back to article Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

Barclays has stopped offering free Kaspersky Lab products to new users in a move that shows, like Best Buy, commercial firms can be swayed by governmental stances on dealing with the Russian software firm. best buy Red panic: Best Buy yanks Kaspersky antivirus from shelves READ MORE As El Reg reported yesterday, the UK high …

  1. Voland's right hand Silver badge

    It is only a matter of time

    Until it becomes GovNet and SubNet:

    https://www.goodreads.com/series/61988-owner-trilogy

  2. rmason

    Storm in a teacup

    The AV software did what they all should do, it detected something wrong and reported it.

    We don't use Kaspersky, but the sophos product we use would do the exact same thing. They all seem to have some "cloud" component built in now; i.e stuff gets sent off elsewhere for various reasons.

    The only difference between kaspersky and what we use is the location of the servers, and that's making an assumption. I don't actually *know* where all their kit is.

    1. This post has been deleted by its author

      1. This post has been deleted by its author

        1. Yet Another Anonymous coward Silver badge

          Re: "Definite no no"

          And the virus companies get to discover new viruses how ?

          In fact if I "discover" a new virus on my computer I should own the rights to that code base and all derived cell lines.

          1. Anonymous Coward
            Anonymous Coward

            'get to discover new viruses how?'

            Sharing with Infosec partners primarily... Scouring for tools on the Dark-web... Investigating compromised websites... Leaky Cloud buckets (S3)... 3rd-party infected machines... Stuxnet case studies!

          2. Mark 65

            Re: "Definite no no"

            Echoing what an earlier user said, by research and by voluntary submission. Default checked options or questions aimed at people that wouldn't have a clue and therefore really cannot provide informed consent really don't cut it. Sending shit home you "think may be a virus" is just spying. We already have agencies doing that thanks.

        2. rmason

          Re: "Definite no no"

          They are totally transparent about it. Every provider i've dealt with offers this as a "feature" of the latest and greatest.

          True I've never bothered asking where the servers are, but they make no secrets of using off machine/cloud processing to deal with things.

          There's no secrecy or assumptions, you're told it does this openly and from the off when getting quotes.

          There are options available where this doesn't happen, but all of the enterprise AV stuff i've dealt with recently the "top" tier or package offers this as a feature. The product we use went from being "sophos" to "sophos cloud" and it's becoming the norm for providers.

          You used to install an admin centre locally on a server, now you log into a web based system and control from there.

  3. Anonymous Coward
    Anonymous Coward

    "the inception of the internet as a network to connect the computers of academics together for collaboration, innovation and information sharing."

    Pretty sure that the US DoD funded ARPAnet to create a network that would be able to withstand a Soviet attack, by routing around destroyed nodes.

    It's true that they formed a weird symbiosis with academics to achieve this. But let's not forget that part of history, shall we? Military goals were an important part of the Internet's inception.

    1. MJB7
      Mushroom

      ARPANet survivability wasn't the initial goal.

      "Pretty sure that the US DoD funded ARPAnet to create a network that would be able to withstand a Soviet attack, by routing around destroyed nodes."

      Not really. According to Charles Herzfeld, ARPA Director (1965–1967): "The ARPANET was not started to create a Command and Control System that would survive a nuclear attack, as many now claim. To build such a system was, clearly, a major military need, but it was not ARPA's mission to do this; in fact, we would have been severely criticized had we tried. Rather, the ARPANET came out of our frustration that there were only a limited number of large, powerful research computers in the country, and that many research investigators, who should have access to them, were geographically separated from them."

      Of course, nuclear survivability probably didn't hurt when people were discussing funding, but that wasn't the main goal. The underlying systems were unreliable enough that they needed the robustness anyway.

      1. Yet Another Anonymous coward Silver badge

        Re: ARPANet survivability wasn't the initial goal.

        The concept of packet switched routing was invented by the GPO for this reason and then later used by Arpnet.

        1. Phil O'Sophical Silver badge

          Re: ARPANet survivability wasn't the initial goal.

          I think it was NPL, not the GPO.

      2. Anonymous Coward
        Anonymous Coward

        Re: ARPANet survivability wasn't the initial goal.

        Thanks for your reply, I upvoted you for that clarification, it's less clear-cut than I though it was, but I'm not sure that quote is fully definitive.

