back to article UK government bans all Russian anti-virus software from Secret-rated systems

The United Kingdom's National Cyber Security Centre has effectively banned the use of Russian anti-virus products from government departments and revealed it is trying to “prevent the transfer of UK data to the Russian state” from Kaspersky Labs software. A guidance note published last Friday and distributed to permanent …

  1. Anonymous Coward
    Anonymous Coward

    AV - Can we really trust any of them?

    AV has always been infiltrated by NSA / FSB divisions to phone home anyway. Plus this on the Reg again, another leaky Amazon S3 bucket and a potential damning data leak affecting credit repair... But its really stuff like this that makes you go, WTF?

    https://www.theregister.co.uk/2017/11/17/us_military_spying_archive_exposed/

    If we humans cant even secure what we directly control when it also has spying and military implications. We're doomed! Its all short-termism too. Whether we're talking about senior soldier or suits @ corporations. They can only see dollar signs, quick bonuses and early retirement...

    1. a_yank_lurker Silver badge

      Re: AV - Can we really trust any of them?

      @AC - Short answer - No, none can be trusted. There have been too many reliable reports of spookhauses using a company as cover for their activities. Some cases the company is a true front but in other cases it is a legitimate company which has access to data the spooks want.

    2. Anonymous Coward
      Anonymous Coward

      Re: AV - Can we really trust any of them?

      Just be happy Microsoft offers Windows 10 Chocolate Firewall built-in.

      1. Roland6 Silver badge

        Re: AV - Can we really trust any of them?

        >Just be happy Microsoft offers Windows 10 Chocolate Firewall built-in.

        But to benefit from it, you need to have given permission for MS to access your hard disk and upload any files of interest and share them with selected third-parties...

    3. phuzz Silver badge

      Re: AV - Can we really trust any of them?

      This story is about government computers, part of the job of GCHQ (well, CESG) is to protect those computers. Surely a government controlled AV is just the right tool for the job (as long as it's the right government of course)?

      1. Roland6 Silver badge

        Re: AV - Can we really trust any of them?

        >This story is about government computers, part of the job of GCHQ (well, CESG) is to protect those computers.

        Which is even more interesting, given the discussion about the NSA exploit [https://forums.theregister.co.uk/forum/3/2017/12/02/nsa_tao_exploit_leak_guilty/ ]

        Cloud-based security software has been around since circa 2008 (Prevx, Panda,...), thus it is notable that it is only recently ie. this year, that the NSA, GCHQ etc. have woken up to this attack vector...

        1. Yet Another Anonymous coward Silver badge

          Re: AV - Can we really trust any of them?

          Why would you need AV on a system processing secret data ?

          Surely if the system can possibly get a virus you have a bigger problem than the origins of the anti-virus software?

  2. Mark 85 Silver badge

    I guess NOFORN doesn't apply anymore?

    Once upon a time here in the US (and I thought the UK had a similar notice) there was a document security level of NOFORN for "Not Releasable to Foreign Nationals/Governments/Non-US Citizens". I guess no one thought about AV companies, etc.

    1. ST Silver badge
      Terminator

      Re: I guess NOFORN doesn't apply anymore?

      > I guess no one thought about AV companies, etc.

      Well they are, now.

      The main difference is that in some countries, like the USA or UK - and many others - proof must be obtained before issuing this type of warning.

      Had NSA or DHS/NCSC - here in the US - issued a warning about certain non-US <cough>Kaspersky</cough> AV software, world+dog of morons, incompetent fools, useful idiots and paid propaganda artists would have been up in arms about NSA being stupid and evil, suppressing freedom, whataboutism, etc, etc etc. And, predictably, that was the reaction when DHS/NCSC issued the order of removal in September this year.

      I'm guessing the official line from the Internet Research Agency will now be that the UK's NCSC is stupid and evil, just like NSA? And they are biased against Kaspersky AV - who is pure and innocent like the driven snow - just like NSA? And they are suppressing freedom, just like NSA?

      1. Anonymous Coward
        Anonymous Coward

        Re: I guess NOFORN doesn't apply anymore?

        ... the official line from the Internet Research Agency will now be that the UK's NCSC is stupid and evil, just like NSA? And they are biased against Kaspersky AV ...

        I don't know of this "Internet Research Agency" you keep raving about, but yes, NCSC and NSA being biased against Kaspersky AV would be a reasonable inference from the combination of the meagre publicly released information and the dire, shrill warnings which accompanied it.

        Being aware of certain Mr. Snowden, and not being a dyed-in-the-wool patriot of any nation-state, I may even agree that many of the NSA, GCHQ, and (closer to the sweet home) CSIS activities are not in the public interest - at least, not in the way most of the public would define it.

        I still won't go as far as to declare the Eyes to be stupid and/or intrinsically evil.

        1. ST Silver badge
          Terminator

          Re: I guess NOFORN doesn't apply anymore?

          I don't know of this "Internet Research Agency" you keep raving about

          That's a lie. I provided the URL. We are to believe that you didn't follow it, not even out of curiosity. And you're posting anonymously.

          > [ ... ] many of the NSA, GCHQ, and (closer to the sweet home) CSIS activities are not in the public interest [ ... ]

          But installing the FSB's vacuum cleaner is in the public interest. Because Snowden. And according to you.

