back to article Kaspersky plays down source-code leak

Leaked versions of source code for older versions of Kaspersky Lab's security software have been released through file-sharing networks over the last few days. The source code comes from early 2008 versions of the consumer version of Kaspersky's security suite, which included anti-virus, anti-spam and parental control features …

COMMENTS

This topic is closed for new posts.
  1. A J Stiles
    Grenade

    Hmm

    If your business depends on keeping your Source Code secret from users (a position which is untenable, unjustifiable and unsustainable in the long term) then you deserve to fail.

    Let's have more Source Code leaks!

    1. A handle is required
      FAIL

      You are insane

      How is keeping intellectual property safe from competitors "...untenable, unjustifiable and unsustainable..."?

      All businesses that develop software (with the exception of open-source, of course) don't want their code getting out. They spent tons of money and time developing it, and they have the nerve to not want other people (competitors, perhaps?) from getting it? Imagine that! Source code leaks are not a good thing.

      If you are so hell-bent on open-source, then try Sourceforge.

      1. A J Stiles
        Grenade

        I'm the sane one -- everyone else is mad

        There is no such thing as "intellectual property". All the fruits of all human endeavour rightfully belong to all of humanity.

        What's insane is Microsoft continuing to sell an OS where it's easy and normal to circumvent privilege separation; anti-malware firms competing for a fixed-size and dwindling pool of potential customers; and worst of all, users putting up with all this (although many are beginning to see that there are alternatives).

        Your Source Code is not special. If you can write a program to do something, so can I -- and I don't even need to see your Source Code, just what it does. Your richer competitors, meanwhile, are probably spending time and money poring over your compiled binary at the machine instruction level. If you're too cowardly to show me your code, that just suggests to me that you're embarrassed about something in it (Schoolboy errors? The kind of plagiarism you profess to despise in others?) I, on the other hand, am proud to nail my colours to the mast. I wrote this program; it is the best of its kind, and I will even show you exactly why nothing anyone else does is ever going to come close. Bite my shiny metal arse, I double-dastardly dare you!

        Keeping secrets from me about products I am expected to use is neither tenable nor justifiable; the rightful owner of an artefact should automatically be privy to any secret embodied within that artefact by simple virtue of ownership. It is also unsustainable, because Source Code can only be concealed from users until someone perfects a decompiler.

        Oh, one final tip for anyone who wants to keep their Source Code to themselves: keep your binaries to yourselves as well.

        1. A handle is required
          Stop

          No, no, no: You're still insane

          "There is no such thing as 'intellectual property'."

          Maybe not to you, but there are businesses and corporations that rely on trade secrets ("secret recipes", if you will) to differentiate them from the other ho-hum competitors. You can apply this to anything, not just code. If everyone had access to every secret, there would be no competition. Everyone would churn out identical products, and no one company could actually succeed.

          "What's insane is Microsoft continuing to sell an OS where it's easy and normal to circumvent privilege separation..."

          What that hell is "privilege separation"?

          "...users putting up with all this..."

          Putting up with what, exactly? I noticed that you've already complained about Microsoft. Let me say this about Windows, and any other OS: most problems come from the interactions between third-party (not always high quality) software and the OS itself, plus any other drivers, etc. Not every mistake that developers make can be pinned on Microsoft, but, it's too easy for the consumer to do.

          "Your Source Code is not special. If you can write a program to do something, so can I -- and I don't even need to see your Source Code, just what it does."

          And why isn't it special? Maybe you can write the same program I can. But, how does that justify me giving you my source code when I did the work? That's like saying, "I could make $100 today, but you already did so you should give me yours."

          "If you're too cowardly to show me your code..."

          It's not cowardice. If developers want to run around and brag about their code, they will. They can make it open source. It's not cowardice to run a business. Microsoft wouldn't have made the money they did if they released their code into public domain. And, in you case you haven't figured this out, businesses are supposed to make money.

          "I, on the other hand, am proud to nail my colours to the mast. I wrote this program; it is the best of its kind, and I will even show you exactly why nothing anyone else does is ever going to come close."

          That's a poetic note. Well, I, and hundreds of others, will take *your* code and make it our own. Then, we will sell it and put you out of business. 100 vs. 1.

          "Keeping secrets from me about products I am expected to use is neither tenable nor justifiable..."

          Ok, then tell your car company that they should give you wiring diagrams, and blueprints, and all their research that went into making *their* product the next time you buy a car. Same goes with everything else you own.

          "It is also unsustainable..."

          This doesn't imply unjustifiable! Again, you are basing your argument on the fact that since programs can be reversed-engineered, you might as well just give up all your secrets anyway.

          In conclusion, you sir are a nutter. I hope you do develop an ultra-efficient, state-of-the-art, "killer app". That way, the whole world can hold you to giving them the source code.

  2. William Boyle
    Thumb Down

    And these guys are supposed to be "security" experts?

    What does it say when a top-tier network security firm gets hacked and their source code is stolen? WTF?! Remind me not to trust Kaspersky's products....

    1. RAMChYLD
      Boffin

      It's not a hack

      It's an employee with a moral problem copying the code and releasing it onto the Internet. A PEBCAK issue if you ask me. If you want to pin the blame on someone, I'd say blame Kaspersky's HR department for hiring that shady dude in the first place.

    2. A handle is required
      FAIL

      Obviously,

      Obviously, you didn't read the article. A corrupt employee stole the code, not a hacker. You can't control a disgruntled or corrupt employee from accessing the code he was originally employed to work with.

    3. Anonymous Coward
      Anonymous Coward

      Hacked?

      "The beta code was originally swiped by a corrupt employee"

      Please show me where it says they were hacked for the source code.

  3. Al_21
    Stop

    Wakey wakey

    *Knock Knock* William, wake up from your dream world and read what the article actually says, not what you want it to say.

    It was a former employee who leaked it, no hacking involved.

    All it takes is one bent employee who shafts the reputation, but its some conciliation the source-code has been made public now so far down the development line rather than in 2008.

This topic is closed for new posts.

Other stories you might like