SoylentNews is people
SoylentNews
The Washington Post is reporting U.S. moves to ban Kaspersky software in federal agencies amid concerns of Russian espionage:
Acting Homeland Security secretary Elaine Duke ordered that Kaspersky Lab software be barred from federal civilian government networks, giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.
[...] "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."
[...] The directive comes months after the federal General Services Administration, the agency in charge of government purchasing, removed Kaspersky from its list of approved vendors. In doing so, the GSA suggested a vulnerability exists in Kaspersky that could give the Kremlin backdoor access to the systems the company protects.
Someone that is in a position to know all about it tells me that Kaspersky doesn't detect malware created by the Russian Business Network. My fear is that if I named that someone, the RBN will give that someone a bad hair day.
[Ed. addition follows]
The full text of the DHS notice is available at https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01.
Previously:
FBI Reportedly Advising Companies to Ditch Kaspersky Apps.
(Score: 5, Interesting) by Nerdfest on Thursday September 14 2017, @10:06AM (9 children)
I'm pretty sure I just read something about Kaspersky outing a series of FBI backboors in a series of Microsoft products. If that's the case, it sounds like Kaspersky's a lot more concerned about actual security than the US government.
(Score: 4, Insightful) by bradley13 on Thursday September 14 2017, @11:27AM (8 children)
Exactly. Pot, meet kettle. Kettle, meet pot.
The US doesn't trust Kaspersky to not do the bidding of the Russian government. That's understandable.
But then: the rest of us don't trust US companies not to do the bidding of the US government. Actually, with those lovely National Security Letters and the accompanying secret courts, even US own citizens can no longer trust the US government.
Everyone is somebody else's weirdo.
(Score: 5, Insightful) by c0lo on Thursday September 14 2017, @01:12PM (5 children)
If you trust any government at all, you are out of your mind.
Even if a form or another of government is necessary, it still a beast one need to keep in leash - the "eternal vigilance" and all that.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Thursday September 14 2017, @03:27PM (4 children)
How, exactly, would you go about performing this "eternal vigilance" you reference?
(Score: 2) by c0lo on Thursday September 14 2017, @04:27PM
Simple! Candle vigil in perpetuity!!
(grin)
(just in case if you were asking seriously: start thinking, critically if possible, and don't stop. In a case by case basis, you'll find something. Especially if you don't expect those answers to be revealed to you as pre-digested solutions)
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by HiThere on Thursday September 14 2017, @04:34PM (2 children)
Well, you could re-read Patrick Henry and Thomas Paine...but keep in mind that Thomas Paine died in a French prison, and the US govt. didn't even ask that he be released.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by Grishnakh on Monday September 18 2017, @06:29PM (1 child)
Well, you could re-read Patrick Henry and Thomas Paine...but keep in mind that Thomas Paine died in a French prison, and the US govt. didn't even ask that he be released.
Where the hell did you read that? The Wikipedia page on him [wikipedia.org] clearly says he died in New York City, many years after being released from prison in France. In fact, he didn't even spend a whole year there, though he did narrowly escape beheading because the gaoler screwed up with marking the door, and a few days later Robespierre was deposed and executed. As for the US government, he was disliked by the Federalists, but he was friends with President Jefferson, and returned to America upon Jefferson's invitation.
(Score: 2) by HiThere on Tuesday September 19 2017, @01:51AM
I wouldn't accept Wikipedia as reliable, but a small bit of searching showed that you were correct. I'm not sure *where* read the answer I repeated, but I won't use it again.
OTOH, the basic message that you should remember you're likely to end up dead if you seriously fight the incumbent government remains true. I just need a more accurate example.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 3, Interesting) by frojack on Thursday September 14 2017, @11:09PM
If we assume Kaspersky doesn't detect Russian Malware, and American products don't detect US Government Malware, then running both of them might actually make sense.
But it makes far more sense to just come out and ban Windows in any critical government system.
On the other hand, as someone who used to spend lots of money on defective antivirus and anti-malware products, only to find that they did not detect or prevent a whole litany of NSA malware suites, where do I go to get my money back?
No, you are mistaken. I've always had this sig.
(Score: 2) by Grishnakh on Monday September 18 2017, @06:15PM
I'm pretty sure I just read something about Kaspersky outing a series of FBI backboors in a series of Microsoft products. If that's the case, it sounds like Kaspersky's a lot more concerned about actual security than the US government.
Wrong. Kaspersky has no interest in hiding US FBI backdoors, true, but they will hide Russian-government-sponsored backdoors. Correspondingly, US-made software will have no interest in hiding Russian-related backdoors, but absolutely will hide US-government-sponsored backdoors.
The solution is simple: don't use Windows. You don't have to worry much about backdoors in Linux since it's an international and largely non-profit effort. Just stay away from Red Hat; Debian and its descendants are your best bet, or perhaps others like Arch, Gentoo, etc.
(Score: 2) by cubancigar11 on Thursday September 14 2017, @10:37AM (3 children)
Some time ago Kaspersky announced that it will release a free version of its anti-virus for rest of the world. I want to know if they followed up on that promise, because I couldn't find any free version from outside of USA.
(Score: 1) by anubi on Thursday September 14 2017, @11:42AM (2 children)
Anyone used the Kaspersky rescue disk? [kaspersky.com]
( Hat tip to an anonymous coward [soylentnews.org]. I really appreciated you posting your links. )
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 5, Informative) by nobu_the_bard on Thursday September 14 2017, @01:08PM (1 child)
I have used the Rescue Disk in the past. Its okay but its showing its age. It doesn't work on some newer stuff.
