back to article UK government bans all Russian anti-virus software from Secret-rated systems

The United Kingdom's National Cyber Security Centre has effectively banned the use of Russian anti-virus products from government departments and revealed it is trying to “prevent the transfer of UK data to the Russian state” from Kaspersky Labs software. A guidance note published last Friday and distributed to permanent …

Page:

  1. Neil Barnes Silver badge
    Holmes

    Here's the plan, Igor...

    First we steal the idea of the internet worm to make a number of viruses. We release them into the wild, so people are really really worried about them.

    Then we invent a really good anti-virus product so everyone will install it to stop the viruses.

    Then we frighten them into not using the anti-virus product on their most important servers!

    Bwahahahaha! <fx: thunder and lightning>

    Hopefully, those OS makers never come up with the idea of secure-by-design systems, or all our work will come to naught!

    1. John Smith 19 Gold badge
      Unhappy

      "Hopefully, those OS makers never come up with the idea of secure-by-design systems,"

      Remind me again...

      Which version of Windows was supposed to be a from-the-ground-up redesign after the whole dev team had been training on "secure coding"?

      Like so much of Microsoft's products it looks like something that has certain abilities, but actually does not.

      1. Dan 55 Silver badge

        Re: "Hopefully, those OS makers never come up with the idea of secure-by-design systems,"

        Which version of Windows was supposed to be a from-the-ground-up redesign after the whole dev team had been training on "secure coding"?

        All of them, I think. Yet oddly the CVEs between different versions are suspiciously similar.

        1. John Smith 19 Gold badge
          Unhappy

          "Yet oddly the CVEs between different versions are suspiciously similar."

          Now the interesting question is are there similar bugs between versions that are meant to be on different sides of this "complete-rewrite-from-the-ground-up" claim?

          If they are are not then it would suggest that there was indeed a root-and-branch shift in the code base.

          OTOH if there are commonalities that would suggest the claim was just so much BS.

          1. jake Silver badge

            Re: "Yet oddly the CVEs between different versions are suspiciously similar."

            I dunno John, does BadTunnel (CVE-2016-3213) apply? That's XP through 10, including so-called "server" versions.

      2. Alan Brown Silver badge

        Re: "Hopefully, those OS makers never come up with the idea of secure-by-design systems,"

        "Which version of Windows was supposed to be a from-the-ground-up redesign"

        I'll go one better.

        Which version of BIND was supposed to be a from-the-ground-up redesign?

  2. Anonymous Coward
    Anonymous Coward

    Jet Engine

    I think UK must do everything to prevent such a predicament where the UK government gave jet engine technology/knowledge to USSR

    FOR FREE

    i.e. give or leak NO information to other powerblocks/houses

    1. Marshalltown

      Re: Jet Engine

      Far, far too late. The UK literally sold the USSR the technology for the early MIG engine. There was an "agreement" signed and sealed, that promised sincerely that the USSR would never, ever use the engines for anything warlike. Then the first MIG captured showed they had replicated the engines. So, technically they might not have broken the promise, but ...

      1. Lysenko

        Re: Jet Engine

        The UK literally sold the USSR the technology for the early MIG engine.

        Yeah, right, because the USSR could never have mastered that technology on its own. The same sort of thinking that lead the Americans to renege on all their commitments regarding nuclear technology with the UK - because the British couldn't possibly build a bomb themselves without access to American designs. Oops.

        Human IQ is pretty much the same everywhere. You can't contain an invention once other people have seen it in action because they will always be able to infer most of the operational details immediately and rapidly resolve the rest experimentally if they have enough money and resources.

        Licensing jet engine designs to the USSR made a profit an ensured that we had a damn good idea what the operational capabilities of those engines were. Refusing to do so would just have resulted in the USSR ending up with indigenous designs whose capabilities were more opaque.

        The F35 paranoia is equally farcical - unless you seriously believe that the guys at Lockheed have genetically bigger brains than those at Mikoyan or Sukhoi. American military supremacy is based on money, and if the Russians can't match the F35 or a nuclear Super Carrier it is because they don't have the budget, not because they don't understand the engineering.

        1. amanfromMars 1 Silver badge

          RAM Jet Engineering ..... for ROM Pings

          Howdy, Lysenko,

          American military supremacy is based on money, and if the Russians can't match the F35 or a nuclear Super Carrier it is because they don't have the budget, not because they don't understand the engineering. .... Lysenko

          Hmmmm? Hence the concerted attacks upon fiat paper money/bank IOUs and in particular right now, the dollar?

          You know what they say ..... The Love of Money is the Root of All Evil and is a Systemic Weakness for Mass Manipulative Employment and Exclusive Executive Exploitation.

