News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • US government is banning, bad-mouthing Kaspersky. But why?

    Home Forums AskWoody blog US government is banning, bad-mouthing Kaspersky. But why?

    • This topic has 37 replies, 17 voices, and was last updated 3 years ago.
    Viewing 23 reply threads
    • Author
      Posts
      • #133757
        woody
        Manager

        Some much needed common sense posted by Vess Bontchev, on Medium. He knows whereof he speaks.
        [See the full post at: US government is banning, bad-mouthing Kaspersky. But why?]

        5 users thanked author for this post.
      • #133765
        wdburt1
        AskWoody Plus

        Bontchev: “Russian intelligence officials are probably having some thoughts about what can happen if the US government uses a National Security Letter to force Microsoft, during a conflict with Russia, to push a malicious update to the Russian computers running Windows.”

        They can do that?  If so, how about for other reasons, like “enemies” at home?

         

        1 user thanked author for this post.
        • #133806
          Cybertooth
          AskWoody Plus

          The way I understand it, NSLs are for the purpose of monitoring (spying on) the targets of counter-terrorism operations and the like: “We want to know who John Doe is talking to and what they’re saying to each other.” AFAIK National Security Letters are not conceived, or have ever been used, as ways to attack (i.e., cripple or disable) a target’s computers.

          • #133818
            wdburt1
            AskWoody Plus

            If recent experiences have taught us anything, it is to avoid relying upon assumptions about the intentions of, or constraints upon, overweening companies and government officials.  (Lois Lerner, anyone?) If something is prohibited outright by law, OK–show us that is being complied with.  But you do not claim that.

             

        • #133994
          Fred
          AskWoody Plus

          You really think that US Gov needs Microsoft to push software?

          NSA cs is doing this themselves, and using existing unknown flaws, as far as I know.

          ~ ~ ~
      • #133767
        MrJimPhelps
        AskWoody_MVP

        I’ve never thought of McAfee as really good software. Even though I could have gotten it free from my ISP, I preferred to pay someone else for my malware protection.

        The author is right – McAfee should be trying to convince you how good their product is rather than how bad their competitor’s product is.

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
        2 users thanked author for this post.
      • #133770
        Noel Carboni
        AskWoody_MVP

        I don’t know about Kaspersky AV specifically, but it’s a given that antivirus software normally updates not only its data but its detection engines regularly, right?

        From the article…

        Nobody is seriously thinking that Kaspersky’s product has a backdoor

        Call me a basic thinker, perhaps slightly more immune to marketing-speak than most, but doesn’t any privileged software that’s web-connected and self-updates autonomously have a huge and obvious “back door”? Is there some convenient meaning of “back door” that I’m missing here?

        Scenario:

        1. The current version of the software is vetted and determined to be benign.

        2. The software is highly privileged so as to be able to do its job effectively.

        3. The software self-updates to remain valuable and current in the fight against malware.

        4. At some unspecified future time, an enemy takes control of the software update process and delivers a potentially harmful payload. Said payload may not be immediately activated.

        5. Later, because of some political condition, the payload is activated with devastating effect.

        Now the 64 dollar question:

        What software do you have auto-updating on YOUR systems?

        Presuming you name at least some, are you fully aware that you’ve extended your trust to the authors of said software now and into the future?

        -Noel

        8 users thanked author for this post.
        • #133782
          lurks about
          AskWoody Plus

          Noel, the problem is not Kaspersky or any other AV product (they basically work the same way) specifically but that in any OS there are background processes that must run at elevated privileges at least part of the time. This will always be security risk. If a miscreant can figure out how use one these processes to install malware your are potentially toast.

          2 users thanked author for this post.
          • #133785
            Noel Carboni
            AskWoody_MVP

            A traditional technique reminiscent of “watch the borders carefully around a free country” approach can be effective.

            If you have nothing auto-update, know what’s communicating with what, have processes in place to ensure new software isn’t harmful, and follow good computing practices you can maintain a working computing environment where privilege is freely available and serves to make the environment more powerful and useful. I know this because I do it.

            -Noel

            4 users thanked author for this post.
            • #133921
              MrJimPhelps
              AskWoody_MVP

              Will you ever manual-update your A/V? If so, how can you be sure that a manual update won’t contain something malicious?

