back to article Homeland Security drops the hammer on Kaspersky Lab with preemptive ban

Despite pending legislation to ban US federal government offices from using Kaspersky Lab security software, Homeland Security has issued a Binding Operational Directive demanding that the products be removed within 90 days. The directive gives government IT managers 30 days to identify which – if any – of their systems have …

  1. Voland's right hand Silver badge

    McCarthy Lives

    And so does the House Committee on Un-American Activities.

    1. Yet Another Anonymous coward Silver badge

      Re: McCarthy Lives

      Wait until they found out that many people in government are using Arabic numerals

    2. hplasm Silver badge
      Holmes

      Re: McCarthy Lives

      'Un-American Activities.'

      Whatever the rest of the world does.

    3. anothercynic Silver badge

      Re: McCarthy Lives

      Who are the downvoters? Seriously... Voland's right hand is right. This reeks of McCartyism, Rebooted.

      1. Archtech Silver badge

        Re: McCarthy Lives

        I've noticed that there usually seems to be one downvote against any reasonable, informative comment - like my own, for instance.

        Watch this space!

  2. Anonymous Coward
    Anonymous Coward

    Yup, it's payback

    As I said before here, it's purely Chinese whispers made by Americans about a Russian company. There is not a shred of evidence, but Kaspersky has a history of refusing to whitelist ANY government spyware.

    This is thus either payback, or the agencies are gearing up to raid the homeland and don't want Kaspersky to give the game away. Or both.

    1. Sir Runcible Spoon Silver badge
      Joke

      Re: Yup, it's payback

      Or

      Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts

      the NSA was considering asking them to help infiltrate Russian assets and this stance upset them.

  3. Anonymous Coward
    Pint

    I wonder who the real oppressor is here...

    First of all this brings me back to the news surrounding the 50's and 60's. You see; although the US claims to be the "land of the free" it really should be mentioned that this is "the land of the free to do as we tell you". Back in those days, the days of the cold war, the US disliked everything even closely related to communism. But worse: plenty of innocent people (from civilians to more well known people) saw their careers and reputation getting ruined because... .. the government suspected that they might be sympathetic towards communism. In other words: thought crimes. They didn't condemn people for the way they acted and/or behaved, nope, but for what they might have believed. Of course this backfired eventually and many "high class" politicians were forced to step down, but the damage had been done nonetheless.

    The witch hunts all over again.

    Isn't this a bit of the same? See, there's another thing I have a problem with:

    "The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks"

    Doesn't the same apply to US laws? I mean... just look at the NSA and Apple encounter, Apple was pretty much forced to comply to their wishes and only after Apple went public with the whole thing and still stood their ground things went sour for the US (after which even the president started mentioning stuff like "unpatriotic acts").

    Can we now conclude that it is official then? So it's down to "Do as we say, not as we do"?

    There's a word for that... when you uphold double standards and double morales....

    1. Mark 85 Silver badge

      Re: I wonder who the real oppressor is here...

      Those who forget history, are doomed to repeat it. That has always been true. Ask a dozen kids who Senator Joseph McCarthy was and you'll probably get a blank look. Indeed.. the witch hunts have started again.

      1. ForthIsNotDead

        Re: I wonder who the real oppressor is here...

        Thing is, McCarthy was right: The United States political infrastructure in particular *is* indeed infested with Communists. Well, okay, maybe not card-carrying members of a Communist party, but post-modernist Marxist-Leninist worshippers. From Hillary Clinton right down. American universities are fucking INFESTED with them.

        Burn them.

        Burn them with fire.

        1. Archtech Silver badge

          Re: I wonder who the real oppressor is here...

          Actually, downvoters, ForthisNotDead is quite right.

          1. Yet Another Anonymous coward Silver badge

            Re: I wonder who the real oppressor is here...

            Although a segment of American politics believe that removing tax breaks on slave ownership is an example of Communism

          2. Uffish

            Re: "ForthisNotDead is quite right..."

            ... wing.

