]

Social uninstalling, the new fad...

Re:All together?

Exactly. Given the choice, I'd rather be spied on by a government that has no power over me than by the government-friendly US based companies.

It's sad that threat modeling has to be done with something as mundane as AV software, but it's rather true. If you're someone with unpopular opinions, the last thing you want is your own government seeing what you're up to. If you're doing R&D work that some cheap third world country is going to copy and sell here thanks to crappy treasonous trade deals then it's best to not be spied on by foreigners because industrial espionage is a very real thing.

BTW, industrial espionage is also a reason to avoid "cloud computing" at all costs for any data you actually care about, especially business plans and product research, unless it's encrypted with a key only you control and that key has never seen a Windows 10 machine.

Re: All together?

Not just govt. unfriendly opinions/activities. A lot of US intelligence agencies are private companies that also do work for the corporate sector. If you're being spied on by the NSA and/or CIA, the chances are that the same intel may be available to corporate competitors/hostile corporations. Also, a lot of active CIA employees moonlight for corporations. You're much better off with a non US affiliated software security company.

Re:All together?

[Ol+Olsoc]

Some security companies are being told to only provide U.S. products

Given the choice between Kaspersky and the FSB vs Symantec Endpoint Security, I'd feel better protected by Kaspersky + FSB.

True, I was really pissed when Arris and Symantec activated SEP without my permission, and wouldn't allow me access to the internet unless I clicked to allow them access to the kingdom.

Took a few phone calls to both to clear that up.

But protection isn't the issue here with Kaspersky.

So what we have is the idea that Kaspersky is great, and all of the concerns about it are lies. That Israel is lying, the USA is lying, that the owner who is/was KGB and other executives who are FSB at Kaspersky are an exception to the rule that once you are in that world, you never leave that world, and that when you give a program where you give the providers of the program the keys to the kingdom, that given the background of th eactors, that they won't exploit what you gave them permission to exploit? https://www.extremetech.com/in...

It all boils down to a matter of trust. I take it that you trust the Russians and the FSB/KGB much more than you trust anyone in the USA? I surely don't, and the concerns about Kaspersky have been around a lot longer than Hillary's emails.

Re:All together?

[gtall]

Not if you were anti-Putin in Russia you wouldn't.

Re:All together?

[MightyMartian]

For Chriissakes the ACs are Russians

Re:All together?

[LifesABeach]

Reading eMails? Cute. To think that some people think that anything electronic can be trusted.

Re:All together?

[MightyMartian]

It just astonishes me how many places these Russian troll farms end up. I've been on some pretty obscure forums of late, and when the topic of Russia comes up, all of a sudden you have these streams of messages about how bad the US is, or how Russia isn't a threat to anyone. I think back over the last five or six years about all the posters I just sort of disregarded at the time as being nutty conspiracy theorists ranting on about the evils of the US government, and now I wonder if at least some portion of those posters really are just Russian trolls. They've pulled off some pretty interesting, if odd stunts, like duping Texan secessionists.

Re: All together?

The great ability of the Russian trolls is that they get the morons in their target countries to spout their bullshit. It's simply a matter of being loud enough that a handful of particularlt persuadable people buy in. They then evangelize their friends, rinse and repeat ad nauseam, until it the psy ops become a 'mainstream' belief.

This technique is nothing new. Religious movements use it all the time.

Re:All together?

[DontBeAMoran]

And that explains how these ACs can cool our homes in the summer. It's very cold in Russia!

Re:All together?

With due respect - it's not that "the topic of Russia comes up", it is that _you_, the trolls (backed by the mega-trolls in the form of US mainstream media) start your conspiracy theories about Russian plots. Then when people point out that, indeed as you describe, the US is much worse than Russia on many many issues, and that Russia is not a threat to the US but rather vice-versa, then that gets labeled as trolling and you decided these ACs are either Russians or that Russia(ns) put them up to it.

Re:All together?

[whoever57]

The real trust problem is the need to trust a closed-source application for security.

Re: All together?

Much obliged, Comrade Wang.

Re:All together?

[bigfinger76]

I created a message board last spring for use by members of my family. No one ever used it - the only new users to sign up were Russian.

Re: All together?

[Reverend+Green]

Yup. Source you're not allowed to see = assumed insecure.

Note that for fedgov and affiliated companies, US-owned proprietary software source code may be available for review, custom compilation, etc. For them it may not automatically be considered insecure. For the rest of us... yeah man.

I guess if you really want a 'secure' computer as a civilian, run an obscure OpenBSD fork on funky hardware. And pray a lot.

Re:All together?

Israel is lying, the USA is lying

That's a given. You'd have to be deaf, dumb and blind to believe otherwise. And software diversity is important: You can't trust any of the AV-companies. They have too much access to reasonably expect that they can stave off all attempts to abuse that power. But when all your software is from one "side", then you give too much power to that side. You should use an AV software that will not turn a blind eye to your side's exploits, and what could be a better bet in that regard than the software created by people on the other side? Do people still think "we" are the good guys, so we can be trusted?

Re: All together?

[MightyMartian]

Thanks Ivan.

Re:All together?

[scumdamn]

I really hate it when I see a story about Russia on Slashdot because all the apologists come out and remind me what a dumpster fire Slashdot has become. I remember back when it was actually a tech site that mattered rather than two day old stories and comments that are basically "I can't hear you la la la la la!"

Re:All together?

[Antiocheian]

That Israel is lying, the USA is lying

They are states, focused on the well being of their citizens and not the truth. Of course they are lying when they have to, just as Russia and everyone else.

the owner who is/was KGB

You mean the Soviet Union ?

and other executives who are FSB at Kaspersky are an exception to the rule that once you are in that world, you never leave that world, and that when you give a program where you give the providers of the program the keys to the kingdom, that given the background of th eactors, that they won't exploit what you gave them permission to exploit?

All it takes is a couple of seconds to find their response to your absurd statement. Have a nice day :-)

Re: All together?

[whoever57]

Note that for fedgov and affiliated companies, US-owned proprietary software source code may be available for review, custom compilation, etc.

Reviewing source is almost pointless. How do you know that you are looking at the real source code? Or all the source code? Or that you can really find hidden (obscured) untrustworthy code? Even if you build it yourself, you may not be totally safe.

Re:All together?

[rahvin112]

Including all your financial information when it's been shown the FSB has deep links and connections to the Russian Maffia?

Re:All together?

[Jawnn]

Bizarrely people would rather have Symantec reading their mail than the Russians

First of all... [citation needed].
Second, and more to the point, this isn't about email. No one ever said it was. It is about trust and risk management. Even if it was demonstrated that U.S. intelligence agencies had compromised Symantec (or whomwever), there is just a little bit of a difference in that scenario than the now solidly attributed one where Russian intelligence (not to mention Israeli) had thoroughly compromised Kaspersky. How the fuck are those two scenarios equal in any way when it comes to judging which vendor to chose for an extremely critical role in your organization's security? My U.S.-centric point of view is noted. The rest of you may be excused.

Re:All together?

[TheDarkMaster]

Never stopped these days to think about how much the United States are the actual threat for everyone, judging by their current acts? Brazil, for example, is at this very moment being destroyed by an illegitimate government controlled behind the scenes by US corporations and politicians, not russsians.

Re:All together?

[Xenographic]

Well, the problem here is that ALL the nation states are spying on us, including America. So the NSA/Israel hates Kaspersky because they've detected their Stuxnet-based malware. Kaspersky actually put out this paper describing just how hard it is to attribute anything to any specific actor. You can say that's Russian so you don't have to even listen (which is a bit silly in an article from the Daily Beast, especially if you know Chelsea Clinton's relationship with it) but that doesn't mean they're wrong.

My personal opinion is that all of them are spying on us via whatever means they have and I don't like any of it, though I don't know how to stop any of them. It's reasonable to be outraged by all of it, NSA or FSB, and to take it into account when doing threat modelling. But, frankly, from what we've seen of the TAO catalog, if they want to own you they probably already have. They probably owned your router before it was even shipped to your doorstep. You cannot assume that they're exfiltrating data over any kind of link you could monitor and they may be leaking it via channels you didn't know the existence of.

So in a way I'm glad for the outrage, I just don't see how to channel it to any productive ends. Ideally we'd stop or control this crazy mass spying by every major power on everyone, but the tech is so scary that I don't know just what sort of crazy security measures that would require.

Re: All together?

[Cyberpunk+Reality]

We're imitating them. Only our guy is a self made billionaire who talks tough and tells it like it is. And whose image is less real than Putin's.

Re:All together?

[MightyMartian]

Thanks again Ivan. Most appreciated.

Re:All together?

[PingSpike]

Pretty sure Equifax already has that task covered.

Re:All together?

[TheDarkMaster]

Eu sou um brasileiro, obrigado (O Brasil é um buraco de merda, mas você não escolhe aonde você nasce).

Re:All together?

[arglebargle_xiv]

I'm not worried about Symantec being used for spying, it's that Symantec ES is practically malware itself in the way it behaves, and doesn't offer much protection in any case. So I'd rather have decent protection even if it involves the FSB, than Symantec crapware.

Re:All together?

[Ol+Olsoc]

It just astonishes me how many places these Russian troll farms end up.

Just like magic, indeed!. It is pretty impressive how much effort they put into the trolling and disinformation campaigns. Almost like the spam model. Throw out much shit, and some is likely to stick. But hey, it worked after a fashion. Probably not much longer, but they are not stupid, so who knows the next volley.

But there is a pattern and a style here that even make me wonder about some of the AGW deniers. While there are plenty of home-grown deniers, there are definitely two different approaches to them. One askes questions, the other does the division tactics. This is only conjecture at this point.

Re:All together?

[Ol+Olsoc]

Never stopped these days to think about how much the United States are the actual threat for everyone, judging by their current acts? Brazil, for example, is at this very moment being destroyed by an illegitimate government controlled behind the scenes by US corporations and politicians, not russsians.

That's Hillary, Obama and Clinton doing that. Didn't you read that in her emails there Boris? And Pizzagate is real, you bastards!!!!

Re:All together?

[Ol+Olsoc]

Thanks again Ivan. Most appreciated.

He's actually a pretty decent fellow overall, letting us know about the real truth and all. I hope he gets many rubles.

Re: All together?

[Reverend+Green]

FWIW: https://arxiv.org/abs/1004.553...

Re:All together?

[TheDarkMaster]

Eu sou um brasileiro, seu estúpido. Estou respondendo o seu comentário asinino em português e de uma forma tal que você vai precisar de sorte para o Google te traduzir corretamente (o tradutor do google simplesmente não entende a gramática e a concordância da língua portuguesa), e também para deixar claro que eu não sou um russo dado que os russos também têm sérias dificuldades para entender a minha língua nativa.

É uma atitude realmente imbecil achar que todo mundo que te critica ou que discorda de você só pode ser o "malvado inimigo" não é à toa que todo mundo anda querendo varrer os EUA do mapa.

Re:All together?

[Ol+Olsoc]

É uma atitude realmente imbecil achar que todo mundo que te critica ou que discorda de você só pode ser o "malvado inimigo" não é à toa que todo mundo anda querendo varrer os EUA do mapa.

Stupid? of course it is stupid. But it is stupid replies to stupid, which is always richly deserved. Pizzagate? Stupid. "But her emails!" ? muito e stúpido

It is an earned response to the trolls, and if a post appears to be a Russian troll, it gets the treatment. It won't always be correct of course. Fox News has cultivated a group of Americans that eventually went so batshit crazy over the Kenyan terror baby president that when Putin rolls up to 1600 Pennsylvania Avenue in a T-14, they will cheer like no tomorrow. But they hate the USA, anyone who doesn't agree with their crypto-politics, and function as useful idiots for the division efforts

And it appears that you will be quite pleased as well when we meet our end. The old admonition applies however. Be careful what you wish for - you just might get it.