              I think the only thing you can do is to go with products whose reputations you trust. So far, I’ve felt good about Trend Micro. That’s who I’ve been using.

              Group "L" (Linux Mint)
              with Windows 8.1 running in a VM
          • #133916
            wdburt1
            AskWoody Plus

            So the real problem is that the US government cannot control Kaspersky like they can domestic purveyors of AV software; and further that the Russian government can control him if it wishes, which it can’t do in the US.

            In other words, he is singled out because he is based in Russia.

             

      • #133810
        teuhasn
        AskWoody Lounger

        Excellent article. Werner von Braun faced some of the same suspicions. I used to subscribe to Kaspersky but left many years ago for reasons unrelated to concerns about national security (and reasons that are quite possibly out-of-date now). Personally I’ve been happy with Webroot and Malwarebytes, but I think US consumers need have no fear about Kaspersky security software for the reasons given in the article.

        2 users thanked author for this post.
      • #133840
        John in Mtl
        AskWoody Lounger

        I think the current administration is paranoid-delusional.  Since Russia and China won’t play by American hegemony rules, they get punished. I’ll stop here before I get deleted or banned…

        Kaspersky security are excellent products, in my book anyways – I’ve never had any problems with the KIS suite in 4 years; it doesn’t slow down the machine, it does its job silently and efficiently.

        Although I had the chance to get MacAfee for free at my workplace for years, just seeing how all-around intrusive and inefficient it was on our work & classroom boxes, I wouldn’t touch it with a ten foot pole.  Their ad campaign really is a new low for them I guess; then again, just look at many recent ad or political campaign – all bullying, facade and no substance. But,  such is the world we live in currently.

        5 users thanked author for this post.
        • #133881
          Cybertooth
          AskWoody Plus

          The way I’ve approached the matter of Kaspersky for the last decade or so runs as follows:

          Russia is ruled by a thuggish authoritarian government. Over there, as a businessman or journalist you either submit to Vlad’s charms or you may suddenly find yourself getting prosecuted for tax evasion… that is, when you don’t simply get crushed in an auto accident or poisoned with plutonium.

          Now, Kaspersky is a Russia-based business, whose product has intimate access to its users’ personal data and online activities. What are the chances that they’ve managed to stay on Vlad’s good side for all these years without compromising their product?

          Suppose that they have, and that this is all unfair maligning of a good, honest company. But there’s plenty of other fine AV software out there. Is being right about this worth the risk of being wrong? Am I willing to take the chance that they have managed to escape the FSB’s loving attention?

          5 users thanked author for this post.
      • #133888
        Geoff King
        AskWoody Lounger

        I use and trust Kaspersky. I’ve tried them all and it’s the only one that hasn’t given me any problems.

        McAfee is a dud as far as I’m concerned after this cheap stunt.

        1 user thanked author for this post.
      • #133930
        Ed
        AskWoody Lounger

        I’m more concerned about the cozy relationship between M$ and the NSA myself. The thought of the NSA having full access to servers that communicate with every single computer online that’s running a Windows OS is beyond scary!

        I haven’t seen a shred of evidence produced yet over these Kaspersky claims but I’m well aware of the reputations of the NSA and M$. Neither of those two even appear on my “trustworthy” list and I believe it’s more probable than possible that something “underhanded” will result from it.

      • #133924
        anonymous
        Guest

        I just worry that the article fails the pyramid test. You can read a whole lot of the first part of the article without getting to the actual point. And since people often stop early, they’ll come away thinking the U.S. is being stupid, rather than having a good reason for their recommendations.

        As for the question about backdoors above: a backdoor is an undisclosed vulnerability. The update process is an exposed vulnerability. People know about it. So it’s not a backdoor, even if it could in the future be used to install one.

        • #133936
          Noel Carboni
          AskWoody_MVP

          As for the question about backdoors above: a backdoor is an undisclosed vulnerability. The update process is an exposed vulnerability. People know about it. So it’s not a backdoor, even if it could in the future be used to install one.

          As I implied, it’s a case of trying to use marketing speak to downplay the obvious threat. Any discussion of current “backdoors” that may or may not exist is essentially moot.

          With this partiular exposed vulnerability, it’s easy to imagine an undisclosed vulnerability could be added in the future and auto-downloaded onto millions of subscribers’ systems. Even if the source code were made available for every new version, it could be a sanitized version – and does anyone really think that every single change could practically be vetted going into the future?