            FTFY

        2. Chemical Bob

          Re: I wonder who the real oppressor is here...

          "Burn them. Burn them with fire."

          Well, DUH! What else are you going to burn them with?!

          1. IT Poser

            Re: Well, DUH! What else are you going to burn them with?!

            Bubbles of course.

            Sadly only the five others who were there for that DnD game will fully appreciate the joke and, AFAIK, none of them regularly read El Reg.

          2. h4rm0ny

            Re: I wonder who the real oppressor is here...

            >>"Well, DUH! What else are you going to burn them with?!"

            Acid? Re-entry friction? Scathing comebacks? :)

        3. Uffish

          @ ForthIsNotDead

          Strange that you can type but not think.

    2. Eddy Ito Silver badge

      Re: I wonder who the real oppressor is here...

      Yep. It's hunting for an enemy because there is the possibility that people may start to get wise to "the war on [non-entity]" that results in unending warlike behavior. It's one of the main reasons I have a love/hate relationship with Rand Paul. Sometimes he's just a bit too far out there like it should be the state's right to decide on whether marriage is strictly hetero or allows homo which is total bullshit because the state has no business getting involved in the relationships between consenting adults. Other times it seems like he is the only member of congress who has any lucid thoughts at all.

    3. Florida1920 Silver badge

      Re: I wonder who the real oppressor is here...

      It was pretty messed up. I enlisted in the USAF in 1965. As a youth I was a shortwave listener. Radio Moscow was easy to hear and I got a few QSLs from them. When they started sending me propaganda I wrote and asked them to stop. They did. (Now I'm sorry -- the stuff might be worth a lot!) When I got my ham license I managed to contact a few Russians, but our Morse Code conversations were very short: the Russians' names, cities, transmitter power and antenna.

      I only needed a Secret clearance for my job, but there was a background check. When I went to start my first assignment, my clearance hadn't come through. Went to find out why. Turns out some neighbor had reported that I listened to R Moscow and talked to Russians (Mom must have blabbed) and my file was set aside and forgotten. After a few questions the officer laughed and my clearance went through. This was the state of paranoia in the 60s, and I've never forgotten it. Or the uptight neighbor I'm sure was the culprit. Probably getting even with me for interfering with their TV.

      Seems to me the Kaspersky ban has little to do with national security. It's just another way to take a poke at the Russians, after the fact. The horses got out and the horse's ass is in the White House. But no one knows what to do about that, so they pick the low-hanging fruit.

  4. Anonymous Coward
    Anonymous Coward

    If the US administration keep pushing China and Russia...

    ...maybe they will evolve their own OS and software. We all (I think) know the none-too glorious history of Red Flag Linux, so the presumption has been that they can't or won't, or that they won't stick at it.

    But it is a very interesting thought exercise to consider how much of the US domination of tech is purely down to the dominance of two operating systems, Windows and Android. If the US government keep the pressure on Russia and China, then maybe the next two most powerful countries on earth might conclude that they really should break away from these two companiies' products.

    No commercial monopoly lasts forever. Maybe the DoHS have just signed the death warrant of Microsoft and Google's supremacy? In the grand sweep of history, that doesn't seem impossible.

    1. Pascal Monett Silver badge

      If I'm not mistaken, China is already using it's own version of Linux.

      Given the current push on security, global knowledge of NSA activity and Microsoft's dismal handling of Windows 1 0 updates, I'm guessing that, in the next twenty years, there will be more country-based versions of Linux. Okay, scratch that, I'm hoping there will be.

      One thing is for sure though, there will be a lot more encryption going around, and there's nothing any so-called democratic government can do about that because businesses (aka the real money men) need that to inspire confidence in the sheeple.

      1. h4rm0ny

        US government seems determined to make life hard for Microsoft! First they try to scupper any hopes for MS's AWS services in Europe by acting like they own MS's data servers in Ireland. They carry out mass-surveillance on European allies ("This is not what friends do" - Angela Merkel's beautiful summary). And they introduce laws that allow them to force US tech companies to assist them in surveillance and criminalise telling that they do so. And now they're practically asking Russia to use GNU/Linux more!