Kaspersky's TDSSkiller has been a lifesaver but overall antivirus products are not as relevant as they used to be.
If a system gets owned hard enough, its way too hard to fix it sometimes - better to restore from backups and patch the vulnerability they used or just rebuild from scratch with patches applied.
(Score: 1) by anubi on Friday September 15 2017, @05:00AM
Thanks for the reply.
Second that on TDSSkiller. As for myself, I now make a new disk image backup with Clonezilla whenever I do a significant change in the OS, otherwise I do simple incremental backups for my specific user directory. I started doing that when I saw these "cryptolocker" type proggies going around. The external USB drives are so inexpensive these days that I buy a new drive to make the latest disk image onto, just so that if my latest backup is also corrupted, I have the ones before that were likely made before the malware got ingested.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Funny) by turgid on Thursday September 14 2017, @11:03AM
That nice Mr Putin would like to offer free security software of finest Russian quality to all good citizens, businesses and institutions of formerly enemy countries as a gesture of goodwill and reconciliation. Rest assured that nice Mr Putin will be looking out for your safety and security 24 hours a day, every day from his secure nuclear bunker under the Kremlin. He encourages you to remove the duct tape from your webcams.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 4, Insightful) by pTamok on Thursday September 14 2017, @12:21PM (6 children)
Presumably, Russian anti-malware software will be diligent in recognising non-Russian malware; and USA-ian software will be diligent in seeking out non-USA-ian malware; so the solution would be to run both (probably in series, not in parallel) to give maximum protection. For the truly suspicious, use some other countries' software as well, and maybe run ClamAV [wikipedia.org], as it is open-source.
(Score: 0) by Anonymous Coward on Thursday September 14 2017, @12:46PM (3 children)
According to the wiki they are owned by cisco
(Score: 2, Interesting) by pTamok on Thursday September 14 2017, @02:18PM (2 children)
Being owned by Cisco is less of an issue when the software is FLOSS. Obviously Cisco could introduce subtle bugs, but it is more difficult when the users of ClamAV can compile from source rather than relying on pre-compiled binaries. This is not to say I think ClamAV is perfect - but it can be a useful addition to other (proprietary) approaches. Relying on it alone might be inadvisable. Using it as an adjunct to other malware detection software might be beneficial.
(Score: 0) by Anonymous Coward on Thursday September 14 2017, @03:14PM (1 child)
While I agree that is better, it's kind of marginal since the windows version is distributed in binary form and who needs AV software the most? and is least likely to have the skills necessary to check it?, it's not like Linux (or any of the FOSS)people are out there doing a code reviews of windows projects
(Score: 2) by Grishnakh on Monday September 18 2017, @06:18PM
it's not like Linux (or any of the FOSS)people are out there doing a code reviews of windows projects
Exactly, and it'd be pointless anyway because the underlying OS is closed, secret, and proprietary, and well-known to be spying on you anyway. If you care at all about security and privacy, you wouldn't be running Windows in the first place, so you won't need antivirus software.
(Score: 4, Informative) by nobu_the_bard on Thursday September 14 2017, @01:10PM (1 child)
ClamAV isn't too great, its generally too far behind the curve for me. If you're using it for mail filtering though check into this: https://github.com/extremeshok/clamav-unofficial-sigs [github.com]
It's the only reason ClamAV is worth bothering with on a mail system.
(Score: 1) by pTamok on Thursday September 14 2017, @02:20PM
Thanks for that. I know ClamAV doesn't tick all the boxes, but as I said in another posting, it might be a useful addition to other malware detection software. It's free, and might be worth the time needed to set it up.
(Score: 5, Funny) by Runaway1956 on Thursday September 14 2017, @03:04PM (1 child)
So, I was having problems with a Windows installation. I used McAfee to check things out, and I still had problems, just different ones. So, I used Microsoft's defender stuff, and it killed McAfee, but started spying on me. I grabbed Avast, which warned me about both McAfee and Microsoft DLL's and crap, but then, it started nagging all the time. On and on I went, until Kaspersky cleaned up the mess left by a dozen other security suites. NOW, you're telling me that Kaspersky reports to the Kremlin? Lemme see, what's next . . . . Panda? How about Panda? Does it report to the Chinese, or the Indians? I'm in security suite hell here!!
/sarcasm
You people know I don't run Winbloze!!
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 1, Informative) by Anonymous Coward on Thursday September 14 2017, @05:01PM
It's far worse than that. Panda Security is in Glendale, California.
(Score: 2) by bzipitidoo on Thursday September 14 2017, @04:18PM (1 child)
For decades, the US government has expressed distrust of foreign products. They find it a convenient excuse to justify use of Windows rather than Linux. Windows is made by an American company and that supposedly makes it okay and safe from cyberespoinage. Of course that's utter nonsense, but they eagerly run with that because what they really want is the user friendly OS.
They are also afflicted with the religion that Microsoft being a for-profit company makes them and their products more reliable, shows that Microsoft is a good corporate, capitalist citizen that shares their values, unlike that Commie Linux OS.
(Score: 1) by anubi on Friday September 15 2017, @05:09AM
I see Microsoft as the CIA stool pigeon.
And its not only Governments which are probing up the rear end.
Its beautiful to look at, a dream to run, but I have a hard time trusting it.
I have the same feeling about going to bed with a prostitute. I know from the start she's working for someone else. I'm just the john that will pay for her services.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]