back to article On Kaspersky’s 'transparency tour' the truth was clear as mud

Attribution is one of infosec's biggest challenges: experts struggle to identify the source of attacks and only do so when they feel the evidence is insurmountable. Yet on Kaspersky Labs' "Transparency Tour" the company has advanced an explanation of its recent woes with no evidence at all. The Tour is an effort to persuade …

  1. TonyJ

    But...

    ...you could say that any software vendor from the OS to applications and AV could be used in the same way.

    I'm not so sure they protest too much. What is clear is that they've butted heads with the likes of the NSA (remember when they exposed the equation group, as documented here on el reg.

    Nor am I convinced that just because they are in Russia, it's easier for the government there to put pressure or infiltrate them. Are we honestly to believe that the USA, UK etc wouldn't/won't/don't do the same kind of thing?

    It's also worth noting that the Polish have a very low opinion of Russia (for very good reasons) so there's certainly an axe to grind there.

    I guess like everyone else, I don't have the answers, just more questions, but I'm still on the fence with regards to them being any more dangerous (or less) than any other company.

    1. Christian Berger

      Well the big difference is...

      ... that as a German, my government probably would protect me from the Russians, but it surely wouldn't protect me from the US. So if I only had to choose between those two options, I'd rather have the Russians have my data.

      Though it's likely that the secret services have a good working relationship with eachother, so my data will end up in everybodies files anyhow.

      1. big_D Silver badge

        Re: Well the big difference is...

        @Christian the German Government won't protect you from themselves! :-D

        The courts have twice told them that the Bundestrojaner is illegal... But they are trying to push through yet another law to allow them to use such technology (I believe Bayern / Bavaria has already "legalised" it, although there is still the opportunity to bring that before the Constitutional Court AFAIK).

      2. Giovani Tapini

        Re: Well the big difference is...

        Well, they probably don't KNOW they have a good working relationship. The FSB and CIA spy on each other all the time, however it is not always given the gloss of the term collaboration though!

    2. big_D Silver badge

      Re: But...

      They got into trouble in Germany as well, because they marked the "Bundestrojaner" (State Trojan, a program used by the BND and police to infiltrate PCs of suspects) as malware, which didn't go down well in political circles.

      1. MonsieurTM

        Re: But...

        *Evil* Kaspersky telling us about trojans! Bad Kaspersky, and thus evil Russians!

    3. mutin

      Re: But...

      Well, two important topics are forgotten:

      - Kaspersky himself had and has friends in FSB. It means he will do what they ask for

      -They did not promise to stop sending information from user computer to Kaspersky data center(s), which where ever it/they is/are or will be will send info in Moscow. Where it will be available to Mr. K FSB friends. The same way they grabbed NSA info from stupid NSA contract facing bars. Running on government computers they will collect confidential info and send it ... I really to not care about my "personal" info. I simply know that "privacy" is good to believe in but does not exist anymore. But I think any government info should not be widely available. Mr K lovers can download and use Kaspersky company software.

      As soon as the company moves its headquarters in EU, and developments as well, and Mr K steps down, the problem will dissolve. But that won't happen simply because they use the company as FSB helper.

      1. MonsieurTM

        Re: But...

        So, you prefer preven US lackies to unproven Russian lackies, eh? Damn glad you are not in power...

  2. DavCrav

    "Are we honestly to believe that the USA, UK etc wouldn't/won't/don't do the same kind of thing?"

    Do I believe that the UK government would murder your family if you say no? No, I really don't.

    Do I believe that the Russian government would murder your family if you said no? Well, they have done on several occasions.

    1. TonyJ

      "...Do I believe that the UK government would murder your family if you say no? No, I really don't..."

      Unfortunately, I do believe that.

      Remember all the questions around Dr Kelly (weapons of mass destruction)?

      Remember the questions about the young MI5 agent found in a sports bag he'd apparently managed to zip up completely from inside?

      I am sure there are others if we look a bit.

      Of course, I am not saying these are in any way proof of such actions, just that there have always been weird, unexplained deaths where question marks hover over them about the possibility of government involvement.

      1. DavCrav

        "Remember all the questions around Dr Kelly (weapons of mass destruction)?

        Remember the questions about the young MI5 agent found in a sports bag he'd apparently managed to zip up completely from inside?"