No doubt that something our countries share, the huge fires - you can be happy that some Americans were killed, meanwhile I offer my sympathy for the poor people in Portugal who died in their cars while trying to escape the fires. That is no way to die - horrível.

Re:All together?

[TheDarkMaster]

Uh, I'm a Brazilian, from Brazil (South America). Not Portugal (Europe). We share the portuguese language (but note that Brazilian portuguese have a lot of differences) but we are not the same.

And about the rest of your comment, sincerely what you would expect? That we Brazilians should be happy and content while corrupt brazilian judges trained in the US works hard to destroy the entire brazilian heavy industry and justice system to probably turn us into "slaves" of north-american corporations? This kind of gross interference in the sovereignty of other countries usually causes strong reactions in the affected countries, and I do not think the Russians even have a finger in this..

Re:All together?

[david_thornley]

I take it that you trust the Russians and the FSB/KGB much more than you trust anyone in the USA?

Trust is a many-faceted thing. What we're asking, really, is if we evaluate the risk that Russia and the FSB are spying on us as greater than the risk of US agencies spying on us. For a lot of people, the answer is obvious: don't use Kaspersky.

For others, it's a more complicated situation. I happen to hold opinions strongly opposed to the current US administration, and that administration doesn't seem to care about privacy and seems to be vindictive. Putin and the FSB, on the other hand, have no obvious reason to hassle me. I could be wrong about this, but using Kaspersky seems safer to me than using US-based antivirus software.

In any case, uninstalling Kaspersky is probably useless. It's got hooks deep into your system. If it's designed as spyware, uninstalling it is not going to eliminate the spyware. The only safe way is to get a new computer and not install Kaspersky.

Re:All together?

[david_thornley]

Only trust AV software companies whose software detected and reported the Sony rootkit. That's my advice. All the others have shown the willingness to betray their customers that actually pay them money for protection.

unintended consequence

[goose-incarnated]

Unintended consequences of the "wrong" candidate winning. The media's bitterness is not because the wrong candidate won, but because they were shown via the election results that they had less power than they thought they did.

Re:unintended consequence

[Antiocheian]

Yes, and thankfully their FUD doesn't work anymore.

Kaspersky is popular because it wins at independent tests run by experts. The New York Times, the Wall Street Journal and their parrots should either hire some real security experts, people who can understand low level code, or simply keep being laughable.

If they believe that Kaspersky is trying to access sensitive information and send anything related to it through the Internet, they should prove it through its function, not because a spy told you so. Such as Kaspersky dealing with Stuxnet on a technical level instead of silly stories about espionage.

Re:unintended consequence

[lucm]

The New York Times, the Wall Street Journal and their parrots should either hire some real security experts, people who can understand low level code

That would be a good idea if their agenda was to uncover the truth. Unfortunately, those organizations have made it clear that they're an unofficial branch of the Democratic party, so don't expect them to stray from the red scare narrative; they will ignore or twist facts shamelessly to serve their masters. They don't care if a good company with a good product is decimated in the process.

Nowadays, there's probably more truth and unbiased articles in the newsletter of the Flat Earth Society than in the New York Times or Wall Street Journal. They have made themselves irrelevant at a time where their industry was already struggling. Bravo.

Re:unintended consequence

[Maritz]

If it praises Trump, it's good journalism. If it criticises Trump, it's fake news. Gotcha. Oh, and Russia are your friends.

lol.

Re:unintended consequence

[lucm]

If it praises Trump, it's good journalism. If it criticises Trump, it's fake news. Gotcha. Oh, and Russia are your friends.

lol.

Are you an imbecile or just biased?

Re:unintended consequence

It's ironic Lucm, that Republicans and Democrats agree that Trump is a moron, and yet you still cannot accept that you made a mistake in voting for him.

Ironic because part of Trumps problem is he makes mistakes, and cannot admit the mistake, so he tells ever more tortuous and obvious lies to deny the initial mistake.

I notice that Fox has the same problem, when Trump was attacking a Republican claiming he was retiring because Trump refused to endorse him, Fox had to bury the news. Each time they call him a moron, Fox is conflicted, how to spin it? Cannot.... bury the story.

I notice you here go into abuse calling Maritz an imbecile. Name calling suggests you are aware of the issue with your comment, since you don't defend your comment, rather you try to shut down discussion.

Perhaps its time to simply admit the mistake in voting for Trump.

Re:unintended consequence

[coofercat]

...and so the popularist isolationism begins in the tech sector.

Trump wanted 'America first', he wanted to extricate America from as much of the rest of the world as possible, and this is just one way to do it. Good luck using the alternatives though - I predict "American's tech productivity drops 10% since October 2017".

Re:unintended consequence

[Ol+Olsoc]

Yes, and thankfully their FUD doesn't work anymore.

Kaspersky is popular because it wins at independent tests run by experts. The New York Times, the Wall Street Journal and their parrots should either hire some real security experts, people who can understand low level code, or simply keep being laughable.

If they believe that Kaspersky is trying to access sensitive information and send anything related to it through the Internet, they should prove it through its function, not because a spy told you so. Such as Kaspersky dealing with Stuxnet on a technical level instead of silly stories about espionage.

Your virus software has to have root level access to every file on your system. If you want to access all the files on a computer clandestinely, providing AV software is a fine way to do it. Your AV software provider better be a friend. Now for your demands for a smoking gun, look up Harold Thomas Martin III.

You're welcome, Boris.

Re: unintended consequence

[Boutzev]

This. You hit the nail. What comes after Trump will be much worse.

Re:unintended consequence

[XXongo]

It's ironic Lucm, that Republicans and Democrats agree that Trump is a moron, and yet you still cannot accept that you made a mistake in voting for him.
>...Perhaps its time to simply admit the mistake in voting for Trump.

I'm not sure what "you" refers to here.

In general, the people voting for Trump didn't like him (Really! Look at the numbers). They voted for Trump because they thought that it was more important to vote for a person with the expressed ideological position agreeing with them than it was to vote for somebody that they liked or thought was smart or competent.

To a very very good approximation, they didn't vote for Trump; they voted against Clinton.

Re:unintended consequence

[Bing+Tsher+E]

It's just weird to have to do this in 2017, but:

'You're welcome, J Edgar Hoover.'

I mean FUCK it. Can you lick the boots of the G-men any more vigorously than parroting their redbaiting poison?

Re:unintended consequence

[cyberchondriac]

he wanted to extricate America from as much of the rest of the world as possible

That's profoundly false. He wants trade deals that are more fair for the US. That is not isolationism.
Yes, he'd like to see fewer jobs moved overseas and see a return to manufacturing jobs here domestically, but so has every politician from every political persuasion, for decades. Now that Trump wants that, it's bad?

Re: unintended consequence

[Reverend+Green]

Dude...

Yes, of course the Russian threat hysteria is comically overblown and mostly about ugly domestic politics.

But also... OF COURSE Kapersky snoops your files. ALL antivirus software snoops. Damn near all proprietary software whatsoever snoops.

Remember, in America we have the best justice money can buy. You have all the rights you can afford to sue for in Federal court. So unless you're a whole fucking lot richer than I am, you have no rights at all. Including the right to privacy.

If you TRUST Symantec and the security state, you're a fool. If you TRUST Kapersky and the Russians, you're a fool. But if you rationally assess that you have less to fear from a foreign tyranny than from the tyranny at home... well, that's just being realistic.

Re:unintended consequence

[SlashDread]

Oh, and do prey tell, do these "independent tests" look for backdoors? Oh no they dont now do they? They look for effectiveness in finding viruses.

You do realize, that an effective tool, can still contain backdoors?

Nobody is trying to argue that Kaspersky is sending sensitive info. The spies just know, the Kaspersky codebase is tainted. And now you know too. But you chose to ignore that.

Re:unintended consequence

[CrashNBrn]

The Wall Street Journal, owned by Rupert Murdoch is an unofficial branch of the Democratic Party?

Riiiight. The drugs are good over here.

Re:unintended consequence

[lucm]

Well it's not a secret. On their own website there's even a timeline of the NYT endorsements of Democrats candidates:

https://www.nytimes.com/intera...

But the cozy relationship between the DNC and media goes far beyond that. Look at the leaked DNC emails.

For instance, here's one email where the Clinton campaign members discuss the questions that CNN will ask Trump:

From: Dillon, Lauren
Sent: Monday, April 25, 2016 12:00 PM
To: Freundlich, Christina; Roberts, Kelly; Sarge, Matthew; Graham, Caroline; Walker, Eric; Bauer, Nick; Brinster, Jeremy
Subject: RE: Trump Questions for CNN

CNN said the interview was cancelled as of now but will keep the questions for the next one :(

Good to have for others as well.

Updated here:

- Who helped you write the foreign policy speech you're giving tomorrow? Which advisors specifically did you talk to? What advice did they give you? Did they give you any advice that you chose not to take?

-A number of Republicans and think tanks including the Heritage Foundation have suggested tying defense spending to GDP, most often suggesting defense should be funded at 4 percent GDP. Is that something you would do/we'll see in your plan?

- You've said you look to Ambassador John Bolton for military advice and called him "terrific," but he was one of the architects of the Iraq war. How do you explain your praise for Bolton if you also claim the war was a mistake? What advice have you taken from him?

[...]

https://wikileaks.org/dnc-emai...

Another example, a CNN analyst asking the DNC to approve her editorial points:

From: Maria Cardona [mailto:Maria.Cardona@deweysquare.com]
Sent: Wednesday, May 18, 2016 10:21 AM
To: Patrice Taylor; Miranda, Luis
Subject: URGENT - DRAFT CNN OPED ON NV
Importance: High

I want to make sure it is not to heavy handed. Please let me know asap! Thanks!!

https://wikileaks.org/dnc-emai...

Here's an email from the New York Times:

From:john.podesta@gmail.com
To: nconfess@nytimes.com
Date: 2015-02-11 14:54
Subject: Re: good times

Off the record. No, mostly about Brock's eccentricities shall we say.
On Feb 10, 2015 1:36 PM, "Confessore, Nicholas"
wrote:

> Hi John,
> I am sure you have lot and lots of downtime these days to talk to
> reporters, and so this question no doubt is well-timed.
> But can you offer any wisdom on whether this contretemps between Messina
> and Brock tells us anything about the future of the other Obama alums who
> have found places, or are seeking them, in Greater Clintonland?
> To put the question more directly--is this blow up over Media Matters
> going to make it harder for the Clinton folks to bring in and use
> effectively the best of the Obama alums?
> Seems you are among the few people widely respected in both camps. So your
> opinion would count for a lot.
> thank you,
> Nick
>
>
> --
> Nicholas Confessore
> The New York Times
> W (212) 556-5911
> C (917) 456 2446
> gchat: @nconfessore
>

https://wikileaks.org/podesta-...

If you don't like those examples, no need to nitpick, there's a search engine on wikileaks, it's worth doing a bit of research to see for yourself. There's so much stuff in there that is damaging to the Democrats and mainstream media, no surprise they're all using the red scare to distract people from this.

Re:unintended consequence

[lucm]

Huh? The "scare narrative" is more a property of the Republicans.

Welcome to the present day, where once again the GOP and Democrats have switched place. Nowadays the witch hunters and fearmongerers are the Demoocrats. A Democrat president (Obama) has spent the most money on military of all presidents in history, even without declaring a new war, and also sponsored the biggest big brother project in history. The Democrats organizers planned and executed acts of violence to disrupt GOP events during the campaign. Etc. Etc.

Re:unintended consequence

[Ol+Olsoc]

It's just weird to have to do this in 2017, but:

'You're welcome, J Edgar Hoover.'

I mean FUCK it. Can you lick the boots of the G-men any more vigorously than parroting their redbaiting poison?

