back to article Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

Barclays has stopped offering free Kaspersky Lab products to new users in a move that shows, like Best Buy, commercial firms can be swayed by governmental stances on dealing with the Russian software firm. best buy Red panic: Best Buy yanks Kaspersky antivirus from shelves READ MORE As El Reg reported yesterday, the UK high …

Silver badge

It is only a matter of time

Until it becomes GovNet and SubNet:

https://www.goodreads.com/series/61988-owner-trilogy

2
0
Silver badge

Storm in a teacup

The AV software did what they all should do, it detected something wrong and reported it.

We don't use Kaspersky, but the sophos product we use would do the exact same thing. They all seem to have some "cloud" component built in now; i.e stuff gets sent off elsewhere for various reasons.

The only difference between kaspersky and what we use is the location of the servers, and that's making an assumption. I don't actually *know* where all their kit is.

14
1

This post has been deleted by its author

This post has been deleted by its author

Silver badge

Re: "Definite no no"

And the virus companies get to discover new viruses how ?

In fact if I "discover" a new virus on my computer I should own the rights to that code base and all derived cell lines.

2
2
Anonymous Coward

'get to discover new viruses how?'

Sharing with Infosec partners primarily... Scouring for tools on the Dark-web... Investigating compromised websites... Leaky Cloud buckets (S3)... 3rd-party infected machines... Stuxnet case studies!

0
0
Silver badge

Re: "Definite no no"

Echoing what an earlier user said, by research and by voluntary submission. Default checked options or questions aimed at people that wouldn't have a clue and therefore really cannot provide informed consent really don't cut it. Sending shit home you "think may be a virus" is just spying. We already have agencies doing that thanks.

1
0
Silver badge

Re: "Definite no no"

They are totally transparent about it. Every provider i've dealt with offers this as a "feature" of the latest and greatest.

True I've never bothered asking where the servers are, but they make no secrets of using off machine/cloud processing to deal with things.

There's no secrecy or assumptions, you're told it does this openly and from the off when getting quotes.

There are options available where this doesn't happen, but all of the enterprise AV stuff i've dealt with recently the "top" tier or package offers this as a feature. The product we use went from being "sophos" to "sophos cloud" and it's becoming the norm for providers.

You used to install an admin centre locally on a server, now you log into a web based system and control from there.

1
1
Anonymous Coward

"the inception of the internet as a network to connect the computers of academics together for collaboration, innovation and information sharing."

Pretty sure that the US DoD funded ARPAnet to create a network that would be able to withstand a Soviet attack, by routing around destroyed nodes.

It's true that they formed a weird symbiosis with academics to achieve this. But let's not forget that part of history, shall we? Military goals were an important part of the Internet's inception.

7
0
Mushroom

ARPANet survivability wasn't the initial goal.

"Pretty sure that the US DoD funded ARPAnet to create a network that would be able to withstand a Soviet attack, by routing around destroyed nodes."

Not really. According to Charles Herzfeld, ARPA Director (1965–1967): "The ARPANET was not started to create a Command and Control System that would survive a nuclear attack, as many now claim. To build such a system was, clearly, a major military need, but it was not ARPA's mission to do this; in fact, we would have been severely criticized had we tried. Rather, the ARPANET came out of our frustration that there were only a limited number of large, powerful research computers in the country, and that many research investigators, who should have access to them, were geographically separated from them."

Of course, nuclear survivability probably didn't hurt when people were discussing funding, but that wasn't the main goal. The underlying systems were unreliable enough that they needed the robustness anyway.

10
1
Silver badge

Re: ARPANet survivability wasn't the initial goal.

The concept of packet switched routing was invented by the GPO for this reason and then later used by Arpnet.

4
0
Silver badge

Re: ARPANet survivability wasn't the initial goal.

I think it was NPL, not the GPO.

0
0
Anonymous Coward

Re: ARPANet survivability wasn't the initial goal.

Thanks for your reply, I upvoted you for that clarification, it's less clear-cut than I though it was, but I'm not sure that quote is fully definitive.

The project itself was launched in 1969, so 2 years after Mr Herzfeld left. Obviously, he decided the funding and clearly was involved in the development, so his opinion is certainly sincere and respectable, but apparently, others did think about resilience.

