back to article Please, pleeeease let me ban Kaspersky Lab from US govt PCs – senator

US Senator Jeanne Shaheen (D-NH) simply can't wait to banish Kaspersky Lab's antivirus from American government computers on the grounds it's a security risk. Her plan is to amend the nation's latest National Defense Authorization Act, which is legislation that has to be passed each year to green-light funding and policies for …

  1. Yet Another Anonymous coward Silver badge

    Retaliation

    Perhaps we should ban Microsoft say Russia and China ?

    Oh suddenly we aren't dumping coal / steel / etc ? How nice thank you !

    1. Anonymous Coward
      Anonymous Coward

      Re: Retaliation

      Er, Russia and China have previously threatened to ban Windows, Office, for much the same reason.

      The one piece of code with about the same access to everything as enjoyed by the OS is the installed AV software. It can do anything it likes. You do have to trust it. That means trusting the vendor, and every single developer working for the vendor, any one of whom are in a position to slip a little extra something into the code base.

      That's a pretty big set of people to have to trust entirely. And in Kasperky's case, absolutely none of them has a US government security clearance.

      Paranoia? Perhaps. But then one's government is supposed to be a little bit paranoid.

      1. Anonymous Coward
        Anonymous Coward

        Re: Retaliation

        Good point, I'd forgotten that all Microsoft developers are American citizens living in America and regularly security checked.

        Somehow I'd come to the erroneous opinion that development is often off shored and that 90% of them, even those on US soil, aren't security checked by the government.

        Fortunately we at least don't have to worry about code quality exposing sensitive data.

  2. Kernel

    I wonder ........

    what it's like to live in a country which is constantly in a state of fear?

    1. Anonymous Coward
      Megaphone

      Re: I wonder ........

      The country is not in that state any more than other countries. It's just that the highly-evolved media organisms here thrive on fear.

      Fear! The country is rank with it! You can find its seeds on every corporate news show, and it takes a toll, for sure.

      The news ratings are engendered the same way as retail sales and most attempted legislation: By injecting insecurity into consumers. Insecure people are motivated to do something, anything, to relieve the insecurity. That works well for the ad biz, and the media does it to drive worried eyeballs to their feeds. The pols do it to get votes.

      So forget that 'fear' thing, it's 90% illusion. Any sufficiently advanced culture will be the same way.

      The other 10% is the residual fear we all live with, all the time.

      1. Anonymous Coward
        Anonymous Coward

        Re: I wonder ........

        Sorry mate but the US has a lot more fear than most other countries I've lived in or visited.

        An honourable mention has to go to the UK whose politicians do their best to copy.

      2. Uncle Slacky
        Stop

        Re: I wonder ........

        There aren't many other "civilized" countries where so many people feel the need to go about armed everywhere - I'd say that indicates a high level of internalized fear.

        1. Eddy Ito

          Re: I wonder ........

          The question is whether that fear is justified. In some places it absolutely is as gangs like MS-13 who are thriving with the war on drugs and power drunk police who do what they feel like terrorize the population. At least folk have a slim chance if they shoot back at the gangs that are on the "wrong" side of the thin blue line.

        2. Chemical Bob

          Re: I wonder ........

          "There aren't many other "civilized" countries where so many people feel the need to go about armed everywhere"

          I live here and can tell you that very few people "go about armed everywhere". Very few law abiding folks, that is. Even in the western states. Too many, however, believe all the official nonsense about terrorism.

          1. Anonymous Coward
            Anonymous Coward

            Re: I wonder ........

            Chemical Bob wrote: "I live here and can tell you that very few people "go about armed everywhere". Very few law abiding folks, that is."

            That is the thing about conceal carry laws. Concealed means CONCEALED! I don't leave home without one or two weapons on me. Most of my friends are the same way. We do so legally, having been investigated and approved by the state to do so. I go every place I can legally (for example, excluding government offices), and no one knows.