I lick no one's boots, Mikhail. I do however understand computers and the internet.

So if by some chance I had anything to put on a computer that I didn't want someone to see, it would be on a computer that never saw the internet and have no nic. It would have the exterior USB ports all destroyed except those I absolutely need, they would be securely fastened. It would be in a Faraday cage inside a locked room inside a locked cabinet when not in use If anyone wanted to use this device, I would do the entry for them, as no one would be allowed to touch the computer except me.

there is no possible way to make a computer on the internet secure - that is all, Mikhail, no amount of your invective will change that.

Hey, let's have some fun Mikhail - Write something really really bad about Putin for us.

Re: unintended consequence

[lucm]

Maybe the media are angry because they are patriots, sickened to see their country run by an idiot installed by the Kremlin.

You mean as opposed to a crook that took money from Putin to facilitate the expansion of Putin's nuclear business in America?

more usa government paranoia and fud - how boring

more usa government paranoia and fud - how boring

They can't accept blame for their own problems, it's the always the russians, not them

Sure is gunna be unfortunate

When it turns out that US AV companies do exaaactly the same shit, because all AV vendors do it.

At least Kaspersky actually made decent detection products.

Enjoy the farce that is Norton & McAfee

Re:Sure is gunna be unfortunate

[DrXym]

Maybe US AV companies do what you say. But that "you too" argument doesn't negate Kaspersky's actions or that people should leave this potential attack vector running on their computer.

Re: Sure is gunna be unfortunate

[orlanz]

So what exactly is your point? Since the US does it, they should stay silent on the Russians doing them? A "I know you are spying on me, but that's OK because I spy on you too?"

Re:Sure is gunna be unfortunate

[drinkypoo]

At least Kaspersky actually made decent detection products.

Yeah, almost twenty years ago. AVP is the absolute worst AV from the standpoint of performance impact. Used to be the best, who knows what happened, maybe it was all the added spyware.

Re:Sure is gunna be unfortunate

[plopez]

And no guarantee they are not selling it to the Russkis. As Lenin put it, "A Capitalist will sell you the rope you hang him with".

Re:Sure is gunna be unfortunate

[AmiMoJo]

Depends on your threat model. Are you more worried about US or Russian intelligence services stealing your secrets, or about criminal hackers and ransomware?

If you are forced to use Windows then it's probably no worse an option for most people than any other anti-virus product.

Re:Sure is gunna be unfortunate

[DrXym]

It's not about threat, it's about violation of trust.

Re: Sure is gunna be unfortunate

[Boutzev]

Yes, that's how the world operates, countries spy on each other and keep that behind curtains. That's how it has always worked and there are some unspoken rules to this game.

Re:Sure is gunna be unfortunate

[Bing+Tsher+E]

'violation of trust' just translates to: 'whatever hysteria has been whipped up'. Trust is a tricky thing, it's based in nebulous things like 'reputation.'

You have to 'trust' your dog won't maul your 4 year old daughter. You can't know that it won't. But it's reputation is such that it's very unlikely the child will be mauled.

But if your weird aunt comes around and starts incessantly ranting to your wife about case histories of dogs mauling children, your 'trust' might erode.

The same thing as the hysteria about 'teh russia' that has become a trendy meme in the US since one pile of shit got elected instead of the other pile of shit,

Re:Sure is gunna be unfortunate

[Impy+the+Impiuos+Imp]

There was a story about 10 years ago where antivirus companies acknowledged they skipped flagging signatures of US government spyware.

Re:Sure is gunna be unfortunate

[neilo_1701D]

There was a story about 10 years ago where antivirus companies acknowledged they skipped flagging signatures of US government spyware.

Citation? From a reliable new source, please.

Re:Sure is gunna be unfortunate

[DrXym]

No, it's not "whatever hysteria has been whipped up". It is clear that the US government received intelligence that Kaspersky was used to spy on government agencies and now they've cancelled all use of it. As have other companies. It's a violation of trust, plain and simple and Kaspersky gets to reap what they sowed.

If you want an analogy, it's like learning your doctor groped another patient. Even if you are not sure if you might be groped yourself, the trust has already been violated and it's time to find a new doctor.

Re: Sure is gunna be unfortunate

[Reverend+Green]

Hahahahahahahaha! You don't really believe that, do you?

Re: Sure is gunna be unfortunate

[Reverend+Green]

They have to. It's DUH LAW!

Re:Sure is gunna be unfortunate

[rahvin112]

Why would you use anything but the Free Windows Defender? Stop browsing porn and you won't be exposed to viruses.

Re:Sure is gunna be unfortunate

[Xenographic]

Well, that's the thing, we can't trust ANY of them.

We already know what the NSA does with NSLs and all the other providers have the capability to upload samples, so it's hard to see why your threat model can ignore that the NSA probably has access to all of this (and every other software update you use, via some means). We've known how deep this sort of rabbit hole can get since Reflections on Trusting Trust was written. Hell, we just watched Facebook build a new datacenter next door to the spooks a week or two ago. I'm sure they only did it to take advantage of some good fiber there...

If you've seen the TAO catalog, you know that this sort of capability is the tip of the iceberg. The spies have so much crazy stuff that it's hard to imagine that you can go up against them.

Re:Sure is gunna be unfortunate

[david_thornley]

Let's come up with something more verifiable, shall we? Anyone remember the Sony rootkit? The one that messed your computer up if you bought Sony CDs and stuff? How many AV products detected it? I suggest that you trust no AV vendor whose software failed to detect and report it.

How to make any antivirus software safer?

[mattr]

I'd like to hear more technical information about the issue and whether there are steps that can be taken to reduce the risk of installing *any* antivirus software. Given that any such package is going to be targeted, perhaps we need to be able to run them in a kind of sandbox that would prevent dialing home and logging. More transparency about how it is being updated, and possibly providing a scanning api to allow the operating system or an open source application to take over document loading might be welcome regardless of the vendor. Currently it is my impression (have not researched it) that human readable update files are not provided, and at least in the past, Kaspersky apparently used your CPU to help crack difficult threats. I don't think anybody really believes they can trust antivirus software or any other software for that matter.

Re:How to make any antivirus software safer?

[klingens]

You simply can not. Not Possible.

AV software needs to have full kernel level access to be able to protect you. As soon as you make a "safe space" for yourself, it's another place where malware can and will hide. Either you give full access to the hardware, not just the OS, or there is no way to actually protect the system. That's what makes things like the Intel management engine which has full control of your hardware, but no oversight by the OS or the user is so dangerous. It's why the NSA made intel to implement switches so they can disable Intel ME on NSA computers.

AV software need to phone home: to get virus definition updates and nowadays more importantly react fast to new networked threats by uploading possibly dangerous files. They have honeypots which do this all over the internet for years of course. However crowdsourcing new threats is much much more effective, since the really dangerous Malware, e.g. Stuxnet which was found by kaspersky, is targeted, not just spammed anymore.
The actually new and "best" high end products from Silicon Valley make the uploading of files from customers their main selling point: they claim only this way they can protect their enterprise clients. Kaspersky comparatively is low end consumer AV for the unwashed masses. The most expensive products like carbon black simply don't work if you're not uploading all your private files to a US company which is in deep with the US government agencies. All of the other AV companies in the US are too: google Project CAMBERDADA which shows what AV companies need to be attacked to subvert by the NSA. All the US/UK AV companies are suspiciously absent since they don't need to be reverse engineered: like any other US/UK based company they are working hand in hand with the intelligence services.

As a normal user in the West, I far more fear my own government's agencies, be it FBI, CIA, NSA, GCHQ, DGSE, BND, whatever, than a foreign agency far away: the domestic agency can actually directly harm me, fine me, incarcerate me, etc. than some agency in a country on another continent. And they have actually far more reason to do all that to me.

The end result:
AV software is a fundamentally flawed product due to all of this and simply shouldn't be used on any computer where you want to have a marginal expectation of privacy since you cannot protect yourself and use such a software.

Re:How to make any antivirus software safer?

[geekmux]

It's a matter of whom you trust. Check out the laws of the country of origin and the persons who run the company. If you can't trust any software, then you cannot use a computer. It's as simple as that.

It's about mitigating risk.

I would put the risk of state-level espionage well below the idiot behind the keyboard that forces IT/Security to install anti-virus/malware software to begin with.

2017, and the masses still haven't learned. I swear they'll click on anything. Yes, of course that Windows pop-up for a Kardashian baby-watch app was totally legit. I mean, why wouldn't Microsoft want you to know...

*facepalm*

The twisted irony of trusting that the largest threat to an organization is quite often their own users.

Re:How to make any antivirus software safer?

[geekmux]

I'd like to hear more technical information about the issue and whether there are steps that can be taken to reduce the risk of installing *any* antivirus software...

The main reason you have to run anti-software sits between the keyboard and the chair, and runs a common sense blocker plug-in.

Perhaps anti-virus wouldn't be even necessary if there were less users infected with anti-intelligence.

...I don't think anybody really believes they can trust antivirus software or any other software for that matter.

What's that? The main reason couldn't hear you, they were busy installing a Beyonce flash player. Yeah, of course it's legit...

Re:How to make any antivirus software safer?

[Bert64]

Desktop AV needs kernel access, but scanning on gateway devices (mail filters, http filters etc) does not, you can run the scanning engine in a sandbox and pass the files you want to scan into it. Worst case an AV could false negative a known piece of malware, but then there's nothing to stop you running multiple engines chained together.

This is actually the only instance where i run AV, and it cuts down on a lot of the junk email i receive.

Re:How to make any antivirus software safer?

[klingens]

No.
You can use it for SPAM, but that is not malware detection. Thats simple text parsing but has nothing to do at all with AV.
You cannot scan an filter arbitrary data packets in your router or elsewhere in transit: all proper traffic is at least transport encrypted.
Then there is the problem of scanning multigigabyte sized datatransfers of e.g. a game for malware. you cannot do that. Not possible, not at all. In former times 30 years ago it was a malformed zip-file that expanded forever creating a DOS, last month there was a different variation of the same in form of a gitbomb https://kate.io/blog/git-bomb/
And there are installshield files, other installers, binary packers, and a gazillion other things which you can never ever scan.
a base64 encoded file in your mail you can scan. a base64 encoded zip file? an ecoded zip file with a pdf inside? This pdf with Javascript and flash inside etc. You need a system at least as complicated as your end point system to scan such things, and then you are much worse of security wise.

Not to mention you usually totally break all your TLS transport security and encryption with a MITM attack if you scan on the routers.

Re:How to make any antivirus software safer?

[Tom]

Perhaps anti-virus wouldn't be even necessary if there were less users infected with anti-intelligence.

So tired of this bullshit argument.

I've been working in infosec for 20 years.

For about half of that time, I also said that "lusers" are the main problem.

Then one day I grew up and realized that they are just being humans and that's a bullshit excuse for not doing my job properly by complaining that water is wet and gravity sucks.
Guess what? We're paid good money for solving exactly these problems. If you can't bring a rocket to the moon because of gravity, you don't belong into rocket science. If you can't build a ship that floats because water is so difficult to work with, you don't belong into shipbuilding. And if you can't deal with people being people, you don't fucking belong into information security.

Re:How to make any antivirus software safer?

[Tom]

AV software is a fundamentally flawed product

Actually, it's our OS fundamentals that are flawed. In a properly designed system, the AV would not need full access to everything. Of course I'm talking 1970s "properly designed" here, not 2000s "ship half-ready to customer, then patch" philosophy. Sorry, I think they re-branded it "Agile Development".

AV is a workaround, a hack, for serious weaknesses in our fundamental systems design. That your e-mail system can access business secret documents when you open the wrong mail - that is the actual problem that needs solving. We have AV for the same reason we have condoms - there's a lot of STDs and for most of them we don't have good vaccinations.