        The project itself was launched in 1969, so 2 years after Mr Herzfeld left. Obviously, he decided the funding and clearly was involved in the development, so his opinion is certainly sincere and respectable, but apparently, others did think about resilience.

        The Wikipedia page seems to present it honestly, so it's worth a read:

        https://en.wikipedia.org/wiki/ARPANET#Debate_on_design_goals

        Overall, it doesn't detract that it *was* a military-funded project, not just a purely academic one as the article implied (one that would have included .su sites from the 70's, say, in the name of information sharing - yes, I know geographical TLDs came much later, it's just for the sake of simplicity ;)

        There's another quote in the page above that's worth mentioning, to show that today's internet is not anymore whatever it was 35 years ago:

        "Sending electronic mail over the ARPANet for commercial profit or political purposes is both anti-social and illegal."

        1. Aodhhan

          Re: ARPANet survivability wasn't the initial goal.

          Look...

          Nobody cares about how you interpret what you read on WikiLeaks or heard from your uncle Joe about Arpanet.

          Your incessant need to show your cut and paste skills isn't impressive. Especially when it contributes very little... if at all to the actual story.

  4. Zippy's Sausage Factory
    Trollface

    Banned until when, exactly? Until KL lowers their prices significantly, I'll bet.

    Cynical, moi? You betcha...

  5. The Man Who Fell To Earth Silver badge

    WTF?

    WTF are machines handling classified info doing connected to the Internet?

    1. Loud Speaker

      Re: WTF?

      WTF are machines handling classified info doing connected to the Internet?

      Leaking seams to be the largest part of what they do!

      1. Yet Another Anonymous coward Silver badge

        Re: WTF?

        Downloading cracks for illegal copies of MS-Office in this case

  6. Anonymous Coward
    Anonymous Coward

    in a way Kaspersky AV is 'bad,' you always need to check *all* 60+ AV's in parallel

    I just ran a recent threat offering to my email and got so many trusting scanners (desktop AV scanners might respond differently to Slurp's essential https://www.virustotal.com/en service)

    the best (for this particular file)

    Netcraft Malicious site

    Sophos AV Malicious site

    BitDefender Malware site

    Avira (no cloud) Phishing site

    Emsisoft Phishing site

    ESET Phishing site

    Fortinet Phishing site

    G-Data Phishing site

    Google Safebrowsing Phishing site

    Kaspersky Phishing site <<<<<- here be dragons!

    Phishtank Phishing site

    and the rest

    ADMINUSLabs Clean site

    AegisLab WebGuard Clean site

    AlienVault Clean site

    Antiy-AVL Clean site

    Baidu-International Clean site

    Blueliv Clean site

    C-SIRT Clean site

    Certly Clean site

    CLEAN MX Clean site

    Comodo Site Inspector Clean site

    CyberCrime Clean site

    CyRadar Clean site

    desenmascara.me Clean site

    DNS8 Clean site

    Dr.Web Clean site

    Forcepoint ThreatSeeker Clean site

    FraudScore Clean site

    FraudSense Clean site

    K7AntiVirus Clean site

    Malc0de Database Clean site

    Malekal Clean site

    Malware Domain Blocklist by RiskAnalytics Clean site

    Malwarebytes hpHosts Clean site

    Malwared Clean site

    MalwareDomainList Clean site

    MalwarePatrol Clean site

    malwares.com URL checker Clean site

    Nucleon Clean site

    OpenPhish Clean site

    Opera Clean site

    Quttera Clean site

    Rising Clean site

    SCUMWARE.org Clean site

    SecureBrain Clean site

    securolytics Clean site

    Spam404 Clean site

    Sucuri SiteCheck Clean site

    Tencent Clean site

    ThreatHive Clean site

    Trustwave Clean site

    Virusdie External Site Scan Clean site

    VX Vault Clean site

    Web Security Guard Clean site

    Webutation Clean site

    Yandex Safebrowsing Clean site

    ZCloudsec Clean site

    ZDB Zeus Clean site

    ZeroCERT Clean site

    Zerofox Clean site

    ZeusTracker Clean site

    zvelo Clean site

    (sorry for the formatting)

  7. Lee D Silver badge

    Great.

    Would they like to advise me about what to do with a site that demands Internet Explorer only to transfer potentially millions of pounds on a website that forces us to use out-of-date Gemalto smartcard signing software (which we can't upgrade without it being unsupported) via ActiveX and which doesn't work any other way?