          Got it. Makes total sense.

          1. Anonymous Coward
            Anonymous Coward

            Re: I guess NOFORN doesn't apply anymore?

            And you're posting anonymously.

            Naturally. That's how I always post.

            The reason is very simple and very selfish: I do not wish to build up a publicly-searcheable profile, which would be forever associated with me. My opinions, my beliefs, and my circumstances may change in the future - as they have changed often enough in the past - while this record would remain forever immutable, and hence misleading. One option would have been to use a pseudonym - like most people do in this forum - and to periodically change it. This feels like too much work for no clear gain to me, so I choose the honest option, and do not pretend to be anything but that I am - an Anonymous Coward.

            1. Anonymous Coward
              Anonymous Coward

              Re: I guess NOFORN doesn't apply anymore?

              >pretend to be anything but that I am - an Anonymous Coward

              Would be frikking awesome if everyone did the same! Yes, I'm the same AC replying to myself. Or am I?

              >One option would have been to use a pseudonym - like most people do in this forum - and to periodically change it.

              Use anon email and register a pseudonym you haven't used anywhere else. Why would you need to periodically change it? The word 'tinfoil' comes to my mind...

            2. Aitor 1 Silver badge

              Re: I guess NOFORN doesn't apply anymore?

              A nick is not 100% reliable.

              As you say, profiles get built, and at any point they might be able to link it with you, even after deleting the account. I still post most things in my name, even those that some ppl might find liebellous.

              As for the whole anti-virus thing, I can only guess that it is mostly more embargo under pretenses.

              I do think that having sw that always runs in your computer and is reading your files in computers that have secret data is a BAD idea, unless it is you who controls said software. So why run US based SW when it is as likely to spy on you as russian SW?

          2. Voyna i Mor Silver badge

            Re: I guess NOFORN doesn't apply anymore?

            "That's a lie. I provided the URL."

            You didn't. You provided a link to Wikipedia.

            Wikipedia is about as reliable on contentious subjects as I am, and I don't trust myself an inch.

            1. Alan Brown Silver badge

              Re: I guess NOFORN doesn't apply anymore?

              "Wikipedia is about as reliable on contentious subjects as I am, and I don't trust myself an inch."

              That notwithstanding, the Internet Research Agency has been traced a number of times back into Russian netspace and it's fairly clear they're a government disinformation outfit. If you think they're the only government with one of these, you're dreaming. The rest are simply more subtle.

              1. Voyna i Mor Silver badge

                Re: I guess NOFORN doesn't apply anymore?

                "That notwithstanding, the Internet Research Agency has been traced a number of times back into Russian netspace and it's fairly clear they're a government disinformation outfit."

                Wouldn't disagree. I was just annoyed that someone claimed that a link to Wikipedia was proof of anything. As Borges observed in one of hist stories "The library contains both truth and falsehood."

                Won't get any complaints from me if someone quotes a reliable source. But on intel issues, the difficulty is finding one.

                1. Pompous Git Silver badge

                  Re: I guess NOFORN doesn't apply anymore?

                  "Won't get any complaints from me if someone quotes a reliable source. But on intel issues, the difficulty is finding one."
                  WTF did that get a downvote for? Have an upvote...

        2. FlamingDeath Bronze badge

          Re: I guess NOFORN doesn't apply anymore?

          "I still won't go as far as to declare the Eyes to be stupid and/or intrinsically evil."

          Hey, even mass murdering sociopaths have mothers that still love them...

          1. Anonymous Coward
            Anonymous Coward

            Re: I guess NOFORN doesn't apply anymore?

            Or a dog, remember a dog will always love you.

      2. Adrian 4 Silver badge

        Re: I guess NOFORN doesn't apply anymore?

        If IRA was chosen as an innocuous and bland name that nobody would connect with bad things, it was clearly not done by anyone with any knowledge of UK politics.

        1. GrapeBunch Bronze badge

          Re: I guess NOFORN doesn't apply anymore?

          "When IRA-ish Eyes are pwning

          Sure they steal your ***** away."

          Everything I've read in the past year makes me think that the old model of applying patches and new signatures every morning is hopelessly inadequate. Surely a secure model for an Internet-exposed machine will have VMs, or something like them, at its heart.

    2. Adrian 4 Silver badge

      Re: I guess NOFORN doesn't apply anymore?

      If I wanted to use an AV to steal secrets, the first thing I would do is found a company that would be seen as trustworthy. Making it overtly Russian is just bad marketing (for that purpose). Russians have a good reputation for 'clever' stuff so it will only appeal to someone who sees it as good quality but has no particular axe to grind about what country it comes from.

      If the spooks want to stop us using foreign software it won't be because there are suspicions about what it does with the data. It's far more likely that any such software is nominally American but very low cost.

      It will be because they want to make sure that any spying that's done is done by companies they control.

    3. handleoclast Silver badge

      Re: I guess NOFORN doesn't apply anymore?

      The equivalent security caveat in the UK is (or was) "UK EYES ONLY." Subdivided into "UK EYES A" (aka "UK EYES ALPHA") and "UK EYES B" (aka "UK EYES BRAVO"). There is some dispute over the exact meanings of A and B. As best I can tell, A means only people in gov't service whilst B includes people working for defence contractors. The exact meanings are probably classified far higher than UK EYES A are permitted to know about.

