back to article SCOLD WAR: Kaspersky drags Uncle Sam into court to battle AV ban

Embattled Russian security software maker Kaspersky Lab has taken the American government to a US federal court to overturn Uncle Sam's ban on its antivirus tools. The Moscow-based developer claimed the US Department of Homeland Security acted illegally when, back in September, the department publicly told federal agencies …

  1. Anonymous Coward
    Anonymous Coward

    can't blame them

    OTOH, that thing that they can download documents in a person's computer, AND identify the individual... creepy!

    1. joed

      Re: can't blame them

      And what you think about "submit sample files" and "cloud protection" in Windows Defender? I'm surprised that Kaspersky has not built their defense around defaults foisted by MS onto majority of Windows users (all the while Cortana rummages through files to better "assist you"). It's hard to tell how easily identifiable was the source, maybe it's just the guid for the system the file originated from but - as recent reports seem to imply - data anonymization does not work anyway. And while I understand the reason it's done, I don't condone these practices (sample submission), but pointing finger at K appears politically motivated distraction that inflicted serious financial damage (likely put them out of business anywhere within US sphere of influence) and no business outside umbrella of US bully agencies can survive this type of attack. Unlikely even WTO would help (guess what side it's likely to take).

      1. PC LOAD LETTER

        Re: can't blame them

        And it's not just antivirus software on the client computers that does this. Many organizations (businesses, schools, etc.) use firewalls (such as Palo Alto, etc.) that filter out any downloads/uploads that they can't identify and upload them for analysis to determine whether they're harmful or not.

  2. Anonymous Coward
    Anonymous Coward

    Beware the red star over Asia, they will make all your men sterile and turn your women into slaves. The red menace. The red iceberg. The fifties called and asked for their paranoia back.

    1. Laura Kerr

      I think I need to start sleeping on the floor, so that there's no risk of finding reds under my bed.

      1. Anonymous Coward
        Anonymous Coward

        "I think I need to start sleeping on the floor, so that there's no risk of finding reds under my bed."

        From what I remember of the novels of the period highly confidential classified documents, the preferred modus operandi of the KGB involved a Red in your bed. And cameras and microphones.

    2. wolfetone Silver badge

      "The red iceberg."

      Can I still use the red cabbage for Christmas?

  3. redpawn Silver badge

    Windows

    and its "Defender" are similar. If I controlled any government I'd ban MS products. I seldom use them unless I have to, even as a US citizen.

    1. wallaby

      Re: Windows

      "and its "Defender" are similar. If I controlled any government I'd ban MS products. I seldom use them unless I have to, even as a US citizen."

      SPECIAL OFFER ON TINFOIL HATS AT KMART AISLE 1

      Tedium.................................. YAWNNNNNNNNNNNNNNNN

      1. Anonymous Coward
        Anonymous Coward

        Re: Windows

        "SPECIAL OFFER ON TINFOIL HATS AT KMART AISLE 1"

        I guess the escaped marsupial hopping around Redmond hasn't been caught yet.

        1. wallaby

          Re: Windows

          not an aussie and not in the US and never worked for microsoft,

          just an average joe SICK of the whiners (note my BombasticBob moment there)

          1. bombastic bob Silver badge
            Devil

            Re: Windows

            thanks for the mention. heh.

    2. Anonymous Coward
      Anonymous Coward

      Re: Windows

      and its "Defender" are similar. If I controlled any government I'd ban MS products. I seldom use them unless I have to, even as a US citizen.

      You could ban all you want but it'd take 10 years + for people to move away from them.

      1. Roland6 Silver badge

        Re: Windows

        >You could ban all you want but it'd take 10 years + for people to move away from them.

        Then they would decide that they much prefer to be locked into Windows and migrate back.

  4. Doctor Syntax Silver badge

    Well, that was obvious.

    If they'd just specified USian-only that would probably have been OK but to call out one specific company was just asking to be sued.

    1. Nick Kew Silver badge

      Re: Well, that was obvious.

      Well, erm ...

      US-only wouldn't have done the job. It wouldn't have seeded serious FUD, it wouldn't have led to actions outside the US like Barclays.

      It may be that Kaspersky was the only AV vendor who declined to cooperate with the NSA by incorporating their backdoor to snoop, when the spooks made them an offer it was hard to refuse.

      Or if there was another, their turn is yet to come, under some different pretext. I expect it would've looked too suspicious to lump more than one vendor together in the same FUD action.

    2. Doctor Syntax Silver badge

      Re: Well, that was obvious.

      Only one downvote? Somebody's slacking. When I pointed out the obvious a week ago I got 2!