        Ah, I specifically said 'your family' for a reason, because I knew both of those were going to turn up. I think it's reasonable to say that the Russian government kills more people than the UK government, and is also a lot less squeamish about 'collateral damage'.

        1. John Mangan

          @DavCrav

          "I think it's reasonable to say that the Russian government kills more people than the UK government, and is also a lot less squeamish about 'collateral damage'."

          Citation needed.

          1. Giovani Tapini

            Re: @DavCrav

            @John Mangan

            I refer you to many Spetznatz operations to recover "hostages" with a variety of degrees of success and "collateral damage" where the Americans did not dare attempt. Instances more recently in use of gas in nightclubs or in the past in Beirut.

            Maybe you just have to be old enough...

            1. MonsieurTM

              Re: @DavCrav

              And the US in Nicaragua, Columbia, Mexico, Lybia, Iraq, Iran, Afghanistan, Vietman, Camboldia, Laos, etc, etc? Exactly how many deaths?

        2. Bernard M. Orwell
          FAIL

          "Ah, I specifically said 'your family' for a reason, because I knew both of those were going to turn up"

          You've come to the wrong forum if you're going to lean on semantics for the core of your argument.

        3. Roland6 Silver badge

          "I think it's reasonable to say that the Russian government kills more people than the UK government"

          Whilst it might seem from UK media reports that this might be the case and could be a useful working assumption, I would hesitate in concluding this is the case, until we have better and more reliable data/information sources. Remember we are dealing with a branch of government that does much to stay out of sight and isn't unknown to use it's influence to stop things becoming public.

        4. MonsieurTM

          Really? What about the UK meddling in Afghanistan, Syrian, Libya, etc, etc. How many deaths have occurred there because of UK meddling?

      2. Anonymous Coward
        Anonymous Coward

        "murder your family" vs either Dr Kelly, or the sports bag victim.

        However, I'm not sure that either Dr Kelly or the sports-bag victim could really be considered as evidence for "would murder your *family*", since (a) both were plausible direct targets, and (b) are not easily understood as *the family of* some other target.

        1. Robert Carnegie Silver badge

          Re: "murder your family" vs either Dr Kelly, or the sports bag victim.

          I think the story about Dr Kelly was that his wife would be left without support of his government pension unless he kindly committed suicide. As this is broadly before there were food banks, presumably she/they would then starve to death. HTH, HAND

    2. Anonymous Coward
      Anonymous Coward

      In an authoritarian regime without check and balances is far, far easier to apply pressures that are much harder to enforce in democratic countries - not impossible, but far harder.

      Still, you can have people who will comply without pressure, just out of nationalistic pride. Who would trust products from a Thiel company?

    3. anonymous boring coward Silver badge

      The UK government has sent UK citizens to, for them, foreign countries on the basis of having, apparently, insufficient documentation (technicalities, in other words). They detain thousands of people on vague grounds. The government is in the process of destroying the economy in the interest of a few tax dodgers and their useful idiot xenophobe friends. The government has sent people to die abroad on missions with extremely vague objectives.

      I can see them doing quite a lot to get their own way.

    4. Eddy Ito

      It's an odd question since I think any government would murder my family and myself without hesitation if they thought it would benefit them. It's likely that the only reason they haven't is because the cost:benefit ratio doesn't work in their favor. Likewise I don't see any cost:benefit working against Kaspersky.

    5. Adam 52 Silver badge

      "Do I believe that the UK government would murder your family if you say no? No, I really don't."

      I think it unlikely but not impossible. Blackmail is more the UK government's style. Would they plant child porn - absolutely.

  3. Detective Emil

    " … it won’t be long before Kaspersky is recognised as an Uber-style disruptor …"

    And this is good?

    1. big_D Silver badge

      Re: " … it won’t be long before Kaspersky is recognised as an Uber-style disruptor …"

      I don't think Kaspersky want to be tainted with that brush, they have enough problems as it is!

  4. smalldot

    Can we see the original evidence first?

    Where is the evidence that Kaspersky products are in any way more harmful than competing AV products?

    I have understood that AV programs are risky because they 1) constantly download updates from the internet, 2) accept any type of code or binary input to scan, and 3) attempt to decode or uncompress the input binary or even run it in a sandbox to see how it behaves. It's not difficult to believe that a serious attacker could try to use the AV product to attack company networks.