    4. Yet Another Anonymous coward Silver badge

      Re: I guess NOFORN doesn't apply anymore?

      I wonder if this extends to foreign operating systems running on foreign CPUs wioth foreign secret remote management engines

  3. John Smith 19 Gold badge
    FAIL

    "The issue of supply chain risk in cloud-based products,"

    Orr to give it a more meaningful description "anonymous server farms in unknown jurisdictions"

    So a pretty stupid option for anything where national security tasks are involved. No?

    1. Frank Gerlach #2

      Re: "The issue of supply chain risk in cloud-based products,"

      As long as UK data goes into American clouds, no problem.

  4. The Man Who Fell To Earth Silver badge
    WTF?

    Maybe that POS ClamAV isn't so bad.

    It's open source, so one can examine the code & compile it oneself to assure oneself it's not phoning home. I just always found it's false positive rate to be too fucking high. When I used to run it on my QNAP server, it would false positive on half a dozen files every time.

    1. jake Silver badge

      Re: Maybe that POS ClamAV isn't so bad.

      How do you know your compiler isn't inserting "phone home" code into certain things when it compiles them? Before you say "because I've read my compiler's source code", consider that you picked up a binary of the compiler before compiling anything ... including the compiler. Is that initial binary clean? How do you know?

      (Not a new or original concept ... see ken's paper here.)

      1. Lysenko

        Re: Maybe that POS ClamAV isn't so bad.

        How do you know your compiler isn't inserting "phone home" code into certain things when it compiles them?

        You know because you've got a proper firewall running on an obsolete PC (or cheap SBC) that logs and traceroutes every outbound connection from anything on the network and, if necessary, enforces a whitelist. This has the added advantage of also keeping a lid on GSnooping, MSFT telemetry and providing defence in depth against online adverts.

        1. Anonymous Coward
          Anonymous Coward

          Re: Maybe that POS ClamAV isn't so bad.

          "... logs and traceroutes every outbound connection from anything on the network ..."

          How do you know that your Network Card isn't compromised and lying to you?

          1. Jack of Shadows Silver badge

            Re: Maybe that POS ClamAV isn't so bad.

            The issue is "Trusting Trust", as in exactly to what level of detail about your systems, hardware and software you have to drill down to before you can establish absolute trust. I've spent almost a decade, off and on, listening to people that worry these things to death and they really do have a clue, either currently working with the TLA's or previous experience. It's an incredibly tedious level of detail. Establishing the root of Trust here is something I'm deeply interested in given my background. Thankfully, no one has called on me to do this professionally. Might drive me madder than I already am.

            1. Danny 14 Silver badge

              Re: Maybe that POS ClamAV isn't so bad.

              not enough tinfoil there. have you noticed your latency j7mpimg occasionally? Your ISP is in cahoots too.

            2. John Smith 19 Gold badge
              Unhappy

              "The issue is "Trusting Trust",

              Exactly

              I have suggested that if you really wanted to do this you'd have to start with a processor IS of your own design (built of parts too simple to hide a processor in), hand assemble an open source assembler, then have built the tool (open source) tool chain from there.

              Which just sounds exhausting

              Because it is. :-(

              Doing a security, anti virus or encryption company properly starts with where it's legally based, since it's clear that many governments no longer seem to accept that strong AV/Security/Encryption benefits the 99.75%* of the population much more than the 0.0025% of potential terrorists.

              *MI5 stated a few years ago they had 1500 potential terrorist suspects they were watching, in a country of 60 million people IE 0.0025%. It's unknown how many (if any) did attempt to commit a terrorist act.

              1. jake Silver badge

                Re: "The issue is "Trusting Trust",

                It's not all that exhausting ... if you had the foresight to start in roughly 1980.

                The only reason my compiler from Uni is still in development is because my daughter took it over when she was at Uni, under my watchful eye ... and now one of my nieces and one of my nephews are continuing the family tradition, with my daughter & I both mentoring them. It'll never be a commercial grade system, but it compiles modern Linux and BSD quite nicely.

                I've eyeballed the firmware on the network cards in my router. They are clean.

                I still wouldn't trust my system with National Secrets (whatever that means).

              2. Frank Gerlach #2

                "Exhausting"

                Well, the simple approach is to connect a Data Diode to the outgoing ethernet cable and then run a traffic analyzer of your own on the data stream. Never connect the analysis system bidirectionally to the interwebs.

                That should give you a quite good idea of what is transmitted out of your network.

                Or just don't connect your sensitive systems to the outside via a bidirectional link.

                A little bit of logical thinking can make a lot of actual security.

          2. Dan 55 Silver badge
            Black Helicopters

            Re: Maybe that POS ClamAV isn't so bad.

            It's compromised compilers all the way down...

            1. This post has been deleted by its author

          3. Lysenko

            Re: Maybe that POS ClamAV isn't so bad.

            How do you know that your Network Card isn't compromised and lying to you?

            I don't. If the chipset is compromised then it's game over - but then if I'm facing an adversary with that level of resource then it's game over in any feasible scenario. The point is I know that Win10, anything Google and assorted other stuff will phone home with my data given half a chance. The fact that controlling that also stops other malware is just a useful side effect.

