Swiss antivirus is like Swiss cheese
too many holes
It has been a busy few days for beleaguered antivirus-flinger Kaspersky Lab. Today's confirmation of an infrastructure move to Switzerland comes hot on the heels of a comment from the Netherlands government that use of the Russian firm's software is a bit risky. Kaspersky is moving a number of its core processes from Russia to …
...our cheese is not all Emmental nor full of holes! Tut tut tut, ignorant Brexiters and Anglo Saxons ;-)
As for Kaspersky, well, the jury is still out, but relocating them here has got to be a good thing for transparency and oversight. I could see them registering as a de facto Swiss company and get the benefits of efficient low taxes as well as a stable banking system.
They might even completely de-couple from Russia, regretable, although perhaps the only way to ensure their survival in the current somewhat Russophobic environment. Smart move Eugeny.
The could rename themselves too, not so much that they lose the original brand benefit, but show some evolution, e.g. Kasperhorn, KasperEiger, that kind of thing...
You people are so naive! Not actually understanding any aspect of security, business and Russia government FSB/KGB. First of all, The Lab is not moving its headquarters from Russia nor sw development. Kaspersky himself has been educated at KGB academy while not field operations but computer security. He had and has connections in FSB. Moreover - personal friends. Do you think having data center in Swiss will prevent from silently dumping user data to RF FSB? Until Putin = FSB couple exists do not even think of using ANY computer product Made In RF. Read more about USSR and then Russia activities to spread their ideology and influence around the globe. And think about if you can trust Lenovo notebooks with China made firmware. Same stuff as Kaspersky.
Agreed - I really don't see why anyone would feel better about this software simply because the geographic location of the tin it's being compiled on has changed. As far as the software audit goes, I suppose the jury is out, but honestly, are they going to validate it on a daily basis such that they can authoritatively say that distributed binaries truly contain only the code validated? Honestly, Kaspersky are in a bit of a bind here, and I'm really not sure if there's a clear way out.
Its a shame, as Kaspersky and others point out their sheer proximity to Russia is harming their worldwide business.
I'd shut up shop and rebrand later once the heat dies down, but this'll still cost people their jobs either way.
Though on the brightside they could be market leaders in Russia as its likely the worldwide xenophobia will boost sales inhouse.
Kaspersky is moving a number of its core processes from Russia to Switzerland as part of its "Global Transparency Initiative" (aka "Please stop being horrid about our Russian connections").
Russian parliament just voted for the counter-sanctions in first reading. If the law is unchanged it will become effectively impossible to do any closed software business which involves Russia and USA (and probably Russia and NATO countries). The other items which will be on the prohibition list will be most agricultural goods (both raw and processed).
Moving to neutral countries is more about this than anything else.
then I would say, that for me, it doesn't matter where they move to since they are no better than their competition.
Ultimately, if you are running "Windows" then there is no security and spending yet more money in the vain hope of reversing what is implicit in the OS and hardware is just throwing yet more money after bad.
No antivirus is 100% effective since each must wait until malware is noticed (if ever) before any preventative measure may be taken. MS and the AV vendors have for years been making money from false security promises and any comfort can only be had by those ignorant of the reality that the windows/x86 platform is inherently flawed.
The recent attack on Kaspersky from the US government is ofc unreasonable but since all AV companies are complicit in the continuing PC security lie then it makes it hard for me to see Kaspersky in the role of "innocent party".
Kaspersky could have taken the decision to finally put their customers first and stop ignoring state malware but instead they are attempting to paint themselves a different colour in the hope that they will be less visible to the agencies who have rallied against them.
This move is as stupid and ineffective as the concept of third party AV but then again they have been making money out it for years so why change course now.
What an interesting post, with many many wonderful nuggets of chicken. I really do enjoy your solution to virii, the well trusted "don't use any, it's ineffective!", wise and sage words for any person who wants to protect their <insert OS here> from <insert miscreant or government agency here>. I shall naturally follow your post and stick to my first party AV, Windows Defender (which is from a 3rd party which MS purchased, but we'll ignore that).
Actually, I'll stick with Kaspersky, if governments hate you using specific AV software then the most obvious reason (tin foil hat time folks) is that they have no control over that AV company so can't force it to ignore their own state sponsored malware. I've used Kaspersky for years and never been kidnapped by Russian spies trying to get my classified tactics for Football Manager.
I do indeed suggest not using any antivirus at all since they are but a placebo, as an alternative I am suggesting that if the operating system and hardware were not so full of holes then a third third party plaster would be unnecessary.
I would never suggest that anything Microsoft produces is either reliable or secure but given that by now this should be well known then I thought it too obvious to mention.
The fix for malware has always been hardware, operating system, applications, user in that order and since the MS/x86 is flawed at the lowest levels then no amount of sticking plasters is going to fix it.
You may but your trust where you like but ultimately the PC as we know it is broken beyond repair.