      1. Anonymous Coward
        Anonymous Coward

        Re: Well, that was obvious.

        @ Doctor Syntax

        Have another. Happy Christmas.

    3. Gotno iShit Wantno iShit

      Re: Well, that was obvious.

      Alternatively, they could have entered into dialogue with Kaspersky who have already mooted the idea of servers on US soil as a way forward. But they didn't, they just shut the door.

      There's no reason why US samples could not be analysed in the US and only the developed signatures sent out globally.

      When I look at the number of nation state malware examples Kaspersky has exposed or helped expose they look like the good guys to me. Can I entertain the notion that the US spooks are pissed at their work being exposed and are trying to weaken Kaspersky as a response? Yes I can.

      1. TonyJ Silver badge

        Re: Well, that was obvious.

        "...When I look at the number of nation state malware examples Kaspersky has exposed or helped expose they look like the good guys to me. Can I entertain the notion that the US spooks are pissed at their work being exposed and are trying to weaken Kaspersky as a response? Yes I can..."

        I said pretty much the same thing when this first occurred.

        It was Kaspersky who unveiled the work of the so-called Equation Group, for example, with some of their nefarious tricks such as compromised HDD firmware since around 2003 (I seem to recall).

        Yeah...hard not to agree here that Kaspersky are the better side.

    4. Doctor Syntax Silver badge

      Re: Well, that was obvious.

      Well done that second person. You've caught up with the teo downvotes. So presumably that's two people who still believe that it wouldn't be obvious for Kaspersky to sue even in the face of reports that they've just done that very thing.

      1. Anonymous Coward
        Anonymous Coward

        Re: Well, that was obvious.

        Actually I wondered why it took them so long but you can keep the down vote as you seem obsessed with it.

        1. Anonymous Coward
          Anonymous Coward

          Re: Well, that was obvious.

          @AC - exactly, so I also downvoted you. Nothing personal.

    5. bombastic bob Silver badge
      Devil

      Re: Well, that was obvious.

      "to call out one specific company was just asking to be sued"

      maybe, but to call it "unconstitutional" is completely ridiculous.

      Any corporation or government has the authority to decide what products it wants to use. Otherwise, they'd be using public money to appease EVERY WHINER OUT THERE just because the gummint didn't purchase THEIR products. Like some form of 'political correctness' I guess...

  5. eldakka Silver badge
    Megaphone

    You want evidence? We're the government, we don't need no stinkin' evidence.

  6. Mark 65

    Best of luck with that

    DHS essentially issues a form of "...National Security..." edict and someone thinks they'll win out in the courts. Sorry buddy, but I don't think that will work for you. Not sure in this sort of situation they need to conclusively prove you operate at the behest of a foreign spy agency, or potentially provide any proof at all. "National Security" provisions normally operate within the "better safe than sorry" realm.

    1. Aitor 1

      Re: Best of luck with that

      My guess is that the us government will either win or drag to case so it wins by default... just my 2 cents.

    2. Doctor Syntax Silver badge

      Re: Best of luck with that

      "Not sure in this sort of situation they need to conclusively prove you operate at the behest of a foreign spy agency, or potentially provide any proof at all."

      What they should have done was depersonalise it - just say US suppliers only. It's calling out a specific supplier that can cause them problems.

    3. John Smith 19 Gold badge
      Unhappy

      "Sorry buddy, but I don't think that will work for you."

      Funny,

      I rather thought that settling things in an open court of law was one of the distinguishing marks of a transparent democratic society.

      Which IIRC is something the USA is still claiming to be.

  7. Anonymous Coward
    Anonymous Coward

    At a produce stand, a long time customer examines an Apple. He puts it back.

    The owner says “why you no buy my Apple?”

    Customer reply’s “I think it’s a bad Apple.”

    Owner reply’s “you bad mouth my Apple. I sew you!”

    ———-

    Is Microsoft going to sew me if I don’t buy their Surface laptop?

    Sometimes I hate this world...

    1. Nick Kew Silver badge
      Coat

      sew ...

      Aha. Must be a stitch-up!

    2. FuzzyWuzzys
      Facepalm

      Whoa there son, Race Relations Board on line #1!

    3. Maelstorm Bronze badge

      If that's the case, then every company out there can sue you if you don't buy their product or service. I think that this lawsuit will get tossed out because, after all, Kaspersky is a Russian company. The US is not exactly on friendly terms with Russia...

      And there's that national security thing too...

  8. Bob Dole (tm)
    Holmes

    NSA files..

    I bet they now wish they hadn’t deleted those extra NSA files they had grabbed.

