On Kaspersky’s 'transparency tour' the truth was clear as mud • The Register Forums

Tuesday 26th June 2018 07:43 GMT TonyJ

But...

...you could say that any software vendor from the OS to applications and AV could be used in the same way.

I'm not so sure they protest too much. What is clear is that they've butted heads with the likes of the NSA (remember when they exposed the equation group, as documented here on el reg.

Nor am I convinced that just because they are in Russia, it's easier for the government there to put pressure or infiltrate them. Are we honestly to believe that the USA, UK etc wouldn't/won't/don't do the same kind of thing?

It's also worth noting that the Polish have a very low opinion of Russia (for very good reasons) so there's certainly an axe to grind there.

I guess like everyone else, I don't have the answers, just more questions, but I'm still on the fence with regards to them being any more dangerous (or less) than any other company.

61 2 Reply
1. Tuesday 26th June 2018 08:07 GMT Christian Berger
  
  Well the big difference is...
  
  ... that as a German, my government probably would protect me from the Russians, but it surely wouldn't protect me from the US. So if I only had to choose between those two options, I'd rather have the Russians have my data.
  
  Though it's likely that the secret services have a good working relationship with eachother, so my data will end up in everybodies files anyhow.
  
  37 8 Reply
  1. Tuesday 26th June 2018 09:21 GMT big_D
    
    Re: Well the big difference is...
    
    @Christian the German Government won't protect you from themselves! :-D
    
    The courts have twice told them that the Bundestrojaner is illegal... But they are trying to push through yet another law to allow them to use such technology (I believe Bayern / Bavaria has already "legalised" it, although there is still the opportunity to bring that before the Constitutional Court AFAIK).
    
    15 0 Reply
  2. Tuesday 26th June 2018 12:04 GMT Giovani Tapini
    
    Re: Well the big difference is...
    
    Well, they probably don't KNOW they have a good working relationship. The FSB and CIA spy on each other all the time, however it is not always given the gloss of the term collaboration though!
    
    1 0 Reply
2. Tuesday 26th June 2018 09:19 GMT big_D
  
  Re: But...
  
  They got into trouble in Germany as well, because they marked the "Bundestrojaner" (State Trojan, a program used by the BND and police to infiltrate PCs of suspects) as malware, which didn't go down well in political circles.
  
  32 0 Reply
  1. Wednesday 27th June 2018 14:24 GMT MonsieurTM
    
    Re: But...
    
    *Evil* Kaspersky telling us about trojans! Bad Kaspersky, and thus evil Russians!
    
    0 0 Reply
3. Wednesday 27th June 2018 13:59 GMT mutin
  
  Re: But...
  
  Well, two important topics are forgotten:
  
  - Kaspersky himself had and has friends in FSB. It means he will do what they ask for
  
  -They did not promise to stop sending information from user computer to Kaspersky data center(s), which where ever it/they is/are or will be will send info in Moscow. Where it will be available to Mr. K FSB friends. The same way they grabbed NSA info from stupid NSA contract facing bars. Running on government computers they will collect confidential info and send it ... I really to not care about my "personal" info. I simply know that "privacy" is good to believe in but does not exist anymore. But I think any government info should not be widely available. Mr K lovers can download and use Kaspersky company software.
  
  As soon as the company moves its headquarters in EU, and developments as well, and Mr K steps down, the problem will dissolve. But that won't happen simply because they use the company as FSB helper.
  
  0 3 Reply
  1. Wednesday 27th June 2018 14:26 GMT MonsieurTM
    
    Re: But...
    
    So, you prefer preven US lackies to unproven Russian lackies, eh? Damn glad you are not in power...
    
    0 0 Reply
Tuesday 26th June 2018 08:02 GMT DavCrav

"Are we honestly to believe that the USA, UK etc wouldn't/won't/don't do the same kind of thing?"

Do I believe that the UK government would murder your family if you say no? No, I really don't.

Do I believe that the Russian government would murder your family if you said no? Well, they have done on several occasions.

26 22 Reply
1. Tuesday 26th June 2018 08:18 GMT TonyJ
  
  "...Do I believe that the UK government would murder your family if you say no? No, I really don't..."
  
  Unfortunately, I do believe that.
  
  Remember all the questions around Dr Kelly (weapons of mass destruction)?
  
