Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky To Close Washington Office But Expand Non-State Sales (bloomberg.com)

Posted by msmash on from the interesting-times-ahead dept.

An anonymous reader shares a report: A Russian software-maker, whose products are banned for use in federal information systems by the U.S. government, is seeking to remain in the North American market and prove its products have no hidden capabilities. Kaspersky Lab Inc. will close its Washington D.C. office that was selling to the government and will keep working with non-federal customers in the U.S. via its remaining offices in the country, vice-president Anton Shingarev said in an interview in Moscow. The company also committed in October to open its product's source code to an independent third-party review and plans to open new offices in Chicago, Los Angeles and Toronto next year. "This allows independent experts to verify that our software has no hidden functionality, that it doesn't send your files to third parties, doesn't spy on you and fully complies with the end-user agreement," Shingarev said. The U.S. banned government use of Kaspersky software in September, citing founder Eugene Kaspersky's alleged ties to Russian intelligence and the possibility its products could function as "malicious actors" to compromise federal information systems. The move caused concern about the company's products in other markets, including the U.K.

25 of 65 comments (clear)

  1. Why not? by Arzaboa · · Score: 3, Insightful

    I have yet to see a compelling argument as to why I wouldn't use their product as a regular citizen. They do nothing different than any other anti-virus product when it comes to handling files. The only thing different than most is that their home country is Russia. Its not like the U.S. government doesn't have the exact same powers to subpoena a U.S. companies data, that the Russian government doesn't have to do to their own companies.

    --
    "I didn't do it" - B. Simpson

    1. Re:Why not? by phayes · · Score: 1, Insightful

      Really? One supposes that you would also question whether Weinstein should be trusted with young actresses. After all, "there have yet to have been compelling" proven arguments that he isn't a predator, just like Putin's Russia is.

      You really want to trust someone who has explicitly declared himself an enemy of an open press and the west with auto-update privileges on your PC that he could use to perform attacks on the west? Ooops, sorry about that DDOS on critical infrastructure, it was just an innocent error not at all related to Russia deciding to liberate the poor, suffering ethnically Russian 30% of the Estonian population from their oppressors? Oh and by the way I, Vladimir the Great have decided to annex those parts of Estonia that please me (and rejoin the Kaliningrad enclave with Mother Russia!)...

      Not me. I don't trust men like Putin who kill off those that disagree with him.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    2. Re:Why not? by Arzaboa · · Score: 3, Insightful

      I had never seen or heard that Putin ran Kapersky Labs. Turn this around and why would the Chinese use a U.S. companies anti-virus? After all, the U.S. wants a free Tibet.

      And again, when it comes to my personal info, wouldn't it be better to have a foreign government see my dirty laundry than the one that could prosecute me? (For the lawyers.... this is all supposition)

      Thank you for your interesting point of view though, which is why I asked the question. Why not?

      --
      "I didn't do it" - B. Simpson

    3. Re:Why not? by Freischutz · · Score: 2, Insightful

      Do you have any evidence that anything even remotely close this has ever happened? Or is this just paranoia talking?

      Since we seem to be incapable of differentiating between a company and a government these days, I'm curious why the same level of fear does not govern the rest of your purchases? I mean: That fancy phone you have? The Chinese are after you! Your Nintendo? The Japanese are watching. Your BMW/Mercedes? The Germans are coming! The Germans are coming! That cheese you bought? It could have been poisoned by french spies!

      Can't trust anyone! Food must be grown everyone, and aluminium hats must be smelted personally or they too cannot be trusted.

      There has been a claim to this effect by Israeli intelligence, i.e. that Kaspersky is a front for the FSB and they use it as a search engine to look for documents containing certain code words. They even claim to have hacked Russian systems and watched their Russian colleagues use Kaspersky's systems to run search jobs in real time:

      https://www.extremetech.com/in...