            In any case, given RIPA, European Arrest Warrants and "USA, World Police" extraditions, Russian snooping is way down my priority list. When did the Russians last seize a British security researcher at an airport, or attempt to extradite someone to Moscow based on probable cause established only in a Russian Court? Locking out GCHQ, the FBI and the NSA is far more important so, if I were to use any closed source AV (which I don't), it would likely be Russian or Chinese.

  5. Anonymous Coward
    Anonymous Coward

    Further sanctions

    without calling them sanctions.

    Perhaps this is a tactic to distract the WTO...

    1. Voland's right hand Silver badge

      Re: Further sanctions

      It is not sanctions. It is treating the other side as an adversary which UK never ever stopped.

      In fact, I am surprised that this was not in place before, Systems which process classified data should not have software on them which talks to something somewhere in an adversary state and can upload data and download new executable code from there. This should apply across the board by the way - not just to Russian software.

      1. Paul Crawford Silver badge

        Re: Further sanctions

        "alks to something somewhere in an adversary state"

        Should exclude the USA as well, given how they have screwed the UK commercially on many occasions.

        1. Frank Gerlach #2

          Re: Further sanctions

          "Should exclude the USA as well"

          That is not how an Imperium works.

        2. Voland's right hand Silver badge

          Re: Further sanctions

          Should exclude the USA

          Aistrip One does not get the choice to exclude Oceania.

      2. Alan Brown Silver badge

        Re: Further sanctions

        "It is not sanctions. It is treating the other side as an adversary which UK never ever stopped."

        Nations do not have allies or adversaries. They have interests - Dr Kissinger pointed that out 45 years ago and anyone (or nation) which loses sight of that fundamental truth is bound to have a bad time sooner or later.

        Just as the USA spies on everyone in the EU, do you really think that the UK isn't also doing it? Especially to the USA?

        The fundamental issue is that Kaspersky detected malware on a PC - which is correct as it was malware. That malware was in a zip, so the zip was uploaded for analysis - which is only done if the user has explicitly opted into that facility. The zip happened to contain the source code for the malware.

        The fact that the malware was written by the NSA and was illegally taken out of the faciility by someone who should know better makes no difference to the fact that the software was WORKING AS DESIGNED.

        As for how the Russian govt got hold of it: Probably the same way that the NSA and GCHQ do - with massive snoop farms. I'm willing to bet that the suspect file uploads weren't done over https, nor were the files encrypted first using 2-key crypto (Something I bet Kaspersky is now doing)

        One may suspect that the GCHQ directive is a tacit admission that they're also in the business of writing targetted malware.

  6. jake Silver badge

    No great loss.

    AV software is snake-oil anyway.

    1. Anonymous Coward
      Anonymous Coward

      Re: No great loss.

      You obviously don't use Windows.

      1. Pompous Git Silver badge

        Re: No great loss.

        "You obviously don't use Windows."
        I do and jake is correct. There's no substitute for the wetware between your ears.

      2. jake Silver badge

        Re: No great loss.

        No, I don't use Windows. I see that as snake-oil, too.

    2. Brian Miller

      Re: No great loss.

      I wish it was snake oil. I've been nailed before at work because a coworker wouldn't run AV, and walked a virus into the company. And still he couldn't get it into his head that he should have AV running on his machine.

      I have Windows on just one computer now, and I don't use it for anything critical. Everything else is Linux or OpenBSD, and that's fine by me.

  7. Neil Barnes Silver badge
    Holmes

    Here's the plan, Igor...

    First we steal the idea of the internet worm to make a number of viruses. We release them into the wild, so people are really really worried about them.

    Then we invent a really good anti-virus product so everyone will install it to stop the viruses.

    Then we frighten them into not using the anti-virus product on their most important servers!

    Bwahahahaha! <fx: thunder and lightning>

    Hopefully, those OS makers never come up with the idea of secure-by-design systems, or all our work will come to naught!

    1. John Smith 19 Gold badge
      Unhappy

      "Hopefully, those OS makers never come up with the idea of secure-by-design systems,"

      Remind me again...

      Which version of Windows was supposed to be a from-the-ground-up redesign after the whole dev team had been training on "secure coding"?

      Like so much of Microsoft's products it looks like something that has certain abilities, but actually does not.

      1. Dan 55 Silver badge

        Re: "Hopefully, those OS makers never come up with the idea of secure-by-design systems,"

        Which version of Windows was supposed to be a from-the-ground-up redesign after the whole dev team had been training on "secure coding"?

        All of them, I think. Yet oddly the CVEs between different versions are suspiciously similar.

        1. John Smith 19 Gold badge
          Unhappy

          "Yet oddly the CVEs between different versions are suspiciously similar."

          Now the interesting question is are there similar bugs between versions that are meant to be on different sides of this "complete-rewrite-from-the-ground-up" claim?

          If they are are not then it would suggest that there was indeed a root-and-branch shift in the code base.

          OTOH if there are commonalities that would suggest the claim was just so much BS.

          1. jake Silver badge

            Re: "Yet oddly the CVEs between different versions are suspiciously similar."