        And I thought El Reg commentards hated Microsoft!

        1. HandleAlreadyTaken

          > they try to scupper any hopes for MS's AWS services

          I heard they'll be putting spyware on all new Google iPhones too!

        2. Fatman Silver badge
          Linux

          RE: And I thought El Reg commentards hated Microsoft!

          As a longtime Linux user, you can put me in that category.

          Due to this freak of nature named 'Irma', I have been forced to flee my home and take refuge elsewhere.

          Getting on-line wasn't that hard, but, since I didn't drag my PC with me, I am forced to borrow a laptop infected with Windows WindlowZE

          $DEITY damn do I hate WindblowZE!!!!

          1. h4rm0ny

            Re: RE: And I thought El Reg commentards hated Microsoft!

            No bootable pen drive distro? You should keep one handy for emergencies.

            1. Yet Another Anonymous coward Silver badge

              Re: RE: And I thought El Reg commentards hated Microsoft!

              Stallman would have just whistled his comments to the server directly from a payphone

        3. Updraft102 Silver badge

          "They carry out mass-surveillance on European allies ("This is not what friends do" - Angela Merkel's beautiful summary)."

          I agree with her on principle, but spying among allies is nothing new. Germany may have been doing the same to the US, "what friends do" or otherwise:

          http://www.telegraph.co.uk/news/2017/06/22/germany-accused-hypocrisy-claims-spied-usa/

          As far as the NSA goes, they would likely react to Merkel's statement like she was speaking Martian. "What do you mean, we don't spy on friends? We spy on everyone!" Which they do-- their own countrymen among them, ostensibly protected by the US Constitution*, the people that they as public servants are supposed to be serving. They spy on everyone. Such is the nature of government... in this age when mass surveillance is cheaper and easier than ever before because of technology, the US is far from the only surveillance state in the developed world. Sadly.

          As far as the US government making Microsoft's life difficult... well, that's what they do. They're not out being hostile to the world so they can be nice to American businesses or citizens. They're just flat out hostile to everyone, without exception. They're not out to promote the interests of American people or American businesses... that's the excuse they may give when some politician wants to show his constituents that he's "doing something" about the NSA, but the reality is that they're only interested in the interests of the US government and the NSA specifically, which makes them opponents of American business interests and American citizens, not friends.

          In short, we Americans don't like them either, but they do whatever they want regardless of what elected officials may claim they want. As the oft-cited quote that may or may not have been said by Mark Twain goes, "If voting mattered, they wouldn't let us do it." (The quote's authenticity has been questioned, but it's a fitting statement of affairs even if some unfamous person made it up.)

    2. a_yank_lurker Silver badge

      Re: If the US administration keep pushing China and Russia...

      "Maybe the DoHS have just signed the death warrant of Microsoft and Google's supremacy?" As far as OSes, Bloat is probably much more vulnerable because it is closed source. Android, or a good chunk of it, is open source. It is much easier to hide backdoors in closed source than open source as only a small number people can ever see the closed source code. Open source, by design, allows any to review the code, compile it, etc. so in theory the backdoors could be found by anyone (in practice most do not review the code). All that would be needed is for a few countries to ban Bloat until it is open source and replace it with a Linux distro.

      Apple may get caught in the crossfire.

      1. Yet Another Anonymous coward Silver badge

        Re: If the US administration keep pushing China and Russia...

        But opensource is Communist and causes cancer

      2. Paul 195

        Re: If the US administration keep pushing China and Russia...

        It ain't so easy to avoid backdoors as simply compiling the code yourself. I refer to you the famous paper "Reflections on Trusting Trust": https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

    3. Uncle Slacky Silver badge

      Re: If the US administration keep pushing China and Russia...

      ISTR Putin being quite keen on helping the ReactOS crew a while back. An independent Windows-compatible OS would be right up their street.

    4. Archtech Silver badge

      Re: If the US administration keep pushing China and Russia...