    1. Roland6 Silver badge

      Re: NSA files..

      Suspect someone has retained an undisclosed USB stick.

      However, Kaspersky has only said that they have deleted the files - not a word about the metadata.

      I would hope that in the current round of AV updates, Kaspersky includes the relevant signatures, labelled accordingly:

      Pup.NSA

      Trojan.NSA

      Keylogger.NSA

      etc.

      Obviously, to remove these, would require the download and installation of a paid version of Kaspersky from Kaspersky.Ru ...

  9. Anonymous Coward
    Anonymous Coward

    Precedent

    If the US government successfully defends this, an ugly precedent will be made: that specific companies and individuals can be banned from doing business upon a whim. So, for example if you had a very corrupt politician who might have a family foundation which can accept donations, a prerequisite to doing business might be making significant contributions to the foundation, and to the income of various family members and political cronies. Otherwise you will be banned from doing business.

    So before cheering the dragon for striking down one's opponents, just think that the dragon may turn on you.

    1. bombastic bob Silver badge
      Devil

      Re: Precedent

      "If the US government successfully defends this, an ugly precedent will be made:"

      you mean a precedent like NOT having to bow to every WHINER out there who BITCHES that the gummint isn't buying THEIR products, for "whatever reason" ?

      don't tell me that YOUR boss (or I.T. department) doesn't say you can't use "certain software" on work computers... that would be VERY rare, from what I've seen.

  10. Sureo

    What I'd like to know is, if the American officials are so freaked out, why they allowed Kaspersky's tools on their computers in the first place.

    1. katgod

      Sure

      New government in charge and possibly new information but I suspect more the former then the latter.

      1. Doctor Syntax Silver badge

        Re: Sure

        "New government in charge"

        Making America grate again.

        1. John Smith 19 Gold badge
          Unhappy

          "Making America grate again."

          And for the next election

          "Keeping America Grate"

          Yeay.

    2. bombastic bob Silver badge
      Devil

      "why they allowed Kaspersky's tools on their computers in the first place."

      Old sheriff's rules. New sheriff in town. New rules. It's to be expected.

  11. ST Silver badge
    Mushroom

    Interesting legal theory

    So Kaspersky's theory is that the US Government is somehow required to have Kaspersky AV software installed on their computers? They can't uninstall it? Ever?

    What about the private sector? Let's say XYZ, Inc. issues an internal memo directing their IT staff to remove Kaspersky AV from all their Windows machines, because they don't trust it. And then XYZ, Inc. makes their decision public.

    Is XYZ liable under US law? Are they violating the US Constitution? Are they under any obligation whatsoever to continue using Kaspersky AV? If that were true, anyone in the US would be liable just because they uninstalled some software and replaced it with something else. One could be sued for erasing Windows from their laptop or PC and installing Linux instead.

    Kaspersky is very confused. We are not the Soviet Union. Or Putinistan.

    I'm guessing that, in Russia, once you've installed Kaspersky AV on your laptop, you aren't allowed to uninstall it, under penalty of law? Constitutional offense?

    Here in the US, we are allowed to uninstall software from our computers. Just because we feel like it, and for no other reason. Or because we suspect said software is spyware. Or because we're bored with it. Whatever.

    Good luck with the bullshit PR lawsuit. It will be fun to watch.

    1. Anonymous Coward
      Anonymous Coward

      Re: Interesting legal theory

      It is not the revenue due to gov agencies not renewing it is the damage done by the same agencies upon the company's repretation.

      US Gov Agencies banning it so publicly and without any evidence of wrong doing send the message that there is a reason for concern, other unthinking citizens follow suit and the agencies have created unfair competition against them.

      Add in that trolling, slander and liable are no longer seen as victimless crimes, one law for everyone or no law at all.

      Now my counter would be to make all vulerabilities included for the benefit of same agency, public knowledge. The US Gov thinks they have a right to access everyone data on the premise that an unproven tiny percentage of people using their contries IP may be spying or working against the US best interests. That the US has used these backdoors to provide financial benefit for US companies over their allies in the past means that they clearly see everyone as a threat.

    2. rnturn

      Re: Interesting legal theory

      Oh maybe it's interesting but I'm leaning more toward "brain dead" one. Just what part of the Constitution does Kaspersky's legal team believe this software ban is violating? What section covers software installations and removals? Do they think that using the word "unconstitutional" is some sort of secret sauce that will convince a judge to award damages?

      1. Nick Kew Silver badge

        Re: Interesting legal theory

        You missed the point. It's not the US government's choice of software that's at issue, it's the FUD in the manner of how they treated Kaspersky. What they say, not what they do.