  Remember the questions about the young MI5 agent found in a sports bag he'd apparently managed to zip up completely from inside?
  
  I am sure there are others if we look a bit.
  
  Of course, I am not saying these are in any way proof of such actions, just that there have always been weird, unexplained deaths where question marks hover over them about the possibility of government involvement.
  
  48 7 Reply
  1. Tuesday 26th June 2018 09:25 GMT DavCrav
    
    "Remember all the questions around Dr Kelly (weapons of mass destruction)?
    
    Remember the questions about the young MI5 agent found in a sports bag he'd apparently managed to zip up completely from inside?"
    
    Ah, I specifically said 'your family' for a reason, because I knew both of those were going to turn up. I think it's reasonable to say that the Russian government kills more people than the UK government, and is also a lot less squeamish about 'collateral damage'.
    
    10 22 Reply
    1. Tuesday 26th June 2018 10:22 GMT John Mangan
      
      @DavCrav
      
      "I think it's reasonable to say that the Russian government kills more people than the UK government, and is also a lot less squeamish about 'collateral damage'."
      
      Citation needed.
      
      14 4 Reply
      1. Tuesday 26th June 2018 12:07 GMT Giovani Tapini
        
        Re: @DavCrav
        
        @John Mangan
        
        I refer you to many Spetznatz operations to recover "hostages" with a variety of degrees of success and "collateral damage" where the Americans did not dare attempt. Instances more recently in use of gas in nightclubs or in the past in Beirut.
        
        Maybe you just have to be old enough...
        
        4 4 Reply
        
        Wednesday 27th June 2018 14:31 GMT MonsieurTM
        
        Re: @DavCrav
        
        And the US in Nicaragua, Columbia, Mexico, Lybia, Iraq, Iran, Afghanistan, Vietman, Camboldia, Laos, etc, etc? Exactly how many deaths?
        
        0 0 Reply
    2. Tuesday 26th June 2018 13:00 GMT Bernard M. Orwell
      
      "Ah, I specifically said 'your family' for a reason, because I knew both of those were going to turn up"
      
      You've come to the wrong forum if you're going to lean on semantics for the core of your argument.
      
      12 1 Reply
    3. Tuesday 26th June 2018 15:49 GMT Roland6
      
      "I think it's reasonable to say that the Russian government kills more people than the UK government"
      
      Whilst it might seem from UK media reports that this might be the case and could be a useful working assumption, I would hesitate in concluding this is the case, until we have better and more reliable data/information sources. Remember we are dealing with a branch of government that does much to stay out of sight and isn't unknown to use it's influence to stop things becoming public.
      
      7 2 Reply
    4. Wednesday 27th June 2018 14:28 GMT MonsieurTM
      
      Really? What about the UK meddling in Afghanistan, Syrian, Libya, etc, etc. How many deaths have occurred there because of UK meddling?
      
      2 0 Reply
  2. Tuesday 26th June 2018 09:29 GMT Anonymous Coward
    
    "murder your family" vs either Dr Kelly, or the sports bag victim.
    
    However, I'm not sure that either Dr Kelly or the sports-bag victim could really be considered as evidence for "would murder your *family*", since (a) both were plausible direct targets, and (b) are not easily understood as *the family of* some other target.
    
    7 2 Reply
    1. Tuesday 26th June 2018 16:53 GMT Robert Carnegie
      
      Re: "murder your family" vs either Dr Kelly, or the sports bag victim.
      
      I think the story about Dr Kelly was that his wife would be left without support of his government pension unless he kindly committed suicide. As this is broadly before there were food banks, presumably she/they would then starve to death. HTH, HAND
      
      1 1 Reply
2. Tuesday 26th June 2018 09:31 GMT Anonymous Coward
  
  In an authoritarian regime without check and balances is far, far easier to apply pressures that are much harder to enforce in democratic countries - not impossible, but far harder.
  
  Still, you can have people who will comply without pressure, just out of nationalistic pride. Who would trust products from a Thiel company?
  
  16 3 Reply
3. Tuesday 26th June 2018 09:31 GMT anonymous boring coward
  
  The UK government has sent UK citizens to, for them, foreign countries on the basis of having, apparently, insufficient documentation (technicalities, in other words). They detain thousands of people on vague grounds. The government is in the process of destroying the economy in the interest of a few tax dodgers and their useful idiot xenophobe friends. The government has sent people to die abroad on missions with extremely vague objectives.
  