    But why would any AV company knowingly co-operate with government spies? That would be commercial suicide. Their whole business is based on trust. All the US has to do is to publish evidence on Kaspersky working with Russian spies, and the whole world will instantly uninstall Kaspersky AV. Or is it perhaps so, that soon we will learn about another NSA tool that uses Kaspersky AV to infect target machines?

    1. lglethal Silver badge
      Go

      Re: Can we see the original evidence first?

      "That would be commercial suicide."

      And refusing to co-operate with the government is likely to see you either in prison (various embezzelment, corruption or conspiracy charges) or worse.

      I'm not just talking Russia here, any regime where the government has complete control of the courts and the media - China, Vietnam, etc. - all make it incredibly dangerous to say No when the government comes knocking. I'm sure in places like the UK, US, etc it is also difficult to say No to the men in black suits. But there's a difference between something being difficult and something being dangerous...

      1. Anonymous Coward
        Anonymous Coward

        Re: Can we see the original evidence first?

        Isn't every major AV vendor except Kaspersky under suspicion of collusion with the United States government?

        Any AV software is most certainly a potential threat. Proprietary code, automatic updates, god-mode access. If you really want to secure a computer, you don't simply "add security", you remove non-essential components and lock down potential attack vectors. And if you're that concerned about security, you shouldn't even be using a computer.

        It's long past time for the US Government, in particular, to reckon with that.

      2. MonsieurTM

        Re: Can we see the original evidence first?

        Ever heard of D-notices & the Official Secrets Act, mate? These are UK inventions. That make it dangerous in as far as going to jail is dangerous.

    2. Roland6 Silver badge

      Re: Can we see the original evidence first?

      Or is it perhaps so, that soon we will learn about another NSA tool that uses Kaspersky AV to infect target machines?

      Not sure of your logic here, personally, I expect we will be hearing about another NSA tool from Kaspersky: some US government employee decided their work machine was running a little slow whilst working from home, so downloaded the Kaspersky scanner which uploaded the unknown executables for inspection...

    3. Christian Berger

      There is no evidence...

      ... that's the whole point. All AV products have a theoretical benefit at best, far outweight by the many actual practical problems with them.

      It's simply not wise politcially to demand or present evidence, because then you'd be forced to act logically and would therefore have to publicly declare your goals.

  5. sitta_europea Silver badge

    Why is nobody even asking why anti-virus products like Kaspersky's are so popular?

    The single biggest contributor, by a very long way, to insecurity in IT is an American company called Microsoft.

    So isn't it time to drop Microsoft products too?

    Surely it must be obvious that the whole Kaspersky issue is an irrelevant sideshow which can do nothing but distract attention from the real issues.

  6. Anonymous Coward
    Terminator

    CIA wrote code to impersonate Kaspersky Lab?

    "WikiLeaks says it has published the source code for the CIA hacking tool ‘Hive,’ which indicates that the agency-operated malware could mask itself under fake certificates and impersonate public companies, namely Russian cybersecurity firm Kaspersky Lab."

    Kaspersky is possibly the only AV company not compromised by the NSA, remember AV software gets to run on all the computers on the planet, as root and report back to the mother-ship. Every-time you update you don't know what it's really doing.

    @smalldot "why would any AV company knowingly co-operate with government spies?"

    Well, the AV companies wouldn't knowingly co-operate, that's why they're called spies and since the end of the cold war, rather than engaging in mutual spying, the various state security apparatus currently engage in mostly exfiltrating industrial secrets from companies for monetary gain.

    1. Alan Brown Silver badge

      Re: CIA wrote code to impersonate Kaspersky Lab?

      "since the end of the cold war, rather than engaging in mutual spying, the various state security apparatus currently engage in mostly exfiltrating industrial secrets from companies for monetary gain."

      That's mostly what they were doing before the end of the Cold War too.

      The USA is one of the worst offenders, particularly with any technology that might possibly threaten their hegemony - a "kill it in the crib" approach is clear in a number of cases. (such as, say jet fighters - see TSR2, etc)

  7. Michael H.F. Wilkinson
    Coat

    "Please do not let me detain you"

    The problem with the word "transparency" is that it immediately reminds me Lord Vetinari, who often claims his motives are completely transparent, which in his case most likely means you cannot see them at all.

    I'll get me coat. The one with "Going Postal" in the pocket

    1. lglethal Silver badge
      Go

      Re: "Please do not let me detain you"

      "Ankh-Morpork had dallied with many forms of government and had ended up with that form of democracy known as One Man, One Vote. The Patrician was the Man; he had the Vote."