The Wikipedia page seems to present it honestly, so it's worth a read:

https://en.wikipedia.org/wiki/ARPANET#Debate_on_design_goals

Overall, it doesn't detract that it *was* a military-funded project, not just a purely academic one as the article implied (one that would have included .su sites from the 70's, say, in the name of information sharing - yes, I know geographical TLDs came much later, it's just for the sake of simplicity ;)

There's another quote in the page above that's worth mentioning, to show that today's internet is not anymore whatever it was 35 years ago:

"Sending electronic mail over the ARPANet for commercial profit or political purposes is both anti-social and illegal."

1
0
Bronze badge

Re: ARPANet survivability wasn't the initial goal.

Look...

Nobody cares about how you interpret what you read on WikiLeaks or heard from your uncle Joe about Arpanet.

Your incessant need to show your cut and paste skills isn't impressive. Especially when it contributes very little... if at all to the actual story.

0
1
Trollface

Banned until when, exactly? Until KL lowers their prices significantly, I'll bet.

Cynical, moi? You betcha...

5
1
Silver badge

WTF?

WTF are machines handling classified info doing connected to the Internet?

12
0
Bronze badge

Re: WTF?

WTF are machines handling classified info doing connected to the Internet?

Leaking seams to be the largest part of what they do!

7
0
Silver badge

Re: WTF?

Downloading cracks for illegal copies of MS-Office in this case

2
0
Anonymous Coward

in a way Kaspersky AV is 'bad,' you always need to check *all* 60+ AV's in parallel

I just ran a recent threat offering to my email and got so many trusting scanners (desktop AV scanners might respond differently to Slurp's essential https://www.virustotal.com/en service)

the best (for this particular file)

Netcraft Malicious site

Sophos AV Malicious site

BitDefender Malware site

Avira (no cloud) Phishing site

Emsisoft Phishing site

ESET Phishing site

Fortinet Phishing site

G-Data Phishing site

Google Safebrowsing Phishing site

Kaspersky Phishing site <<<<<- here be dragons!

Phishtank Phishing site

and the rest

ADMINUSLabs Clean site

AegisLab WebGuard Clean site

AlienVault Clean site

Antiy-AVL Clean site

Baidu-International Clean site

Blueliv Clean site

C-SIRT Clean site

Certly Clean site

CLEAN MX Clean site

Comodo Site Inspector Clean site

CyberCrime Clean site

CyRadar Clean site

desenmascara.me Clean site

DNS8 Clean site

Dr.Web Clean site

Forcepoint ThreatSeeker Clean site

FraudScore Clean site

FraudSense Clean site

K7AntiVirus Clean site

Malc0de Database Clean site

Malekal Clean site

Malware Domain Blocklist by RiskAnalytics Clean site

Malwarebytes hpHosts Clean site

Malwared Clean site

MalwareDomainList Clean site

MalwarePatrol Clean site

malwares.com URL checker Clean site

Nucleon Clean site

OpenPhish Clean site

Opera Clean site

Quttera Clean site

Rising Clean site

SCUMWARE.org Clean site

SecureBrain Clean site

securolytics Clean site

Spam404 Clean site

Sucuri SiteCheck Clean site

Tencent Clean site

ThreatHive Clean site

Trustwave Clean site

Virusdie External Site Scan Clean site

VX Vault Clean site

Web Security Guard Clean site

Webutation Clean site

Yandex Safebrowsing Clean site

ZCloudsec Clean site

ZDB Zeus Clean site

ZeroCERT Clean site

Zerofox Clean site

ZeusTracker Clean site

zvelo Clean site

(sorry for the formatting)

0
0
Silver badge

Great.

Would they like to advise me about what to do with a site that demands Internet Explorer only to transfer potentially millions of pounds on a website that forces us to use out-of-date Gemalto smartcard signing software (which we can't upgrade without it being unsupported) via ActiveX and which doesn't work any other way?

I'll be sure to leap right on their security advice after they sort that out, as well as that the BACS people demand we use the up-to-date version or THEY won't support us either. Oh, and this is some six months down the line of trying to get the right readers, smartcards and software to do what we've always previously done before.