    I'll be sure to leap right on their security advice after they sort that out, as well as that the BACS people demand we use the up-to-date version or THEY won't support us either. Oh, and this is some six months down the line of trying to get the right readers, smartcards and software to do what we've always previously done before.

    Because sure as hell that doesn't sound like they have our security at the forefront of their minds to me.

    1. Anonymous Coward
      Anonymous Coward

      ???

      Woah, there standard banking must be different from business then!

      I use barclays for business banking and barclaycard business (credit cards) and I do not have Windows (So no ability to use IE) and have logged in from Firefox and Seamonkey in the past with no problems.

      Generally to login and do banking I can use any browser (I've never been stopped yet). They simply ask for Surname, Membership Number, Last 4 Digits of card, and tell you to use indetify on the PINSentry card machine and give them the code it gives you.

      From there on you can do pretty much anything such as transfer money etc.

      Never had any form of activex prompt or request to use internet explorer tbh.

      1. Lee D Silver badge

        Re: ???

        That's their business banking for small-medium businesses.

        You know, those that have multiple-person sign-off on hundreds of direct debits / payments each month.

        Pretty standard business setup, but why it has to be IE-only? The only explanation is basically the same old "Because we can only secure it by running ActiveX plugins capable of arbitrary code execution, connecting to the smartcards and transmitting to an IE/IIS-based website which has been put in every exclusion category possible to bring it outside the scope of all the browser security anyway".

  8. Anonymous Coward
    Terminator

    It wasn't DHS advice, it was a DHS binding order of removal

    DHS Binding Operational Directive 17-01

    Merriam-Webster's definition of advice.

    DHS did not issue a recommendation. They issued a binding operational directive.

    > Some industry pundits see the developments as the start of a new era of so-called cyber balkanisation.

    Some people use Apache HTTPD, some others use lighttpd and some others use Microsoft's IIS. I don't hear pundits complaining about that. Or recommending that everyone use the same HTTP server, for fears of balkanization (whatever that means).

    Also, pundit opining is better left to those offering irrelevant comments on Sunday morning political talk shows. Technical and security decisions should be left to those who are qualified to do that. I.e. not pundits.

    > It’s a long way from the lofty goal that accompanied the inception of the internet as a network to connect the computers of academics together for collaboration, innovation and information sharing.

    Yeah. It was never designed to be that, and it never had lofty goals. It started as ARPANET - Advanced Research Projects Research Agency NETwork - and its development was funded by the US Department of Defense - Advanced Research Projects Agency. According to ARPA, the goal of ARPANET was to [ ... ] exploit new computer technologies to meet the needs of military command and control against nuclear threats, achieve survivable control of US nuclear forces, and improve military tactical and management decision making.

    So much for the Kum-ba-ya singing and hugging.

    Today's Internet is mostly a festering pile of spam - sorry, social networking in pundit terms, cyber-war and commercial profiteering of all kinds. Get used to it.

    1. Lysenko

      Re: It wasn't DHS advice, it was a DHS binding order of removal

      Some people use Apache HTTPD, some others use lighttpd and some others use Microsoft's IIS.

      ... and others yet use NGINX which is written by ... Ohhh noes !!! Eeeeevillll Rooooskies !!!! ARGGHHH!!

  9. Jon 37

    Lunacy

    If you install an anti-virus program that can detect "suspicious" files and upload them to a server in country X run by company Y, and you don't disable that "feature", then it's possible that your files will be seen by company Y and its employees, the intelligence service of country X, and any random hacker that's managed to gain access to those servers. This applies whatever country X is - Russia, USA, or other.

    Now, the company has a strong motive to keep that data private, and to secure its servers to stop hackers getting into them, but it can't do anything about its local intelligence service. For most people, the intelligence service won't be interested in them or their files.

    However, you clearly shouldn't be installing such an anti-virus program on government computers handling information that country X wants! (Or if you must install it, then you should disable the cloud upload feature).

    On a related note, if you install any program, and that program includes automatic updates, then your computer will automatically download and run "updates" from the manufacturer, or from the intelligence service of the country hosting the update servers, or from any random hacker who has hacked both the update server and the code-signing key. If you don't want to give full access to your PC to the intelligence service of that country, then you should not install their software.

  10. Gordon 10

    spite

    Hey Five Eyes

    Stop victimising Kaspersky just because one of your own contractors was stoopid enough to take his work home with him.