In that sense, AV is not fundamentally flawed, because in a fundamentally non-flawed world, we wouldn't even have it. It's an at-least-this-works-most-of-the-time solution because we can't be arsed to tackle the real issues.

Re:How to make any antivirus software safer?

[Tom]

Because laws mean so much in this day and age where "too big to fail" lets you break regulations and laws with impunity, and secure yourself a bailout and a golden parachute.

The utter contempt with which almost all corporations look at tax laws gives you a good indication for their respect for the rule of law.

Reputation loss and thus loss of future business - now that is something they might care about. But laws? Please.

Re:How to make any antivirus software safer?

[Tom]

2017, and the masses still haven't learned. I swear they'll click on anything. Yes, of course that Windows pop-up for a Kardashian baby-watch app was totally legit. I mean, why wouldn't Microsoft want you to know...

Yes, why wouldn't Microsoft? It preloaded their home computer with a dozen application it deemed useful (ok, was paid for including, but users don't know that) and it serves them personally relevant information (sorry, paid-for ads, but that's not marked anywhere) wherever it can, say on Bing or whatever their current attempt at social networking is. It also made several attempts to put important announcements (advertisement) directly on the desktop of their computers.

From a non-IT user, the scenario does not look all that much unbelievable. Maybe a bit unusual, but your facepalm is coming from a certain arrogance and insider frame. Some of those dumb users will laugh at you how you put that silly oil into your car, everyone knows it's synthetic shit and you should really use that bottle over there which isn't so heavily advertised. Or what you eat or how you do sports or whatever. You know more about IT than they do, which makes some things seem obvious to you. But you are just as oblivious about "basic facts that everyone knows" in many other areas of life.

Re:How to make any antivirus software safer?

[ka9dgx]

Amen, Brother

It's going to take most IT folks another 5 years to wake up to the need for capability based security... and another 5 years until they get it.

Re:How to make any antivirus software safer?

Yes. For your own protection you can create a MITM attack that you own, a TLS proxy that will syphon off the binaries in the packet stream and inspect them using either scan or sandboxing tech. This is pretty standard crap and can be done with free/open software. You can also filter for multi-layer packaging (tgz inside a zip inside a b64 or uuencoded stream, also pretty damn standard stuff for security nerds.

It's not perfect, by any means, but it's not bad. I prefer not to spend a lot of time downloading things. I tend to stick to trusted sources and I have a byzantine firewall/URL filtering setup for my home, but that is not a limitation. Simply a limitation of my desire to expend effort.

Re:How to make any antivirus software safer?

[houghi]

What about an Open Source version? It is now not safe because somebody might have put some code in it and we have no way to be sure. That way you can verify if the code is infected by anybody or not.

Obviously it should not be something we should need. It should be already in the OS.

Re:How to make any antivirus software safer?

[admin7087]

Well, the Intel Management engine would be far less dangerous if the user had total control over it. In fact, it would be pretty awesome if it could be reflashed (after flipping a hardware switch) to run an antivirus and intrusion detection system on it.

Re:How to make any antivirus software safer?

[ArsenneLupin]

No there isn't. A yellow-haired weasel is still a weasel.

Re:How to make any antivirus software safer?

[houghi]

Thanks you. I do not have modpoints, otherwise I would try to get you to +6 Insightfull.

The chain is as strong as the weakest link and not looking at the weakest link (humans) means you are not doing to right.
The other thing is that security is a mindset. Too many look only at their own little world of THEIR network and THEIR website and do not look how this influences the rest.

At one point I had 17 different logins with different passwords that I needed to change monthly and 1 even weekly and 2 chip cards with a reader and a separate machine that I needed to enter a code. That was not even looking at what I had in my private life.

So I used the same password for all of them (A big nono) because I already had issues remembering what login belonged to what access. Secure according to the rules? No? If there would have been a breach, I woud be the person to blame.

So what else could I do? Using a password manager was not possible. Writing it down was not possible. Having the same password was not possible.

So to me is just looked as if they where not so much interested in having a secure systemen (I can remember a 28 digit password one, but not 8 digit passwords every month), but more interested in covering their asses and be able to blame somebody when things go wrong.

The best one I has was that I was told to memorize all the words on the printout for the SKEY. Yeah, I will take the paper with me, even if that is not allowed. But their ass was covered if anything would go wrong, because I was not following procedure.

Re:How to make any antivirus software safer?

[thegarbz]

You know I can't remember the last time a virus actually spread via some gateway device, as opposed to USB stick, pre-installed on some driver CD, etc.

Gateway scanning is no where near as effective which is why most corporations take both approaches.

Re:How to make any antivirus software safer?

[thegarbz]

The problem is that this level of sandboxing is incredibly anti-user and anti-developer. Basically any OS should do what the user wants and by extension the easiest way for malware to access the machine is to simply ask the dumb meathead sitting in the chair.

Re:How to make any antivirus software safer?

[thegarbz]

If you can't bring a rocket to the moon because of gravity, you don't belong into rocket science.

Yes but that doesn't change the fact that gravity is fundamentally your biggest problem. Also users are more like anti-gravity, or rather gravity that gets stronger in opposite ways than you expect where the further the distance from the mass the stronger it gets.

That's kind of how the whole "build a better idiot" thing works.

Re:How to make any antivirus software safer?

[alexhs]

Perhaps anti-virus wouldn't be even necessary if there were less users infected with anti-intelligence.

So tired of this bullshit argument.

if you can't deal with people being people, you don't fucking belong into information security.

The main reason you have to run anti-software sits between the keyboard and the chair, and runs a common sense blocker plug-in.

And If you can't deal with reading posts, you have no fucking business in responding to them.

Apparently a bunch of slashdotters can't care to read parent posts before moderating "retorts", so writing straw man fallacies is an easy way to get +5...

Re:How to make any antivirus software safer?

[ABEND]

Agreed! Tom's comment deserves special recognition.

Re:How to make any antivirus software safer?

That's an impressive level of ignorance of state-of-the-art endpoint security. Pretty much everything you stated is wrong.

Re:How to make any antivirus software safer?

[Ol+Olsoc]

I'd like to hear more technical information about the issue and whether there are steps that can be taken to reduce the risk of installing *any* antivirus software.

In the end, it is largely a matter of trust.. If your AV provider has access It's Software, it pretty much has access to your whole computer. 99 percent of us could use any AV software out there, and it would be no problem. We don't really have anything the proverbial "they" have interest in.

Now that other 1 percent..... If you have something on your computer that the "they" are interested in, you might have a problem. If you have say, kiddie pr0n on it, you have the local groups who might be really interested, and the external country might be interested in that if it serves as a fine blackmail path if you have access to something they might like - think a person who has a clearance and a pedi-problem. Man, you can probably get them to do anything you want.

Now if you are a person who is a weapons grade dumfuk, like Harold Thomas Martin who was storing classified data on his personal computer, and "protected" by Kaspersky, well, you have a shitload of problems once caught. He was caught by Israeli hackers who found Kaspersky doing just this. Hell, they hit the jackpot with that asshole.

Re:How to make any antivirus software safer?

[Ol+Olsoc]

As a normal user in the West, I far more fear my own government's agencies, be it FBI, CIA, NSA, GCHQ, DGSE, BND, whatever, than a foreign agency far away: the domestic agency can actually directly harm me, fine me, incarcerate me, etc. than some agency in a country on another continent. And they have actually far more reason to do all that to me.

Why do they have a reason to harm you? That's pretty interesting. The question is of course, since you have in essence said that you have a reason to be fearful of everything in the US, does it not make sense to move to Russia, where there is nothing to be afraid of?

Dooooood! The internet is not a secure place, it is designed to not be secure, it is designed to spread out data. Almost any alterations made to it to make it actually secure would destroy it.

The lesson is, if you are doing anything illegal on a computer connected to the internet, you are excercising maximum foolishness. It is both sad and amusing that after all these years, so many people don't get it.

Re:How to make any antivirus software safer?

[Ol+Olsoc]

I'd like to hear more technical information about the issue and whether there are steps that can be taken to reduce the risk of installing *any* antivirus software...

The main reason you have to run anti-software sits between the keyboard and the chair, and runs a common sense blocker plug-in.

Perhaps anti-virus wouldn't be even necessary if there were less users infected with anti-intelligence.

Well, As much as I agree that a lot of users aren't all that smart, I don't want to delve too deeply into victim blaming. I've seen some pretty smart people fall for some well crafted, and even not so well crafted exploits.

...I don't think anybody really believes they can trust antivirus software or any other software for that matter.

What's that? The main reason couldn't hear you, they were busy installing a Beyonce flash player. Yeah, of course it's legit...

Yeah, because nice straw man. Plenty enough people get pwned without being a dumb pop culture addict who spends all their time on FB looking to share shit.

Besides, we aren't even talking about that person. There almost certainly isn't much of interest to state actors on their phone or computer. The particular case in question was a contractor who committed mortal sin number one of storing classified data on his home computer, and was using Kaspersky's AV software. Of course, and adversarial nation will be interested in that. I'd bet he never installed the proverbial Beyonce or even Adele' App. 8^)

Re: How to make any antivirus software safer?

[Reverend+Green]

I, too, learned that in Civics class wheni was 15. Alas reality is far uglier.

Re: How to make any antivirus software safer?

[Reverend+Green]

In Soviet America, everything is illegal. You are always watched, always under suspicion, always already guilty. Please report to your nearest Gulag camp for a lifetime of state sanctioned forced sodomy. Thank you for your compliance. Good bless America, death to the Russians, and fuck you plebs that's why.

Re: How to make any antivirus software safer?

[Ol+Olsoc]

In Soviet America, everything is illegal. You are always watched, always under suspicion, always already guilty. Please report to your nearest Gulag camp for a lifetime of state sanctioned forced sodomy. Thank you for your compliance. Good bless America, death to the Russians, and fuck you plebs that's why.

You ignored that talk we had about your Krokidil use didn't you, Anatoly?

Re: How to make any antivirus software safer?

[Reverend+Green]

What's with you people and the obscure Russian slang?

Re: How to make any antivirus software safer?

[Ol+Olsoc]

What's with you people and the obscure Russian slang?

You want the serious version, or more abuse? 8^)

Re:How to make any antivirus software safer?

[Tom]

I couldn't care less about trends on /. -- I have been giving conference speeches about this for half a decade now, pointing out what exactly we can do better when it comes to integrating users into infosec instead of considering them the enemy.

Slowly, personal security is becoming important. I'm not talking awareness campaigns, I think that's a snake-oil business. I'm talking screening, training, proper procedures and also not treating your employees like shit. In my fathers time, you didn't need rallys - people were actively interested in what is good for the company, because the company was actively interested in what is good for the employees. Bring back that give-and-take relationship and you have done wonders for infosec.

You completely misready my post. Nowhere did I put all the responsibilities on IT and nowhere did I claim that users and their capabilities and intentions could be ignored. You need to figure these things into your security. That's the point. You can't just take the cheap way out, say "ah, users are idiots" and put all the blame on them. If users are idiots, it is your job to make the system idiot-safe. That's why airplane doors don't open in-flight, because a drunk passenger might mistake it for the toilet. Right now, too many computer systems will happily open that door and then we go around shouting that users are idiots.

Re:How to make any antivirus software safer?

[Tom]

Yes but that doesn't change the fact that gravity is fundamentally your biggest problem.

Correct. I didn't say it's an easy problem. :-)

But it is our problem to solve. There are actually many solutions that already exist, but for stupid reasons we don't use many of them.

Re:How to make any antivirus software safer?

[Tom]

So I used the same password for all of them (A big nono)

Says who? The same guys who tell you that a password needs to have special characters and numbers. Oh look, this year the guy who wrote that rule originally apologized and admitted that he basically pulled it out of his ass at that time and thinking about it again, it's complete nonsense.