  8. Alister

    ...doth protest too much

    I sense a shift in editorial stance on this, and I wonder why.

    If governments want to claim that Kaspersky is a security risk, perhaps they'd like to offer some evidence of this.

    Why would El Reg ask Kaspersky for evidence that the US is persecuting them? It's quite obvious that the drive to demonize Kaspersky started ever since Kaspersky's Antivirus identified malicious software on an NSA staffer's machine in 2014.

    1. MiguelC Silver badge

      Thatl probably won't do them any good, even if public opinion is in their favour governments aren't likely to cede in such a matter (either if it's being done for security reasons or just as punishment), but protesting is really the only thing they can do for now (as their court actions have all been rejected because of... reasons...)

    2. Anonymous Coward
      Anonymous Coward

      "perhaps they'd like to offer some evidence of this."

      If evidences may put sources at risk, you may want to avoid that. Even journos will not reveal their sources if they believe there's an actual risk.

      1. Alister

        Re: "perhaps they'd like to offer some evidence of this."

        If evidences may put sources at risk, you may want to avoid that.

        So that means then, that governments, or journalists, are free to publicly accuse an individual or company of malfeasance without presenting any evidence to support those accusations.

        This is surely not how it should be?

        1. Anonymous Coward
          Anonymous Coward

          "This is surely not how it should be?"

          But it's what happens. Have media evidences, for example, that Ivanka Trump is obtaining copyrights in China just because of hidden deals between her family abusing of presidential powers and the China government?

          Still, strong suspicions are published, and if anyone has sources within the Chinese government wouldn't be so fool to expose them.

          Evidences are conditions sine qua non for a trial and sentence - but did you never act on a strong suspicion, with just some corroborating info?

        2. Destroy All Monsters Silver badge

          Re: "perhaps they'd like to offer some evidence of this."

          If evidencesnot writing what's on the handout may put sourcesaccess to "inside sources" at risk, you may want to avoid that.

          FTFY

      2. Adam 52 Silver badge

        Re: "perhaps they'd like to offer some evidence of this."

        "Even journos will not reveal their sources if they believe there's an actual risk."

        You just cling onto that happy fantasy!

        1. Anonymous Coward
          Anonymous Coward

          Re: "perhaps they'd like to offer some evidence of this."

          > You just cling onto that happy fantasy!

          Depends on the journo. More specifically on their integrity and how good they are at protecting your information. Some are extremely good, others utterly incompetent.

          While thankfully I have never personally dealt with journalists of questionable integrity, they abound.

  9. John Mangan

    I find the under-lying assumptions quite surprising.

    Maybe I'm mis-reading it but there seems to be a presumption that "of course a Russian company will act as a trojan for it's government'' (which I'm not arguing for or against) but "that would never happen in the West" (which I do have an issue with).

    There is clear evidence that Russia likes to interfere and, like any developed nation, engages in shady practices to protects its interests.

    But there is even clearer evidence (Snowden) that the West, e.g. including but not limited to U.S. and Britain, do exactly the same. Both countries employ gagging orders so you can't even talk about being approached by said shady agencies.

    I'm not 'for' these activities and I'm not 'for' Russia but I am 'against' the apparent editorial assumptions which seem to be without basis.

  10. Anonymous Coward
    Anonymous Coward

    So, I have a choice...

    So Kaspersky treats spyware from US crooks the same as UK ones. They treat them the same as from the rest of Europe and the rest of the planet. That is what I want. They are not subject to the NSA or any other criminals. This is good.

    I am happy that they block the US nasties. The NSA is not there for my protection. I don't think it it is there for the protection of US citizens either but that's not my problem. Russian spooks may not have much interest in me. US ones probably don't either but they are controlled by the US government who, in turn, is controlled by US corporates. I am more troubled about them.

  11. HmmmYes

    Frankly, Id be happier burning the whole lot - Windows + AV.

    Stinking, multi layered piles of shit.

  12. PyLETS

    The only security relevant code with transparency

    This has to be open source and has to be developed in the open, and with reproducible build capabilities * so that anyone interested can verify it or collaborate with any number of interested others to share and discuss the verification of it. Anti-virus on closed platforms has to operate with root and kernel level access due to its very nature. Having a consortium of universities or an audit "partner" able to inspect code based on vendor criteria in the forum offered and managed by the vendor doesn't guarantee that the urgent update you need to defend against a recent and critical threat has been independently verified.