        NSA made AV vendors an offer they couldn't refuse. Kaspersky refused.

        1. ST Silver badge
          Mushroom

          Re: Interesting legal theory

          > NSA made AV vendors an offer they couldn't refuse. Kaspersky refused.

          Really? Where does it say that?

          From the TFA:

          The Moscow-based developer claimed the US Department of Homeland Security acted illegally when, back in September, the department publicly told federal agencies they could no longer use any Kaspersky products on their machines.

          Kaspersky argued that the order, known as binding operational directive 17-01, is unconstitutional, and relied on "subjective, non-technical public sources" that amounted to little more than rumors.

          "Furthermore, DHS [the Department of Homeland Security] has failed to provide the company adequate due process to rebut the unsubstantiated allegations underlying the directive, and has not provided any evidence of wrongdoing by the company," Kaspersky Lab said in announcing its appeal against the order on Monday.

          I see no mention of NSA in Kaspersky's complaint, or about NSA making Kaspersky an offer they can't refuse. It's not even NSA that's being sued by Kaspersky, it's DHS.

          Kaspersky claims that DHS's order is unconstitutional.

          Which Article or Amendment of the US Constitution grants protection against removal to software?

          Did you even read Kaspersky's complaint?

          Installing and/or running Kaspersky AV on any US Government computer is now illegal under the 2018 National Defense Authorization Act.

          Care to explain how DHS's order of removal is illegal, when in fact it's statutory?

      2. Doctor Syntax Silver badge

        Re: Interesting legal theory

        "Just what part of the Constitution does Kaspersky's legal team believe this software ban is violating?"

        The great US belief in competition in the market place. Free trade and all that.

        1. The First Dave Silver badge

          Re: Interesting legal theory

          Kaspersky could probably make a fairly good case purely for Libel.

      3. danny_0x98

        Re: Interesting legal theory

        Constitutional clauses regarding due process and equal protection under the law. The counter argument may be that securing Executive Branch computers is entirely the province of The Executive Branch, but, in support, there is a non-binding Congressional resolution.

    3. Doctor Syntax Silver badge

      Re: Interesting legal theory

      "So Kaspersky's theory is that the US Government is somehow required to have Kaspersky AV software installed on their computers?"

      Where does it say that? The complaint is about not even being allowed to sell in competition with other suppliers.

      Competition. The great American principle of free trade. Remember that this is the country that goes after its corporations' foreign competitors on any suspicion of state aid. This one stinks of state aid (OK, anti-aid but it amounts to the same thing).

    4. bombastic bob Silver badge
      Trollface

      Re: Interesting legal theory

      @ST - 23 downvotes! welcome to the "howler monkey poo-sling target" club! (it's probably one or two real people, and 21 or 22 sock puppets)

  12. sloshnmosh

    BestBuy

    The big box store: "BestBuy" pulled Kaspersky products off their shelves as well.

    Yet BestBuy has no problem pushing the garbage "Webroot" antivirus on to it's customers en masse.

    I have personally repaired the computers of 2 friends of mine as well as a computer for a small local business that had failed to boot because of that software.

    I hope he goes after them too.

    1. The Original Steve

      Re: BestBuy

      That's odd.

      I switched our AV from Kaspersky to Webroot around May time, never had a single problem and it's detected a crap load more than K ever did.

      That's on over 2990 endpoints with various hardware and software mixes. (I work for an MSP)

      1. sloshnmosh

        Re: BestBuy

        I believe what you say:

        "I switched our AV from Kaspersky to Webroot around May time, never had a single problem and it's detected a crap load more than K ever did."

        Seeing as how it falsely flags legitimate Windows programs as malicious...

        http://www.zdnet.com/article/webroot-antivirus-mistakenly-flags-windows-system-files-as-malware/

        I would suspect it would "detect a crap load more than K ever did" as well.

        1. Bob Dole (tm)

          Re: BestBuy

          Seeing as how it falsely flags legitimate Windows programs as malicious...

          Funny thing, I don't recall a single story of Kaspersky ever bricking computers. Yet I've witnessed Norton, McAfee and a few others doing that on mass scales.

          Personally, I'll keep using K. It actually seems to work.

          1. Aodhhan Bronze badge

            Re: BestBuy

            You seem to be either closed minded or too lazy to do a simple web search.

            Kaspersky has had plenty of times where it's been responsible for system problems.

            Here is just one of the latest patches released by Kaspersky:

            https://forum.kaspersky.com/index.php?/topic/356039-patch-%E2%80%9Cb%E2%80%9D-for-kav-kis-kts-kfa-2017-kfp-60-ksos-50-ksec-10/&tab=comments#comment-2625138

            If you understand how IDS and AV applications work, you'll begin to understand they will ALL have occasional problems with the underlying OS and detection.