For all the sites that are not important to my life, which is about 95% of my accounts, I use only two passwords. One for forums and games and such where I really don't care at all and one for places that matter to me. If anyone gets one of these from a breach at any of these sites, omg he can post in my name to some forum...

but more interested in covering their asses and be able to blame somebody when things go wrong.

It's more of a "nobody ever got fired for buying IBM" problem. When you set up your security system, one issue is liability. By following "best practice", you can get out of liability. That is what top management cares about the most.

Re:How to make any antivirus software safer?

[Tom]

I'm not so sure about that. I have a fear that Bell was right in his 2005 paper, that security is diminishing rather than growing.

The security industry is growing, don't get me wrong. We have a million security products and maybe ten million security consultants today. But the security that everyone does is on a band-aid level. As far as I'm aware, there has been zero fundamental research into information security since the 70s.

Re:How to make any antivirus software safer?

[david_thornley]

There is a potential danger with using the same password for everything: some sites have idiotic administrators. Beware the ones who offer to mail you your password if you forget it, because those bungling idiots are storing it in at least a decrypable form, rather than salting and hashing. If one of those sites has a data leak, the bad guys now know your password for sites that are competently run.

Re:How to make any antivirus software safer?

[Lost+Race]

You simply can not. Not Possible.

Of course it is possible. There are at least three different ways:

1. Open source, as mentioned already by others.

2. Fully auditable communication. All channels between the AV software and the world can be inspected and filtered by the user.

3. Forensic mode, where the AV software runs offline with no ability to communicate with any network and never touches a live user system, only scanning forensic copies. I used this mode for years, though it was poorly supported by most AV makers and thus a bit cumbersome in practice.

Re:How to make any antivirus software safer?

[Tom]

So what?

As I said, I use the same two passwords for all the sites that mean little to me. Sure, if you get hold of it, you can post in my name not to one, but to 20 forums. The sky is falling. Seriously, it would cost me more headache to change all those passwords than it would to lose access to all of those sites.

Risk analysis is not only for companies. Before implementing some security method, always ask yourself what the actual threat is. My bank account, of course, has two-factor authentication and an SMS-TAN system.

Re:How to make any antivirus software safer?

[geekmux]

Perhaps anti-virus wouldn't be even necessary if there were less users infected with anti-intelligence.

So tired of this bullshit argument.

I've been working in infosec for 20 years.

For about half of that time, I also said that "lusers" are the main problem.

Then one day I grew up and realized that they are just being humans and that's a bullshit excuse for not doing my job properly...

Not doing your job properly?

I expect an adult to burn their hand once on the stove.

I expect an idiot to do that over and over again.

And idiot-proofing UIs these days has enabled more and more ignorance to sit behind the keyboard. Computers have literally been re-designed For Dummies now, which is exactly why "lusers" do the same stupid shit over and over again, no matter how many times I've done my job to try and teach them.

And if you can't deal with people being people, you don't fucking belong into information security.

We continue to deal with idiots because we're paid well. No one works IT or InfoSec because it's a stress-free job where you're never on call, and can rest easy knowing you've learned all there is to know about your job after 4 years of school.

Re:How to make any antivirus software safer?

[Tom]

I expect an idiot to do that over and over again.

You need to go back to university and take a couple lessons in design. Not UI-design, ordinary design.

If the door doesn't visually indicate if you need to push or pull, people will mix it, even if there are signs that say "push" or "pull". In fact, every time you see one of those labels, a door designer fucked it up. The same way that every time you see an IT "expert" blaming stupid idiot losers, a UI designer fucked it up.

Computers have literally been re-designed For Dummies now

The eliteism strong with this one is.

Guess what, if you build something useful, people want to use it. If that's a surprise, university might be too advanced.

no matter how many times I've done my job to try and teach them.

If you teach something and people don't learn it - maybe you're not teaching it right?

We continue to deal with idiots because we're paid well.

I don't deal with idiots.

I deal with humans. Humans whose job is not to nurse my IT system, but to manage the production line, or run the legal department, or properly calculate the company tax statement. I'm paid not for making their life more difficult or claiming they are idiots. I'm paid for making the company secure with as little productivity impact as possible.

Human beings make mistakes. Some of them repeatedly. A good fraction of us wouldn't be here if our parents hadn't made a few mistakes. Designing secure systems around failable components is half the challenge.

Now spying is a concern

[evanh]

all of a sudden. What happened to "I've got nothing to hide."?

Re:Now spying is a concern

[Freischutz]

all of a sudden. What happened to "I've got nothing to hide."?

I expect the banks are quite rightly concerned the Russians will use the data on their customer's tax cheating as 'kompromat' to blackmail them but then to be fair to the banks they've never pretended they have nothing to hide which is why we have had the concept of bank secrecy almost as long as we've had banks. I expect expect many other kinds of companies are concerned with trade secrets escaping to Russia which I'd think is a legitimate concern. A more interesting question to ask, however, is does anybody want to bet that the US Government hasn't bullied half of Silicone Valley to do the same with everything from anti-virus software through popular office suites to fruit ninja games?

Re:Now spying is a concern

[thegarbz]

The American government are the biggest advocate for the removal of this software. The message is still consistent.

Re:Now spying is a concern

[MightyMartian]

Well, on the balance, I'd sooner have the NSA spying on me than the FSB, with all those ties to Eastern European organized crime. I can't sort out why anyone ever put Russian AV software on their computer. Why not write their credit card info on some sandwich boards and put them around town.

Re:Now spying is a concern

[thegarbz]

So what? Have you had your credit card stolen before? Fake purchases made in your name? I have, and I cleared the entire "drama" with a 5 minute phone call and 2 min filling out an online form.

On the other hand your local government has the power to properly fuck up your life. I'd wager there's lots of people who put far more trust in Russian controlled stuff than that of their own government.

Third red scare

[CptLoRes]

Who would have thought that the third red scare started in IT..

Re:Third red scare

[dunkelfalke]

It didn't. But the difference between this red scare and the previous two ones is that nowadays there is a lot more trade between the USA and Russia. Nowadays there are companies that would directly benefit from a red scare if they manage to link their competitors - even if that link is imaginary - to the Russian government. SpaceX tried to do that to the ULA, this whole Kaspersky stuff is probably driven by Symantec.

Re:Third red scare

[Tom]

this whole Kaspersky stuff is probably driven by Symantec.

Or just some state official who follows Trumps advise to put American companies first...

"Follow the money" is always a good idea.

Re:Third red scare

[phayes]

_Gifts_ to Russia peaked during WWII when Stalin pretended to be an ally. Gifts ended when Stalin went back on his promises and annexed eastern Europe.

Russia, over the past century has generally preferred to advance it's own interests over that of it's neighbors (often violently) and has thus been an enemy much more often than a friend.

Re:Third red scare

[MightyMartian]

Oh fuck me. Here I was thinking the Iron Curtain, the Berlin Wall, the Warsaw Pact, along with the US and later NATO policy of containment were all part of a large scale geopolitical struggle that flew just below war level of hostility, and through various proxies wars, did involve direct gunfire between Soviet and US proxies. But now it turns out that it was just some politicians!

Fuck me, you Russian trolls are getting more frantic as you get outed.

Re:Third red scare

[Boutzev]

Uh, can you point us a single country that prefers its neighbours' interrests to their own ?

Re:Third red scare

[phayes]

Some nations, like the USA after WWII and Europe when forming the EEC saw that satisfying their neighbors interests served their interests better than selfishly promoting their own interests to the exclusion of their neighbors. I'll admit that that was awkwardly phrased, but you should be able to understand my meaning unless you're intellectually blindfolded.

Re:Third red scare

[david_thornley]

Historically, Stalin was an ally. We needed Nazi Germany taken down, and we needed the Red Army to do it without nukes. Nazi Germany was considerably worse than the Soviet Union, which is why the Nazis had to go while we could live with the Communists.

One significant breakdown was the 1944 Warsaw Uprising. Stalin called for the Poles to try to take Warsaw from within while his armies joined up, to keep a faltering offensive moving. When the Germans stopped his forces well short of Warsaw, he apparently preferred people to believe that he deliberately provoked Germany to kill Poles than that the German army could stop him.

Re:Third red scare

[phayes]

Historically, Stalin was a genocidal maniac with absolutely no self limits on invading and annexing neighbouring states: Finland, Lithuania, Estonia, Latvia and then through his connivance with Hitler eastern Poland. No-one with any objectivity doubts that Stalin fully intended on betraying Hitler and the only reason Stalin ended up allied to the west is because Hitler struck first.

Stalin didn't "apparently" halt his offense before Warsaw he _intentionnally_ told his forces to wait until the Germans killed off all opposition because a second Katyn massacre would be too hard to swallow even for his hard-core supporters.

Re:Third red scare

[david_thornley]

Stalin was interested in annexing parts of what had been the Russian Empire, and didn't push too hard on that. He took advantage of the power vacuum created with the defeat of Nazi Germany to make puppet states. Considering what had happened to the Soviet Union, he had legitimate reasons to fear Western aggression.

IIRC, you'll find Erickson, "The Road to Berlin", to describe what went on with the Soviet offensive during the Warsaw Uprising. The Germans threw in four Panzer divisions, two of them in bad shape, and at least one Tiger battalion. They definitely wanted to stop the Red Army in front of Warsaw.

Re:Third red scare

[phayes]

Good to know that you think that Stalin's murderous acts upon neighboring countries and everyone else that opposed him were "justified" because they concerned "parts of what had been the russian empire". Yup, everyone else is a serf and must kowtow to whoever controls the Kremlin. Why? Because the Kremlin says so.

Stalin's ambitions were for far more than just those parts of the globe that had once been under kremlin rule. His ambitions were to extend his sway of murder and genocide to all Europe and the rest of the world and had plans to double-cross Hitler that only became moot when Hitler double-crossed him first.

Thanks for the ref. If I ever find the time to plunge back into all my WWII references (Liddle-Hart, Guderian, D'Este, Keegan, etc) I'll add it.

Re:Third red scare

[david_thornley]

Good to know your reading comprehension sucks. You said Stalin had no limits, but in practice he did. I was assuming we all had some idea of how evil Stalin was.

Re:Third red scare

[phayes]

Stalin had no moral limits, that doesn't mean that he had no material limits. Stalin using the Germans to kill of his future opposition is not proof of any moral limits, just that he judged that it would be a better means to his nefarious ends. But then, it's impossible to reason with the true believers of the dialectic such as you increasingly are proving to be.

Kasperky interest

My well informed sources tell me that Kaspersky is the best, and unless I think I am of interest to the Russian government, I have nothing to worry about. However, if I am of interest to any suitably equipped government, then I am doomed.... Anyone who has been following the NSA leaks for the last few years, and efforts like intercepting networking equipment before it is delivered, must realize that as an intelligence target you have to assume you are compromised.

Re:Kasperky interest

[Opportunist]

Well, "the best"... KAV is one of the top AV solutions out there right now, but there's quite a few good products to choose from if you're really convinced you don't want KAV in your life.

12 hours later

[n329619]

Security consultants found out all other anti-virus do the same time.
-Scan for virus
-Upload samples
- Delete virus

15 hours later
Security consultants now recommend PC without anti-virus.

U.S products?

Some security companies are being told to only provide U.S. products.

If there is one thing I would trust less than a Russian security product it is a U.S. security product. The U.S. have a far worse record in this regard.

Is Kaspersky Software on Voting machines?

Given Putin kills, imprisons, arrests people and businesses who oppose him, and given Russia's cyber attacks on the USA, you have to consider that Kaspersky may not have a choice in the matter. With so many KGB people involved there, it's probably better to be safe than sorry here and remove their software. There is actual evidence (see link below citing an Israeli hack into Kaspersky).