            I am not a threat to you or anyone. I am a nice guy. Because I am carrying deadly force, I have an obligation to retreat and disengage first rather than present a weapon. I must de-escalate every situation in any way possible. Any action on my part that makes the situation worse makes me legally liable for the outcome. Only when faced with death or bodily injury to myself or another, and when there is no other option, then I am permitted to take action in defense of life.

            If I have to explain why this is posted anonymously, then you don't understand what I have written.

            1. Chemical Bob

              Re: I wonder ........

              What you posted does not contradict what I wrote - *very few* law abiding citizens carry weapons with them all the time. Concealed carry stats that I could find indicate that it might be around 5% in the whole country. Florida is the clear outlier with over one million permits, but in Florida you need a concealed carry permit if you carry more than 2 oz. of pepper spray.

              Whether you are a nice guy or not isn't the issue, nor are the legal obligations you are under. The plain fact is that around 95% of the people in this supposedly gun-crazed country feel no need to pack a weapon.

              1. Anonymous Coward
                Anonymous Coward

                Re: I wonder ........

                "The plain fact is that around 95% of the people in this supposedly gun-crazed country feel no need to pack a weapon."

                The most scary thing is that you genuinely seem think that your underestimation of 5% people packing a weapon is somehow normal and acceptable.

                That would mean at least one person with a gun near me during my daily commutes, or several of my colleagues.

                From my viewpoint, that number means it is a gun-crazy country, your internalization of what constitute gun-normalcy confirms it, and I do not want that to happen here.

                1. Chemical Bob

                  Re: I wonder ........

                  The previous AC's self-characterization seems to be the norm for folks with concealed carry permits - sane, rational, law abiding people who are expressly prohibited from drawing their weapons unless there is no other choice. That 5% of the population is not something to worry about, one is far more likely to get shot by a cop around here. Go to youtube and look up the Philando Castile shooting, that cop had his gun drawn and was practically shitting his pants before he shot the guy.

      3. Naselus

        Re: I wonder ........

        Sorry John, this has been extensively polled and Americans are indeed much more fearful than other advanced countries. You have been for a very long time, too; it's not a new thing.

        You're half-right, though - the media very much works to heighten the sense of fear in the country in an effort to increase ratings (as do most politicians, particularly Republicans). You just immediately contradicted yourself by accurately pointing this out and then saying that the country is no more fearful than any other 'advanced culture'.

        1. Anonymous Coward
          Anonymous Coward

          Re: I wonder ........

          > "Sorry John, this has been extensively polled and Americans are indeed much more fearful than other advanced countries."

          Polled? Seriously? I suggested most of the fear is an illusion, and I'll further suggest that most of the polls are too, these days. In fact, it is the polls themselves that are one of the main tools the media uses to engender fear.

      4. Alistair
        Windows

        Re: I wonder ........

        Oddly enough Big John, I agree.

        So long as we remove the 1st, 4th and 5th elements of your statement.

        I've relatives down there. You and they may be among the 10% that have realised that the media fear mongering is just that - but sadly, far, far, far too many eat, breathe, drink, live and excrete that fear. It is why you have so many divisions in your population, and why so many of them are so violently opposed to the other groups.

        And you, despite being radicalised, are clearly capable of knowing this, and that it will be the destruction of your country.

  3. Anonymous Coward
    Anonymous Coward

    This woman is serious unhinged. I read through her other articles, and I would be calling a mental health professional.

    There goes thinking that the Trump was the nuttiest thing in Washington.

    1. shawnfromnh

      Unfortunately this dumb ass bitch is from my state and I'd like to say "I'm sorry" and that all of us from NH are not this retarded. She should also ban hardware made in China since they could actually design backdoors into technology, this is why technically unaware people should not have a say in anything tech related like this.

      1. Mark 85 Silver badge

        She's just the tip of the iceberg in CongressLand. Maybe it's time to re-read the Constitution, the Declaration of Independence and writings by the founders. Then again, for many such as the Millennials and many CongressCritters and some among the higher level offices and staff, I'm sure the contents would be a surprise.

        1. Diogenes

          Sortition anyone ? anyone ?