          Who do you imagine understands the engineering that delivers Remote Lead with Advanced IntelAIgents Sublimely Commandeering Control with Cyber Space?

          Wild Wacky Westerners or Exotic Erotic Easterners? And if an AI Supremacy is to be based upon money, what price would you put upon insuring and assuring it remain a Secret Spooky Trade Secret whenever IT provides NEUKlearer HyperRadioProACTive Augmented Virtual Reality Plays for Mass Multi Media Programmed Presentations ...... Greater IntelAIgent Massively Multiplayer Online Role-Playing Games Plays for the Population of Virtual Space Stations .... Live Operational Virtual Environments?

          Use your common sense. Seven Sevens? Eight Eights? Nine Nines? Or Ten Tens and Trillions?

          Bet on the latter, 10,101,010,101,010,101,010, and make a fortune.

          Human IQ is pretty much the same everywhere.

          Hmmmm? ..... Do you really think so? Is anything/everything else different therefore foreign and/or alien?

          1. jake Silver badge

            Re: RAM Jet Engineering ..... for ROM Pings

            "The Love of Money is the Root of All Evil"

            Nah. Organized religion is the root of all evil[0]. Money just pays for it.

            [0] Note that I very carefully didn't say "all organized religions are evil".

          2. Tail Up

            Re: RAMROM Pings

            A skilled mind reader, as qualified as quality itself, you are, Doc.

            If I was at the place of your respondent - yes, Seven, as if you didn't even have prompted it yet in such an odd for most of us, mortals, way :-)

            Still it's only a question of irrational charity. One can't buy or sell the Super Puper Hyper Vision of the Universe.

            Well, you know.

            1. amanfromMars 1 Silver badge

              Re: RAMROM Pings

              Still it's only a question of irrational charity. One can't buy or sell the Super Puper Hyper Vision of the Universe. .... Tail Up

              That is or may not be so, Tail Up, but as a value of worth in the guise of a simple reward for easy public spending and private personal enjoyment, are the sums paid and received highly indicative of the range and stretch of creative disruption the produce can and will deliver. Or not deliver, if in the most expensive of deals and rewarding arrangements, agreement results in the temporary shelving of the most radical and revolutionary of future programs/presentations/AIMasterdD Plans.

              Dodgy money market leaders just love to kick the can down the road, don't they, rather than admit that they have no answers to deal with in-house created problems.

              What would many, if not nearly everyone call such lost souls? Surely not masters of the universe doing Gods work whenever super duper fantastic fools is freely available and most apt?

              1. Tail Up

                Re: RAMROM Pings

                Did I tell you about Mind/mind Reading, yes, with such capitalisation, amanfromMars?

                "That is or may not be so Tail Up" - this is the Hard Core Driver that one has to experiment with.

                It's not to say it's a must of the ship - whatever it is, please be sure, there's neither a sheep, nor a dog aboard.

                Am I smiling now? Or am I being serious? And you?

                "Duper" TY :-)

          3. Anonymous Coward
            Anonymous Coward

            Re: RAM Jet Engineering ..... for ROM Pings

            "Howdy, Lysenko"

            Lysenko was an agronomist. Perhaps you should have written "Howdy, Korolyov".

            Ah...

          4. Lars Silver badge
            Happy

            Re: RAM Jet Engineering ..... for ROM Pings

            "Human IQ is pretty much the same everywhere."

            Yes, but next it's all about education, however, education for profit and education according to class doesn't seem to provide all that much.

        2. Alan Brown Silver badge

          Re: Jet Engine

          "American military supremacy is based on money"

          Actually, it was based on sheer numbers and production capabilities, They've rather painted themselves in to a very expensive corner of late.

        3. Joe Montana

          Re: Jet Engine

          Having highly advanced but expensive and complicated weapons is not really ideal in a war situation unless they are massively superior to the enemy such that the enemy can't damage them.

          If the difference is small enough that the inferior enemy equipment can still inflict damage, and the enemy equipment is much cheaper they will just build large numbers you won't be able to match due to the cost.

          Also during combat, equipment will get damaged or destroyed. If repair/replacement is expensive or complicated it will become difficult to maintain enough working equipment. The AK47 is a good example of this, reliable and quick/cheap to build.