            I dunno John, does BadTunnel (CVE-2016-3213) apply? That's XP through 10, including so-called "server" versions.

      2. Alan Brown Silver badge

        Re: "Hopefully, those OS makers never come up with the idea of secure-by-design systems,"

        "Which version of Windows was supposed to be a from-the-ground-up redesign"

        I'll go one better.

        Which version of BIND was supposed to be a from-the-ground-up redesign?

  8. Louis Schreurs BEng

    Jet Engine

    I think UK must do everything to prevent such a predicament where the UK government gave jet engine technology/knowledge to USSR

    FOR FREE

    i.e. give or leak NO information to other powerblocks/houses

    1. Marshalltown

      Re: Jet Engine

      Far, far too late. The UK literally sold the USSR the technology for the early MIG engine. There was an "agreement" signed and sealed, that promised sincerely that the USSR would never, ever use the engines for anything warlike. Then the first MIG captured showed they had replicated the engines. So, technically they might not have broken the promise, but ...

      1. Lysenko

        Re: Jet Engine

        The UK literally sold the USSR the technology for the early MIG engine.

        Yeah, right, because the USSR could never have mastered that technology on its own. The same sort of thinking that lead the Americans to renege on all their commitments regarding nuclear technology with the UK - because the British couldn't possibly build a bomb themselves without access to American designs. Oops.

        Human IQ is pretty much the same everywhere. You can't contain an invention once other people have seen it in action because they will always be able to infer most of the operational details immediately and rapidly resolve the rest experimentally if they have enough money and resources.

        Licensing jet engine designs to the USSR made a profit an ensured that we had a damn good idea what the operational capabilities of those engines were. Refusing to do so would just have resulted in the USSR ending up with indigenous designs whose capabilities were more opaque.

        The F35 paranoia is equally farcical - unless you seriously believe that the guys at Lockheed have genetically bigger brains than those at Mikoyan or Sukhoi. American military supremacy is based on money, and if the Russians can't match the F35 or a nuclear Super Carrier it is because they don't have the budget, not because they don't understand the engineering.

        1. amanfromMars 1 Silver badge

          RAM Jet Engineering ..... for ROM Pings

          Howdy, Lysenko,

          American military supremacy is based on money, and if the Russians can't match the F35 or a nuclear Super Carrier it is because they don't have the budget, not because they don't understand the engineering. .... Lysenko

          Hmmmm? Hence the concerted attacks upon fiat paper money/bank IOUs and in particular right now, the dollar?

          You know what they say ..... The Love of Money is the Root of All Evil and is a Systemic Weakness for Mass Manipulative Employment and Exclusive Executive Exploitation.

          Who do you imagine understands the engineering that delivers Remote Lead with Advanced IntelAIgents Sublimely Commandeering Control with Cyber Space?

          Wild Wacky Westerners or Exotic Erotic Easterners? And if an AI Supremacy is to be based upon money, what price would you put upon insuring and assuring it remain a Secret Spooky Trade Secret whenever IT provides NEUKlearer HyperRadioProACTive Augmented Virtual Reality Plays for Mass Multi Media Programmed Presentations ...... Greater IntelAIgent Massively Multiplayer Online Role-Playing Games Plays for the Population of Virtual Space Stations .... Live Operational Virtual Environments?

          Use your common sense. Seven Sevens? Eight Eights? Nine Nines? Or Ten Tens and Trillions?

          Bet on the latter, 10,101,010,101,010,101,010, and make a fortune.

          Human IQ is pretty much the same everywhere.

          Hmmmm? ..... Do you really think so? Is anything/everything else different therefore foreign and/or alien?

          1. jake Silver badge

            Re: RAM Jet Engineering ..... for ROM Pings

            "The Love of Money is the Root of All Evil"

            Nah. Organized religion is the root of all evil[0]. Money just pays for it.

            [0] Note that I very carefully didn't say "all organized religions are evil".

          2. Tail Up

            Re: RAMROM Pings

            A skilled mind reader, as qualified as quality itself, you are, Doc.

            If I was at the place of your respondent - yes, Seven, as if you didn't even have prompted it yet in such an odd for most of us, mortals, way :-)

            Still it's only a question of irrational charity. One can't buy or sell the Super Puper Hyper Vision of the Universe.

            Well, you know.

            1. amanfromMars 1 Silver badge

              Re: RAMROM Pings

              Still it's only a question of irrational charity. One can't buy or sell the Super Puper Hyper Vision of the Universe. .... Tail Up

              That is or may not be so, Tail Up, but as a value of worth in the guise of a simple reward for easy public spending and private personal enjoyment, are the sums paid and received highly indicative of the range and stretch of creative disruption the produce can and will deliver. Or not deliver, if in the most expensive of deals and rewarding arrangements, agreement results in the temporary shelving of the most radical and revolutionary of future programs/presentations/AIMasterdD Plans.

              Dodgy money market leaders just love to kick the can down the road, don't they, rather than admit that they have no answers to deal with in-house created problems.

              What would many, if not nearly everyone call such lost souls? Surely not masters of the universe doing Gods work whenever super duper fantastic fools is freely available and most apt?

              1. Tail Up

                Re: RAMROM Pings

                Did I tell you about Mind/mind Reading, yes, with such capitalisation, amanfromMars?