"Kaspersky could have taken the decision to finally put their customers first and stop ignoring state malware"
Maybe I mis remember but I thought the whole thing that kicked this all off was Kaspersky catching NSA malware that some contractor wasn't supposed to bring home and automatically uploaded it to their cloud for analysis like they claim they do for pretty much all malware?
At the same time I do find it interesting that while Kaspersky is planning on opening up to outside audits and stuff the exact opposite has been happening in the U.S. security companies I recall an el reg article or two mentioning several companies at least say they will no longer allow other governments to inspect their code(which makes sense as those countries certainly can use the opportunity to find security issues with the code).
To me at the end of the day code inspection doesn't matter unless you're able to make sure the code you inspected is actually the code that is being installed(along with any updates). Also makes sense for any country that is highly concerned about security to use only locally sourced equipment/code which they can better maintain oversight of. Smaller countries are certainly at a disadvantage.
On my own systems anyway anti virus(currently kaspersky on my home windows systems and Sophos on my windows work VM and nothing on my linux systems(linux is my main system)) hasn't picked up anything new since the 90s(that I recall anyway). Obviously I am careful about what I download.
I believe Kaspersky is honest in they are not co-operating with the government, but also find it quite easily likely that there are government agents as employees(that the company isn't aware are agents) at the company that do stuff (I think the same is true for many/most/all big U.S. security companies too).
"To me at the end of the day code inspection doesn't matter unless you're able to make sure the code you inspected is actually the code that is being installed(along with any updates). "
In the Dutch mail they have sent to their customers, they state that the compile process will be verified by an independent organisation.
"Maybe I mis remember but I thought the whole thing that kicked this all off was Kaspersky catching NSA malware that some contractor wasn't supposed to bring home and automatically uploaded it to their cloud for analysis like they claim they do for pretty much all malware?"
My point was that there whilst there was a lot of press, the malware is still are not on their public database nor did Kaspersky say anything publicly until after the US Gov started screaming.
With the US attack, Kaspersky could have just said that no matter the source they would protect their users but instead they chose to remain in cahoots with state cyberwar agencies and screw their customers. Thus whilst they may not be as black as some of their competition they can hardly be seen as being like the virgin snow
This post has been deleted by its author
Lack of trust is worrying... Kaspersky got caught phoning home too many times / generally lacking transparency... But hey, AVG / Avast now routinely scrape and monetize user data. So how do the other AV vendors stack up? Plus, what about STANDALONE *** Virus-Removal-Tools *** such as this:
Basically who do you trust... Will the spotlight on Kaspersky bring extra scrutiny and actually make them more transparent? Anyone remember Vizio's Smart-TV Spying Crimes. Where are they now? This doesn't inspire confidence.... Further down the sewage pipe, but with more legal cover:
"Although Samsung has the highest smart-TV penetration, Vizio has been the most advertiser-friendly"
I’ll stick with Kaspersky thanks.
After many years’ experience, (and we do/have tested alternatives on a regular basis), with innumerable installations it’s still the best IMHO.
As mentioned in previous posts regarding Kaspersky, I think I’d rather have Kaspersky taking a look (nothing to see here frankly) at the occasional file than any of the alternative, mainly US, offerings.
As an aside, If I hear on the radio, just one more time, about all the horrid things that Kaspersky in particular and the Russkies in general are doing to hack into our PC’s, totally ignoring the Snowden revelations, my friggin head will explode… wake up – we no longer believe ANYTHING we hear on the BBC.
Moving to Switzerland does not necessarily prevent the NSA* installing backdoors into your equipment/software.
It's worth familiarising yourself with the story of Crypto AG
Note that it is quite possible for intelligence agencies to pull this sort of stunt without the willing cooperation or even the knowledge of a company's management.
*Insert intelligence agency initialism of your choice here.
Code reviews mean Fuck all.
The key features of AV software:
1. Generally runs as root process or with authority of user.
2. Reconfigurable from central location
3. Downloadable updates
4. Uploads data to "central servers"
You can have the cleanest code for review, but a 30 second change can pull in all the data you need.
There is an increase in the lack of user control for all modern apps, these fucking companies will just NOT leave it alone.
"GCHQ .. last year effectively banned the use of Russian antivirus products from government departments" because we haven't yet backdoored them. "This is a move in the right direction" cause it'll enthuse the UK public to use our backdoored product and get us a bigger budget.
Which is to say, I may not actually understand whether the networks and servers physically located in Russia are, in fact, vulnerable to the FSB and, ultimately, Putin. It would seem to my age-addled mind that in a state like Russia -- slipping closer to a totalitarian tyranny than perhaps any time since the death of Stalin -- any infrastructure can fairly easily be co-opted by the State for its own dark purposes.