      I think you will find that Russia, at least, can produce far better software than the USA and Europe. I don't know about China yet, but I wouldn't underestimate its resources either.

      American (and Western in general) software has tended to conform to "commercial realities". For ten years I analyzed software products and standards for a large multinational computer corporation, and for a further 20 years I have continued that interest. And one of the most obvious patterns I noticed was that companies that have brilliant ideas and focus on quality are usually either driven out of business or acquired (basically to get rid of them). In the West, it's huge monsters like Microsoft and Oracle, and to a lesser degree HP and IBM, that rule the roost, and they are very clear about their priorities. Long-term profit first, growth second, image third, with customer satisfaction and product quality so far down the list they are almost invisible.

  5. fidodogbreath Silver badge
    WTF?

    Quite the planning process, this

    60 days to develop a plan to get rid of it

    Is it really that difficult?

    Reminds me of The Hunt for Red October: "Son, yer average Rooskie don't take a dump without a plan." Only now Homeland Security are the ones with the dump-planning workflow.

    1. Sandtitz Silver badge
      Thumb Up

      Re: Quite the planning process, this

      "60 days to develop a plan to get rid of it"

      "Is it really that difficult?"

      It's called government efficiency.

    2. h4rm0ny
      Flame

      Re: Quite the planning process, this

      >>Is it really that difficult?

      Nah, it's a fairly simple operation. Unlike McAffee where I had to download and run a (well-hidden) executable from their website to get rid of their bloody "1 month free" install from a shop-bought laptop. :/

      But seriously, it can be a pretty big headache in Enterprise. You've got to arrange its removal from x hundred PCs in your organization, you've got to find the budget and organize purchase orders of a replacement, deal with any process changes for distributing updates centrally to whatever new virus vendor you choose. And the necessary meetings, of course. ;)

      Basically, US government has just handed down one more PITA to the busy sysadmins of America. For (I strongly suspect) political point scoring. Or perhaps just a quick buck for American AV vendors. Who knows? :/

      1. Mark 85 Silver badge

        Re: Quite the planning process, this

        But seriously, it can be a pretty big headache in Enterprise. You've got to arrange its removal from x hundred PCs in your organization, you've got to find the budget and organize purchase orders of a replacement, deal with any process changes for distributing updates centrally to whatever new virus vendor you choose. And the necessary meetings, of course. ;)

        Let's see... the last place I worked managed about 8,000 pc's. Desktop Engineering took the version of Windows to be used, removed all BS that the company didn't want (such as games, AOHell, etc.) and then loaded in the stuff they did want like Office, certain proprietary programs. This became the master. A copy was sent to the company selling us new PC's and all PC's were imaged from the master. Anytime an employee left the company, their PC's was re-imaged for the next user. If a user has some serious PC issues, many times, a simple re-install from the master OS solved the issues.

        1. h4rm0ny

          Re: Quite the planning process, this

          Sure. But re-imaging isn't always convenient and would you really be happy if you suddenly found you had to re-image all 8,000 PCs in your organization? :) Plus, there are the other issues I mentioned. Yep, I stand by my calling this a PITA for Enterprise.

        2. Olivier2553 Silver badge

          Re: Quite the planning process, this

          "Let's see... the last place I worked managed about 8,000 pc's."

          You simply forget we are talking about government bodies where buying 8000 licenses of a software takes half a year to negotiate.

          1. Yet Another Anonymous coward Silver badge

            Re: Quite the planning process, this

            And the contract with HPE didn't include uninstalling software so they need to negotiate a deal, which will strangely cost more than the original windows install.

            In house staff couldn't do the uninstall because that would violate the warranty and anyway they were all downsized when support was outsourced to HPE

      2. gerdesj Silver badge

        Re: Quite the planning process, this

        "Unlike McAffee where I had to download and run a (well-hidden) executable from their website to get rid of their bloody "1 month free" install from a shop-bought laptop. :/"

        Bollocks. I'm a unix sysadmin and even I know that a browse through the reg keys (from memory - my laptop runs Arch Linux) HKLM\software\microsoft\windows\currentversion\uninstall will give you the uninstall string for any .msi based software. Failing that you stop services, kill processes, delete directories and plough through the registry. A few reboots might be required but it isn't rocket science.