I wonder how many of those voting machines in the USA have Kaspersky anti virus installed on them, how many computers dealing with election rolls, and absentee ballots and vote counting. Can you really risk Russian software on voting systems when you know Russia has attacked the elections?

https://www.theguardian.com/technology/2017/oct/11/israel-hack-uncovered-russian-spies-use-kaspersky-lab-2015-report-us-software-federal-government

"While the Israeli spies were inside Kaspersky’s systems, they observed Russian spies in turn using the company’s tools to spy on American spies, the New York Times reports. That information, handed to the US, led to the decision in September to end the use of the company’s software across the federal government by December."

"But it still leaves many further questions unanswered. Crucially for Kaspersky, the Israeli hack apparently failed to provide enough information to determine whether it was a willing, or even knowing, participant in the Russian espionage."

"The Russian government exercises tight control over domestic and foreign high-tech industries operating within its borders. In June 2017, it began demanding the source code for certain software imported, ostensibly to search for “backdoors” inserted by foreign intelligence agencies. In practice, it’s widely believed that the Russian security agency scans the source code for undisclosed vulnerabilities it can use to improve its own hacking prowess."

Re:Is Kaspersky Software on Voting machines?

[Boutzev]

This is ridiculous. The whole world uses US software that provides full access to US three letter agencies, but now it is a big issue that Kaspersky happens to be a Russian company.

The only proof I have seen is talk about a security vulnerability discovered by Israeli intelligence in Kaspersky, which they reported to the US government. There is absolutely no proof of it being intentionally put there. Considering that Kaspersky does provide their source code to US based agencies, it is not very likely they would place anything intentionally and risking loosing their business. It doesn't make sense.

For common people in the US, it is probably safer to use Kaspersky rather than any US based software. Though it won't stop the three letter agencies from spying on you - they can do this through your OS, your smartphone, your TV set, through your ISP or your email provider ... Kaspersky won't help you much.

Re:Is Kaspersky Software on Voting machines?

[DrXym]

Using software from your main adversary is profoundly bad security. The same is true when Russia uses US software.

Antivirus software is second only to the operating system in terms of privilege and therefore makes an ideal attack vector. I bet most AV software is more than capable of maliciously stealing files, keystrokes, or planting a trojan if they were so directed.

Re: Is Kaspersky Software on Voting machines?

[orlanz]

Why is this ridiculous?!? A country believes they discovered another country's (adversarial one) spy vector. And YOU think it's perfectly sane to not say or do anything about it?

Re:Is Kaspersky Software on Voting machines?

Well obviously it's not safer. USA was attacked, the election rolls data was hacked by hackers identified as Russian state sponsored actors. Likewise two election software vendors were attacked.

If they've seen evidence of Russian spies using Kaspersky software to spy on the USA, it would obviously be a major danger to let them access your election systems and other critical systems.

At best they might simply collect intelligence and steal business secrets. At worst they might put a Russian puppet in the Whitehouse and undermine the US, divide it from its allies, undermine its trade, attempt to divide its people, and obstruct any help for allied countries when under attack from Russia (e.g. like blocking "lethal weapons" from being sold to Ukraine).

So obviously it would make sense not to use a known attack vector onto those systems.

Re:Is Kaspersky Software on Voting machines?

[TheCarp]

I don't consider Russia an adversary;

Russia has never taken my money and lied to me about what it was being used for. Russia has never used my tax dollars to commit heinous acts of torture. Russia has never arrested my countrymen over what they choose to put in their own bodies.

Washington is our adversary.

Re:Is Kaspersky Software on Voting machines?

[phayes]

If you truly don't care about Russian aggression and think that the grass is so green over there then you would _emigrate_ to Russia. You'd discover that Russia's treatment of it's drug users, lies to it's population and use of your tax rubles are far far worse than the USAs.

But you wont do that because you prefer whining to acting on it and because deep down you know Russia is worse four it's citizens than the U.S for everyone who isn't in Putin's list of favorites.

Re:Is Kaspersky Software on Voting machines?

[Boutzev]

Yes, poor victim USA, always attacked, never attacking first.

Re: Is Kaspersky Software on Voting machines?

[Boutzev]

No civilian assassinations, are you kidding ? I guess that what happens when you start deciding who is civilian by yourself. Duh.

Re:Is Kaspersky Software on Voting machines?

[Bing+Tsher+E]

Oh my god. Then, isn't it obvious? Computer software and hardware used for Elections should be open-source and subject to vigorous peer review. The systems used to conduct elections should not NEED anti-virus protection that is infested with spookware from ANY entity.

We have found the enemy, and it is us for allowing opaque un-auditable systems to be used in our elections.

Re:Is Kaspersky Software on Voting machines?

[XXongo]

https://www.theguardian.com/technology/2017/oct/11/israel-hack-uncovered-russian-spies-use-kaspersky-lab-2015-report-us-software-federal-government

The only proof I have seen is talk about a security vulnerability discovered by Israeli intelligence in Kaspersky, which they reported to the US government.

Uh, the "discovery" by Israeli intelligence that you're dismissing was not merely "a security vulnerability," but was watching Russians exploiting that security vulnerability and rifling through files.

This was not theoretical.

Re:Is Kaspersky Software on Voting machines?

[dunkelfalke]

You mean like Snowden?

Re:Is Kaspersky Software on Voting machines?

[Boutzev]

How do you know all that ? From US media or first hand experience of living in Russia ?

Re: Is Kaspersky Software on Voting machines?

[Boutzev]

It is ridiculous that YOU would believe some spy agency's words accusing another country spy agency of hacking while they where the ones doing the hacking in the first place. I would say you would be a fool to believe anything that a spy agency says to you. Unless there is independent technical research providing proof of software backdoors in Kaspersky, there is no point in believing any of these stories.

How about this - Kaspersky is the only AV that detects Israeli, CIA and otherwise malware and that's why it is being explicitly targetted by a smear campain. Does it sound plausible ?

Re:Is Kaspersky Software on Voting machines?

[Boutzev]

Computer hardware and software should NOT be used in elections in the first place.

Paper ballots work perfectly well until now.

Re:Is Kaspersky Software on Voting machines?

[mr.mctibbs]

Nothing you said is relevant to GP's point, which is that Russia is not his, or our, adversary. It might be a shitty place to live, in which case their government is an adversary of their people, but that doesn't make it *our* adversary. The only people who think Russia is a threat to the US are the people who think the US should be trying to control the whole damned world, and if you're one of them, then you're *my* adversary and I'm glad that you've been squirming since November.

Re:Is Kaspersky Software on Voting machines?

[Boutzev]

Right, it is a nice tale by an intelligence agency without any actual proof. An agency that would profit directly from the destruction of this AV company - the only massively used AV that happens to detect this same agency's malware.

Re: Is Kaspersky Software on Voting machines?

[orlanz]

Why does it matter what I or anyone else personally believes in this situation? A large government organization has basically banned a vendor. The reason they gave is irrelevant if you want to be involved in any business with said government. And most large organizations... are involved with this government.

Additionally there is the market liability part of this equation if you do any business in the US. Let's say the Russians ARE spying through the AV software and a company's customer data ends up being used there and traced back to said spying. Forget the last part. Can you even begin to imagine the legal fallout of that situation? Your defense lawyer can't argue your post to a federal judge. "Oh your honor, we thought we would be fools to listen to an intelligence agency."

People aren't as stupid as you think. They just have a better understanding of how the real world works.

Re:Is Kaspersky Software on Voting machines?

[phayes]

Oh really? Russia's destabilization of eastern europe in their mission to retake their "zone of influence" _hasn't_ impacted my relatives there or defense spending here in western europe & the USA? Clearly, it has and your claims are false.

Add to that Russia's military support of that murderous bastard Assad. That support _didn't_ allow the bastard to gas and bomb any and all that opposed him (but starting by massacring the moderates first) instead of pushing for or even just allowing for democratic changes? That russian support of Assad _didn't_ produce a refugee crisis dwarfing anything seen in Europe since the last days of WWII? That refugee crisis _hasn't caused a growth of hateful far-right parties throughout Europe?

Russia _hasn't_ been looking to cause unrest in the west with their repeated meddling in our elections and support of hate groups?!?

Putin _didn't_ organize the biggest war games in a a 1/4 century based on a scenario separating Poland from Lithuania and annexing a corridor to rejoin Kaliningrad to Belorussia? They _haven't_ been playing chicken with their bombers performing bombing runs on western nations like Norway, Denmark, Germany, The U.K & France?

Russia _hasn't_ been protecting North Korea while they've been acquiring Nukes, Missiles and performing economic warfare over the Internet? They _didn't_ just give North Korea a second Internet access so that they can augment their hacking?

Oh, but they _____HAVE_____ been doing that and more!

The only people who think that Russia _isn't_ a threat to the USA & Europe are the ignorant and the Putin-bought trolls. Which one are you? Ignorant or bought?

Re:Is Kaspersky Software on Voting machines?

[phayes]

I have traveled to Eastern Europe & Russia, have family in FUSSR countries and have a circle of friends that includes both pro & anti Putin Russian expats. You?

Re:Is Kaspersky Software on Voting machines?

[phayes]

If you think you could trust his answer, ask him if he wanted to move to Russia with it's glorious "freedom", His past declarations are that he is not in Russia by choice.

Re:Is Kaspersky Software on Voting machines?

[dunkelfalke]

Well, he is not in a prison, so he certainly has more freedom. If I had the choice between an American prison and living in Russia, I'd choose Russia any day.

Re:Is Kaspersky Software on Voting machines?

[XXongo]

Right, dismiss everything that doesn't accord with your worldview.

Re:Is Kaspersky Software on Voting machines?

[phayes]

Then, Not like Snowden...

Re:Is Kaspersky Software on Voting machines?

[thejynxed]

Are you kidding me? The mess in Syria can be laid directly at the feet of the "We must remove Assad at any costs" crowd formed out of leadership of Israel, Germany, the UK, France and the USA. In particular Merkel, Bush, and then Obama.

BTW, it had nothing at all to do with how Assad was behaving, but everything to do with oil and gas pipelines that the Russians were building at Assad's behest to go around Europe and Israel.

We've seen the pictures of McCain and others meeting with known terrorists in Syria. We know all about Clinton giving cash and weapons to known terrorist groups in Syria. We know about Merkel and others giving their approval to target civilian areas in Syria with missile and drone strikes because they supported Assad, yet somehow it's "The Russians" who caused the mess.

Re: Is Kaspersky Software on Voting machines?

[Megol]

So here I'm apparently trolling according to some.
This when the one I responded to have _made_something_up_ in order to ridicule what _he_ responded to. Something that wasn't stated plain and clear nor implied.
NB the post I responded to didn't even begin touching what _was_ written in the earlier post. Which was that the evidence is suspect and that we have more reasons to suspect US* software than Russian*. Orlanz didn't even reply to was stated by the previous post - what I would consider a trolling tactic.

And I'm trolling? If the PP are imagining things in the previous post _that_aren't_there_ isn't it a valid question to ask if that is something he experiences otherwise in daily life?

(* of course most software today aren't made in one country)

Re:Is Kaspersky Software on Voting machines?

[phayes]

This “we must remove Assad at any price club” of yours is only in your mind and in that of other Putin mouthpieces. Even under Obama getting the US, France, Germany, the UK & Israel in agreement on Middle East policy was worse than herding cats. That they all agree that _Putin’s_ policies were oriented on murdering all moderate Syrian opposition before moving on to Daesh merely shows how transparent that lie was.

That _you_ would proffer it and others like “It’s all about _OIL_!” in oil poor Syria merely shows how deep into Putin’s propaganda machine you are.

Re:Is Kaspersky Software on Voting machines?

[david_thornley]

If he moved to Russia, then the Russian government would be taking his tax money to do what he considers evil things. Since he lives in the US, the US government is taking his tax money to do what he considers evil things. Therefore, Russia is not his personal adversary as long as he lives in the US.

