It is only a matter of time
Until it becomes GovNet and SubNet:
Barclays has stopped offering free Kaspersky Lab products to new users in a move that shows, like Best Buy, commercial firms can be swayed by governmental stances on dealing with the Russian software firm. best buy Red panic: Best Buy yanks Kaspersky antivirus from shelves READ MORE As El Reg reported yesterday, the UK high …
The AV software did what they all should do, it detected something wrong and reported it.
We don't use Kaspersky, but the sophos product we use would do the exact same thing. They all seem to have some "cloud" component built in now; i.e stuff gets sent off elsewhere for various reasons.
The only difference between kaspersky and what we use is the location of the servers, and that's making an assumption. I don't actually *know* where all their kit is.
This post has been deleted by its author
This post has been deleted by its author
Echoing what an earlier user said, by research and by voluntary submission. Default checked options or questions aimed at people that wouldn't have a clue and therefore really cannot provide informed consent really don't cut it. Sending shit home you "think may be a virus" is just spying. We already have agencies doing that thanks.
They are totally transparent about it. Every provider i've dealt with offers this as a "feature" of the latest and greatest.
True I've never bothered asking where the servers are, but they make no secrets of using off machine/cloud processing to deal with things.
There's no secrecy or assumptions, you're told it does this openly and from the off when getting quotes.
There are options available where this doesn't happen, but all of the enterprise AV stuff i've dealt with recently the "top" tier or package offers this as a feature. The product we use went from being "sophos" to "sophos cloud" and it's becoming the norm for providers.
You used to install an admin centre locally on a server, now you log into a web based system and control from there.
"the inception of the internet as a network to connect the computers of academics together for collaboration, innovation and information sharing."
Pretty sure that the US DoD funded ARPAnet to create a network that would be able to withstand a Soviet attack, by routing around destroyed nodes.
It's true that they formed a weird symbiosis with academics to achieve this. But let's not forget that part of history, shall we? Military goals were an important part of the Internet's inception.
"Pretty sure that the US DoD funded ARPAnet to create a network that would be able to withstand a Soviet attack, by routing around destroyed nodes."
Not really. According to Charles Herzfeld, ARPA Director (1965–1967): "The ARPANET was not started to create a Command and Control System that would survive a nuclear attack, as many now claim. To build such a system was, clearly, a major military need, but it was not ARPA's mission to do this; in fact, we would have been severely criticized had we tried. Rather, the ARPANET came out of our frustration that there were only a limited number of large, powerful research computers in the country, and that many research investigators, who should have access to them, were geographically separated from them."
Of course, nuclear survivability probably didn't hurt when people were discussing funding, but that wasn't the main goal. The underlying systems were unreliable enough that they needed the robustness anyway.
Thanks for your reply, I upvoted you for that clarification, it's less clear-cut than I though it was, but I'm not sure that quote is fully definitive.
The project itself was launched in 1969, so 2 years after Mr Herzfeld left. Obviously, he decided the funding and clearly was involved in the development, so his opinion is certainly sincere and respectable, but apparently, others did think about resilience.
The Wikipedia page seems to present it honestly, so it's worth a read:
Overall, it doesn't detract that it *was* a military-funded project, not just a purely academic one as the article implied (one that would have included .su sites from the 70's, say, in the name of information sharing - yes, I know geographical TLDs came much later, it's just for the sake of simplicity ;)
There's another quote in the page above that's worth mentioning, to show that today's internet is not anymore whatever it was 35 years ago:
"Sending electronic mail over the ARPANet for commercial profit or political purposes is both anti-social and illegal."
Nobody cares about how you interpret what you read on WikiLeaks or heard from your uncle Joe about Arpanet.
Your incessant need to show your cut and paste skills isn't impressive. Especially when it contributes very little... if at all to the actual story.
I just ran a recent threat offering to my email and got so many trusting scanners (desktop AV scanners might respond differently to Slurp's essential https://www.virustotal.com/en service)
the best (for this particular file)
Netcraft Malicious site
Sophos AV Malicious site
BitDefender Malware site
Avira (no cloud) Phishing site
Emsisoft Phishing site
ESET Phishing site
Fortinet Phishing site
G-Data Phishing site
Google Safebrowsing Phishing site
Kaspersky Phishing site <<<<<- here be dragons!