          Setting up auto-update of any privileged software is something a security-savvy person should at least think about. Don’t just accept the defaults! A lot of folks auto-updated CCleaner, for example. You had to go out of your way to shut off the auto-update after installing it as I recall.

          But, that being said, AV software pretty much HAS to auto-update to be effective… You have to choose to trust some supplier some time. This is where multiply layered approaches and backups make sense. Not keeping all of one’s eggs in one basket is always a good idea, especially if the eggs are valuable.

          -Noel

      • #135523
        MrBrian
        AskWoody_MVP

        From The Company Securing Your Internet Has Close Ties to Russian Spies (2015):

        ‘In 2012, however, Kaspersky Lab abruptly changed course. Since then, high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia’s military or intelligence services. Some of these people actively aid criminal investigations by the FSB, the KGB’s successor, using data from some of the 400 million customers who rely on Kaspersky Lab’s software, say six current and former employees who declined to discuss the matter publicly because they feared reprisals. This closeness starts at the top: Unless Kaspersky is traveling, he rarely misses a weekly banya (sauna) night with a group of about 5 to 10 that usually includes Russian intelligence officials. Kaspersky says in an interview that the group saunas are purely social: “When I go to banya, they’re friends.”’

        From Kaspersky Lab Has Been Working With Russian Intelligence (July 2017):

        “While the U.S. government hasn’t disclosed any evidence of the ties, internal company emails obtained by Bloomberg Businessweek show that Kaspersky Lab has maintained a much closer working relationship with Russia’s main intelligence agency, the FSB, than it has publicly admitted. It has developed security technology at the spy agency’s behest and worked on joint projects the CEO knew would be embarrassing if made public.”

      • #135525
        MrBrian
        AskWoody_MVP

        From Exclusive: Kremlin documents suggest link between cyber giant and Russia spy agency (July 2017):

        ‘Now, official Kremlin documents reviewed by McClatchy could further inflame the debate about whether the company’s relationship with Russian intelligence is more than rumor.

        The documents are certifications issued to the company by the Russian Security Service, the spy agency known as the FSB.

        Unlike the stamped approvals the FSB routinely issues to companies seeking to operate in Russia, Kaspersky’s include an unusual feature: a military intelligence unit number matching that of an FSB program.

        “That strikes me as much more persuasive public evidence,” said Paul Rosenzweig, a former deputy secretary for policy at the Department of Homeland Security. “It makes it far more likely that much of the rumor and uncertainty about Kaspersky are true.”’

      • #135528
        MrBrian
        AskWoody_MVP

        From Kaspersky and the Third Major Breach of NSA’s Hacking Tools (October 5, 2017):

        “The WSJ has a huge scoop that many are taking to explain why the US has banned Kaspersky software.

        Some NSA contractor took some files home in (the story says) 2015 and put them on his home computer, where he was running Kaspersky AV. That led Kaspersky to discover the files. That somehow (the story doesn’t say) led hackers working for the Russian state to identify and steal the documents.”

        • #135529
          MrBrian
          AskWoody_MVP

          Here is a link to today’s full Wall Street Journal article: https://archive.is/wt6az.

        • #135530
          MrBrian
          AskWoody_MVP
        • #135566
          ryegrass
          AskWoody Lounger

          CBS Story:   https://www.cbsnews.com/news/russian-based-kaspersky-software-believed-to-been-used-to-take-classified-nsa-data/

          CBS is reporting: “The data that was stolen reportedly dealt with U.S. hacking code. The contractor was, according to the Post, working on tools that would replace those that had been considered compromised by former NSA contractor Edward Snowden’s leaking.”

          If this is true, the code he was working on might be considered to be malware by any good virus scanning software, and detected as a matter of course by Kaspersky. Also since so many NSA contractors have Kaspersky installed on their home computers, one might conclude that they at least consider it to be one of the better antivirus/ anti-malware detection products available.

          • #135747
            Cascadian
            AskWoody Lounger

            ryegrass, that is a very good example of ‘take a step back, for perspective’. I would find it perfectly normal for a group of security minded people to compare notes on what they think might be good practices outside the office. And it is true that Kaspersky has performed well in various tests.