Yes, it's true that the GCHQ in Britain or the CIA in the US are doing things that are illegal, harmful, and bad. So, I gotta ask: if you were offered a choice between the GCHQ as run in Britain or the FSB as run in Russia, which would you choose? If someone said, you can live under the shadow of the CIA, or you can live under the shadow of the FSB, which would you choose?
Point being, I don't believe it's all the same thing. I don't believe that the Western intelligence agencies, for all their shithead behavior, are as dangerous to "freedom" as the Russian agencies. Whatever "freedom" means to you.
I read this news as Yevgeny Kaspersky's tacit admission that as long as his servers, networks, and codebase are physically inside Russia then they are indeed vulnerable to the whims of the FSB and Putin. And I read it also as a quite courageous assertion that black-box code should have no place in security applications. Who watches the watchmen? If it's unaudited code, the watchman can sell or barter info-scrapings, and no-one is likely to catch him.
Finally: yes, of course audits can be cheated, even if "certified" by external agencies. But it's risky. One slip, one bit of code not properly laundered, and someone yells foul. One disaffected employee, and a whistle gets blown. Much safer to take the Microsoft / Apple tack, and stamp it "Proprietary, no peeking".
So. Kudos to Yevgeny. It's a good business move. But also, it betokens a decent understanding of realpolitik, and perhaps more than a nod toward a philosophy of ethical security software.
IMHO, and caveats may apply.
Compare to other antivirus solution, Kaspersky is the rare one who published their research findings. That alone tells the story they are actually doing work being an 'antivirus'. Crap from the news media and junk from government won't change our mind, especially when they were the one who created their enemies in the first place.
Meanwhile, GCHQ offshoot the National Cyber Security Centre, which last year effectively banned the use of Russian antivirus products from government departments
Do UKGBNI government departments use Great British antivirus product? Is there a vendor list for perusal? Or is such a nonsense, with program protection outsourced to other than Russian foreign intelligence organisations although still really alien operating systems nonetheless?
Whatever it might be, is it virtually effective or an expensive exploit laden vulnerability dud?
The problem I have with all this hullaballoo is that other vendors appear to have been given a clear bill of health, and to be honest, if we apply the same distrust to others I would not give the time of day to any AV vendor who hails from the US.
I know Kaspersky had to go in the US. In the current "we should be allowed to spy on anyone we damn well feel like" climate, Kaspersky stood out as the only one who consistently (over its entire existence) refused to whitelist government spyware, and that just would not do. Hence the fake news.
So, time to install Kaspersky again, methinks. Especially now they are about to offer code reviews which, to dat, nobody else is doing - IMHO an extra trust argument.
As a website admin, I see over 99% over the hacking attempts originating from China, this is consistently happening for several years. It has gone so far that they don't even try to hide the fact their IP address is registered on what seem to be government related organizations.
Taking into account the fact China caused losses amounting to trillions in trade and destroyed millions of jobs in Western countries, Industrial Detroit looks worse than Germany after WW2, all due to unfair trade practices, it is beyond comprehension why they are digging the Russian enemy from its grave.
Maybe it is not wise for governments to use Russian software, however the dutch government has no issues using Chinese network gear from ZTE, neither banned the use of Chinese smartphones. In the end it is all political non-sense, since China is the aggressor, not Russia.
It is beyond comprehension why they are digging the Russian enemy from its grave.
Which part of "the trade with China is too big to fail" you cannot comprehend? They CANNOT dig out the Chinese enemy. They try in particular industries (f.e. the current ZTE/Huawei push) where there is still "something" left in the west, but overall there is nothing which can be done.
Compared to that Russia is suitable bogeyman/punching bag including for pretend reasons to crank up military spending.
Seems a little unfair and media hype, when you also have Veeam and Acronis as back up companies, why just single out Kaspersky?
A back up company has your valuable data, yet nothing mentioned of these being Russian companies and development all in St Petersburg? Also Parallels came out of SWsoft and still Russian core.... And the list goes on.
Not sure why Kaspersky is the one being singled out, decent product and would rather have AV from dubious country than my backed up data on show for a dubious country? Interesting all the others are pretending not to be Russian now :)
I seem to remember a US government contractor who took classified files home to work on them... and Kaspersky code identified these files, scraped the entire file and uploaded them onto their databases. Then "somehow", these same files made their way to a covert Russian system.
Coincidence?? LOL NOT likely.
So maybe you don't care if Russia steals your game strategies, but many people put a lot of hard work into something and then store this on their private systems. I don't want a lot of the things I work hard on stolen by anyone.
Really.. feel sorry for Kaspersky? What are you, 9 years old? Unable to critically think for yourself, so you buy into anything a false victim says; because we all know... companies never lie.
Kaspersky will be just fine. They don't need NATO governments to make a profit. No brainer here, really.
...and I just love how you empathize with a corporation from a country which does some pretty messed up crap to their own citizens. Your empathy should be more focused on these victims.
Biting the hand that feeds IT © 1998–2020