  I can see them doing quite a lot to get their own way.
  
  32 6 Reply
4. Tuesday 26th June 2018 14:08 GMT Eddy Ito
  
  It's an odd question since I think any government would murder my family and myself without hesitation if they thought it would benefit them. It's likely that the only reason they haven't is because the cost:benefit ratio doesn't work in their favor. Likewise I don't see any cost:benefit working against Kaspersky.
  
  7 2 Reply
5. Tuesday 26th June 2018 14:22 GMT Adam 52
  
  "Do I believe that the UK government would murder your family if you say no? No, I really don't."
  
  I think it unlikely but not impossible. Blackmail is more the UK government's style. Would they plant child porn - absolutely.
  
  13 1 Reply
Tuesday 26th June 2018 08:05 GMT Detective Emil

" … it won’t be long before Kaspersky is recognised as an Uber-style disruptor …"

And this is good?

22 0 Reply
1. Tuesday 26th June 2018 09:23 GMT big_D
  
  Re: " … it won’t be long before Kaspersky is recognised as an Uber-style disruptor …"
  
  I don't think Kaspersky want to be tainted with that brush, they have enough problems as it is!
  
  21 0 Reply
Tuesday 26th June 2018 08:24 GMT smalldot

Can we see the original evidence first?

Where is the evidence that Kaspersky products are in any way more harmful than competing AV products?

I have understood that AV programs are risky because they 1) constantly download updates from the internet, 2) accept any type of code or binary input to scan, and 3) attempt to decode or uncompress the input binary or even run it in a sandbox to see how it behaves. It's not difficult to believe that a serious attacker could try to use the AV product to attack company networks.

But why would any AV company knowingly co-operate with government spies? That would be commercial suicide. Their whole business is based on trust. All the US has to do is to publish evidence on Kaspersky working with Russian spies, and the whole world will instantly uninstall Kaspersky AV. Or is it perhaps so, that soon we will learn about another NSA tool that uses Kaspersky AV to infect target machines?

35 4 Reply
1. Tuesday 26th June 2018 09:16 GMT lglethal
  
  Re: Can we see the original evidence first?
  
  "That would be commercial suicide."
  
  And refusing to co-operate with the government is likely to see you either in prison (various embezzelment, corruption or conspiracy charges) or worse.
  
  I'm not just talking Russia here, any regime where the government has complete control of the courts and the media - China, Vietnam, etc. - all make it incredibly dangerous to say No when the government comes knocking. I'm sure in places like the UK, US, etc it is also difficult to say No to the men in black suits. But there's a difference between something being difficult and something being dangerous...
  
  14 4 Reply
  1. Tuesday 26th June 2018 14:01 GMT Anonymous Coward
    
    Re: Can we see the original evidence first?
    
    Isn't every major AV vendor except Kaspersky under suspicion of collusion with the United States government?
    
    Any AV software is most certainly a potential threat. Proprietary code, automatic updates, god-mode access. If you really want to secure a computer, you don't simply "add security", you remove non-essential components and lock down potential attack vectors. And if you're that concerned about security, you shouldn't even be using a computer.
    
    It's long past time for the US Government, in particular, to reckon with that.
    
    6 2 Reply
  2. Wednesday 27th June 2018 14:34 GMT MonsieurTM
    
    Re: Can we see the original evidence first?
    
    Ever heard of D-notices & the Official Secrets Act, mate? These are UK inventions. That make it dangerous in as far as going to jail is dangerous.
    
    1 1 Reply
2. Tuesday 26th June 2018 15:59 GMT Roland6
  
  Re: Can we see the original evidence first?
  
  Or is it perhaps so, that soon we will learn about another NSA tool that uses Kaspersky AV to infect target machines?
  
  Not sure of your logic here, personally, I expect we will be hearing about another NSA tool from Kaspersky: some US government employee decided their work machine was running a little slow whilst working from home, so downloaded the Kaspersky scanner which uploaded the unknown executables for inspection...
  
  2 0 Reply
3. Wednesday 11th July 2018 12:22 GMT Christian Berger
  
  There is no evidence...
  