  13. Anonymous Coward
    Anonymous Coward

    I dont trust either side..

    I would be very surprised indeed if the American's and others were not doing exactly the same things.

  14. ukgnome
    Gimp

    As soon as Apple pay it's taxes and moves production to the US there will be no need for any AV

    *you know i'm joking right?

    1. ukgnome

      it's its not it's

      ugh - can I downvote myself for spelling!

      1. #define INFINITY -1 Bronze badge

        Re: it's its not it's

        Here you go, it's Christmas soon.

        I think I just plagiarised an earlier commentard, so you may return the favour.

      2. bombastic bob Silver badge
        Trollface

        Re: it's its not it's

        /me plays "Liberty Bell March" and goes PTTTHHHHH at the end (as a giant foot slams down).

      3. sloshnmosh

        Re: it's its not it's

        I upvoted you for finding my "it's" error on my BestBuy comment.

        Their, are you happy now?

  15. EnviableOne Bronze badge
    Big Brother

    The funny thing is ....

    I got a directive from UK.gov:

    The National Cyber Security Centre (NCSC) has issued a statement that they are investigating the usage of Russian anti-virus (AV) products within the government.

    NCSC are conducting this work as their analysis of the Russian state indicates they intend to target UK national security interests.

    "Organisations with a responsibility for critical national infrastructure should carry out a risk assessment on their chosen anti-virus software. If an organisation has concerns about their specific AV provider, they must contact the NCSC for further guidance."

    Anyone know of any popular Russian AV vendors ....

  16. Christoph Silver badge

    Now they know what will happen with backdoors

    The US and UK government repeatedly demand that all encryption be backdoored. This is one of the reasons it has so far always failed - no other country is going to use software that the US/UK can break but they can't. And if you tell other governments the backdoor they will be able to read US/UK messages.

  17. nagyeger
    Linux

    it tuns with elevated privileges...

    So.. we can't trust programs that run with elevated privs to check files such as (shock) network access, (horror) upload data, and (gasp) receive OTA updates. Based on this reasoning, and the current rash of Govt.s worldwide giving themselves super-dooper-snooper data-demanding capabilities, do all nations now need their own brand of AV?

    Or is it finally the year of the VT100 desktop(TM) ?

  18. Doctor Syntax Silver badge

    Meanwhile, over on the Beeb I see the US is blaming the Norks for Wannacry. http://www.bbc.co.uk/news/world-us-canada-42407488

    Here's a quote from them: "The tool kits of totalitarian regimes are too threatening to ignore." Just how much brass neck does the US have?

    Ace reporting from the Beeb: as far as I can see there's no mention of the basic toolkit having come from the NSA.

    1. Anonymous Coward
      Anonymous Coward

      glad I'm not the only one - good thing the NSA doesn't make ICBMs.

  19. This post has been deleted by its author

  20. This post has been deleted by its author

  21. sloshnmosh

    For once I agree

    "The tool kits of totalitarian regimes are too threatening to ignore."

  22. Aodhhan Bronze badge

    LOL @ Russia

    This suit perfectly shows how Russia doesn't understand the concept of freedom of speech and choice. In the USA, you don't need a reason to boycott any product. Even if this hurts your business or reputation. This is one of the most powerful outcomes of a free economy. Good products tend to do well, and crappy or harmful products die out quickly because people do boycott them.

    The US Government as a whole is beginning to follow the same software guidelines the DoD has been using for years. DoD has never allowed Kaspersky products on their systems. Don't feel shunned though, many applications from allied nations aren't approved for use either.

  23. Anonymous Coward
    Anonymous Coward

    This isn't smoke, there's more to the story.

    If you remember, Kaspersky themselves were hacked...late 2015 or 2016...can't remember...but the hack was state sponsored. That state, when they were done with the analysis, alerted the US Government about a backdoor that was found in K software that the Russians was using to steal data off people's computers.

    It doesn't matter what Kaspersky says in court. This is a matter of US National Security and once that is invoked, case dismissed, permanently. Appeals will not be heard either.

    There's more, but that's all I am going to say about it.

  24. Anonymous Coward
    Anonymous Coward

    Best Buy/Trend Micro

    And now it appears that Best Buy is sending out emails to customers that purchased Kaspersky AV and offering an exchange to Trend Micro: https://en.community.trendmicro.com/tm_en/topics/geek-squad-replacement-for-kaspersky-internet-security-with-trend-micro

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019