This isn't an endorsement of what Russia does to Russian citizens and residents, which is considerably worse than what the US does to US citizens and residents. Similarly, if I say I'm in more danger from muggers than from ISIS, it isn't because I think ISIS is harmless; it's because ISIS is distant and there are muggers in my city.

Re:Is Kaspersky Software on Voting machines?

[david_thornley]

What you are saying is that the US government and many US businesses shouldn't use Kaspersky, and I fully agree with that. What I'm saying is that I'm not an agent of the US government and I don't have secret business information on my laptop, so your arguments don't apply to my personal use.

Re: Is Kaspersky Software on Voting machines?

[orlanz]

No it's not binary. But the world doesn't work the way you are thinking. Those who have chosen not to do business with one or both sides are a minority. The rest of us make the decisions to keep doing business and move on.

Re:Is Kaspersky Software on Voting machines?

[phayes]

When complaining that one's government policies are unsatisfactory a sane person does not then take as a model one that is _clearly_worse_.

I have many bones to pick with both of the countries of which I am a citizen but am not crazy enough to claim that _Putin's_ Russia is in any way better.

Re:Is Kaspersky Software on Voting machines?

[david_thornley]

Except that the guy in question wasn't claiming that Russia was any better, or even as good. He was strictly talking about what the US and Russia had done to him, and with his money. He doesn't pay Russian taxes. He doesn't see people he knows thrown into Russian prisons.

Are we agreed that the government of Russia is in more need of change than the government of the US? However, I do attempt to exert some influence to change the US government, and not the Russian government. The Russian government is basically the problem of the Russians, and the US government is basically the problem of the US populace. The Russian government has no legal power over me, and the US government does. Therefore, what the US government does influences me more, and I'm of more interest to the US government.

Re:Is Kaspersky Software on Voting machines?

[phayes]

No. Hell no, you hair splitting Stalin apologist.

When one is against the sexual exploitation of small children, one is against _all_ pedophiles, not just the one that abused you.

The guy >I replied to whined about the USG while giving Russia a free pass, thus hes's clearly _not_ against governments taking money away or committing acts of heinous torture.

Re:Is Kaspersky Software on Voting machines?

[david_thornley]

You don't seem to realize that neither the guy in question nor I are excusing anything that happened in Russia or the Soviet Union. The question we're addressing is not which is worse (Russia, by a big margin), but which we're more concerned about (our government, typically by a big margin). I can vote, write to my Congressional representatives, and kick in money to influence US politics, and the governments in the US are what have authority over me.

Is it reasonable for me to complain about something my government does without going through a list of all worse governments, starting with North Korea?

Re:Is Kaspersky Software on Voting machines?

[phayes]

One does not fight pedophilia by complaining about one pedophile and urging people to send victims to even worse pedophiles. That is the mistake that the original poster made and you're defence of the second merely shows that yours sympathies lie with the second pedophile more than in fighting pedophilia.

Re:Is Kaspersky Software on Voting machines?

[david_thornley]

Of course not. Ideally, you get people away from the worse child molester, but this is international politics. However, if there's a child molester here and a worse one some distance away, it might be better to deal with the close one.

Do you really think that anybody is advocating moving to Russia because of problems with the US government? If so, you're wrong. Accept that nobody is defending the Russian government or advocating moving there, and reason from there.

Re:Is Kaspersky Software on Voting machines?

[phayes]

Who claims that there is some kind of ideal? Not me, but stop attempting to blur the lines between the truly horrible regimes like Putin's Russia and states that have more liberties.

Unless you're a fool or a (Putin) tool you do not jump from the frying pan into the even hotter fire.

There _are_ those like TheCarp and you that falsely present Russia as freer than the west, but for some of us, Russia is _NOT_ a far off minor danger to our liberties but the nearby aggressive expansionist repressive regime that it really is.

Is Putin's Russia the equal of the fUSSR at the hight of it's power? No, clearly not, but your attempt to present it as just another red scare ignores every repressive step Putin has taken since his accession to power: repression of all dissent, repeated encroachments/annexations, ever-mounting belligerence, etc.

Titling

[cloud.pt]

"Dodging Russian Spies..." not only sounds like "Dodgy Russian Spies", but it also presents a reason before an actual fact on a news/article/post header. This is a perfect example of psychologically loaded news, more even so than clickbait but it actually also is clickbait as they go for the "cold-warish" juicy part of the topic first.

Now seriously, stop doing titles like this, and don't enable them by allowing such stuff verbatim on slashdot from the original biased, flawed source.

Re:Titling

[Xenographic]

Funny thing is that there's a far more interesting technical article about all of this out there that's totally ignored because it was written by Kaspersky. Yet nobody cares that this article is from the Daily Beast, as if we didn't know Chelsea Clinton was there...

or maybe...

[Tom]

The problem isn't so much in the horse and pony show, but in the fact that you install software on your devices which you bought from an external party and allow it to read all your data. I mean, if that is not a leap of faith, I don't know what qualifies as one.

Proper compartmentalisation would solve this issue. Let the virus scanner manage only incoming data, have defined communication channels for pattern updates, don't let it phone home. Keep your data in trusted DMS. Use non-rich data formats (why people use MS Word to write a letter is beyond me). Stop putting convenience above security.

And think three steps. "Only US companies" - seriously? Because it would be so incredibly difficult for some Russians to start a US company, right? Because your US company doesn't get half its hardware from China, right? And because it absolutely didn't outsource its software development to India.

Re: or maybe...

[Tom]

Depends on the secret. Where you buried the body? Definitely not something you want in a searchable medium.

But it can actually be as simple as having properly defined boundaries. If I convert all e-mails that my top-secret people need to read into plain ASCII text before sending them on, and remove any base64 encoded parts, the chance of getting a malware infection is reasonably low. Of course the convenience factor is low as well, but that's the trade-off. You want to work in a nuclear reactor? Here's your safety gear.

Why we understand this in physical security, but in IT security we think cleaning the reactor core in jeans and T-shirts should be possible?

The current opensource

[DrYak]

The problem is that the current open source implementation,
CalmAV,
was bought by and is currently developed by... Cisco.

Okay, it's opensource, so at least independent researcher can go and check whether it contains any underhanded code.
But still, it's not an international cooperation of several vendors.

Also, currently it's not the top performing of the pack.

On the other hand, that doesn't prevent me from using it.

Are they replacing it?

[houghi]

Assume the Russians have access and everything is true. So what are they replacing it with? Most likely something that the NSA has access to. If they have access to it, you can bet that the Russians have as well. So you are not excluding the Russians, you are including the rest.

Because since when is the NSA actually concerned about our data, besides for when they want access to it?

"Some security companies are being told to [...]

[Panopticon1]

[...] only provide U.S. products. " What an amazing coincidence!

Tackle the underlying problem

[SlashDread]

- remove MS WIndows.

Sad In A Way

Regardless of whether it's true that the FSB has some kind of backdoor access to Kaspersky products, the company is likely doomed. They might manage to eek out an existence primarily in Russia, but as a shell of the company in its glory days.

While US spy agencies don't do themselves any favors by publicly saying they want to have a backdoor to any and all encryption methods, the US and Russia are very different places. Get on Putin's bad side and you could find yourself being thrown in jail for (no pun intended) trumped up charges, your company nationalized, and all of your assets seized by the government. When is the last time that happened in the US?

Re:Sad In A Way

[Opportunist]

Doomed? Just because the US goes apeshit? Please. The US is a pretty big market, all right, but the rest of the world is plenty enough to keep an antivirus company afloat.

Re:Sad In A Way

[phayes]

Until "the rest of the world" also decides that Putin cannot be trusted.

Banks and public entities in Europe are also looking to remove Kaspersky products. I've seen it on a number of projects already.

Re:Sad In A Way

[Opportunist]

Odd. I haven't. And you'd think I'd be one of the first people to know something like this, considering I'm responsible for the security of a number of them...

Re:Sad In A Way

[phayes]

Thus the danger in assuming that ones anecdotal experience is universal. A claim that I'm not making, just that I have seen movement

Re:Sad In A Way

[david_thornley]

Get on Putin's bad side and you could find yourself being thrown in jail for (no pun intended) trumped up charges, your company nationalized, and all of your assets seized by the government.

Except that Putin doesn't do that to US citizens in the US. Since I'm a US citizen and resident, I'm not personally worried about what Putin will do to his enemies. (I deplore it, of course, but I don't see that I can do much about it.). Similarly, ISIS is far more evil than typical US criminals, but I'm still more worried about getting mugged by a US citizen with no particular ideology than I am about getting personally harmed by ISIS.

Only in America

[Opportunist]

I've taken a look and so far, I cannot find any non-US sources (or at least none that aren't VERY US-friendly, to put it mildly) that even talk about it.

It this like Creationism? Yet another thing the US goes apeshit over that nobody else with half a brain takes seriously?

Hmmm

[hyades1]

When is the last time that happened in the US?

Not sure. You might want to ask Kim Dotcom if he could answer that for you. Or some old lady in West Trumplandia who ran afoul of the RIAA when her granddaughter downloaded a Disney movie improperly.

Tell me it isn't so...

[bobbied]

Given the government's open rejection of this company's products and the scuttlebutt about how they are a front for Russian spying, how's this a surprise?

Call it mass hysteria if you must, but who would want to leave this product in charge of you computers?

But what to pick to replace it? Yea, now that's a good question for a windows shop.

Translation

[Opportunist]

Those fuckin' Russkies want to play hardball, find our government trojans and report them to the users and don't let us install backdoors in their software!

Experts?

[sjbe]

Kaspersky is popular because it wins at independent tests run by experts.

You forgot the air quotes around "experts"

Re:Sources FO with your Sources

[rtb61]

The awful thing is, it is so bad, so poorly done. Going to do propaganda, at least do a reasonable effort. The thing is, what is really exposed, is not only how they cheat us but how they cheat each other. Those doing the leg work of propaganda seem to no longer care how many people they convince of anything, just how well they can convince the people paying them, how effective that propaganda is, even and especially when it isn't. The propaganda is no longer targeted at us but at the people paying for it. Which is why the utter failures of propaganda come as such a surprise to them. When you pay people to lie, cheat and steal for you, never ever be surprised when they lie, cheat and steal from you.

Re: more usa government paranoia and fud - how bor

Always assume all anonymous posts are Russian shills, CIA operatives, AND corporate marketing folks. âoeNever trust anything if you donâ(TM)t know where it keeps its brain.â â" my favorite Harry Potter quote.
(Posted anonymously for max irony.)

Citations [Re: All together?

[XXongo]

Citation needed.

http://time.com/4783932/inside-russia-social-media-war-america/
https://www.nytimes.com/2017/09/07/us/politics/russia-facebook-twitter-election.html
https://www.newyorker.com/magazine/2017/03/06/trump-putin-and-the-new-cold-war
https://www.newsmax.com/Politics/james-clapper-absolutely-russia-interfered/2017/05/30/id/793102/
http://www.nationalreview.com/article/448931/vladimir-putin-russian-election-interference-american-incompetence-weakness-helped-it

I'd lay off the magic mushrooms.

Yeah, I know-- don't bother saying it: you're not going to read any of these because "that's all fake news because the mainstream media lies". Yeah. When you dismiss everything that confronts your entrenched position, yes of course you will never change your mind.

Re:Citations [Re: All together?

Rather belive the pravda than the NYT, yes media lie to you, they did it in the Iraq war and the continue to do it today.

Re:Fake news

[MightyMartian]

Seriously no, you're not an American. You're pretty obviously a Russian troll.

Trusting Third Parties

[sjbe]

Your virus software has to have root level access to every file on your system. If you want to access all the files on a computer clandestinely, providing AV software is a fine way to do it. Your AV software provider better be a friend.