  ... that's the whole point. All AV products have a theoretical benefit at best, far outweight by the many actual practical problems with them.
  
  It's simply not wise politcially to demand or present evidence, because then you'd be forced to act logically and would therefore have to publicly declare your goals.
  
  0 0 Reply
Tuesday 26th June 2018 08:46 GMT sitta_europea

Why is nobody even asking why anti-virus products like Kaspersky's are so popular?

The single biggest contributor, by a very long way, to insecurity in IT is an American company called Microsoft.

So isn't it time to drop Microsoft products too?

Surely it must be obvious that the whole Kaspersky issue is an irrelevant sideshow which can do nothing but distract attention from the real issues.

26 11 Reply
Tuesday 26th June 2018 08:47 GMT Anonymous Coward

CIA wrote code to impersonate Kaspersky Lab?

"WikiLeaks says it has published the source code for the CIA hacking tool ‘Hive,’ which indicates that the agency-operated malware could mask itself under fake certificates and impersonate public companies, namely Russian cybersecurity firm Kaspersky Lab."

Kaspersky is possibly the only AV company not compromised by the NSA, remember AV software gets to run on all the computers on the planet, as root and report back to the mother-ship. Every-time you update you don't know what it's really doing.

@smalldot "why would any AV company knowingly co-operate with government spies?"

Well, the AV companies wouldn't knowingly co-operate, that's why they're called spies and since the end of the cold war, rather than engaging in mutual spying, the various state security apparatus currently engage in mostly exfiltrating industrial secrets from companies for monetary gain.

16 3 Reply
1. Tuesday 26th June 2018 09:10 GMT Alan Brown
  
  Re: CIA wrote code to impersonate Kaspersky Lab?
  
  "since the end of the cold war, rather than engaging in mutual spying, the various state security apparatus currently engage in mostly exfiltrating industrial secrets from companies for monetary gain."
  
  That's mostly what they were doing before the end of the Cold War too.
  
  The USA is one of the worst offenders, particularly with any technology that might possibly threaten their hegemony - a "kill it in the crib" approach is clear in a number of cases. (such as, say jet fighters - see TSR2, etc)
  
  12 3 Reply
Tuesday 26th June 2018 08:50 GMT Michael H.F. Wilkinson

"Please do not let me detain you"

The problem with the word "transparency" is that it immediately reminds me Lord Vetinari, who often claims his motives are completely transparent, which in his case most likely means you cannot see them at all.

I'll get me coat. The one with "Going Postal" in the pocket

30 0 Reply
1. Tuesday 26th June 2018 09:20 GMT lglethal
  
  Re: "Please do not let me detain you"
  
  "Ankh-Morpork had dallied with many forms of government and had ended up with that form of democracy known as One Man, One Vote. The Patrician was the Man; he had the Vote."
  
  23 0 Reply
Tuesday 26th June 2018 08:53 GMT Alister

...doth protest too much

I sense a shift in editorial stance on this, and I wonder why.

If governments want to claim that Kaspersky is a security risk, perhaps they'd like to offer some evidence of this.

Why would El Reg ask Kaspersky for evidence that the US is persecuting them? It's quite obvious that the drive to demonize Kaspersky started ever since Kaspersky's Antivirus identified malicious software on an NSA staffer's machine in 2014.

43 0 Reply
1. Tuesday 26th June 2018 09:22 GMT MiguelC
  
  Thatl probably won't do them any good, even if public opinion is in their favour governments aren't likely to cede in such a matter (either if it's being done for security reasons or just as punishment), but protesting is really the only thing they can do for now (as their court actions have all been rejected because of... reasons...)
  
  9 0 Reply
2. Tuesday 26th June 2018 09:35 GMT Anonymous Coward
  
  "perhaps they'd like to offer some evidence of this."
  
  If evidences may put sources at risk, you may want to avoid that. Even journos will not reveal their sources if they believe there's an actual risk.
  
  1 1 Reply
  1. Tuesday 26th June 2018 11:08 GMT Alister
    
    Re: "perhaps they'd like to offer some evidence of this."
    
    If evidences may put sources at risk, you may want to avoid that.
    
    So that means then, that governments, or journalists, are free to publicly accuse an individual or company of malfeasance without presenting any evidence to support those accusations.
    
    This is surely not how it should be?
    