                "That is or may not be so Tail Up" - this is the Hard Core Driver that one has to experiment with.

                It's not to say it's a must of the ship - whatever it is, please be sure, there's neither a sheep, nor a dog aboard.

                Am I smiling now? Or am I being serious? And you?

                "Duper" TY :-)

          3. Voyna i Mor Silver badge

            Re: RAM Jet Engineering ..... for ROM Pings

            "Howdy, Lysenko"

            Lysenko was an agronomist. Perhaps you should have written "Howdy, Korolyov".

            Ah...

          4. Lars Silver badge
            Happy

            Re: RAM Jet Engineering ..... for ROM Pings

            "Human IQ is pretty much the same everywhere."

            Yes, but next it's all about education, however, education for profit and education according to class doesn't seem to provide all that much.

        2. Alan Brown Silver badge

          Re: Jet Engine

          "American military supremacy is based on money"

          Actually, it was based on sheer numbers and production capabilities, They've rather painted themselves in to a very expensive corner of late.

        3. Joe Montana

          Re: Jet Engine

          Having highly advanced but expensive and complicated weapons is not really ideal in a war situation unless they are massively superior to the enemy such that the enemy can't damage them.

          If the difference is small enough that the inferior enemy equipment can still inflict damage, and the enemy equipment is much cheaper they will just build large numbers you won't be able to match due to the cost.

          Also during combat, equipment will get damaged or destroyed. If repair/replacement is expensive or complicated it will become difficult to maintain enough working equipment. The AK47 is a good example of this, reliable and quick/cheap to build.

          1. Lysenko

            Re: Jet Engine

            Precisely. Quick calculation for an Arleigh Burke Class Destroyer with state of the art AEGIS air defences:

            Cost of ship: $1.8 billion

            Give it maximum possible defences (2 x RIM-116 short-range missiles and 2 x Phalanx CIWS) and perfect accuracy. You can take out 82 close in threats. Anything else needs to be stopped by the SM-2 and SM-6 missiles further out. Let's assume that the entire VLS is quad-packed with exactly the right loadout (no chance). With yet more impossibly perfect accuracy, you can take out 384 targets. Total 466. Anything above that and the ship is dead, even in this defenders dreamworld.

            Cost of Kh-31 anti-ship missile: $0.5 million.

            Cost of 500 Kh-31s: $250 million.

            You can, therefore, take out the ship spending only 14% of what it cost to build it.

            I'm not suggesting that's workable military strategy, you would need an unassailable base to launch all those missiles from for a start, but that doesn't change the fact that big, expensive targets need to achieve and maintain incredible (quite literally) levels of performance in the face of large numbers of (relatively) low tech threats. Personally, I strongly suspect that even 50 Kh-31s inbound means a dead ship.

    2. Lars Silver badge
      Happy

      Re: Jet Engine

      My Deity how the facts about the jet engine seems to disturb the British soul, quite disgusting actually.

      https://en.wikipedia.org/wiki/Jet_engine

      "Following the end of the war the German jet aircraft and jet engines were extensively studied by the victorious allies and contributed to work on early Soviet and US jet fighters. The legacy of the axial-flow engine is seen in the fact that practically all jet engines on fixed-wing aircraft have had some inspiration from this design."

    3. Voyna i Mor Silver badge

      Re: Jet Engine - i.e. give or leak NO information to other powerblocks/houses

      Well, Louis Schreurs BEng, that horse bolted when we started letting foreigners into our universities and even granting them citizenship.

      Foreign sounding name you have there. Where did you go to uni to get your BEng? Where are you working now? Where do your ancestors come from?

      Better remove your internet and telephone access, censor your mail and prevent you talking to strangers or leaving the country. You know, just to be safe. Based on your own statement.

  9. amanfromMars 1 Silver badge

    OmniShambles v2.0 Exploratory Rocket ....... the Ongoing Present Tale in Future Media Sales Pitches

    Crikey, Reds under the bed and Sublimely Commandeering Control with Cyber Space and the Treasury reacting madly and radically and predictably is a fine brace for this Xmas.

    Is that Prime or Sub-Prime Joint Intelligence Committee Planning at ITs Great Game Work, or just simply A.N.Others hatch/botch/patch that they respond to?

  10. Anonymous Coward
    Anonymous Coward

    Erm....

    Why do they need antivirus?

    Top secret files should either be on non-microsoft usb disabled machines in an air-gapped network or one with a filewall that if I so much as ping a host I shouldn't I end up in a duffel bag. Either that or it should all be on paper in a secure location. It's just not worth the risk.

  11. Lars Silver badge
    Linux

    What's the problem

    Put Linux on a stick and use it for your bank transactions or switch completely, but tell nobody or the crooks will get it and start writing viruses for Linux.

    1. Primus Secundus Tertius Silver badge

      Re: What's the problem

      @Lars

      I use Linux on a CD for banking. Much harder to corrupt a CD than a stick.

  12. Tail Up

    'Net Is A Totally Transparent Society

    I bet any of my two shirts that only few chosen heroes here use just any AV, except, maybe, OS' fiat self-narc ones (-:

    1. Tail Up

      Re: 'Net Is A Totally Transparent Society

      Two thumbs down, two self-reporting heroes, and counting [:trollface]

  13. Anonymous Noel Coward
    Boffin

    McCarthyism.