          1. Lysenko

            Re: Jet Engine

            Precisely. Quick calculation for an Arleigh Burke Class Destroyer with state of the art AEGIS air defences:

            Cost of ship: $1.8 billion

            Give it maximum possible defences (2 x RIM-116 short-range missiles and 2 x Phalanx CIWS) and perfect accuracy. You can take out 82 close in threats. Anything else needs to be stopped by the SM-2 and SM-6 missiles further out. Let's assume that the entire VLS is quad-packed with exactly the right loadout (no chance). With yet more impossibly perfect accuracy, you can take out 384 targets. Total 466. Anything above that and the ship is dead, even in this defenders dreamworld.

            Cost of Kh-31 anti-ship missile: $0.5 million.

            Cost of 500 Kh-31s: $250 million.

            You can, therefore, take out the ship spending only 14% of what it cost to build it.

            I'm not suggesting that's workable military strategy, you would need an unassailable base to launch all those missiles from for a start, but that doesn't change the fact that big, expensive targets need to achieve and maintain incredible (quite literally) levels of performance in the face of large numbers of (relatively) low tech threats. Personally, I strongly suspect that even 50 Kh-31s inbound means a dead ship.

    2. Lars Silver badge
      Happy

      Re: Jet Engine

      My Deity how the facts about the jet engine seems to disturb the British soul, quite disgusting actually.

      https://en.wikipedia.org/wiki/Jet_engine

      "Following the end of the war the German jet aircraft and jet engines were extensively studied by the victorious allies and contributed to work on early Soviet and US jet fighters. The legacy of the axial-flow engine is seen in the fact that practically all jet engines on fixed-wing aircraft have had some inspiration from this design."

    3. Anonymous Coward
      Anonymous Coward

      Re: Jet Engine - i.e. give or leak NO information to other powerblocks/houses

      Well, Louis Schreurs BEng, that horse bolted when we started letting foreigners into our universities and even granting them citizenship.

      Foreign sounding name you have there. Where did you go to uni to get your BEng? Where are you working now? Where do your ancestors come from?

      Better remove your internet and telephone access, censor your mail and prevent you talking to strangers or leaving the country. You know, just to be safe. Based on your own statement.

  3. amanfromMars 1 Silver badge

    OmniShambles v2.0 Exploratory Rocket ....... the Ongoing Present Tale in Future Media Sales Pitches

    Crikey, Reds under the bed and Sublimely Commandeering Control with Cyber Space and the Treasury reacting madly and radically and predictably is a fine brace for this Xmas.

    Is that Prime or Sub-Prime Joint Intelligence Committee Planning at ITs Great Game Work, or just simply A.N.Others hatch/botch/patch that they respond to?

  4. Anonymous Coward
    Anonymous Coward

    Erm....

    Why do they need antivirus?

    Top secret files should either be on non-microsoft usb disabled machines in an air-gapped network or one with a filewall that if I so much as ping a host I shouldn't I end up in a duffel bag. Either that or it should all be on paper in a secure location. It's just not worth the risk.

  5. Lars Silver badge
    Linux

    What's the problem

    Put Linux on a stick and use it for your bank transactions or switch completely, but tell nobody or the crooks will get it and start writing viruses for Linux.

    1. Primus Secundus Tertius

      Re: What's the problem

      @Lars

      I use Linux on a CD for banking. Much harder to corrupt a CD than a stick.

  6. Tail Up

    'Net Is A Totally Transparent Society

    I bet any of my two shirts that only few chosen heroes here use just any AV, except, maybe, OS' fiat self-narc ones (-:

    1. Tail Up

      Re: 'Net Is A Totally Transparent Society

      Two thumbs down, two self-reporting heroes, and counting [:trollface]

  7. Anonymous Noel Coward
    Boffin

    McCarthyism.

  8. Anonymous Coward
    Big Brother

    Don't mention firewalls!

    Israeli SIGINT National Unit 8200 wrote Checkpoint, after all.

    1. Anonymous Coward
      Anonymous Coward

      Re: Don't mention firewalls!

      Why doesn't the British Army do the same for British needs ?

      1. amanfromMars 1 Silver badge

        Re: Don't mention firewalls!

        Why doesn't the British Army do the same for British needs ? ... Frank Gerlach #2

        One presumes the British Army doesn't have the Right Stuff Staff. And that is a leadership failure which goes right to the top of the national tree where the politically adept are the most inept politically inept are the most adept at concealing shortcomings and intelligence failings and deficits which nowadays threaten to so very easily burst the bubbles of legitimised authority they have manufactured for themselves.

  9. Seajay#

    First thought. Huh, so previously we were or might have been using Kaspersky on Secret systems?

    Second thought. Secret networks are set up in such a way that rogue software could phone home from them?

    Third thought. https://xkcd.com/463/

    1. thegroucho

      @Seajay#

      the XKCD link - harsh but true!

