I've seen Kaspersky slap his staff with a walrus penis – and even I doubt the false-positive claims Eugene Kaspersky is a complex character and capable of many things, but Friday's allegations that he ordered staff to deliberately sabotage rival antivirus packages smells fishy. On the one hand, the problem of AV products flagging up false positives is well known. Signature-file detection of software nasties is dated, and of …
This is a very troubling situation when thinking about it. The skills needed wear any of the hats make for interchangeable hats. Given their customer base, if this is true, Kaspersky is doomed. If untrue, there are those that will not believe... he still takes a hit.
Given that the allegations are coming from persons presumably inside Russia, getting to the real info is very problematical.
Need no hats, will stick to Linux, and now after 15 years my Windows using wife has become very aggressive, accusing me for forcing her to use a rubbish system while I, of course, use a much better one. So RIP yet an other Windows. Note to my self, remember the root password, and don't mention any such stuff ever. Incidentally the Linux copy/past has annoyed my wife for many years, some of you will understand and some will not.
Need no hats, will stick to Linux
Linux: no hats here. Cept Red ones.
Oh god run for the hills Linux has exactly the same issues as windows and bsd and osx and os-freaking-two. Humans aren't perfect, the end. Microsoft is extremely competent at hiring some of the best developers in the industry; their issue more relates to management being dumb and having no idea who they're selling to.
I hope that Kaspersky has significant credit for investigating Stuxnet and the Equation Group (NSA?). For that reason it wouldn't surprise if many people recommend Kaspersky to friends simply to support the company.
Most people use Kaspersky (product) because it generally tests the best. This is in spite of Kaspersky (the guy) and his machinations.
Even if the claims are 100% true and I stated why I think it's nonsense on the other article - it's a technical problem with a technical solution that's there for other vendors to find - personally I'd look at it as battle hardening or an indication that the way our software works is broken and do something about it. This is probably why the other vendors at worst have replied with a "meh".
From the article:
> Kaspersky Lab is preeminent among antivirus firms for investigating state-sponsored malware, particularly software nasties coming from the Five Eyes nations of the US, UK, Canada, Australia, and New Zealand.
Mark wrote:
> Given their customer base, if this is true, Kaspersky is doomed.
I hope that Kaspersky has significant credit for investigating Stuxnet and the Equation Group (NSA?). For that reason it wouldn't surprise if many people recommend Kaspersky to friends simply to support the company.
This post has been deleted by its author
From the article:
> Kaspersky Lab is preeminent among antivirus firms for investigating state-sponsored malware, particularly software nasties coming from the Five Eyes nations of the US, UK, Canada, Australia, and New Zealand.
And yet they can't find any Russian state-sponsored malware. Must be because the Russian government is so benign they don't have any.
I believe, based on the obvious evidence, that they're all insane.
Symantec went from not bad to worse than a virus themselves, almost overnight circa 2007. Inexplicable, except that they're insane.
McAfee, any argument?
Kaspersky, see above.
Kaspersky (and others) are constantly misleading people by overplaying stories about malware on Android to try and sell their solutions.
With over a billion active handsets and more prevalent than windows, don't you think we would be seeing android malware infestations daily, like you do with windows??? Yet I have never ever seen any problem...
Google have also called out snakeoil vendors like kaspersky in the past.
http://www.pcadvisor.co.uk/news/network-wifi/mobile-malware-exaggerated-by-charlatan-vendors-says-google-engineer-3320818/
You can't play it both ways, you can't act irresponsibly AND have people trust you.
Kaspersky (and others) are constantly misleading people by overplaying stories about malware on Android to try and sell their solutions. Google have also called out snakeoil vendors like kaspersky in the past.
The day I start trusting anything that originates at Google (code as well as statements) is the day I'll retired to live on an isolated mountain with no access to anything electronic and a decent rifle to take out drones. Of course Google would like to downplay Android risks, but as we have seen recently there are close to a BILLION handsets at risk as a result of that attitude.
I refer you to my immediate reaction when the story broke. What I left out is that my business requires higher than average assurance processes for suppliers, and I spent about 2 hours one to one with Eugene Kaspersky having (many) drinks in Paris where he made a stopover to meet me on his way home.
It is my job to assess leadership (hence my aversion to Google), and I don't see Kaspersky condoning such tactics. This man is a straight player and fights with open visor, which is in itself an achievement given the country he lives in. What also matters is consistency - Kaspersky has operated this way pretty much from day one.
So, I'm not buying Kaspersky doing the dirty, which raises the question where this story came from and why. That, I think, will be the real interesting part.