  14. J J Carter Silver badge
    Big Brother

    Don't mention firewalls!

    Israeli SIGINT National Unit 8200 wrote Checkpoint, after all.

    1. Frank Gerlach #2

      Re: Don't mention firewalls!

      Why doesn't the British Army do the same for British needs ?

      1. amanfromMars 1 Silver badge

        Re: Don't mention firewalls!

        Why doesn't the British Army do the same for British needs ? ... Frank Gerlach #2

        One presumes the British Army doesn't have the Right Stuff Staff. And that is a leadership failure which goes right to the top of the national tree where the politically adept are the most inept politically inept are the most adept at concealing shortcomings and intelligence failings and deficits which nowadays threaten to so very easily burst the bubbles of legitimised authority they have manufactured for themselves.

  15. Seajay#

    First thought. Huh, so previously we were or might have been using Kaspersky on Secret systems?

    Second thought. Secret networks are set up in such a way that rogue software could phone home from them?

    Third thought. https://xkcd.com/463/

    1. thegroucho

      @Seajay#

      the XKCD link - harsh but true!

  16. Anonymous Coward
    Anonymous Coward

    And still

    ...we'll happily let you use Intel chip sets with huge back doors in them.

  17. Anonymous Coward
    Anonymous Coward

    Hoisted by various petards of incompetence

    Tell me again why supposedly "secret" systems:

    1) Run cellar-tier dodgy operating systems by an American Company as well as dodgy applications by that same American Company, which is a known provider of Dodgy-ware on a regular basis.

    2) Are apparently connected to the wide Internet doing I/O that no-one cares about.

    3) Need to have something called "Antivirus" in the first place (what is it supposed to do? Patrol the gates of Castle Vania??)

    Oh well, back to Symantec and the Yellow Sign I guess.

  18. Peter2 Silver badge

    The issue is wider than Kaspersky. The issue is that a decade or so, AV programs used to be a fairly simple thing that scanned running processes and your hard drive to see if it found any matches to an MD5 hash, and if it did then it'd flag that up to your security console with options to quarantine/remove. The entire thing sat inside your firewall, and was totally under your thumb.

    These days, cloud based AV picks up definitions from an online database, can upload any file that it thinks is suspicious for the vendor to have a look at and has tools in the (web based) control console that allows a user of the control panel to remotely execute code with the permissions granted to the AV. Which is almost always full read/write, as AV that doesn't have the ability to do a complete scan is useless, and most people want it to be able to disable processes and remove files.

    Frankly, if I were managing a Top Security system I think i'd be banning all cloud AV based systems, not just Kaspersky.

  19. Peter2 Silver badge

    Yeah, right, because the USSR could never have mastered that technology on its own. The same sort of thinking that lead the Americans to renege on all their commitments regarding nuclear technology with the UK - because the British couldn't possibly build a bomb themselves without access to American designs. Oops.

    And too be fair, one reason Britain did it that quickly was that we had our own atom bomb project "Tube Alloys" before joining in with the American's "Manhatten" project and our staff worked on the "Manhatten" atom bomb project. Otherwise, we couldn't have done it so quickly.

    The Russians managed to steal designs from both America and Britain, otherwise they couldn't have done it so quickly.

    Licensing jet engine designs to the USSR made a profit an ensured that we had a damn good idea what the operational capabilities of those engines were. Refusing to do so would just have resulted in the USSR ending up with indigenous designs whose capabilities were more opaque.

    They weren't licensed. The Labour government at the time sold them one (small) shipment of the cutting edge engines of the time in exchange for a shipment of timber. The engines were reverse engineered, so we didn't get so much as a pre decimal half penny for the Russians having our engine design in license fees.

    The Russians could have come up with something similar, but it'd have taken them something like a decade. Probably more, since they were starting from the German jet engine designs which couldn't be built to last with the materials science available in the 1940's/50's. As a result, the german engines needed complete overhauls after 10 hours. The British Rolls Royce engines had lifetimes exceeding that by orders of magnitude before needing maintenance, and are still used in the original aircraft today. There are no flying examples of ww2 german engines, or engines built to ww2 german designs.

    1. pxd

      read all about it - excellent book

      Lots more detail of all this can be found in the recently re-released: Test Of Greatness: Britain’s Struggle for the Atom Bomb by Brian Cathcart (Kindle Edition: https://www.amazon.co.uk/Test-Greatness-Britains-Struggle-Atom-ebook/dp/B01B1RT15K/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1512397941&sr=1-1&keywords=brian+cathcart). Well worthwhile, IMHO. pxd

    2. Voland's right hand Silver badge

      The Russians managed to steal designs from both America and Britain, otherwise they couldn't have done it so quickly.

      That is not proven. They had their own project as well. Fission Nukes are not that difficult to build. They had a reactor running only a couple of years after the Oak Ridge one and the cooling solutions, control, etc on their first reactors used to get the Pu-239 for their first nuclear test are different from the Oak Ridge. If they stole that the question is from whom.

      The bomb itself after that is a mostly chemistry + high precision high explosives engineering job. While a lot of it is classified till this day, when you have had a couple of accidents with Plutonium on the way you know what to aim for. They had the accidents by the way - they are documented.