  10. Anonymous Coward
    Anonymous Coward

    And still

    ...we'll happily let you use Intel chip sets with huge back doors in them.

  11. Anonymous Coward
    Anonymous Coward

    Hoisted by various petards of incompetence

    Tell me again why supposedly "secret" systems:

    1) Run cellar-tier dodgy operating systems by an American Company as well as dodgy applications by that same American Company, which is a known provider of Dodgy-ware on a regular basis.

    2) Are apparently connected to the wide Internet doing I/O that no-one cares about.

    3) Need to have something called "Antivirus" in the first place (what is it supposed to do? Patrol the gates of Castle Vania??)

    Oh well, back to Symantec and the Yellow Sign I guess.

  12. Peter2 Silver badge

    The issue is wider than Kaspersky. The issue is that a decade or so, AV programs used to be a fairly simple thing that scanned running processes and your hard drive to see if it found any matches to an MD5 hash, and if it did then it'd flag that up to your security console with options to quarantine/remove. The entire thing sat inside your firewall, and was totally under your thumb.

    These days, cloud based AV picks up definitions from an online database, can upload any file that it thinks is suspicious for the vendor to have a look at and has tools in the (web based) control console that allows a user of the control panel to remotely execute code with the permissions granted to the AV. Which is almost always full read/write, as AV that doesn't have the ability to do a complete scan is useless, and most people want it to be able to disable processes and remove files.

    Frankly, if I were managing a Top Security system I think i'd be banning all cloud AV based systems, not just Kaspersky.

  13. Peter2 Silver badge

    Yeah, right, because the USSR could never have mastered that technology on its own. The same sort of thinking that lead the Americans to renege on all their commitments regarding nuclear technology with the UK - because the British couldn't possibly build a bomb themselves without access to American designs. Oops.

    And too be fair, one reason Britain did it that quickly was that we had our own atom bomb project "Tube Alloys" before joining in with the American's "Manhatten" project and our staff worked on the "Manhatten" atom bomb project. Otherwise, we couldn't have done it so quickly.

    The Russians managed to steal designs from both America and Britain, otherwise they couldn't have done it so quickly.

    Licensing jet engine designs to the USSR made a profit an ensured that we had a damn good idea what the operational capabilities of those engines were. Refusing to do so would just have resulted in the USSR ending up with indigenous designs whose capabilities were more opaque.

    They weren't licensed. The Labour government at the time sold them one (small) shipment of the cutting edge engines of the time in exchange for a shipment of timber. The engines were reverse engineered, so we didn't get so much as a pre decimal half penny for the Russians having our engine design in license fees.

    The Russians could have come up with something similar, but it'd have taken them something like a decade. Probably more, since they were starting from the German jet engine designs which couldn't be built to last with the materials science available in the 1940's/50's. As a result, the german engines needed complete overhauls after 10 hours. The British Rolls Royce engines had lifetimes exceeding that by orders of magnitude before needing maintenance, and are still used in the original aircraft today. There are no flying examples of ww2 german engines, or engines built to ww2 german designs.

    1. pxd

      read all about it - excellent book

      Lots more detail of all this can be found in the recently re-released: Test Of Greatness: Britain’s Struggle for the Atom Bomb by Brian Cathcart (Kindle Edition: https://www.amazon.co.uk/Test-Greatness-Britains-Struggle-Atom-ebook/dp/B01B1RT15K/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1512397941&sr=1-1&keywords=brian+cathcart). Well worthwhile, IMHO. pxd

    2. Voland's right hand Silver badge

      The Russians managed to steal designs from both America and Britain, otherwise they couldn't have done it so quickly.

      That is not proven. They had their own project as well. Fission Nukes are not that difficult to build. They had a reactor running only a couple of years after the Oak Ridge one and the cooling solutions, control, etc on their first reactors used to get the Pu-239 for their first nuclear test are different from the Oak Ridge. If they stole that the question is from whom.

      The bomb itself after that is a mostly chemistry + high precision high explosives engineering job. While a lot of it is classified till this day, when you have had a couple of accidents with Plutonium on the way you know what to aim for. They had the accidents by the way - they are documented.

      Where theft happened was mostly likely later - at the thermonuclear stage.

      We still do not know if it happened or not because the full Teller-Ulam and the full Saharov 3rd idea designs are classified till this day. However, Saharov originally managed only a very dirty fission amplifier a design similar to what is likely to be in use by the Norks. He suddenly went from there to 3rd idea which is practically identical to the USA thermonuclear bombs in being as clean as a nuke can get - with minimal fallout. Similarly, USA could barely muster something which needed a ship to carry for their early tests while the Russians went straight for a fusion bomb which can be delivered by aircraft. USA caught up shortly thereafter. Shall we say the stole it too?