        ... and McAfee has one fucking f. Oh and add/remove programs has an uninstaller link anyway, even for the free version - you've cocked up in some way if you think you need an additional "cleaner" - which they even provide.

        OK I may have spent one or twenty years doing Windows sysadmining as well.

        1. h4rm0ny

          Re: Quite the planning process, this

          It's not "bollocks". I had to remove McAfee from someone's shop-bought laptop years ago. Around six years ago? Firstly, Add / Remove programs didn't allow the removal of McAfee. They'd blocked that somehow. And your suggestion of searching the registry, manually killing processes, deleting install and operating directories and "a few reboots" is 'all that is required' isn't really making much of a case for removing McAfee being "not rocket science".

          Seriously - why so angry?

    3. 2+2=5 Silver badge
      Happy

      Re: Quite the planning process, this

      > Is it really that difficult?

      Hmmm, let's see....

      90 days to remove Kaspersky ... no problem.

      It's now September. Departmental budgets for the next financial year are just about being submitted now. So, choose a project to sacrifice (unless the DHS are offering new money - I thought not); move the 'New Anti-Virus' project to the front of the queue; assume approval is a no-brainer, in which case the project will be ready to roll come April, at the start of the new financial year. I confidently expect the replacement AV to be rolled-out and working by 1st August 2018.

      ;-)

  6. Pascal Monett Silver badge
    Trollface

    "60 days to develop a plan to get rid of it"

    Here's a hint : Windows key + E, click Computer, click Uninstall and select Kaspersky.

    Then install the NSA-approved software of your choice.

  7. GBE

    If they do review the source code?

    Even if DHS (or whoever) reviews the source code, that's no guarantee that what's installed was built from that source code. In order for the source code review to be meaningful, DHS would have to build the executables and installers from that source code and create an internal distribution. They would also have to review and host all virus pattern definition files (or whatever) that are pushed to the PCs periodically.

    A project like that undertaken by the gubmint would take many years and cost thousands of lives....

    1. h4rm0ny

      Re: If they do review the source code?

      Honestly, I think Eugene Kaspersky would be mad to provide the Source Code to the USA. Remember that Kaspersky Labs exposed both the Equation Group (NSA) and Stuxnet (Israeli and USA targeted malware), so it's not like we can assume neutrality by the US government. Indeed, the Equation Group has attempted to penetrate Kaspersky Labs before. So Game Theory perspective we have the following possibilities:

      1) Kaspersky software has sneaky backdoors in it.

      2) Kaspersky software does not.

      If it's #1 then obviously it's not in Kaspersky's interests to share source code. (Though you're right - proving executables match the source is a non-trivial task, I fully agree).

      If it's #2 then Kaspersky knows that they are innocent and that this is likely for ulterior motives. In which case providing the source will only be giving away something of value for little likelihood of fair treatment.

      So basically, there's no good reason for them to share source code. I suppose they might - because I suspect it's clean - but they'd have to be very optimistic to do so. And given the last hundred years of Russian history, I salute any Russian who is somehow an optimist. ;)

    2. The Original Steve

      Re: If they do review the source code?

      I'm not saying it's easy or ideal, but it's entirely possible.

      I'm not familiar with Kaspersky, but most AV's have the core product, the engine and definitions split out. Checksums for the base software matching what the DHS had from their compiled version is easy enough.

      Depending on how often the engine updates, it's pretty easy to do the same. Could be as simple as a special version for us.gov, code reviewed where engine updates are done by updating from a us.gov update server, where Kaspersky ping the source for us.gov to compile. Release notes and code audit is possible, just means us.gov may have delays in the latest engine, but it's certainly possible.