    * for why reproducible builds are required see: https://reproducible-builds.org/

  13. Jason Bloomberg Silver badge

    They hate us and want to kill us

    "The "America wants to destroy us" argument was delivered with broad brush strokes, but zero evidence".

    That America and others in the west demonise and seek to ban them without producing credible evidence for doing so suggests to me Kaspersky are correct in their assessment.

  14. adam payne

    The "America wants to destroy us" argument was delivered with broad brush strokes, but zero evidence.

    The US have presented zero evidence as well.

  15. Milton

    Stable door

    The horse of software paranoia fled from its stable already, and short of some kind of generally and internationally accepted standard of proof for "verifiability of benevolence" for software, the door cannot be shut.

    For at least several years now, certain types of employee for certain types of organisation have taken only disposable electronic devices (phones, tablets, laptops) into China because those devices would be destroyed upon return, before being allowed anywhere near a network. For a similar period, organisations aware of serious security needs have avoided installing stuff with a Chinese component or software.

    We all know why. It is incredibly easy to propagate malcious wares, and this is an ideal asymmetric intel/warfare route for many hostile or even "friendly" countires. It's relatively cheap, readily deniable and perfect for skulduggery.

    The Russian government's increasingly perilous use of malware, spyware and the rest is hardly a secret. It makes perfect sense to be as wary of Russian stuff as it does Chinese. Then you can include North Korea, and from there build a long list of suspects.

    In truth, only a fool assumes that the Americans, especially under Trump, don't steal everything hand over fist too, potentially with the complicity of NSA. There will be people in every major government on Earth saying "We'd be dumb not to steal everything we can reach". If Russia had e-voting, open speech and anything resembling a functioning democracy, do you seriously think the USA wouldn't have tried to thumb the scales a bit, if it thought it could get away with it?

    My point being realism (no, it is not cynicism, I'm sorry to say) and the fact that no country with a scrap of sense should put trust in the bits and bytes emerging from any other country—arguably, including allies. (Britain, with its laughable "special relationship", was f**ked over by the US at least as frequently, and arguably more effectively, as it was by the Soviets since WW2, something that surprises most ordinary people.)

    So I think Kaspersky are wasting their time. Countries will become increasingly careful about using only closely-monitored home-grown hard- and software, the market for carefully verified technology exchange between alliances will only grow, and we can already see the logical endpoint, where the World Wide Web is gradually fragmented by Great Firewalls, Broad Filters and Deep Inspections, into a patchwork of ever more controlled, censored and monitored national internet implementations.

    This battle is already lost.

    1. 2Nick3

      Re: Stable door

      "In truth, only a fool assumes that the Americans, especially under Trump, don't steal everything hand over fist too, potentially with the complicity of NSA."

      If this is indeed happening (yeah it is...) I have serious doubts it changed under Trump. Why, if the organizations gathering data are doing so under their own direction, do they care who is in the Oval Office? Does anyone think the NSA, FBI, CIA, etc, say "Oh, we have a Democrat for President, let's stop the data gathering!"?

      I don't think anyone is THAT partisan.

  16. Aodhhan

    Seriously?

    Kaspersky, I think thou dost protest too much!

    Yes, all governments are self-serving... loathing SOBs; however,

    if you don't understand the difference between a freely elected government and a government ran by a pseudo-dictatorship which invades a peaceful nation and runs hundreds of thousands of people out of their home at gunpoint.. then I believe you have a lot of research and self-reflection to do.

    For anyone to back the Russian government about anything is just ridiculous. It also means you don't have any regard for human rights.

    It's amazing how people will hang on to conspiracy theories about MI6, CIA, NSA and believe Russia is okay. How stupid can anyone get? I suggest you open your mind a bit, think critically, and talk to people from Russia and surrounding countries. You will be in for a mind blowing reality check.

    1. TonyJ

      Re: Seriously?

      "...For anyone to back the Russian government about anything is just ridiculous. It also means you don't have any regard for human rights.

      It's amazing how people will hang on to conspiracy theories about MI6, CIA, NSA and believe Russia is okay. How stupid can anyone get?..."

      Where has anyone stuck up for Russia and/or said they behave ok in comparison to other nation states?