Phishtank Phishing site
and the rest
ADMINUSLabs Clean site
AegisLab WebGuard Clean site
AlienVault Clean site
Antiy-AVL Clean site
Baidu-International Clean site
Blueliv Clean site
C-SIRT Clean site
Certly Clean site
CLEAN MX Clean site
Comodo Site Inspector Clean site
CyberCrime Clean site
CyRadar Clean site
desenmascara.me Clean site
DNS8 Clean site
Dr.Web Clean site
Forcepoint ThreatSeeker Clean site
FraudScore Clean site
FraudSense Clean site
K7AntiVirus Clean site
Malc0de Database Clean site
Malekal Clean site
Malware Domain Blocklist by RiskAnalytics Clean site
Malwarebytes hpHosts Clean site
Malwared Clean site
MalwareDomainList Clean site
MalwarePatrol Clean site
malwares.com URL checker Clean site
Nucleon Clean site
OpenPhish Clean site
Opera Clean site
Quttera Clean site
Rising Clean site
SCUMWARE.org Clean site
SecureBrain Clean site
securolytics Clean site
Spam404 Clean site
Sucuri SiteCheck Clean site
Tencent Clean site
ThreatHive Clean site
Trustwave Clean site
Virusdie External Site Scan Clean site
VX Vault Clean site
Web Security Guard Clean site
Webutation Clean site
Yandex Safebrowsing Clean site
ZCloudsec Clean site
ZDB Zeus Clean site
ZeroCERT Clean site
Zerofox Clean site
ZeusTracker Clean site
zvelo Clean site
(sorry for the formatting)
Would they like to advise me about what to do with a site that demands Internet Explorer only to transfer potentially millions of pounds on a website that forces us to use out-of-date Gemalto smartcard signing software (which we can't upgrade without it being unsupported) via ActiveX and which doesn't work any other way?
I'll be sure to leap right on their security advice after they sort that out, as well as that the BACS people demand we use the up-to-date version or THEY won't support us either. Oh, and this is some six months down the line of trying to get the right readers, smartcards and software to do what we've always previously done before.
Because sure as hell that doesn't sound like they have our security at the forefront of their minds to me.
Woah, there standard banking must be different from business then!
I use barclays for business banking and barclaycard business (credit cards) and I do not have Windows (So no ability to use IE) and have logged in from Firefox and Seamonkey in the past with no problems.
Generally to login and do banking I can use any browser (I've never been stopped yet). They simply ask for Surname, Membership Number, Last 4 Digits of card, and tell you to use indetify on the PINSentry card machine and give them the code it gives you.
From there on you can do pretty much anything such as transfer money etc.
Never had any form of activex prompt or request to use internet explorer tbh.
That's their business banking for small-medium businesses.
You know, those that have multiple-person sign-off on hundreds of direct debits / payments each month.
Pretty standard business setup, but why it has to be IE-only? The only explanation is basically the same old "Because we can only secure it by running ActiveX plugins capable of arbitrary code execution, connecting to the smartcards and transmitting to an IE/IIS-based website which has been put in every exclusion category possible to bring it outside the scope of all the browser security anyway".
DHS did not issue a recommendation. They issued a binding operational directive.
> Some industry pundits see the developments as the start of a new era of so-called cyber balkanisation.
Some people use Apache HTTPD, some others use lighttpd and some others use Microsoft's IIS. I don't hear pundits complaining about that. Or recommending that everyone use the same HTTP server, for fears of balkanization (whatever that means).
Also, pundit opining is better left to those offering irrelevant comments on Sunday morning political talk shows. Technical and security decisions should be left to those who are qualified to do that. I.e. not pundits.
> It’s a long way from the lofty goal that accompanied the inception of the internet as a network to connect the computers of academics together for collaboration, innovation and information sharing.
Yeah. It was never designed to be that, and it never had lofty goals. It started as ARPANET - Advanced Research Projects Research Agency NETwork - and its development was funded by the US Department of Defense - Advanced Research Projects Agency. According to ARPA, the goal of ARPANET was to [ ... ] exploit new computer technologies to meet the needs of military command and control against nuclear threats, achieve survivable control of US nuclear forces, and improve military tactical and management decision making.
So much for the Kum-ba-ya singing and hugging.