      Definition updates are much harder to review in a timely manner, but surely have the source for todays definitions that have been reviewed as a starting point, then when a definition updates, Kaspersky send us.gov the compiled new definition, plus source, plus change notes. Us.gov compiles and checks it matches the checksum of the public definitions, and if us.gov make the same changes that Kaspersky detail in the change record and it also matches you're certain you know the source / compiled / public releases are all the same and you know it's all clean.

      That plus ad-hoc full audits would probably do it.

      I'm sure that's a very crude, inefficient and basic suggestion as I'm an infrastructure guy, not a developer. But if I can come up with the above - albeit crap - solution where I'm far from qualified to come up with anything, then I'm sure the brightest and best developers in Russia and US can come up with something solid. I dare say that the development inclined pros reading El Reg can come up with a proper solution in a matter of minutes.

  8. DougW
    Big Brother

    mal where

    Maybe it was catching an inappropriate number of NSA spyware?

    1. Sir Runcible Spoon Silver badge

      Re: mal where

      "Mal - bad in the Latin"

  9. Jim-234

    Payback for exposing state sponsored malware

    It's a pretty plain and simple case of political payback for having unmasked state sponsored malware a few too many times.

  10. Anonymous Coward
    Anonymous Coward

    Oh, come on

    So some of you seem to be saying that a Government has no right or obligation to protect itself?

    That it should naively trust a company with roots in the soil of a perpetual sworn avowed enemy?

    No doubt the greater number of those with that opinion have also felt free and justified in snickering at those same Governments for their lax security and now that they are waking up, so to speak, they're still wrong, only more so?

    K, as do most others, "phone home" quite often. Oh, not to worry, they are all "checking for updates", that's all.

    But who has a packet sniffer going constantly to examine such communication and, further, has the ability to decipher exactly what may be in the transfer?

    The real world is filled with people with very specific interests. And, for the most part, not "your best", but theirs.

    1. a_yank_lurker Silver badge

      Re: Oh, come on

      More like I do not believe the ferals about K because they are known, serial liars. Also, there are other AV products made outside of feraldom, if K is Putin's pocket who is say that the others are not in someone else's back pocket. So far, we have innuendo from the ferals alleging K is a bad boy but not even a whiff of smoke to back it up.

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh, come on

        And Kaspersky paid a fee to Michael Flynn, the elder, when still a Trump "good guy", why, exactly?

    2. h4rm0ny

      Re: Oh, come on

      >>"So some of you seem to be saying that a Government has no right or obligation to protect itself?"

      I think rather that we are saying a government protecting itself is not necessarily the same as a government protecting us. As many have observed, not only are we more likely to be spied upon by our own state than a foreign one, but our own state is far more likely to act in a negative way to us as well. If I anonymously leak something the government wants not to be known, or associate with someone the government doesn't want me to associate with, it's not going to be the Russian police who show up at my house. And if secret information is used to prosecute me for something, it's going to be that acquired by my own government, not by Russia or China.

      >>K[aspersky], as do most others, "phone home" quite often. Oh, not to worry, they are all "checking for updates", that's all. But who has a packet sniffer going constantly to examine such communication and, further, has the ability to decipher exactly what may be in the transfer?

      Well actually, not only do independent security researchers do it privately but I'm also certain that if Kaspersky were downloading something it shouldn't that we would have heard about it. Companies like Norton or McAfee or TrendMicro would love to be able to report "Our rival spies on you! Buy from us!" And they have the expertise to find such malicious behaviour because they are industry experts themselves (Well, TrendMicro are, anyway. ;) ). Equally, the NSA would drool at the chance to expose evidence of Kaspersky wrong-doing if they actually had any. I guarantee we wouldn't just be hearing "banned because maybe they might" if the NSA could pin something on them. So definitely there are parties monitoring for the things you say and quite expert parties at that. And their motives would unarguably be to expose anything they found.

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh, come on

        "Well actually, not only do independent security researchers do it privately but I'm also certain that if Kaspersky were downloading something"

        Shirley, you meant "uploading something"? I know I did.

        1. h4rm0ny

          Re: Oh, come on

          >>Shirley, you meant "uploading something"? I know I did.