      What people are saying is that other governments don't always behave in ways that are either transparent or necessarily benevolent beyond serving their own needs and whilst it may be more prevalent, and even easier, to do and get away with in Russia, it's not solely them that misbehave.

      You only have to read the information that Snowden leaked, or even look at the laws being passed in the UK that make snooping the norm to see our own governments' treatment of their own citizens.

      People have also, quite rightly, asked the question of where's the proof that Kaspersky have done anything wrong?

    2. Destroy All Monsters Silver badge
      Facepalm

      Re: Seriously?

      if you don't understand the difference between a freely elected government and a government ran by a pseudo-dictatorship which invades a peaceful nation and runs hundreds of thousands of people out of their home at gunpoint.. then I believe you have a lot of research and self-reflection to do.

      Meanwhile, Afghanistan was flattened and is a festering wound, then Iraq was flattened and is a festering wound, then Lybia was flattened and is a festering wound and our good terrorists blew up Syria, which was then flattened and is a festering wound half-occupied by the US in total contravention of international law, camping on bodies, now they are coming for Iran.

      Maybe the self-reflection should start at home?

      For anyone to back the Russian government about anything is just ridiculous. It also means you don't have any regard for human rights.

      And a F.U. for you, too.

    3. anonymous boring coward Silver badge

      Re: Seriously?

      "a government ran by a pseudo-dictatorship which invades a peaceful nation and runs hundreds of thousands of people out of their home at gunpoint."

      Now you are slightly harsh about the UK government. But only slightly.

    4. Kabukiwookie

      Re: Seriously?

      if you don't understand the difference between a freely elected government and a government ran by a pseudo-dictatorship which invades a peaceful nation and runs hundreds of thousands of people out of their home at gunpoint.. then I believe you have a lot of research and self-reflection to do.

      Indeed, the false choice in the US between a turd-sandwich and a shit-bagle can't actually be called a democracy.

      Along with their lang-standing tradition of overthrowing democratically elected governments in other countries they don't like, they should be stripped of their veto power in the UN.

      Or is that not exactly what you had in mind?

      1. 2Nick3
        Pint

        Re: Seriously?

        "Indeed, the false choice in the US between a turd-sandwich and a shit-bagle can't actually be called a democracy."

        Wonderful quote - have one on me.

    5. Chris G

      Re: Seriously?

      I have a Russian wife, Romanian,Moldovian, Bulgarian, Ukranian and Lithuanian friends and non of them report in the fashion you state, so what mind blowing conversations have you had and with whom?

      Most of my friends and acquaintances are sure Putin is no angel but they all generally support him, apart from most of my Ukranian friends but even they are not enemies of Russians and Russia.

      As for Kaspersky I have used their product for quite some time it runs relatively quietly in the background is not, unlike Avast and co, constantly trying to flog me more and better services, it just does it's job.

      I am less concerned with what it does with my data than say FB, MS, NSA, GCHQ or Google. Or, for that matter the NHS.

    6. Eddy Ito

      Re: Seriously?

      I haven't seen anyone "back the Russian government" but the simple fact is that it doesn't make sense for Kaspersky to do what he is being blindly accused of. First it doesn't make sense to even ask for a back door simply because it's likely to be found; this is why the FBI asking for back doors in encryption is so bad. It's much easier to simply walk round a few times until you find the back door. Second, Kaspersky is already doing a great job by the Russian government simply by making a good product and that applies doubly as it often finds little tricks devised by the NSA and friends. Finally, about the only thing he could possibly do is intentionally hobble his own software so it doesn't identify the little tricks devised by the GRU but that would simply lead to the CIA/MI6 copying the style of the GRU so the neither's bag of tricks is detected and that would defeat the purpose. To sum up, at best it's a very short term gain to cheat but a very long term loss and with no evidence either way I have no problem running Kaspersky AV on my machines.

  17. amanfromMars 1 Silver badge

    Out of This World Future Options ... for Futures SMARTR Currency Exchanges

    For what it's worth, I came away feeling that Kaspersky Labs doth protest too much. But what it's hiding I have no idea.

    A more Engaging Question for Exploration is what Requires Secure IT Programming Protection.?

    Are COSMIC State Secrets AIRecognised as a Worthy Currency for Exchange and Exhibition ...... Universal Presentation via Global Operating Devices.