  11. Lars Silver badge
    Linux

    Get to the point

    Get rid of Windows.

    1. Sway

      Re: Get to the point

      No, get rid of users!

  12. Stevie

    Bah!

    Next step: a visit from the government Department of Approved Digital Assets auditor to make sure you aren't hosting any software written in, for or by a listed nation.

    List subject to change without notice.

    1. Captain Badmouth
      Big Brother

      Re: Bah!

      "a visit from the government Department of Approved Digital Assets auditor..."

      Bureau of Approved Digital ASSets auditor, shirley?

  13. hoola Silver badge

    All as bad

    There is a huge problem here of hysteria and double standards. Every AV product uploads some form of information so that it is possible for the AV companies to understand the threats they are dealing with. Stop information upload and the whole threat response becomes far worse. Yes, Kaspersky should maybe have been more open but all AV products do this.

    What really annoys me most is this singling out of Kaspersky in this way. No one except Kaspserky themselves really know, but my assumption is that there will do everything possible to secure that information, as should any other AV company. It is not in their interests to splatter that information to anyone. It is what their intellectual property is derived from, it is commercially sensitive and of great value to competitors.

    Kaspersky are not more are risk, and probably are at less risk than the many US (or elsewhere) based outfits that will have no option be to roll over when requested by the NSA. The NSA (and many other US "intelligence outfits) are the biggest group of hypocrites there are and will be doing everything possible to spy on everyone and everything, friend of foe in the name of the "War Against Terror". Given the NSA's abysmal record of securing their own data, frankly I have less trust in uploading metadata to a US company than Kaspersky.

    And as for the comment earlier "use Linux instead of Windows", exactly how does that help in this situation? All operating systems are vulnerable and should be managed/protected appropriately. Windows has the greatest use case where it interacts with users and therefore is the most targeted. If Linux, iLO or some other OS had ended up on the desktop, it equally would be the most popular target.

    If you chose to run an OS with no protection then you are an idiot and smugly stating that it is a Windows issue is even worse.

    1. tiggity Silver badge

      Re: All as bad

      At least with Linux the OS itself is not uploading all my data (unlike a PC running running bog standard home version Windows 10 which most people would get chucked in on their personal purchases).

      Average Win 10 user can choose their AV vendor (& have some say in AV snooping), but unless they change OS, they cannot stop potentially confidential data being sent to MS.

    2. Aodhhan

      Re: All as bad

      I can tell you have no access to intelligence or understand exactly what happened. All you are typing out is what you 'think', without doing much if any research.

      There is a large difference between an AV application taking piece of code positively identified as a threat (from memory), and downloading an entire file stored on a system. In short, downloading the entire file is going too far. Imagine the information an AV company has to gain if they believe word processing files are infected; and download the entire file full of personal and corporate secrets.

      Then with terabytes of information, they are able to search for tags in files such as "Secret", military terms, engineering terms, and other key words to sift through more thoroughly.

      An AV which downloads the entire file instead of just the positively identified code isn't being friendly or acting in your best interest.

  14. Anonymous Coward
    Anonymous Coward

    Let's flip this one around..

    “In a reality where nations are in conflict, it’s a real, hard fact that other anti-virus vendors are of US origin, paying US taxes and subject to the power of the US government which has been found to enjoy overreach wherever it can get away with it, supported by organisations with a global reach whose sole modus operandi is to grab data from wherever they can get away with it and hide behind their US jursidiction. Therefore it would be grossly irresponsible of any nation who has already experienced global crashes, data theft and other enthusiasm for entirely ignoring the protections citizens enjoy in Europe to be using any US, let alone something so deeply embedded as an antivirus engine.”

    In the light of Snowden and Schrems, there is no valid reason whatsoever for any EU government, business and end user to trust a vendor of US origin. None whatsoever.

  15. Anonymous Coward
    Anonymous Coward

    Optional comment

    I guess it's the old adage that the only secure computer is one that's unplugged from everything & switched off.

    I use Kaspersky at home & I'll continue to use it cos if the NSA & UK government don't want me to use it it's probably cos it'll detect their malware.

  16. sloshnmosh

    Firewall+AV

    I only allow my antivirus through the firewall to update it's detection signatures and block it again after updating.

    Even the free MalwareBytes will function with it blocked by a firewall. It will still scan and report any nasties but it won't remove anything unless it is connected to the web.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like