This is exactly why I'm dubious of any third party AV product. I might not like Microsoft but at least their interests somewhat align with my own as malware is nothing but a cost to them. I have no reason to trust any third party AV vendor. They have no fundamental incentive to actually solve the problem because if there is no malware then they have no product to sell. In my experience all of them have a long track record of making products that cost a lot of money and don't work very well even under the best circumstances.

To my way of thinking the OS vendor should be the primary party responsible for protecting their own product if they sell it for money. I think that OS vendors also should be liable for security failures in their products that they are able to control with appropriate safe harbor provisions for OS vendors that make good faith efforts to do the Right Thing.

Re:Trusting Third Parties

[zilym]

I agree, except at the point where you are willing to trust Microsoft... Windows 10 shows us that Microsoft does not hold our privacy sacrosanct in the least. The leaked NSA tools further prove that relying on Microsoft is not going to protect you from being spied upon, by our gov't AND foreign entities. Even this whole Kaspersky fiasco shows that further NSA tools are likely being stolen, AS THEY ARE BEING WRITTEN!

At the very least, use Linux. Linux may have backdoors too, but at least it's open source, so you and others can at least attempt to identify and close those security holes. Closed source Microsoft products, forget about it. You're never going to be safe there.

Don't be deliberately stupid

[XXongo]

Using software from your main adversary is profoundly bad security. The same is true when Russia uses US software.

Antivirus software is second only to the operating system in terms of privilege and therefore makes an ideal attack vector. I bet most AV software is more than capable of maliciously stealing files, keystrokes, or planting a trojan if they were so directed.

I don't consider Russia an adversary;

Then you are stupid.

I don't mind people being stupid-- people are stupid sometimes; it happens. I do mind people being deliberately stupid because being stupid is the only way that they can defend their ideology.

If your idiotic ideology telling you "Washington is our enemy" and that means Russia is fine, you might consider changing your ideology to one that allows you to actually see the real world.

Re:Don't be deliberately stupid

[david_thornley]

Then your reading comprehension sucks. GP said Russia wasn't his adversary. He didn't say that Russia isn't an adversary of the US, and he didn't say that Russia wouldn't be his adversary if he moved to Russia.

Re:Don't be deliberately stupid

[TheCarp]

Who said Russia is fine? Russia isn't my problem, not by a long shot. Washington is actively harmful to the people where I live.

Switch to Comodo? That's the one the NSA/CIA hated

[EnOne]

I remember from the Snowden leaks that the antivirus software that the NSA hated the most was Comodo.

CIA, described as: “a colossal pain in the posterior.” “It literally catches everything until you tell it not to, including standard windows services (say what?!?),” the documents state.

Dodging Russian spies

[argStyopa]

...except these same paranoid people cheerfully carry around 24/7 a portable high-resolution audio and video recording device that we've all known can be activated remotely, have all their most personal and intimate data on it, as well as a GPS tracker AND PAY FOR THE BANDWIDTH THEMSELVES. /people

Re:Dodging Russian spies

[david_thornley]

I carry one constantly wherever I'm going somewhere and I don't care if US three-letter agencies know I'm going there. I put information on there that I don't care if the same agencies get.

Incorrect Corrective Action

[Spinlock_1977]

If your anti-spyware software contains spyware, do you really think uninstalling ("ripping out Kaspersky") will remove the spyware? Any machine suspected of compromise must be reformatted from scratch. And even that doesn't provide 100% coverage since some spyware can hide in motherboard-resident flash memory and other pockets of non-volatile memory strewn about modern systems.

OS vendors vs AV vendors

[sjbe]

I agree, except at the point where you are willing to trust Microsoft... Windows 10 shows us that Microsoft does not hold our privacy sacrosanct in the least.

No I don't trust Microsoft either but there is an important difference. You have to deal with Microsoft if you are running Windows. Any privacy or security issues with them are going to exist whether or not you involve a third party AV vendor. AV vendors are as much a threat vector as they are a security blanket in my opinion even if you ignore the performance hit you take from using their (usually shit) products.

At the very least, use Linux.

Not really an option in many cases. Nothing against linux but many users have to use Windows for one reason or another. Once you are on the platform you have to deal with Microsoft but I'd be reluctant to involve additional security vendors if I don't absolutely have to.

Re:OS vendors vs AV vendors

[Ol+Olsoc]

Not really an option in many cases. Nothing against linux but many users have to use Windows for one reason or another. Once you are on the platform you have to deal with Microsoft but I'd be reluctant to involve additional security vendors if I don't absolutely have to.

Well then you have to take as much shit as Microsoft feels like giving you. My sympathy is you have no opetion other than Microsoft. That's like an abusive marriage where teh abused partner won't leave because he or she feels they have no choice.

What really happened...

[eth1]

...is that Russia has compromised one of the OTHER A/V products, and are trying to get people to switch of of Kaspersky so it's more likely they'll use the compromised one. :P

Problem solved years ago...

[higuita]

Problem solved years ago... i use linux! :D

Re:Sources FO with your Sources

[Ol+Olsoc]

Could you get someone that knows "American" to rewrite that for ya, Mikhail?

I trust Kaspersky

[OrangeTide]

more than I trust Symantec. With Kaspersky at least the Russian spies won't find my computer bogged down.

"only provide U.S. products"

[TheDarkener]

Because we all know U.S. products *never, ever, ever* contain backdoors.

This is lame. I don't care if it's software made in Russia, or the U.S., or Germany, or China. If the source is closed and locked away, I don't trust it by default.

Re:Correcting the Record

[Xenographic]

Parent was me, apparently I wasn't logged in.

I read all four of those articles. The only things they provide that are remotely verifiable are a fake Facebook account from one Melvin Redick of Harrisburg that talked about DCLeaks--real, actual, emails showing various bits of dirty dealing. There is no mention of anything to connect that account to Russia. If we're going to play "consider the source" then I'd like to point out that Chelsea Clinton is at the Daily Beast, which is the source of this particular Slashdot story.

I'd also like to point out that Correct the Record / ShareBlue employed thousands of "nerd virgins" (their own words) to create exactly this sort of fake account. And that seems especially funny given that Russia has been accused of stirring up dissent by supporting BLM and similar Democratic causes.

It's also funny that you talk about everything being "fake news" but we know the emails were real via DKIM headers I personally have showed everyone how to verify on Slashdot. And those same emails show how CNN colluded with the DNC to rig the debates as well as how the DNC went behind its own lawyer's backs to hold that secret fundraiser with the Washington Post. Things that anyone could legitimately be upset about independently of who (allegedly) revealed them to us.

Frankly, if this is what foreign "collusion" looks like--exposing American political corruption that our own media won't touch--I have trouble seeing why that's a bad thing. We should root out all political corruption, regardless of party. Of course, it helps if you have actual verifiable facts. Paying $100k for foreign spies to dig up ridiculous and unverifiable fanfics (AKA "raw intelligence") is just a little bit pathetic.

Dumb Title, Dumb content.

[dramason]

Anyways, if you need someone or their services to satisfy a specific need (in this case, your data safety and computer health), then you are vulnerable to those who have the capacity to satisfy those needs. That is life. Ikarus, McCafee, KIS and Malwarebytes are the most reliable and best suites for me.

EVIL Kaspersky

[grep+-v+'.*'+*]

OK, they're ALL out to get you. If you didn't pay for it, you're the product. I fear my local government more than a far-away one. I'm a minnow, no some plankton living in the social/financial sea. It's only metadata. If you've got nothing to hide, you've got nothing to fear. Ever uploaded something to VirusTotal/Google/MS/Amazon? If it's unencrypted in the cloud, it's probably now on someone's ELSE's cloud too. If encrypted, it's still fair game. KAV have good reviews. So I'll just leave this here and get my coat,

OVERVIEW
https://www.pcworld.com/articl...
https://www.av-test.org/en/ant...
http://chart.av-comparatives.o...

Free
https://usa.kaspersky.com/free...
https://www.bitdefender.com/su...
https://www.malwarebytes.com/m...
https://www.avira.com/en/free-...
https://home.sophos.com/
https://www.pandasecurity.com/...

Just PICK one just as long as it's not the default MS Defender. They couldn't stop it from getting in to start with, what makes you think their AV is going to do better?

Windows10 doing the same and worse

[Stan92057]

Yet they "Window 10 users" have no problems with the massive amounts of data/everything you do and being tattooed with an adverting number is ok..

Re:Windows10 doing the same and worse

[david_thornley]

Some Windows 10 users have serious problems with Microsoft spying. You can find instructions on how to at least apparently diminish it on the web. On the other hand, when you gotta use Windows you gotta use Windows.

Re:Trust the Russians more the Ameicans

[AHuxley]

To work on telling the world about
Flame, Stuxnet and the Equation Group https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...

Re:Sources FO with your Sources

[rtb61]

American, wot language that, perhaps https://en.wikipedia.org/wiki/..., surely you don't expect that. I think you mean that other language, the language of the poms https://en.wikipedia.org/wiki/..., you know from the colonies, as in prisoner of his or her majesty (don't wont to rile up feminists and apparantly they dislike that message so pretend it isn't true). Dude's that's called English, which apparently you lot don't know how to spell properly (that troublesome English spelling is just too hard to learn, zs and ss just too confusing and ou my how difficult). the crazy crap you septic tanks http://onlineslangdictionary.c... come up with. As I am not that rascist, perhaps a little but more culturalist than rascist, being called Russian, seems hardly a problem, is there any reason it should, assuming the Mikhail http://www.thinkbabynames.com/... is meant to be Russian rather than an anti-semetic swipe. Sure if you must know my great great grandmother the maid was diddled by her boss, twice mind you and dumped when he took off to the US to escape his responsibilities and changed his name. So if you feel the need to be anti-semetic, sure fine, not that I feel particularly Jewish but what ever (my religion being freedom, democracy and justice - the shared work of common effort - you might call that socialism).

Re:Sources FO with your Sources

[geminidomino]

Go Wolverines!

Re:Sources FO with your Sources

[Ol+Olsoc]

American, wot language that

Hook line and sinker!

Re:Sources FO with your Sources

[Ol+Olsoc]

Go Wolverines!

Eat more Possum!

Re:How to make any antivirus software safer:SELinu

[Tom]

SELinux suffers from a complexity flaw. Setting up a tight policy for a production system is not an easy task. I was evangelizing SELinux for many years (my name is in their contributors list). The complexity issue was clear from the start, I was always hoping it would be solved one day, but it still isn't.

So today you have SELinux in all the major distributions, but it's not really much used. Even if it is run in enforcing mode, the policy is very generous. That puts it on the level of a firewall - another layer of security, but it still lets a lot of stuff through.

A tightly configured SELinux is a very hard target. I went to hacker conferences a few times, put up my SELinux notebook and wrote IP address and root password on a piece of paper posted right above it. The real root password, with SSH root login enabled. One time a guy managed to put a file into the root home directory, because I had forgotten one policy rule. That's it. SELinux can be configured very tightly, but at that time, there were maybe two dozen people in the world who could do it. That's not acceptable for commercial purposes. Who wants a system where if you lose your one guy who can handle it, it might be impossible to find a replacement?

Re: Sources FO with your Sources

[Ol+Olsoc]

It's like no English I've ever seen.

Sigh.... "Speaking American" is a reference to Republican intellectual leader Saraah Palin, calling for immigrants to "speak American" https://www.inquisitr.com/2399...

Yes, almost all of us know that most Americans speak either English or Spanish. American is not a language except to idiots. So massive whooshies to y'all.

Re:Sources FO with your Sources

[david_thornley]

News flash: the leaked DNC emails have been old news for almost a year now. Nobody cares, except for Trump lovers who haven't realized that he won the election, or the ones who'd much rather point to other people rather than try to justify what their hero said or did.