        2. Pompous Git Silver badge

          "She's just the tip tit of the iceberg in CongressLand."
          FTFY...

        3. iron Silver badge

          @Mark 85

          For many of the groups you mentioned, them being able to read would be a surprise!

  4. Pompous Git Silver badge

    I would have thought...

    The NSA was a greater security risk than Kaspersky.

    1. Ole Juul

      Re: I would have thought...

      I'm tempted to agree with you, but actually I think fear is the biggest security risk.

  5. Anonymous Coward
    Anonymous Coward

    Surprised?

    At the defense/government level you can't really trust any software from foreign powers. You would be naïve to blindly use any software from US, Russia or China. It's, for example, time EU invests to cit many ties it has with foreign suppliers.

    For the matter Kaspersky and other software has been banned from my company has well. The fact it would need to bend to any FSB request is clear, just like MS would bend to NSA.

    1. Ken Hagan Gold badge

      Re: Surprised?

      Out of interest, have you banned RAR files as well?

      1. Anonymous Coward
        Anonymous Coward

        Re: Surprised?

        RAR (and others) are not approved archive formats here.

    2. John Smith 19 Gold badge
      WTF?

      " Russian law,..software biz has a responsibility..aid its..country's internal security agencies "

      Whereas in the US it's called "THE PATRIOT Act"

      And that's still very much in force.

      Pot, meet kettle.

  6. Potemkine! Silver badge

    Protectionism

    So Mr. Kaspersky was in a KGB school during the 80s? It merely shows how brilliant this guy is.

    I see no real argument in her NYT article to justify her case. Instead of a security risk, I rather see this ban attempt as a way to destroy an IT leader who is not American.

    1. Chris G Silver badge

      Re: Protectionism

      Anyone know if she has connections/shares/relatives with any US based AV?

  7. Suricou Raven

    Makes some sense

    There is no evidence that Kaspersky has ever been manipulated by the Russian government for espionage purposes, but they could do it if they wanted to. It's possible that in five years relations between the countries might have deteriorated to the point that happens. Security means seeing potential threats, not just countering those that exist.

    For exactly the same reason, I'd expect the Russian government to do all they can to minimise dependence upon software developed by American companies. There's no evidence that the NSA has ever used Windows Update to distribute malware, but they could probably do that if the need was great enough - just a matter of turning up to Microsoft HQ with a USB stick and a 'if you breathe a word of this then you'll never see daylight again' form.

    1. Version 1.0 Silver badge

      Re: Makes some sense

      If I was a government with influence over a company controlling AV software (whether Russian or American) and I wanted to install spy software then I'd just ask the company to ignore my software for a few days while I installed it on the targets.

    2. trisul

      Re: Makes some sense

      There is a message from Kaspersky management that they are working on a secret project with the FSB. That same organisation is waging cyberwar against us. What more do you need?

    3. Kernel

      Re: Makes some sense

      "There's no evidence that the NSA has ever used Windows Update to distribute malware, "

      Windows 10?

      There's no shortage of evidence that the NSA has encouraged the distribution of malware by hiding information about vulnerabilities they've found.

  8. Ken Hagan Gold badge

    Taken to its logical conclusion

    Well if all governments insisted that their IT is entirely trustworthy, they'd all insist on using software and hardware that is either designed and fabricated within their own borders or entirely open source. So Europe is going to have to build some fabs and just about everyone is going to have to start using a flavour of 'nix. (Even the US can't trust Windows as long as there are closed source device drivers and admin-level software involved.)

    But try telling that to a typical politician and they just come up with a half-hearted response like this. She should grow a back-bone and insist on a fully trusted platform.

    (I'd add a penguin icon, but I don't want to offend the BSD fans.)

    1. Eddy Ito

      Re: Taken to its logical conclusion

      And that's just it. Kaspersky has offered the US gov't the source code so it's not like there could be anything hiding. No, Shaheen is just kettle clanging for the media because she feels Hassan has been too uppity lately and stealing all the limelight by hanging out with Bernie Sanders and Elizabeth Warren.