          Poster I responded to was talking about it updating itself with something nefarious - either software updates or dodgy malware definitions. So yes, in this context it is downloading.

      2. Andus McCoatover
        Windows

        Re: Oh, come on

        "Equally, the NSA would drool at the chance to expose evidence of Kaspersky wrong-doing if they actually had any"

        Truth never bothered them. If they had no evidence, they'd just manufacture their own!

        (Stupid child!)... :)

    3. Olivier2553 Silver badge

      Re: Oh, come on

      "K, as do most others, "phone home" quite often. Oh, not to worry, they are all "checking for updates", that's all."

      Then get your IT infrastructure set-up correctly. You have a internal server that handle all the updates, so the antivirus on the PC will not phone home And if your PCs carry so sensitive information, they should not be allowed to connect to outside anyway.

    4. Updraft102 Silver badge

      Re: Oh, come on

      "But who has a packet sniffer going constantly to examine such communication and, further, has the ability to decipher exactly what may be in the transfer?"

      The NSA?

  11. Kevin McMurtrie Silver badge
    Black Helicopters

    All of the above

    1) Kaspersky may be legit now but a government takeover could produce a software update where it's not.

    2) That same government might instead decide to empower the anti-virus tool to discover planted malware that the US government wants to remain secret.

  12. Boohoo4u

    China has AV software?

    Just wondering what they replaced Kaspersky and Symantec with...

    I haven't found any AV that has protected users from users successfully yet... but I'm always looking.

    1. Anonymous Coward
      Anonymous Coward

      protecting users from users

      a 36 inch hardwood yardstick in the hands of a matronly woman dressed in a nun's habit walking the aisles might form a good starting point for any plan you design and implement

  13. Anonymous Coward
    Anonymous Coward

    "Bloomberg reported it had seen emails between chief executive Eugene Kaspersky and senior Kaspersky staff, outlining a secret cyber-security project apparently requested by the FSB. Bloomberg suggested that the tools not only deflected cyber-attacks, but also captured information about the hackers launching them, to pass on to Russian intelligence services. Also in July, the US government's General Services Administration removed Kaspersky Lab from a list of approved vendors."

    http://www.bbc.com/news/world-us-canada-41262049

    1. Updraft102 Silver badge

      I don't really have a problem with Kaspersky reporting information about cyberattackers to the Russian government. I would not have a problem with an American AV reporting that to the American government either, even with me being as critical of the US government's spying as I am. Cyberattacks are criminal actions with real victims... while the US government does way too much of going after nobodies who never meant any harm, it does have a legitimate role in going after the actual people out there causing real (not imagined or potential) harm. Same goes for the Russian government.

      I don't see that as nefarious at all.

  14. moiety

    Probably says more about US antivirus software than it does about Kasperski

  15. DasWezel
    Happy

    Suddenly

    I feel reassured about our recent decision to move to Kaspersky.

  16. Gotno iShit Wantno iShit

    Not the same thing.

    It's worth noting that China banned Kaspersky software from government contracts in 2014. But it also banned Symantec's code from its systems as well. Only Chinese security software is on the approved purchasing list.

    The US is blocking Kaspersky because it might have a Russian controlled back door in it. China is mandating Chinese AV because they know damn well there is a Chinese controlled back door in it.

  17. steviebuk Silver badge

    Odd...

    ...considering they are leaving Donald Trump in the White House.

  18. Slx

    It won't be too long now before you have to install your "America First Chip" to access online services.

  19. Doctor Huh?

    Something about horses and barn doors...

    It's funny/scary that this plan only works if Kaspersky AV ISN'T a threat.

    If it is a threat, the software has had administrative access to the machine and can affect the deepest levels, and the only certain remedy would involve scrapping hardware. They don't appear to be doing that.

  20. Mike Shepherd
    Meh

    In plain sight?

    "There are two possibilities...1...Kaspersky is a tool of the FSB..."

    If so, you'd think the FSB would choose a more American name, perhaps "Dexter" or "LeRoy".