      I don't know if this is true but it sounds plausible. If you wanted to search millions of documents on millions of computers world wide for certain code words can you imagine a better way to do that than modifying an existing anti-virus program already widely installed on many computers world wide that scans every file on your hard disk searching for viruses with your explicit permission? Modifying a virus program to do this would be about as hard as bolting a trailer hook to the back of your car. Also the Defense Intelligence Agency has been flagging Kaspersky as a potential security threat for a few years now.

    4. Re:Why not? by Anonymous Coward · · Score: 1

      I think you misunderstood the article a little.
      In the case in question, an NSA employee took NSA created malware home with him and put it on his home computer. He ran Kaspersky anti-virus software at home. The AV software ran, and did what any good AV software should* - i.e. detect possible malware (i.e. the new NSA malware). The standard procedure for an AV is then to upload possible new threats to the AV company for analysis. This is normal behavior.

      Now, if the story you link is true, the communication or the Kaspersky server had been compromised by both the Israelis and the FSB. The FSB then searched the uploaded file against certain keywords (e..g "possible variant of NSAMalwareX"), and found the IP of person uploading a new variant of NSA malware, and hacked him.

      Keep in mind:
      - even with a hacked server, any search the FSB can do can only happen on files that were uploaded to the server.
      - only suspicious files are uploaded to the server
      - there is no evidence virus definition files were tampered with to detect (and hence upload) files with any sort of keywords.

      Certainly Kaspersky should not have let themselves be hacked, but Advanced Persistent Threats are tricky beasts, and ANY company is susceptible.
      The lesson from all this is that if you're an NSA employee developing new strains of classified malware to infest the internet with, you should probably take extra special care not to upload it external companies.

      * PS - the NSA pressures US AV companies to whitelist their malware so their crap is never detected. I argue this is worse behavior than getting hacked.

    5. Re:Why not? by Anonymous Coward · · Score: 1

      Are you suggesting you keep US government documents and company trade secrets on your personal computer? I believe there's a word for people like you.

      The word is idiot.

    6. Re:Why not? by phayes · · Score: 1

      When you live beneath a bridge it does tend to limit whet everyone else (besides the putin-bots) can see clearly.

      Putin controls anything and everything that he desires in Russia, either overtly or covertly. The day Putin decides that it is better to use this covert weapon of his (privileged access to all the files and data of those who use Kaspersky) _your_ bank accounts will mysteriously transferred elsewhere. Yeah, that's soooo much better...

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    7. Re:Why not? by phayes · · Score: 1

      But then you don't even have the courage to sign in so nobody cares what you think.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
  2. See? Here's some source code to review. by ScentCone · · Score: 1

    See? Here's some source code to review. And, here's a compiled binary that we promise, really, only contains that code. And all of our recurring updates will only be the same code you reviewed. Promise.

    --
    Don't disappoint your bird dog. Go to the range.
    1. Re:See? Here's some source code to review. by Anonymous Coward · · Score: 2, Funny

      See? Here's some source code to review. And, here's a compiled binary that we promise, really, only contains that code. And all of our recurring updates will only be the same code you reviewed. Promise.

      Said every company undergoing code review ever.

  3. Fopreign or Domestic by r_naked · · Score: 1, Informative

    I can understand the government not wanting another government spying on them, but as an individual, if I am going to have a government spying on me, I would rather that it be a foreign one.

    --
    -- http://anonet.org -- The internet the way it was meant to be. Check it out, you may be surprised.
    1. Re:Fopreign or Domestic by iggymanz · · Score: 1

      It is known the United States Government spies on its citizens illegally; the fact that our government is trying to paint Kaspersky as bad is laughable. Ditto for the UK government that is such a lackey and bitch of the U.S. one.

    2. Re:Fopreign or Domestic by Baron_Yam · · Score: 1

      > if I am going to have a government spying on me, I would rather that it be a foreign one.

      Not only that, but one that is currently considered at least somewhat 'hostile'. The UK's foreign, but they share data with the USA faster than Trump leaks it.