      1. Wulfhaven

        Re: Taken to its logical conclusion

        It's quite easy to have one set of source code for showing everyone, and a different, or augmented set of source code with hidden nasties that is actually used to build the distributed software.

        There are even examples of compiler attacks that make it possible to add the nasties during compilation of perfectly nice source code.

        Being given access to source code tells you fuck all about the presence of nasties in the compiled product that the source is supposedly used to build.

        1. John Smith 19 Gold badge
          Unhappy

          "access to source code tells you fuck all about the presence of nasties in the compiled "

          Only partly true.

          If you can compare a copy of the source compiled with exactly the same tool chain (note that word exactly) and a file comparison comes up the same as a bought copy you've a reasonable chance you're looking at the code that created it.

          I know about the "rogue compiler" that Ritchie pointed out. I'd suggest a differential compilation to spot any large gobs of code that is only inserted by the tool chain compiler.

          IRL At some point you have to start trusting that people are acting in good faith.

  9. David Roberts

    Just standard politics

    Blame foreigners for something nebulous and possibly untrue and raise your profile.

    Think Jim Hacker and the Euro Sausage.

    1. Anonymous Coward
      Anonymous Coward

      Jim Hacker and the Euro Sausage

      Did they once open for L. Ron Hubbard and the Diuretics? I think it was at a gig in Hampton.

  10. Tim Worstal

    Personally I'd have a look through her campaign funding to see which anti-virus company is paying for this.

    1. John Smith 19 Gold badge
      Unhappy

      "Personally I'd have a look through her campaign funding to see which AV company is paying"

      Definitely.

      This much grief doesn't come for free.

  11. Jonathon Green

    I like Americans. They're funny...

  12. adam payne

    "The Senate Armed Services Committee in June adopted my measure to prohibit the Department of Defense from using Kaspersky Lab software, to limit fallout from what I fear is already a huge breach of national security data."

    Without any evidence of any wrongdoing it just makes this look like political games.

  13. FuzzyWuzzys
    Facepalm

    Welcome back McCarthyism!

    "We ain't having no godamn pinko, red "melon farmers" under the bed!!

  14. trisul

    She is right

    Russia is fact waging cyberwar on us, and Kaspersky works on secret projects with the intelligence services that are waging that war. The latest Kaspersky product is an "infrastructure OS" that they want us to install in all of our infrastructure that the Kremlin would like to bring down in the event of a conflict.

    Now, how stupid need one be to allow such as thing? And why is this rag advocating opening all the doors to an enemy attack? Bizarre.

    1. strum

      Re: She is right

      >Kaspersky works on secret projects with the intelligence services

      If they're secret projects, how the fuck do you know about them?

    2. DryBones

      Re: She is right

      Hi! You're currently tripping my Bullshit Meter (tm).

      Cite sources or be ridiculed.

      Random blogs, Breitbart, InfoWars, etc are an instant fail.

      "Because Russia!" is an instant fail.

      Gun control, abortion, and now Russia, politicians need to pipe down about things for which they have no understanding. If DC fell silent as a result, nothing of value would be lost.

    3. Alistair
      Coat

      Re: She is right

      Trisul:

      There are rather a lot of tinfoil hatters about these threads. I'm afraid however that you're in the class of faraday hat wearers. Russia at this point, and China, Japan, India and the rest, have collectively decided its time to sit back, pop some corn and watch the implosion. There will need be no effort by any external entity to cause it. Over the last 40 or so years the USA has armed it's own self destruct devices.

  15. Anonymous Coward
    Anonymous Coward

    Follow the money

    I wonder which antivirus company has offices in her district?

    Or has made donations to her re-election campaign.

  16. Anonymous Coward
    Anonymous Coward

    democrap

    Shaheen is the senator in my state also (Hi Shawn - we don't' know each other).

    This bitch jumps on the band wagon of anything that she thinks will make her look good.

    She has no clue as to tech other than it's magic to her.

    The reason the FBI/CIA/NSA doesn't like Kaspersky is that they outed their hacking tools.