            I would question more closely the practice of taking ‘office’ files ‘home’ just to ‘work’ on them for the few hours before returning to the office again. I would think that in terms of security that ranks around the level of email servers set up with no intent, whatsoever. Using a cloth based cleaning routine.

      • #136486
        MrBrian
        AskWoody_MVP

        From How Israel Caught Russian Hackers Scouring the World for U.S. Secrets (October 10, 2017):

        “It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

        What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.”

        Israel hacked Kaspersky, then tipped the NSA that its tools had been breached

      • #137976
        MrBrian
        AskWoody_MVP

        From Kaspersky reportedly modified its AV to help Russia steal NSA secrets (October 11, 2017):

        ‘The rapidly evolving story about Moscow-based Kaspersky Lab’s involvement in helping Russian government hackers steal sensitive National Security Agency materials has taken yet another turn, as The Wall Street Journal reports that the assistance could have come only with the company’s knowledge.

        Wednesday’s report, citing unnamed current and former US officials, said the help came in the form of modifications made to the Kaspersky antivirus software that’s used by more than 400 million people around the world. Normally, the programs scan computer files for malware. “But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as ‘top secret,’ which may be written on classified government documents, as well as the classified code names of US government programs, these people said.”‘

      • #140218
        MrBrian
        AskWoody_MVP

        Kaspersky pledges independent code review to cast off spying suspicions

        From How Kaspersky Can Restore Trust: “If Eugene Kaspersky really wanted to assuage the fears of customers and potential customers, he would instead have all communications between the company’s servers and the 400 million or so installations on client machines go through an independent monitoring center.”

      • #140273
        johnf
        AskWoody Lounger

        Gee, it wouldn’t have anything do do with Kaspersky blowing the lid off NSA’s hacking of Seagate and WDD hard drive firmware in their 2015 expose, would it?

        https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/

        https://thehackernews.com/2015/02/hard-drive-firmware-hacking.html

        Or that the US (NSA) or Britian (GCHQ) were targeting the major Anti Virus companies as well:

        “Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability,” reads one of the documents, “and SRE [software reverse-engineering] is essential in order to be able to exploit such software and to prevent detection of our activities.”

        https://www.wired.com/2015/06/us-british-spies-targeted-antivirus-companies/

        (You can still see the comments for this one, and they are worth reading!)

        Not that I trust Kaspersky, but I don’t trust any of the others, as well as Microsoft, etc.

        FYI, here’s Kaspersky’s response to the allegations:

        https://www.kaspersky.com/blog/kaspersky-in-the-shitstorm/19794/

      • #140787
        MrBrian
        AskWoody_MVP
      • #141558
        anonymous
        Guest

        Though it says “anonymous”, this comment is by Poohsticks:

         

        When I saw the recent news about the US govt. dramatically ending the use of Kaspersky products, I remembered the following comment I had made on AskWoody last year, and another comment I had made here the year before that.

        …If someone like me, who is not in any technical/IT/security field, knew about their suspicious connections 2 years ago, then it’s surprising that it took so long for the US govt to take precautions regarding that company and its products/people.

         

        from my prior post — https://askwoody.com/forums/topic/is-microsoft-crushing-the-antivirus-industry/#post-22947

        “Probably a lot of people who have grown up in Russia and have studied at any of their educational institutions have in one way or another studied at a KGB-affiliated or a government-affiliated or a Communist-party-affiliated institution — it would be remarkable if there were much choice in the matter, for most people there who wanted to study beyond high school level.
        So I don’t hold the fact that he studied at a KGB-sponsored cryptography institute, decades ago, against him, or think that makes his motives suspect. (Would it be likely that there would even be a NON-KGB-affiliated cryptography institute in Russia?)

        However, what stands out to me in the Bloomberg article (that Woody quoted from in his blogpost above) as much more _suspect_ is the following:
        “In 2012, however, Kaspersky Lab abruptly changed course.
        Since then, high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia’s military or intelligence services.
        Some of these people actively aid criminal investigations by the FSB, the KGB’s successor, using data from some of the 400 million customers who rely on Kaspersky Lab’s software, say six current and former employees who declined to discuss the matter publicly because they feared reprisals.”

        And that concern is why, when I was looking at all antivirus providers about 3 years ago, I decided against going with Kaspersky anti-virus software for my computer, even though it’s normally one of the top 3 in independent studies.