      Where theft happened was mostly likely later - at the thermonuclear stage.

      We still do not know if it happened or not because the full Teller-Ulam and the full Saharov 3rd idea designs are classified till this day. However, Saharov originally managed only a very dirty fission amplifier a design similar to what is likely to be in use by the Norks. He suddenly went from there to 3rd idea which is practically identical to the USA thermonuclear bombs in being as clean as a nuke can get - with minimal fallout. Similarly, USA could barely muster something which needed a ship to carry for their early tests while the Russians went straight for a fusion bomb which can be delivered by aircraft. USA caught up shortly thereafter. Shall we say the stole it too?

      One thing we also know for sure about that period is that 3 letters on both sides were working their asses off to get info. It takes time to get meatware assets in place to steal stuff like this. The timing of the first USSR nukes is nearly impossible for "stolen" design. Now, the thermonuclear race was different as both sides had spies deep in the enemy camp.

      IMHO as some people have noted, a person "skilled in the art" can quickly figure out how it works if he has seen a working implementation. Once a secret superweapon is shown to the world, it is only a matter of time for a determined opponent with a deep wallet and access to resources and brains to replicate it. If an opponent has an above critical mass level of engineering count it done. So sure, a banana republic cannot replicate a western superweapon. Russia - any day. Just a matter of time. Similarly, China is now in the any day league. Even Iran is in that league - they have more than enough money and engineering graduates.

  20. Crimperman1996
    Facepalm

    This will have little effect

    Mostly because, if a foreign government or some ne'er-do-well wanted to gain access to government secrets they've just found out they can bribe an MP's intern - probably cheaper and seemingly less difficult to detect.

    https://www.theregister.co.uk/2017/12/04/dorries_i_give_my_staff_my_login_details/

  21. Aodhhan Bronze badge

    Conspiracies

    People coming up with outlandish theories and accusations without any proof about how anyone is being spied upon is what makes the intel community go around as well as laugh. It only takes someone to sit back and think about things for 10 minutes to see some of the idiocy, because far too many people don't think about anything for 10 seconds and/or just repeat something they've heard.

    What does shock me, is the amount of people who unleash hate on governments which change every 4-10 years who must answer to their people in one form or another. In the same breath they protect and talk up governments which are tyrannical, toss people in jail for saying the wrong thing, are far more corrupt the any government in the west, and the government stays the same for years and years.

    If we in INFOSEC, have so many people who think off the cuff without stepping back to think things through, then there will be a lot of organizations who spend far too much money on things and will be a lot more vulnerable than need be.

    Only in Hollywood, do hackers and security defenders come up with solutions in a second. Only in Hollywood do all solutions come exactly when they need to.

  22. ScottishYorkshireMan

    Wasn't it Kaspersky that the UK Spooks said they had real difficulty breaking through? I am sure it was reported here on El Reg. While back mind.

    So, just suppose they STILL can't break it, neither can Uncle Sam and lets suppose it is after all just a good old AV product with no links to the Russian government.

    Would it be a good way to stop people using the product you can't break by telling everyone its linked to a foreign government? Just saying...

  23. Daedalus Silver badge

    TEMPEST in a teacup (with biscuits)

    I started to wonder what systems rated "SECRET and above" would be doing on the Internet anyway, but then I remembered that in GovUKSpeak, everything is "SECRET and above", even the caretaker's taste in biccies.

    This is the same GovUK that once mandated TEMPEST shielding on everything above the level of a box of matches to suppress RF snooping.

    1. Voyna i Mor Silver badge
      Big Brother

      Re: TEMPEST in a teacup (with biscuits)

      "even the caretaker's taste in biccies."

      Of course. Because the Russians might bribe him (or her) with biscuits. You know what caretakers are like. And in any suitably stereotypical spy fiction the caretaker is the weakest link and the route into all areas.

      In fact, wasn't that actually exactly how the British managed to destroy the German heavy water supply?

  24. Walter Bishop Silver badge
    Big Brother

    The issue of supply chain risk in cloud-based product ..

    The issue of supply chain risk in cloud-based products, including anti-virus (AV) software

    translation: Kaspersky is the only AV software we haven't yet backdoored.

  25. 23Badger

    A slight over reaction since China was known to be copying everything it could from the west not 10 years ago, and no one batted an eeylid.

  26. sloshnmosh

    NETSTAT Dev

    "Well, the simple approach is to connect a Data Diode to the outgoing ethernet cable and then run a traffic analyzer of your own on the data stream. Never connect the analysis system bidirectionally to the interwebs."

    One of the developers of NETSTAT wrote an interesting paper regarding doing just that.

    I'm too lazy to dig up a link but the dev in question is named Phil Blundell.

  27. Anonymous Coward
    Anonymous Coward

    What about BackUp?

    What about Veeam and Acronis!

    Russian companies, with Russian development all having data backed up!

    Surely that is more worrying than AV?

    1. jake Silver badge

      Re: What about BackUp?

      They can call it "backup" all they want, but it's not. Anything cloud based is unreliable storage, at best. Backup needs to be 100% under the control of the party doing the backup, otherwise it's a pointless exercise in feel-good illusion.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019