    And although at the end of some of today's journeys here now, IT is just at the start of things you may have inputted for tomorrow and Future Greater IntelAIgent Games Use .... Ideally, Perfect4AI2Plays :-)

    Cheers for Now. Other Realities are Silent Calling for Answers and Solutions with Truths Providing and Protecting Immaculate Applications of Surreal Programming .....

    :-) And a Right AlMighty Witches' Brew be that to Enjoy and Employ ..... Find in Long Time Ago Secured Deployment, and in Critical Future Leading Fields, for Extensive Sampling and Exhaustive Testing of Core Information Source to IntelAIgent Program Stash/Cache.

    A Heavenly Hellish Place Tending Enthusiastically to All Temptations at the Ready for Vices to Extol and Exploit in Sin Filled Journeys ....... Future Past Perfect Parties.

    1. GIRZiM

      Re: Out of This World Future Options ... for Futures SMARTR Currency Exchanges

      That's better.

      For a while recently, AMfM was sounding not merely coherent but consistently so.

      However, I was able to make neither head nor tail of the above and things are, reassuringly, back to normal.

      *Phew*

      1. amanfromMars 1 Silver badge

        Re: Out of This World Future Options ... for Futures SMARTR Currency Exchanges

        One of those LORCA Incubators, GIRZiM ...... http://www.theregister.co.uk/2018/06/26/lorca_infosec_tech_creche/

        1. GIRZiM
          Devil

          Re: Out of This World Future Options ... for Futures SMARTR Currency Exchanges

          Yes, you were disconcertingly coherent there too - are you feeling alright?

  18. apalamarchuk
    Holmes

    Only US?

    "Neumeier also said the fact that only the US has taken action against Kaspersky proves the geopolitical skulduggery theory."

    Lying FSB agents. Ukraine also kicked their ass. From https://en.interfax.com.ua/news/economic/390626.html :

    "Subsidiary of Kaspersky Lab (Moscow) Kaspersky Lab Ukraine LLC (Kyiv) has announced its liquidation under the decision of its owner due to the sanctions against the company Ukraine introduced on September 2, 2015."

    1. Chris G

      Re: Only US?

      Subsidiary of US Skullduggery; Ukraine Skullduggery.Kiev does what it's paymasters tell it to most of the time, although they are beginning to get ideas of their own lately.

      1. apalamarchuk
        Headmaster

        Re: Only US?

        Chris, the question of dependency of Ukraine on their allies is irrelevant here.

        What's clear is that Kaspersky's guys lied through their teeth when they claimed that only US acted against them. It's not like anybody pulled their tongue to say that.

  19. Anonymous Coward
    Anonymous Coward

    Simon

    The subject is obviously interesting and the article informative, but I did find it rather painful having to read through your attempts at sarcasm and I thought they took much value away from an otherwise great report.

    As other people have also requested, I would be interested in hearing from those MEPs in exactly what ways this company's products are detrimental to our security and a detailed presentation of their evidence. After all, if it is not good enough for the EU institutions, surely it is not good enough for EU citizens and industry, or are they going to leave us all unprotected?

    Can I expect some incisive enquiries from El Reg on that front? Technically you're still in the EU chaps, they have to talk to you.

  20. Neoc

    "The company is also promising source code reviews for customers and/or maybe also by a consortium of universities whose collective eyeballing will make it possible to get through all three million lines of code"

    I don't care who you are, Kaspersky or otherwise: unless I can compile the source code on *my* machine using *my* compiler, you cannot guarantee me that the code I just inspected is what's actually in the compiled version you're offering me.

    Admittedly, most of the time I don't care (I'm pretty certain MS and Google are constantly spying on what I do in various ways "for my PC's/phone's own good"), but for security software...

  21. Anonymous Coward
    Anonymous Coward

    I often wondered why...

    ...Kaspersky was the only one to find unusual virus that tended to be financially beneficial to them.

  22. Anonymous Coward
    Anonymous Coward

    I think their whole problem is a refusal to differentiate between "in the wild" spyware and Gubbermint (of any flavour) spyware.

    1. MonsieurTM

      Agreed: Kaspersky got into hot water initially over blowing the whistle on Stuksnet, government spyware. And would not shut up about it. All the rest remained silent....

  23. Anonymous Coward
    Anonymous Coward

    From the general anti-Kaspersky tone of the article one could question whether it was sponsored by, for example, the US government.