    3. Re: Fopreign or Domestic by Anonymous Coward · · Score: 1

      Edward Snowden.

      I bet you already knew that and were just being a jerk. We don't need any more evidence we just need our Constitution back.

    4. Re:Fopreign or Domestic by AHuxley · · Score: 1

      Yes given the past thinking around Magic Lantern (software) https://en.wikipedia.org/wiki/... and the US government wanting once trusted AV not to detect a FBI keystroke logger.

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:Fopreign or Domestic by AHuxley · · Score: 1

      The Church Committee https://en.wikipedia.org/wiki/... showed the US domestic spying to the US public.

      --
      Domestic spying is now "Benign Information Gathering"
    6. Re:Fopreign or Domestic by AHuxley · · Score: 1

      Re 'I have yet to see a compelling argument as to why I wouldn't use their product as a regular citizen."
      As a regular citizen help detect efforts like https://en.wikipedia.org/wiki/...
      Stuxnet
      Flame
      Equation Group https://en.wikipedia.org/wiki/...
      Help find real spying found in the wild and help network security research around the world.

      --
      Domestic spying is now "Benign Information Gathering"
    7. Re:Fopreign or Domestic by bobbied · · Score: 1

      Seriously? A committee of congress that last met in 1974 is your best evidence? Before the Internet ran faster than 300 baud? Before the invention of the smart phone? Before the first release of Linux? Before even DOS or the PC?

      I would content that since then, due to congressional oversight, this issue has been largely dealt with for decades.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    8. Re:Fopreign or Domestic by AHuxley · · Score: 1

      Re "best evidence?"

      That was the only time the US public got an understanding of what the NSA and CIA was doing domestically.
      The result was to be congressional oversight.
      The congressional oversight never worked and the CIA and NSA just kept collecting globally.
      They never stopped. The domestic spying never got dealt with as they never had to stop.
      NSA mass phone surveillance revealed by Edward Snowden ruled illegal (8 May 2015)
      https://www.theguardian.com/us...

      --
      Domestic spying is now "Benign Information Gathering"
  4. Same for nearly all "commercial" software. by Anonymous Coward · · Score: 1

    Everyone here probably already knows this but... Most software today is delivered AUTOMATICALLY in binary form. Most programs automatically download new binaries as soon as the developers make them available and happily installs and runs them, often without notifying you. Most people get all exited they are getting the "latest version" and generally consider this to be a good thing. The gigantic trust problem with automated binary software delivery is... even if you certify the software is A-OK today, they can push a new version to you tomorrow. that is NOT OK. This brings into question not what the software is, but what the developers might make of it some day in the future.

  5. Exact opposite feels for me by GrBear · · Score: 2, Insightful

    I went out of my way yesterday to buy Kaspersky AV since the US and EU decided to vilify them. Because screw 3 letter agencies.

    1. Re:Exact opposite feels for me by pezezin · · Score: 1

      The EU too? I didn't heard anything about it, if it's true, as an European citizen I'm very interested about it. Anyway, I have been using Kaspersky for years, and I just installed it on my uncle's computer...

  6. Because it's a false dilemma by Immerial · · Score: 3, Interesting

    You make it sound like there are only two choices: compromise your machine for the Americans or the Russians. Um, how about neither! Plus it's the "it's okay to have my machine compromised" attitude that seems so shilly (if that's a thing).

  7. what he meant by Anonymous Coward · · Score: 1

    What he meant is if the TLA demonize Kaspersky, that is because it throws a wrench in the gears of their evil works.

    And if you attempt to imply that TLAs are there to save the day for Average Joe, you watch way too many BS movies. They are actually likely to let a bombing plot that they know of be executed to capitalize on the tragedy and expand their illegal spying program.

  8. Personally, by Junior+Samples · · Score: 2

    I'm more concerned over the US government sanctioned Intel ME Backdoors contained in many of Intel's X86 processors.