He's Russian.. That means Serious Business is done with Serious Alcohol. It's Tradition.
on: "With over a billion active handsets and more prevalent than windows, don't you think we would be seeing android malware infestations daily, like you do with windows??? Yet I have never ever seen any problem..." @ Planty
Not been paying attention to the world much, have you? There's more than one Dodgy App released per day, and the problems with security/privacy they create feature with distressing regularity in El Reg, and that's only the really serious ones that make the grade here.
The fact that you haven't had a problem with those apps, so far, is irrelevant. Plenty of evidence that there's some serious security problems in Android, as with any OS of sufficient complexity, and plenty of people who have ran across them.
As far as the allegations towards Kasperski are concerned: They simply don't make sense from a business perspective, and however eccentric the Boss himself may be, not from a personal perspective as far as I can see.
Above all: Why were those lads fired to begin with? While it's pretty far out there that Kaspersky himself ordered feeding dead ducks into the system, Russia and Ukraine are nonetheless hotbeds of malware activity, and corruption/organised crime is a serious problem in those countries. It is most definitely not inconceivable that the department the lads were working in was compromised and did send out those dead ducks. And Kaspersky does strike me as the type of guy who will apply the knife liberally , possibly followed by cauterising with red hot iron, in dealing with things like that, regardless of the toes he may be stepping on.
This post has been deleted by its author
Interesting article, after the attention-grabbing soundbite, "They are charlatans and scammers", Chris DiBona says, "No major cell phone has a 'virus' problem in the traditional sense" and "Yes, a virus of the traditional kind is possible, but not probable". I'd take 'traditional virus' to mean 'program that alters other programs to include a (possibly modified) copy of itself', and a defence against that is limited transitivity, which a walled garden can provide. However, 'anti-virus' suites nowadays are more general, acting against all types of malware, such as trojans. A trojan can be distributed in a walled garden, if the gardener is not doing his job. Can anyone name an app store where a malicious app was passed through vetting?
Google feels it is necessary to bad-mouth anti-malware vendors because admitting they are necessary is an admission that Google is unable to make its app store perfectly safe.
Full disclosure: I sell anti-malware software and Eugene has given me vodka.
>What I don't understand is how it is possible to misidentify a proper Windows system file. Surely MS can provide something like SAH256 hash values of every legitimate build they have released in the last decade or so?<
Yes, but the ultimate pwn is the Rootkit that can simulate the calculation of clean hashes. If this arrived on the machine before the AV engine could detect it then it would be difficult if not impossible to detect subsequently using an in situ scan. The AV engine would be relying on a corrupt source of information when checking file signatures.
A hash for every Windows file?
I'm no mathematician, I've not calculated the number of possible collisions, or the size of the file.
I would assume though, that a list of hashes, would be greater in size than an actual windows install, as windows is multiplatform and thus different on certain systems.
Oh, and that's before I consider search times involved.
(Though searching a larger download/update/package before install is fine. Checking every .ini file and .jpg etc on my HDD against a hash? Less sane)
I'm no mathematician, I've not calculated the number of possible collisions, or the size of the file.
There would not be many collisions. That's the point of a hash.
The number of file versions is not going to get particularly astronomical even if Microsoft is involved. For whitelisting, it sounds like a sure proposal.
Size of the file is irrelevant. Actually I would chunk it and hash the chunks.
But the important point is that these files have internal structure. DLLs are not big blob. Hash the various parts or have more interesting ways of checking. Pretty sure this must be done anway.
Checking every .ini file and .jpg etc on my HDD against a hash? Less sane
Not really. Every installed package on my box has an entry in a database to say what its file size, modification time and hash are. Now that doesn't cover every file I've created myself - but it involves the majority of files on my box.
It all works rather well...
Vic.
> A hash for every Windows file
That wasn't the suggestion. It was system files. These would number in the thousands. Even if there were a million system files, that would only take 32MB of storage to hold every hash.
The bigger question is how you prove that your hash database hadn't been compromised.
Rather certain some TLAs of "the West" (and possibly some of "the P.U.T.I.N.") would be happy with Kaspersky a smoking ruin. There would be less discoveries of weaponized software that one couldn't smooth-talk away by a short visit of Agent Smith.
In other news, why is General Odierno now talking up "a sustained war with Russia" on russian soil?
You forgot the troll icon.
How about, Firemen, Doctors, street sweepers?
We had enough new malware in the 1980's - one new item a month is enough to make a subscription necessary, why would anyone make more work when there are tens of thousands of new samples a day? Knowing about it before your competitors only gives an advantage of hours - you don't get credit for detection until a testing organisation has a sample, and testing organisations are part of the sample distribution structure. On top of that, there's the chance of getting caught.
Full disclosure: I sell anti-malware software and Eugene has given me vodka.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