    16 1 Reply
    1. Tuesday 26th June 2018 11:58 GMT Anonymous Coward
      
      "This is surely not how it should be?"
      
      But it's what happens. Have media evidences, for example, that Ivanka Trump is obtaining copyrights in China just because of hidden deals between her family abusing of presidential powers and the China government?
      
      Still, strong suspicions are published, and if anyone has sources within the Chinese government wouldn't be so fool to expose them.
      
      Evidences are conditions sine qua non for a trial and sentence - but did you never act on a strong suspicion, with just some corroborating info?
      
      0 0 Reply
    2. Tuesday 26th June 2018 13:01 GMT Destroy All Monsters
      
      Re: "perhaps they'd like to offer some evidence of this."
      
      If ~~evidences~~not writing what's on the handout may put ~~sources~~access to "inside sources" at risk, you may want to avoid that.
      
      FTFY
      
      1 0 Reply
  2. Tuesday 26th June 2018 14:34 GMT Adam 52
    
    Re: "perhaps they'd like to offer some evidence of this."
    
    "Even journos will not reveal their sources if they believe there's an actual risk."
    
    You just cling onto that happy fantasy!
    
    3 1 Reply
    1. Tuesday 26th June 2018 22:26 GMT Anonymous Coward
      
      Re: "perhaps they'd like to offer some evidence of this."
      
      > You just cling onto that happy fantasy!
      
      Depends on the journo. More specifically on their integrity and how good they are at protecting your information. Some are extremely good, others utterly incompetent.
      
      While thankfully I have never personally dealt with journalists of questionable integrity, they abound.
      
      1 0 Reply
Tuesday 26th June 2018 09:57 GMT John Mangan

I find the under-lying assumptions quite surprising.

Maybe I'm mis-reading it but there seems to be a presumption that "of course a Russian company will act as a trojan for it's government'' (which I'm not arguing for or against) but "that would never happen in the West" (which I do have an issue with).

There is clear evidence that Russia likes to interfere and, like any developed nation, engages in shady practices to protects its interests.

But there is even clearer evidence (Snowden) that the West, e.g. including but not limited to U.S. and Britain, do exactly the same. Both countries employ gagging orders so you can't even talk about being approached by said shady agencies.

I'm not 'for' these activities and I'm not 'for' Russia but I am 'against' the apparent editorial assumptions which seem to be without basis.

28 1 Reply
Tuesday 26th June 2018 09:59 GMT Anonymous Coward

So, I have a choice...

So Kaspersky treats spyware from US crooks the same as UK ones. They treat them the same as from the rest of Europe and the rest of the planet. That is what I want. They are not subject to the NSA or any other criminals. This is good.

I am happy that they block the US nasties. The NSA is not there for my protection. I don't think it it is there for the protection of US citizens either but that's not my problem. Russian spooks may not have much interest in me. US ones probably don't either but they are controlled by the US government who, in turn, is controlled by US corporates. I am more troubled about them.

20 2 Reply
Tuesday 26th June 2018 11:04 GMT HmmmYes

Frankly, Id be happier burning the whole lot - Windows + AV.

Stinking, multi layered piles of shit.

14 1 Reply
Tuesday 26th June 2018 11:06 GMT PyLETS

The only security relevant code with transparency

This has to be open source and has to be developed in the open, and with reproducible build capabilities * so that anyone interested can verify it or collaborate with any number of interested others to share and discuss the verification of it. Anti-virus on closed platforms has to operate with root and kernel level access due to its very nature. Having a consortium of universities or an audit "partner" able to inspect code based on vendor criteria in the forum offered and managed by the vendor doesn't guarantee that the urgent update you need to defend against a recent and critical threat has been independently verified.

* for why reproducible builds are required see: https://reproducible-builds.org/

4 1 Reply
Tuesday 26th June 2018 11:13 GMT Jason Bloomberg

They hate us and want to kill us

"The "America wants to destroy us" argument was delivered with broad brush strokes, but zero evidence".

That America and others in the west demonise and seek to ban them without producing credible evidence for doing so suggests to me Kaspersky are correct in their assessment.

22 2 Reply
Tuesday 26th June 2018 11:25 GMT adam payne

The "America wants to destroy us" argument was delivered with broad brush strokes, but zero evidence.

The US have presented zero evidence as well.

19 1 Reply