Today's Internet is mostly a festering pile of spam - sorry, social networking in pundit terms, cyber-war and commercial profiteering of all kinds. Get used to it.
If you install an anti-virus program that can detect "suspicious" files and upload them to a server in country X run by company Y, and you don't disable that "feature", then it's possible that your files will be seen by company Y and its employees, the intelligence service of country X, and any random hacker that's managed to gain access to those servers. This applies whatever country X is - Russia, USA, or other.
Now, the company has a strong motive to keep that data private, and to secure its servers to stop hackers getting into them, but it can't do anything about its local intelligence service. For most people, the intelligence service won't be interested in them or their files.
However, you clearly shouldn't be installing such an anti-virus program on government computers handling information that country X wants! (Or if you must install it, then you should disable the cloud upload feature).
On a related note, if you install any program, and that program includes automatic updates, then your computer will automatically download and run "updates" from the manufacturer, or from the intelligence service of the country hosting the update servers, or from any random hacker who has hacked both the update server and the code-signing key. If you don't want to give full access to your PC to the intelligence service of that country, then you should not install their software.
There is a huge problem here of hysteria and double standards. Every AV product uploads some form of information so that it is possible for the AV companies to understand the threats they are dealing with. Stop information upload and the whole threat response becomes far worse. Yes, Kaspersky should maybe have been more open but all AV products do this.
What really annoys me most is this singling out of Kaspersky in this way. No one except Kaspserky themselves really know, but my assumption is that there will do everything possible to secure that information, as should any other AV company. It is not in their interests to splatter that information to anyone. It is what their intellectual property is derived from, it is commercially sensitive and of great value to competitors.
Kaspersky are not more are risk, and probably are at less risk than the many US (or elsewhere) based outfits that will have no option be to roll over when requested by the NSA. The NSA (and many other US "intelligence outfits) are the biggest group of hypocrites there are and will be doing everything possible to spy on everyone and everything, friend of foe in the name of the "War Against Terror". Given the NSA's abysmal record of securing their own data, frankly I have less trust in uploading metadata to a US company than Kaspersky.
And as for the comment earlier "use Linux instead of Windows", exactly how does that help in this situation? All operating systems are vulnerable and should be managed/protected appropriately. Windows has the greatest use case where it interacts with users and therefore is the most targeted. If Linux, iLO or some other OS had ended up on the desktop, it equally would be the most popular target.
If you chose to run an OS with no protection then you are an idiot and smugly stating that it is a Windows issue is even worse.
At least with Linux the OS itself is not uploading all my data (unlike a PC running running bog standard home version Windows 10 which most people would get chucked in on their personal purchases).
Average Win 10 user can choose their AV vendor (& have some say in AV snooping), but unless they change OS, they cannot stop potentially confidential data being sent to MS.
I can tell you have no access to intelligence or understand exactly what happened. All you are typing out is what you 'think', without doing much if any research.
There is a large difference between an AV application taking piece of code positively identified as a threat (from memory), and downloading an entire file stored on a system. In short, downloading the entire file is going too far. Imagine the information an AV company has to gain if they believe word processing files are infected; and download the entire file full of personal and corporate secrets.
Then with terabytes of information, they are able to search for tags in files such as "Secret", military terms, engineering terms, and other key words to sift through more thoroughly.
An AV which downloads the entire file instead of just the positively identified code isn't being friendly or acting in your best interest.
“In a reality where nations are in conflict, it’s a real, hard fact that other anti-virus vendors are of US origin, paying US taxes and subject to the power of the US government which has been found to enjoy overreach wherever it can get away with it, supported by organisations with a global reach whose sole modus operandi is to grab data from wherever they can get away with it and hide behind their US jursidiction. Therefore it would be grossly irresponsible of any nation who has already experienced global crashes, data theft and other enthusiasm for entirely ignoring the protections citizens enjoy in Europe to be using any US, let alone something so deeply embedded as an antivirus engine.”
In the light of Snowden and Schrems, there is no valid reason whatsoever for any EU government, business and end user to trust a vendor of US origin. None whatsoever.
I only allow my antivirus through the firewall to update it's detection signatures and block it again after updating.
Even the free MalwareBytes will function with it blocked by a firewall. It will still scan and report any nasties but it won't remove anything unless it is connected to the web.
Biting the hand that feeds IT © 1998–2020