  24. DropBear

    "But what it's hiding I have no idea."

    ...so, ummm, have you stopped beating your wife?

    1. MonsieurTM

      I know, let's make up load of malicious, baseless accusations, then ignore requests to justify them, and repeatedly demand that the organisation in question must explain itself. And then that organisation on the occasion gets in knots, let's use that as substitute "evidence" to support those initial claims. Brilliant reporting, Simon. Glad I am too dumb to think for myself!

  25. MonsieurTM

    Stuksnet

    IIRC a subsidiary of Kaspersky blew the whistle on Stuksnet. Which seriously pissed off the US & Israeli governments and permitted the Russian and other governments to become aware of such sophisticated cracks. Methinks that Kaspersky is a victim of over-zealous US government business practise.

  26. Roland6 Silver badge

    Now might be a good time to buy Kaspersky! :)

    For those interested Kaspersky products are currently available at 50% off:

    https://www.techradar.com/news/kaspersky-antivirus-goes-half-price-on-its-strongest-premium-security-software

    or

    https://www.kaspersky.co.uk/products-services/acqlp-3up-nb

    If you spend your time checking out, Kaspersky will offer you a further 10% discount (total discount 55%).

    As Kaspersky allows you to stack licences, this might be a cheaper way to renew an existing licence, just need to watch the +3 year product rule.

    The only caveat is that the licence is not for sale or activation outside of the European Union and Falkland Islands.

    Whilst this brings the cost down, it's not as good as the Agnitum lifetime licence offer many years back...

  27. NonSSL-Login

    Stating the opposite of the bloody obvious

    You do not have to be a security genius or have a degree in politics to know the whole US attack on Kaspersky is political butt hurt revenge.

    They are having to do the transparency tour to repair their business after US gov pressure against them. The CIA has previously tried to leave kaspersky fingerprints on their bad deeds. Its open day on the company that found and reported some of the NSA malware.

    Journalists asking Kaspersky ridiculous useless questions instead of asking governments and politicians to backup their statements, is half the problem. They are not real journalists. They just parrot scripted lines told to them to publish with no actual journalism done.

    The comments here show that the majority of IT people think the article talks a load of bollocks and there is indeed a vendetta against Kaspersky. Nothing has changed since the banning of their product. Move alone, nothing to see here. No story yet, until the actual transparency tour and even then, going by this article, we will get another crap axe job article. It's a good job el'reg has a lot of good articles to read between the crap like this one.

  28. Anonymous Coward
    Anonymous Coward

    Why I use KL at a US Bank

    I used them for year for the features and reputation - I do not allow out bound traffic (upload samples). If they can catch NSA tools - that have always been leaked to other criminals (besides the NSA) that is exactly the product I want. And you know what, 5 years in now, and it has been nothing but a stellar product, when we have had minor issues the support has been great (and speaks English). We use multiple tools so no one tool being broke cripples us. I could use any AV I choose, and this is my choice, and it has done me right. It was a pain defending it to the company heads over the NSA crying for finding their criminal tools, but I did, and we still have them, and for at least 3 more years now :)

  29. nick soph

    Could an American company report the bad things it thinks American security agencies are doing? Likewise for a Russian/Chinese/North Korean co. Truecrypt was closed down by persons or persons unknown without any explanation and before its final security audit was completed. The final comment from the anonymous Truecrypt authors was that Truecrypt had a fault and they made a recommendation to use Microsoft's Bitlocker instead. There is an interpretation of these events which goes - the security services used secret laws (Do we have them? How would we know?) to stop any further dev of Truecrypt because it worked, and Truecrypt's 'use Bitlocker' statement was made as a obvious false flag (It is widely assumed that Bitlocker has a backdoor available to US agencies). It seems likely there is a difference in the form of pressure exerted by states on the companies that work within their borders but the effect is the same and the reporting by a company of the misdeeds of its homeland's government is discouraged and the opposite for the reporting of misdeeds of other countries. The US's public defamation of KL should be regarded as a compliment to KL (at least as far as US produced nasties are concerned), the sad thing is that the Russians have not similarly endorsed any US security products in return.

  30. onebignerd

    The U.S Government needs to publish their evidence (if any) and settle this crap once and for all, since they are the ones who stirred up this panic. Personally I find no cause for concern, nor reason or evidence to stop using Kaspersky.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon