back to article I've seen Kaspersky slap his staff with a walrus penis – and even I doubt the false-positive claims

Eugene Kaspersky is a complex character and capable of many things, but Friday's allegations that he ordered staff to deliberately sabotage rival antivirus packages smells fishy. On the one hand, the problem of AV products flagging up false positives is well known. Signature-file detection of software nasties is dated, and of …

  1. Mark 85 Silver badge

    White hats, Black hats, and Grey hats...

    This is a very troubling situation when thinking about it. The skills needed wear any of the hats make for interchangeable hats. Given their customer base, if this is true, Kaspersky is doomed. If untrue, there are those that will not believe... he still takes a hit.

    Given that the allegations are coming from persons presumably inside Russia, getting to the real info is very problematical.

    1. Lars Silver badge
      Linux

      Re: White hats, Black hats, and Grey hats...

      Need no hats, will stick to Linux, and now after 15 years my Windows using wife has become very aggressive, accusing me for forcing her to use a rubbish system while I, of course, use a much better one. So RIP yet an other Windows. Note to my self, remember the root password, and don't mention any such stuff ever. Incidentally the Linux copy/past has annoyed my wife for many years, some of you will understand and some will not.

      1. streaky Silver badge

        Re: White hats, Black hats, and Grey hats...

        Need no hats, will stick to Linux

        Linux: no hats here. Cept Red ones.

        Oh god run for the hills Linux has exactly the same issues as windows and bsd and osx and os-freaking-two. Humans aren't perfect, the end. Microsoft is extremely competent at hiring some of the best developers in the industry; their issue more relates to management being dumb and having no idea who they're selling to.

        I hope that Kaspersky has significant credit for investigating Stuxnet and the Equation Group (NSA?). For that reason it wouldn't surprise if many people recommend Kaspersky to friends simply to support the company.

        Most people use Kaspersky (product) because it generally tests the best. This is in spite of Kaspersky (the guy) and his machinations.

        Even if the claims are 100% true and I stated why I think it's nonsense on the other article - it's a technical problem with a technical solution that's there for other vendors to find - personally I'd look at it as battle hardening or an indication that the way our software works is broken and do something about it. This is probably why the other vendors at worst have replied with a "meh".

      2. Anonymous Coward
        Anonymous Coward

        Re: White hats, Black hats, and Grey hats...

        Incidentally the Linux copy/past has annoyed my wife for many years, some of you will understand and some will not.

        Annoys the fuck out of me!

    2. mathew42
      Black Helicopters

      Re: White hats, Black hats, and Grey hats...

      From the article:

      > Kaspersky Lab is preeminent among antivirus firms for investigating state-sponsored malware, particularly software nasties coming from the Five Eyes nations of the US, UK, Canada, Australia, and New Zealand.

      Mark wrote:

      > Given their customer base, if this is true, Kaspersky is doomed.

      I hope that Kaspersky has significant credit for investigating Stuxnet and the Equation Group (NSA?). For that reason it wouldn't surprise if many people recommend Kaspersky to friends simply to support the company.

      1. This post has been deleted by its author

      2. The Man Who Fell To Earth Silver badge
        Joke

        Re: White hats, Black hats, and Grey hats...

        From the article:

        > Kaspersky Lab is preeminent among antivirus firms for investigating state-sponsored malware, particularly software nasties coming from the Five Eyes nations of the US, UK, Canada, Australia, and New Zealand.

        And yet they can't find any Russian state-sponsored malware. Must be because the Russian government is so benign they don't have any.

        1. Gordon 10 Silver badge

          Re: White hats, Black hats, and Grey hats...

          Whilst I'm sure it exists I haven't seen any other AV company leaping up and down over it either.

        2. hplasm Silver badge
          Devil

          Re: White hats, Black hats, and Grey hats...

          "And yet they can't find any Russian state-sponsored malware."

          That;s because the others don't rip your arms off when they lose get detected.

          WookiesPutin Some random Russians have been know to do that...

          1. Anonymous Coward
            Anonymous Coward

            Re: White hats, Black hats, and Grey hats...

            Is that why John McAfee is constantly on Prozac & armed?

    3. Anonymous Coward
      Anonymous Coward

      "Security researchers are, on the whole, smart."

      I believe, based on the obvious evidence, that they're all insane.

      Symantec went from not bad to worse than a virus themselves, almost overnight circa 2007. Inexplicable, except that they're insane.

      McAfee, any argument?

      Kaspersky, see above.

      1. Anonymous Coward
        Anonymous Coward

        Re: "Security researchers are, on the whole, smart."

        It's HAARP I say. It makes them bonkers.

  2. Planty Bronze badge

    Not fishy at all

    Kaspersky (and others) are constantly misleading people by overplaying stories about malware on Android to try and sell their solutions.

    With over a billion active handsets and more prevalent than windows, don't you think we would be seeing android malware infestations daily, like you do with windows??? Yet I have never ever seen any problem...

    Google have also called out snakeoil vendors like kaspersky in the past.

    http://www.pcadvisor.co.uk/news/network-wifi/mobile-malware-exaggerated-by-charlatan-vendors-says-google-engineer-3320818/

    You can't play it both ways, you can't act irresponsibly AND have people trust you.

    1. Destroy All Monsters Silver badge

      Re: Not fishy at all

      Google have also called out snakeoil vendors

      Errmmm...... yeah. Oh well.

    2. Anonymous Coward
      Anonymous Coward

      Not Kaspersky

      Kaspersky (and others) are constantly misleading people by overplaying stories about malware on Android to try and sell their solutions. Google have also called out snakeoil vendors like kaspersky in the past.

      The day I start trusting anything that originates at Google (code as well as statements) is the day I'll retired to live on an isolated mountain with no access to anything electronic and a decent rifle to take out drones. Of course Google would like to downplay Android risks, but as we have seen recently there are close to a BILLION handsets at risk as a result of that attitude.

      I refer you to my immediate reaction when the story broke. What I left out is that my business requires higher than average assurance processes for suppliers, and I spent about 2 hours one to one with Eugene Kaspersky having (many) drinks in Paris where he made a stopover to meet me on his way home.

      It is my job to assess leadership (hence my aversion to Google), and I don't see Kaspersky condoning such tactics. This man is a straight player and fights with open visor, which is in itself an achievement given the country he lives in. What also matters is consistency - Kaspersky has operated this way pretty much from day one.

      So, I'm not buying Kaspersky doing the dirty, which raises the question where this story came from and why. That, I think, will be the real interesting part.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not Kaspersky

        "...spent about 2 hours one to one with Eugene Kaspersky having (many) drinks..."

        Alcoholic?

        It would explain a few things.

        1. Grikath

          Re: Not Kaspersky

          He's Russian.. That means Serious Business is done with Serious Alcohol. It's Tradition.

          on: "With over a billion active handsets and more prevalent than windows, don't you think we would be seeing android malware infestations daily, like you do with windows??? Yet I have never ever seen any problem..." @ Planty

          Not been paying attention to the world much, have you? There's more than one Dodgy App released per day, and the problems with security/privacy they create feature with distressing regularity in El Reg, and that's only the really serious ones that make the grade here.

          The fact that you haven't had a problem with those apps, so far, is irrelevant. Plenty of evidence that there's some serious security problems in Android, as with any OS of sufficient complexity, and plenty of people who have ran across them.

          As far as the allegations towards Kasperski are concerned: They simply don't make sense from a business perspective, and however eccentric the Boss himself may be, not from a personal perspective as far as I can see.

          Above all: Why were those lads fired to begin with? While it's pretty far out there that Kaspersky himself ordered feeding dead ducks into the system, Russia and Ukraine are nonetheless hotbeds of malware activity, and corruption/organised crime is a serious problem in those countries. It is most definitely not inconceivable that the department the lads were working in was compromised and did send out those dead ducks. And Kaspersky does strike me as the type of guy who will apply the knife liberally , possibly followed by cauterising with red hot iron, in dealing with things like that, regardless of the toes he may be stepping on.

          1. Anonymous Coward
            Anonymous Coward

            Re: Not Kaspersky

            "He's Russian."

            And he drinks a lot.

            .: Very likely an alcoholic.

            It's not an outrageously unlikely hypothesis.

        2. This post has been deleted by its author

    3. Allan George Dyer Silver badge

      Re: Not fishy at all

      Interesting article, after the attention-grabbing soundbite, "They are charlatans and scammers", Chris DiBona says, "No major cell phone has a 'virus' problem in the traditional sense" and "Yes, a virus of the traditional kind is possible, but not probable". I'd take 'traditional virus' to mean 'program that alters other programs to include a (possibly modified) copy of itself', and a defence against that is limited transitivity, which a walled garden can provide. However, 'anti-virus' suites nowadays are more general, acting against all types of malware, such as trojans. A trojan can be distributed in a walled garden, if the gardener is not doing his job. Can anyone name an app store where a malicious app was passed through vetting?

      Google feels it is necessary to bad-mouth anti-malware vendors because admitting they are necessary is an admission that Google is unable to make its app store perfectly safe.

      Full disclosure: I sell anti-malware software and Eugene has given me vodka.

  3. Paul Crawford Silver badge

    What I don't understand is how it is possible to misidentify a proper Windows system file. Surely MS can provide something like SAH256 hash values of every legitimate build they have released in the last decade or so?

    So what is going wrong, don't the AV firms check?

    1. Destroy All Monsters Silver badge

      Yup, makes absolutely no sense for me either.

      1. Anonymous Coward
        Anonymous Coward

        Microsoft trying to increase MSE usage (ultimately to 100%). Covering their tracks by making it look like GCHQ making it look like the Chinese making it look like the Russians making it look like the Americans trying to discredit Kaspersky.

    2. Ken Moorhouse Silver badge

      The Participant Observer Problem

      >What I don't understand is how it is possible to misidentify a proper Windows system file. Surely MS can provide something like SAH256 hash values of every legitimate build they have released in the last decade or so?<

      Yes, but the ultimate pwn is the Rootkit that can simulate the calculation of clean hashes. If this arrived on the machine before the AV engine could detect it then it would be difficult if not impossible to detect subsequently using an in situ scan. The AV engine would be relying on a corrupt source of information when checking file signatures.

      1. TechnicalBen Silver badge

        Re: The Participant Observer Problem

        A hash for every Windows file?

        I'm no mathematician, I've not calculated the number of possible collisions, or the size of the file.

        I would assume though, that a list of hashes, would be greater in size than an actual windows install, as windows is multiplatform and thus different on certain systems.

        Oh, and that's before I consider search times involved.

        (Though searching a larger download/update/package before install is fine. Checking every .ini file and .jpg etc on my HDD against a hash? Less sane)

        1. Destroy All Monsters Silver badge
          Windows

          Re: The Participant Observer Problem

          I'm no mathematician, I've not calculated the number of possible collisions, or the size of the file.

          There would not be many collisions. That's the point of a hash.

          The number of file versions is not going to get particularly astronomical even if Microsoft is involved. For whitelisting, it sounds like a sure proposal.

          Size of the file is irrelevant. Actually I would chunk it and hash the chunks.

          But the important point is that these files have internal structure. DLLs are not big blob. Hash the various parts or have more interesting ways of checking. Pretty sure this must be done anway.

        2. Vic

          Re: The Participant Observer Problem

          Checking every .ini file and .jpg etc on my HDD against a hash? Less sane

          Not really. Every installed package on my box has an entry in a database to say what its file size, modification time and hash are. Now that doesn't cover every file I've created myself - but it involves the majority of files on my box.

          It all works rather well...

          Vic.

        3. Adam 1 Silver badge

          Re: The Participant Observer Problem

          > A hash for every Windows file

          That wasn't the suggestion. It was system files. These would number in the thousands. Even if there were a million system files, that would only take 32MB of storage to hold every hash.

          The bigger question is how you prove that your hash database hadn't been compromised.

          1. YetAnotherLocksmith

            Re: The Participant Observer Problem

            Well, you could take a hash of it?

            (But then what if the hash generator was hacked to return the right value? It's an endless loop.)

            Surely someone will say "Use the blockchain, duh!" in a minute?

            1. Adam 1 Silver badge

              Re: The Participant Observer Problem

              The hash of the hash file has to be stored somewhere. That somewhere can also be compromised.

  4. Destroy All Monsters Silver badge
    Big Brother

    Nuland distributing cookies

    Rather certain some TLAs of "the West" (and possibly some of "the P.U.T.I.N.") would be happy with Kaspersky a smoking ruin. There would be less discoveries of weaponized software that one couldn't smooth-talk away by a short visit of Agent Smith.

    In other news, why is General Odierno now talking up "a sustained war with Russia" on russian soil?

  5. Anonymous Coward
    Anonymous Coward

    Riding bears to the beach? Fucking hell, they're manly in russia.

    Back later. Surfing my gator to the office.

    1. Adam 1 Silver badge

      Lame. Walking to office*

      *in Australia

    2. Rich 11 Silver badge

      Riding bears to the beach? Fucking hell, they're manly in russia.

      And that's after beating each other with bundles of birch twigs in the sauna.

  6. Anonymous Coward
    Anonymous Coward

    So this guy routinely slaps his staff with a walrus penis, and everyone thinks it's a jolly jape.

    When I slapped the girl in accounts with my actual penis, I got fired.

    It's always one rule for them, and another rule for us.

  7. Anonymous Coward
    Anonymous Coward

    Re: ' Walrus Penis'

    Did the Walrus consent to this or is this yet another case of senior management taking advantage of innocent mammals for their own gratification?

    1. hplasm Silver badge
      Coat

      Re: ' Walrus Penis'

      Oh! The huge manatee!!

  8. J J Carter Silver badge
    Childcatcher

    All these AV businesses have an 'arms length' team writing new viruses so the gravy train keeps rolling.

    1. Anonymous Coward
      Anonymous Coward

      J J Carter,

      Your grim analysis reminds me of a Vincent Price/Peter Lorre film called 'Comedy Of Terrors', which demonstrates the 'Business Model' you've described.

    2. YetAnotherLocksmith

      You're thinking of FBI sting terror plots here, aren't you?

  9. Richard Tobin

    Conflict of interest

    Can you think of an industry with a more obvious conflict of interest? They need a constant supply of new malware, and if they know about it before their competitors, even better. And what's the best way to achieve that?

    1. Allan George Dyer Silver badge
      Trollface

      Re: Conflict of interest

      You forgot the troll icon.

      How about, Firemen, Doctors, street sweepers?

      We had enough new malware in the 1980's - one new item a month is enough to make a subscription necessary, why would anyone make more work when there are tens of thousands of new samples a day? Knowing about it before your competitors only gives an advantage of hours - you don't get credit for detection until a testing organisation has a sample, and testing organisations are part of the sample distribution structure. On top of that, there's the chance of getting caught.

      Full disclosure: I sell anti-malware software and Eugene has given me vodka.

  10. This post has been deleted by a moderator

  11. Pascal Monett Silver badge
    Stop

    AV vendors "make" viruses ? Bollocks.

    Enough with the lame conspiracy stuff. AV vendors don't need to make new viruses, there's largely enough asshats on the intertubes to do the job for them.

  12. ShrNfr

    Hey gang, everyone should own an oosik. http://briankulik.com/ode.html

  13. JustNiz

    Anybody that allows their boss to slap them with a walrus penis in the first place, deserves it.

    1. Anonymous Coward
      Anonymous Coward

      "Anybody that allows their boss to slap them with a walrus penis in the first place, deserves it."

      That's nothing here they make use use Outlook, every f*cking day!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019