    Maybe she want's a US AV company to protect her interest? - well guess what, there isn't a US AV company in the top 5, and US companies are FAR more likely to allow backdoors than Kaspersky.

    Shaheen - you are a ego trip, helo flying to avoid traffic at tax payer expense cunt that is a leach on NewHampshire. You should have been banned from politics for your arrogant ways.

  17. slack
    Holmes

    A politician says something stupid and possibly xenophobic to burnish their credentials with the hometown rubes and grab some attention?

    Fetch my fainting couch....

  18. Anonymous Coward
    Anonymous Coward

    Offering up source code for review

    What's the point of such an offer, given that all AV software is designed specifically to allow for updates to be automatically installed. Unless you get the source code of every update and have someone check it out before approving the update and allowing it to be installed, the software could be completely innocuous until one day an update it delivered that isn't.

    No different than Microsoft delivering source code for Windows to China. Unless they give them the source code for every KB* update that comes along, and China inspects it before applying, they might as well not even look at the source code in the first place because they couldn't be assured that the NSA spy package wasn't delivered in an innocuous update that claims to fix an obscure SMB bug.

  19. RareToy

    I love my Kaspersky protection. It works great for me and I haven't had any problems. I trust them more than I trust my own government.

  20. Paul Hovnanian Silver badge

    I would hope ...

    ... that the illustrious guardians of our government data (the NSA) would have some way of testing/vetting software allowed to be installed within security perimeters. Software (without the source code) is pretty much a black box. And there's no telling what might be going on in its innards whether it was written by Kaspersky or Microsoft. You've got to put it in a 'clean room' and watch it for a while. And then you've got to watch your perimeters once it has been installed for suspicious activity.

    Personally, I'd worry more about trojans installed by Boeing, Lockheed and the like to get the jump on defense department bidding information.

  21. tommy_qwerty

    This coming from the country...

    that's been putting backdoors in its OSs and possibly processors 20 years now. The whole Russia affair is a case study in projection.

    1. onebignerd

      Re: This coming from the country...

      So True! As when Russia invaded Ukraine, the U.S was condemned them for invading a sovereign country. Ignoring the fact we have done it with Iraq and Afghanistan.

      1. Pompous Git Silver badge

        Re: This coming from the country...

        "the U.S was condemned them for invading a sovereign country. Ignoring the fact we have done it with Iraq and Afghanistan."
        And the rest!

        1950 North Korea

        1961 Cuba

        1965 Dominican Republic

        1983 Grenada

        1989 Panama

        1994 Haiti

        Every ten* years or so, the United States needs to pick up some small crappy little country and throw it against the wall, just to show the world we mean business.

        - Michael Ledeen, holder of the Freedom Chair at the American Enterprise Institute

        * More like 8 years!

  22. onebignerd

    Fear mongering

    Why don't they take Kaspersky up on examining the code? Yes, Kaspersky could sneak code in later, but I seriously doubt they would risk their reputation and markets by slipping in spyware. They would be poison world-wide and out of business if they got caught doing that. The NSA might be able to see how to hack them like they do with the other security A/V suites. As Kaspersky is one they (NSA) can't hack, as of the Snowden leaks.

    It's a lot of fear mongering by the Congress and the Media. Once the U.S, Russia and all countries, learn, understand and respect the cultural differences, there will never be any trust. We are all human, just trying to live, work, raise a family...etc with different beliefs, philosophies, cultures, languages, backgrounds.

  23. Gnosis_Carmot
    WTF?

    MUH WUSSIA!!!

    Sen McCarthy looks on and smiles.....

  24. JJKing
    Holmes

    Re: I wonder........

    I am not a threat to you or anyone. I am a nice guy.

    I'm sure all the nice guys like the Cray brothers, Bonnie & Clyde and John Gotti have said the same thing. Just like I can say on Tinder that I an 6' 2", 190lbs, athletic build, a stud in bed and because I have typed it then it must be true.

  25. Bc7373

    For me it looks like the revenge of Israel and USA for Stuxnet detection

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022