SoylentNews is people
SoylentNews
The Washington Post is reporting U.S. moves to ban Kaspersky software in federal agencies amid concerns of Russian espionage:
Acting Homeland Security secretary Elaine Duke ordered that Kaspersky Lab software be barred from federal civilian government networks, giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.
[...] "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."
[...] The directive comes months after the federal General Services Administration, the agency in charge of government purchasing, removed Kaspersky from its list of approved vendors. In doing so, the GSA suggested a vulnerability exists in Kaspersky that could give the Kremlin backdoor access to the systems the company protects.
Someone that is in a position to know all about it tells me that Kaspersky doesn't detect malware created by the Russian Business Network. My fear is that if I named that someone, the RBN will give that someone a bad hair day.
[Ed. addition follows]
The full text of the DHS notice is available at https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01.
Previously:
FBI Reportedly Advising Companies to Ditch Kaspersky Apps.
(Score: 5, Interesting) by Nerdfest on Thursday September 14 2017, @10:06AM (9 children)
I'm pretty sure I just read something about Kaspersky outing a series of FBI backboors in a series of Microsoft products. If that's the case, it sounds like Kaspersky's a lot more concerned about actual security than the US government.
(Score: 4, Insightful) by bradley13 on Thursday September 14 2017, @11:27AM (8 children)
Exactly. Pot, meet kettle. Kettle, meet pot.
The US doesn't trust Kaspersky to not do the bidding of the Russian government. That's understandable.
But then: the rest of us don't trust US companies not to do the bidding of the US government. Actually, with those lovely National Security Letters and the accompanying secret courts, even US own citizens can no longer trust the US government.
Everyone is somebody else's weirdo.
(Score: 5, Insightful) by c0lo on Thursday September 14 2017, @01:12PM (5 children)
If you trust any government at all, you are out of your mind.
Even if a form or another of government is necessary, it still a beast one need to keep in leash - the "eternal vigilance" and all that.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Thursday September 14 2017, @03:27PM (4 children)
How, exactly, would you go about performing this "eternal vigilance" you reference?
(Score: 2) by c0lo on Thursday September 14 2017, @04:27PM
Simple! Candle vigil in perpetuity!!
(grin)
(just in case if you were asking seriously: start thinking, critically if possible, and don't stop. In a case by case basis, you'll find something. Especially if you don't expect those answers to be revealed to you as pre-digested solutions)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by HiThere on Thursday September 14 2017, @04:34PM (2 children)
Well, you could re-read Patrick Henry and Thomas Paine...but keep in mind that Thomas Paine died in a French prison, and the US govt. didn't even ask that he be released.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by Grishnakh on Monday September 18 2017, @06:29PM (1 child)
Well, you could re-read Patrick Henry and Thomas Paine...but keep in mind that Thomas Paine died in a French prison, and the US govt. didn't even ask that he be released.
Where the hell did you read that? The Wikipedia page on him [wikipedia.org] clearly says he died in New York City, many years after being released from prison in France. In fact, he didn't even spend a whole year there, though he did narrowly escape beheading because the gaoler screwed up with marking the door, and a few days later Robespierre was deposed and executed. As for the US government, he was disliked by the Federalists, but he was friends with President Jefferson, and returned to America upon Jefferson's invitation.
(Score: 2) by HiThere on Tuesday September 19 2017, @01:51AM
I wouldn't accept Wikipedia as reliable, but a small bit of searching showed that you were correct. I'm not sure *where* read the answer I repeated, but I won't use it again.
OTOH, the basic message that you should remember you're likely to end up dead if you seriously fight the incumbent government remains true. I just need a more accurate example.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 3, Interesting) by frojack on Thursday September 14 2017, @11:09PM
If we assume Kaspersky doesn't detect Russian Malware, and American products don't detect US Government Malware, then running both of them might actually make sense.
But it makes far more sense to just come out and ban Windows in any critical government system.
On the other hand, as someone who used to spend lots of money on defective antivirus and anti-malware products, only to find that they did not detect or prevent a whole litany of NSA malware suites, where do I go to get my money back?
No, you are mistaken. I've always had this sig.
(Score: 2) by Grishnakh on Monday September 18 2017, @06:15PM
I'm pretty sure I just read something about Kaspersky outing a series of FBI backboors in a series of Microsoft products. If that's the case, it sounds like Kaspersky's a lot more concerned about actual security than the US government.
Wrong. Kaspersky has no interest in hiding US FBI backdoors, true, but they will hide Russian-government-sponsored backdoors. Correspondingly, US-made software will have no interest in hiding Russian-related backdoors, but absolutely will hide US-government-sponsored backdoors.
The solution is simple: don't use Windows. You don't have to worry much about backdoors in Linux since it's an international and largely non-profit effort. Just stay away from Red Hat; Debian and its descendants are your best bet, or perhaps others like Arch, Gentoo, etc.