Because sure as hell that doesn't sound like they have our security at the forefront of their minds to me.

10
1
Anonymous Coward

???

Woah, there standard banking must be different from business then!

I use barclays for business banking and barclaycard business (credit cards) and I do not have Windows (So no ability to use IE) and have logged in from Firefox and Seamonkey in the past with no problems.

Generally to login and do banking I can use any browser (I've never been stopped yet). They simply ask for Surname, Membership Number, Last 4 Digits of card, and tell you to use indetify on the PINSentry card machine and give them the code it gives you.

From there on you can do pretty much anything such as transfer money etc.

Never had any form of activex prompt or request to use internet explorer tbh.

1
0
Silver badge

Re: ???

That's their business banking for small-medium businesses.

You know, those that have multiple-person sign-off on hundreds of direct debits / payments each month.

Pretty standard business setup, but why it has to be IE-only? The only explanation is basically the same old "Because we can only secure it by running ActiveX plugins capable of arbitrary code execution, connecting to the smartcards and transmitting to an IE/IIS-based website which has been put in every exclusion category possible to bring it outside the scope of all the browser security anyway".

0
0
ST
Silver badge
Terminator

It wasn't DHS advice, it was a DHS binding order of removal

DHS Binding Operational Directive 17-01

Merriam-Webster's definition of advice.

DHS did not issue a recommendation. They issued a binding operational directive.

> Some industry pundits see the developments as the start of a new era of so-called cyber balkanisation.

Some people use Apache HTTPD, some others use lighttpd and some others use Microsoft's IIS. I don't hear pundits complaining about that. Or recommending that everyone use the same HTTP server, for fears of balkanization (whatever that means).

Also, pundit opining is better left to those offering irrelevant comments on Sunday morning political talk shows. Technical and security decisions should be left to those who are qualified to do that. I.e. not pundits.

> It’s a long way from the lofty goal that accompanied the inception of the internet as a network to connect the computers of academics together for collaboration, innovation and information sharing.

Yeah. It was never designed to be that, and it never had lofty goals. It started as ARPANET - Advanced Research Projects Research Agency NETwork - and its development was funded by the US Department of Defense - Advanced Research Projects Agency. According to ARPA, the goal of ARPANET was to [ ... ] exploit new computer technologies to meet the needs of military command and control against nuclear threats, achieve survivable control of US nuclear forces, and improve military tactical and management decision making.

So much for the Kum-ba-ya singing and hugging.

Today's Internet is mostly a festering pile of spam - sorry, social networking in pundit terms, cyber-war and commercial profiteering of all kinds. Get used to it.

3
3
Silver badge

Re: It wasn't DHS advice, it was a DHS binding order of removal

Some people use Apache HTTPD, some others use lighttpd and some others use Microsoft's IIS.

... and others yet use NGINX which is written by ... Ohhh noes !!! Eeeeevillll Rooooskies !!!! ARGGHHH!!

6
0

Lunacy

If you install an anti-virus program that can detect "suspicious" files and upload them to a server in country X run by company Y, and you don't disable that "feature", then it's possible that your files will be seen by company Y and its employees, the intelligence service of country X, and any random hacker that's managed to gain access to those servers. This applies whatever country X is - Russia, USA, or other.

Now, the company has a strong motive to keep that data private, and to secure its servers to stop hackers getting into them, but it can't do anything about its local intelligence service. For most people, the intelligence service won't be interested in them or their files.

However, you clearly shouldn't be installing such an anti-virus program on government computers handling information that country X wants! (Or if you must install it, then you should disable the cloud upload feature).

On a related note, if you install any program, and that program includes automatic updates, then your computer will automatically download and run "updates" from the manufacturer, or from the intelligence service of the country hosting the update servers, or from any random hacker who has hacked both the update server and the code-signing key. If you don't want to give full access to your PC to the intelligence service of that country, then you should not install their software.

7
0
Silver badge

spite

Hey Five Eyes

Stop victimising Kaspersky just because one of your own contractors was stoopid enough to take his work home with him.