        In a post I made on AskWoody.com last year, I am pretty sure that I mentioned this too-close-to-the-Russian-state-and-spying-organizations concern about Kaspersky, when I was describing why I continue to use Norton Security.”

        2 users thanked author for this post.
      • #141792
        Cascadian
        AskWoody Lounger

        Three weeks back, I commented on the questionable motives surrounding a contractor or employee of any intelligence service holding files or discussing same outside the sanctioned environment of the workspace. I left other thoughts off, apparently leaving my point incomplete. Sometimes the various international agencies are like a bunch of ‘Mean Girls’. If you know the movie reference, they are the power brokers of high-school life. They often do not know the true motivations of each of the other girls, and sometimes not even their own. Then they get really sneaky and stage an act designed to answer their doubts.

        It may be possible that an individual was assigned the task of sprinkling a few references to ‘MK-Ultra’ in his private life using a variety of scanning software applications specifically to find any reactionary traffic through known means. I have no knowledge to say this is what happened. But I do have an inquisitive imagination. If this scenario did occur, then we learned several things: KasperskyAV tripped to DatumA; Russian spies either intercepted or were handed DatumB; Israeli spies intercepted or were handed DatumC; US spies acquired DatumD and a better understanding of how information moves around the world. And finally DatumE was released to domestic news reporting agencies for some unknown motivation.

        There may be many other pieces of information involved in the chain that I skipped over, out of ignorance. I think most of us here are in the same uninformed position. This scenario is well known in writing circles, you may recognize it from novels or movies.

        Of course this also assumes that the news release itself can be believed as authentic in everything it says. Maybe none of the above occurred. Possibly the news release itself was Step 1, designed to elicit a response that could be monitored and conclusions drawn from those reactions. Fun stuff, huh?

      • #145913
        MrBrian
        AskWoody_MVP

        From Kaspersky: Yes, we obtained NSA secrets. No, we didn’t help steal them: ‘One of the few new pieces of information in the report is the revelation of a detection rule Kaspersky Lab added to its AV in 2015. To better detect a surveillance operation known as TeamSpy, the AV program started scanning files that embedded the word “secret” inside its code.’

      • #151839
        MrBrian
        AskWoody_MVP

        From Court document points to Kaspersky Lab’s cooperation with Russian security service: “Kaspersky Lab, a Russian cybersecurity firm, has long asserted its independence of the Russian government. But a court document posted on the Facebook page of a Russian criminal suspect this year shows what appears to be an unusual degree of closeness to the FSB, the country’s powerful security service.”

        1 user thanked author for this post.
      • #151840
        Cascadian
        AskWoody Lounger

        But a court document posted on the Facebook page of a Russian criminal suspect…

        WaPo source material. I’ll follow your link and try to determine if a criminal suspect may be a wrongly accused innocent doing right, or reasonably suspicious and so not worthy of trust.

        Added: Koslovskiy is the name of the referenced suspect. Possible bank-robber, possible member of a group known as Lurk. Granted if the Russians are the ones calling you a criminal, well maybe yes maybe no. Quoting the last of seventeen paragraphs from the Washington Post article published 13DEC2017:

        “Koslovskiy has placed other documents on his Facebook page that have sparked concerns. In August, he posted a letter in which he states he hacked the U.S. Democratic National Committee’s computers on orders from the FSB. The assertion is dubious, senior intelligence officials said, especially as it was two other Russian spy agencies that penetrated the DNC system.”

      • #153086
        anonymous
        Guest

        Kaspersky files suit in DC.

      • #177072
        MrBrian
        AskWoody_MVP

        From How Antivirus Software Can be the Perfect Spying Tool:

        ‘But what if your antivirus was intentionally turned into a tool that could spy on you? Would that be possible without modifying the program itself? According to security researcher Patrick Wardle, it is possible.

        To prove this and using the “Antivirus Hacker’s Handbook” (Joxean Koret) as base for an experiment, he tampered with the virus signatures for Kaspersky Lab’s Internet Security for macOS and modified one of the signatures to automatically detect classified documents and mark them for collection. By modifying signatures instead of the antivirus engine, he didn’t alter the security application’s main purpose.’

    Viewing 23 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: US government is banning, bad-mouthing Kaspersky. But why?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.