      One thing we also know for sure about that period is that 3 letters on both sides were working their asses off to get info. It takes time to get meatware assets in place to steal stuff like this. The timing of the first USSR nukes is nearly impossible for "stolen" design. Now, the thermonuclear race was different as both sides had spies deep in the enemy camp.

      IMHO as some people have noted, a person "skilled in the art" can quickly figure out how it works if he has seen a working implementation. Once a secret superweapon is shown to the world, it is only a matter of time for a determined opponent with a deep wallet and access to resources and brains to replicate it. If an opponent has an above critical mass level of engineering count it done. So sure, a banana republic cannot replicate a western superweapon. Russia - any day. Just a matter of time. Similarly, China is now in the any day league. Even Iran is in that league - they have more than enough money and engineering graduates.

  14. Crimperman1996
    Facepalm

    This will have little effect

    Mostly because, if a foreign government or some ne'er-do-well wanted to gain access to government secrets they've just found out they can bribe an MP's intern - probably cheaper and seemingly less difficult to detect.

    https://www.theregister.co.uk/2017/12/04/dorries_i_give_my_staff_my_login_details/

  15. Aodhhan

    Conspiracies

    People coming up with outlandish theories and accusations without any proof about how anyone is being spied upon is what makes the intel community go around as well as laugh. It only takes someone to sit back and think about things for 10 minutes to see some of the idiocy, because far too many people don't think about anything for 10 seconds and/or just repeat something they've heard.

    What does shock me, is the amount of people who unleash hate on governments which change every 4-10 years who must answer to their people in one form or another. In the same breath they protect and talk up governments which are tyrannical, toss people in jail for saying the wrong thing, are far more corrupt the any government in the west, and the government stays the same for years and years.

    If we in INFOSEC, have so many people who think off the cuff without stepping back to think things through, then there will be a lot of organizations who spend far too much money on things and will be a lot more vulnerable than need be.

    Only in Hollywood, do hackers and security defenders come up with solutions in a second. Only in Hollywood do all solutions come exactly when they need to.

  16. ScottishYorkshireMan

    Wasn't it Kaspersky that the UK Spooks said they had real difficulty breaking through? I am sure it was reported here on El Reg. While back mind.

    So, just suppose they STILL can't break it, neither can Uncle Sam and lets suppose it is after all just a good old AV product with no links to the Russian government.

    Would it be a good way to stop people using the product you can't break by telling everyone its linked to a foreign government? Just saying...

  17. Daedalus Silver badge

    TEMPEST in a teacup (with biscuits)

    I started to wonder what systems rated "SECRET and above" would be doing on the Internet anyway, but then I remembered that in GovUKSpeak, everything is "SECRET and above", even the caretaker's taste in biccies.

    This is the same GovUK that once mandated TEMPEST shielding on everything above the level of a box of matches to suppress RF snooping.

    1. Anonymous Coward
      Big Brother

      Re: TEMPEST in a teacup (with biscuits)

      "even the caretaker's taste in biccies."

      Of course. Because the Russians might bribe him (or her) with biscuits. You know what caretakers are like. And in any suitably stereotypical spy fiction the caretaker is the weakest link and the route into all areas.

      In fact, wasn't that actually exactly how the British managed to destroy the German heavy water supply?

  18. Anonymous Coward
    Big Brother

    The issue of supply chain risk in cloud-based product ..

    The issue of supply chain risk in cloud-based products, including anti-virus (AV) software

    translation: Kaspersky is the only AV software we haven't yet backdoored.

  19. 23Badger

    A slight over reaction since China was known to be copying everything it could from the west not 10 years ago, and no one batted an eeylid.

  20. sloshnmosh

    NETSTAT Dev

    "Well, the simple approach is to connect a Data Diode to the outgoing ethernet cable and then run a traffic analyzer of your own on the data stream. Never connect the analysis system bidirectionally to the interwebs."

    One of the developers of NETSTAT wrote an interesting paper regarding doing just that.

    I'm too lazy to dig up a link but the dev in question is named Phil Blundell.

  21. Anonymous Coward
    Anonymous Coward

    What about BackUp?

    What about Veeam and Acronis!

    Russian companies, with Russian development all having data backed up!

    Surely that is more worrying than AV?

    1. jake Silver badge

      Re: What about BackUp?

      They can call it "backup" all they want, but it's not. Anything cloud based is unreliable storage, at best. Backup needs to be 100% under the control of the party doing the backup, otherwise it's a pointless exercise in feel-good illusion.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021