17
2
Silver badge
Linux

Get to the point

Get rid of Windows.

6
5

Re: Get to the point

No, get rid of users!

0
0
Silver badge

Bah!

Next step: a visit from the government Department of Approved Digital Assets auditor to make sure you aren't hosting any software written in, for or by a listed nation.

List subject to change without notice.

7
1
Big Brother

Re: Bah!

"a visit from the government Department of Approved Digital Assets auditor..."

Bureau of Approved Digital ASSets auditor, shirley?

0
0

All as bad

There is a huge problem here of hysteria and double standards. Every AV product uploads some form of information so that it is possible for the AV companies to understand the threats they are dealing with. Stop information upload and the whole threat response becomes far worse. Yes, Kaspersky should maybe have been more open but all AV products do this.

What really annoys me most is this singling out of Kaspersky in this way. No one except Kaspserky themselves really know, but my assumption is that there will do everything possible to secure that information, as should any other AV company. It is not in their interests to splatter that information to anyone. It is what their intellectual property is derived from, it is commercially sensitive and of great value to competitors.

Kaspersky are not more are risk, and probably are at less risk than the many US (or elsewhere) based outfits that will have no option be to roll over when requested by the NSA. The NSA (and many other US "intelligence outfits) are the biggest group of hypocrites there are and will be doing everything possible to spy on everyone and everything, friend of foe in the name of the "War Against Terror". Given the NSA's abysmal record of securing their own data, frankly I have less trust in uploading metadata to a US company than Kaspersky.

And as for the comment earlier "use Linux instead of Windows", exactly how does that help in this situation? All operating systems are vulnerable and should be managed/protected appropriately. Windows has the greatest use case where it interacts with users and therefore is the most targeted. If Linux, iLO or some other OS had ended up on the desktop, it equally would be the most popular target.

If you chose to run an OS with no protection then you are an idiot and smugly stating that it is a Windows issue is even worse.

3
0
Silver badge

Re: All as bad

At least with Linux the OS itself is not uploading all my data (unlike a PC running running bog standard home version Windows 10 which most people would get chucked in on their personal purchases).

Average Win 10 user can choose their AV vendor (& have some say in AV snooping), but unless they change OS, they cannot stop potentially confidential data being sent to MS.

1
2
Bronze badge

Re: All as bad

I can tell you have no access to intelligence or understand exactly what happened. All you are typing out is what you 'think', without doing much if any research.

There is a large difference between an AV application taking piece of code positively identified as a threat (from memory), and downloading an entire file stored on a system. In short, downloading the entire file is going too far. Imagine the information an AV company has to gain if they believe word processing files are infected; and download the entire file full of personal and corporate secrets.

Then with terabytes of information, they are able to search for tags in files such as "Secret", military terms, engineering terms, and other key words to sift through more thoroughly.

An AV which downloads the entire file instead of just the positively identified code isn't being friendly or acting in your best interest.

0
2
Anonymous Coward

Let's flip this one around..

“In a reality where nations are in conflict, it’s a real, hard fact that other anti-virus vendors are of US origin, paying US taxes and subject to the power of the US government which has been found to enjoy overreach wherever it can get away with it, supported by organisations with a global reach whose sole modus operandi is to grab data from wherever they can get away with it and hide behind their US jursidiction. Therefore it would be grossly irresponsible of any nation who has already experienced global crashes, data theft and other enthusiasm for entirely ignoring the protections citizens enjoy in Europe to be using any US, let alone something so deeply embedded as an antivirus engine.”

In the light of Snowden and Schrems, there is no valid reason whatsoever for any EU government, business and end user to trust a vendor of US origin. None whatsoever.

1
1
Anonymous Coward

Optional comment

I guess it's the old adage that the only secure computer is one that's unplugged from everything & switched off.

I use Kaspersky at home & I'll continue to use it cos if the NSA & UK government don't want me to use it it's probably cos it'll detect their malware.

4
0
Bronze badge

Firewall+AV

I only allow my antivirus through the firewall to update it's detection signatures and block it again after updating.

Even the free MalwareBytes will function with it blocked by a firewall. It will still scan and report any nasties but it won't remove anything unless it is connected to the web.

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018