  21. Anonymous Coward
    Anonymous Coward

    " impact of Russian regulations and policies on the company"

    Interesting.

    I recently contracted with a small software house in England who supply, among others, Kaspersky. An edict came down from them that "No Contractors!" were to work on any of their bug fixes, enhancements, change requests etc.

    We happened to have a subcontractor in Ukraine at the time.

  22. Palpy

    Is it paranoia --

    -- if they really are out to get you?

    All of the US intelligence agencies (16 of them? I forget) agree that Russian actors used 'cyber'-stuff to influence the recent US election. ('Cyber' --what a bad prefix. But it covers internet dis- and dys-info, voting machine hacking, and a range of other computer-related attacks and activities, so I guess it stands.)

    The Russians have played naive Americans for fools (see D. Trump Jr. and Jared Kushner, et al), and have turned Americans into Russian tools (see ex-general Michael Flynn, now under threat of felony charges for serving Russian interests in the Middle East. Again, et al.)

    Point being, we know that Russian interests are actively infiltrating and subverting Western systems.

    From a Western perspective, Putin's government is corrupt, authoritarian, and militaristic; and Putin has expansionist hopes. The nature of Russia's oligarchic power structure means that corporate leaders find it very much in their best interest to cooperate with high-level political actors. If they do not cooperate, then their business may not survive. And they may not personally survive (see Boris Berezovsky, for example). Eugene Kaspersky, and his company, have survived. It's typical that we would not know what deals a Russian businessman made under whatever tables in order to prosper in that milieu.

    I think that the NSA are quite good at gathering info, and I think they are quite overwhelmed by the volume they are collecting. I think they usually can't find a cow in their massive haystacks of data, let alone follow threads back to each hidden needle in the haystack. IMHO, the Russians have the NSA well outclassed in offensive tactics and strategy. I think the NSA (and other agencies in the know) are running scared. They don't think that they have the ability to know if Kasperksy is on the up-and-up, even given source code.

    There is therefore probably a large amount of hand-flapping going on, but also quite a volume of genuine cold sweat -- because of what we know about Russia, its leaders, its sophisticated and aggressive actions, and its current level of antagonism toward the West.

    Is this more like historical McCarthyism, or more like historical Cold War era intelligence battles?

  23. JaitcH
    Meh

    None Too Smart - But that's the US 'Intelligence' Lot

    There are programs used by the US Government departments that have thousands of lines of code written by subcontractors in other countries. And I am thinking China and Russia, as well as India, etc. And these reams of code aren't identified as "Written by Russians" either. One of the few ways to identify such code is to check them for comments buried in the code.

    The DPRK is smarter, it will allow NO ONE other than North Koreans to touch the code for either rocket or any other military projects. In fact, Foreign Guest Workers aren't allowed anywhere near any military hardware or software production!

    Some of the Russian security services have reverted to using TYPEWRITERS which are very hard to 'hack'.

    Obviously this an attempt to persuade US corporations to 'buy American' so the NSA, et al, can deploy THEIR backdoors without having to struggle with decoding the foreign code! Obama went around the word bad-mouthing HuaWei products, whilst the British ALLOWED HuaWei to set up development labs in Banbury, with oversight/cooperation from the GCHQ.

    Meanwhile, back in the US of A, things still are akin to Harry Belafonte's "There's a Hole in my Bucket" with all and sundry saving a fortune on R&D stolen from military contractors as the systems remain little changed. Seen the latest Chinese fighter planes?

  24. Mahhn

    It's funny

    It's funny because, the only reason the US used Kaspersky in the first place is because it is the best.

    It's funny because they should have never used a foreign countries software on government systems in the first place.

    It's funny because now they will be less safe.

    It's funny because this is really out of spite by the CIA for outing Eternal blue, that was used by the CIA and popular hard hitting ransom ware for criminal activity.

  25. Anonymous Coward
    Anonymous Coward

    VEEAM too?

    If the Gov't is scared of the Russians via Kaspersky, What about VEEAM who actually store data and are owned by the Russians too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019