Retaliation
Perhaps we should ban Microsoft say Russia and China ?
Oh suddenly we aren't dumping coal / steel / etc ? How nice thank you !
US Senator Jeanne Shaheen (D-NH) simply can't wait to banish Kaspersky Lab's antivirus from American government computers on the grounds it's a security risk. Her plan is to amend the nation's latest National Defense Authorization Act, which is legislation that has to be passed each year to green-light funding and policies for …
Er, Russia and China have previously threatened to ban Windows, Office, for much the same reason.
The one piece of code with about the same access to everything as enjoyed by the OS is the installed AV software. It can do anything it likes. You do have to trust it. That means trusting the vendor, and every single developer working for the vendor, any one of whom are in a position to slip a little extra something into the code base.
That's a pretty big set of people to have to trust entirely. And in Kasperky's case, absolutely none of them has a US government security clearance.
Paranoia? Perhaps. But then one's government is supposed to be a little bit paranoid.
Good point, I'd forgotten that all Microsoft developers are American citizens living in America and regularly security checked.
Somehow I'd come to the erroneous opinion that development is often off shored and that 90% of them, even those on US soil, aren't security checked by the government.
Fortunately we at least don't have to worry about code quality exposing sensitive data.
The country is not in that state any more than other countries. It's just that the highly-evolved media organisms here thrive on fear.
Fear! The country is rank with it! You can find its seeds on every corporate news show, and it takes a toll, for sure.
The news ratings are engendered the same way as retail sales and most attempted legislation: By injecting insecurity into consumers. Insecure people are motivated to do something, anything, to relieve the insecurity. That works well for the ad biz, and the media does it to drive worried eyeballs to their feeds. The pols do it to get votes.
So forget that 'fear' thing, it's 90% illusion. Any sufficiently advanced culture will be the same way.
The other 10% is the residual fear we all live with, all the time.
The question is whether that fear is justified. In some places it absolutely is as gangs like MS-13 who are thriving with the war on drugs and power drunk police who do what they feel like terrorize the population. At least folk have a slim chance if they shoot back at the gangs that are on the "wrong" side of the thin blue line.
"There aren't many other "civilized" countries where so many people feel the need to go about armed everywhere"
I live here and can tell you that very few people "go about armed everywhere". Very few law abiding folks, that is. Even in the western states. Too many, however, believe all the official nonsense about terrorism.
Chemical Bob wrote: "I live here and can tell you that very few people "go about armed everywhere". Very few law abiding folks, that is."
That is the thing about conceal carry laws. Concealed means CONCEALED! I don't leave home without one or two weapons on me. Most of my friends are the same way. We do so legally, having been investigated and approved by the state to do so. I go every place I can legally (for example, excluding government offices), and no one knows.
I am not a threat to you or anyone. I am a nice guy. Because I am carrying deadly force, I have an obligation to retreat and disengage first rather than present a weapon. I must de-escalate every situation in any way possible. Any action on my part that makes the situation worse makes me legally liable for the outcome. Only when faced with death or bodily injury to myself or another, and when there is no other option, then I am permitted to take action in defense of life.
If I have to explain why this is posted anonymously, then you don't understand what I have written.
What you posted does not contradict what I wrote - *very few* law abiding citizens carry weapons with them all the time. Concealed carry stats that I could find indicate that it might be around 5% in the whole country. Florida is the clear outlier with over one million permits, but in Florida you need a concealed carry permit if you carry more than 2 oz. of pepper spray.
Whether you are a nice guy or not isn't the issue, nor are the legal obligations you are under. The plain fact is that around 95% of the people in this supposedly gun-crazed country feel no need to pack a weapon.
"The plain fact is that around 95% of the people in this supposedly gun-crazed country feel no need to pack a weapon."
The most scary thing is that you genuinely seem think that your underestimation of 5% people packing a weapon is somehow normal and acceptable.
That would mean at least one person with a gun near me during my daily commutes, or several of my colleagues.
From my viewpoint, that number means it is a gun-crazy country, your internalization of what constitute gun-normalcy confirms it, and I do not want that to happen here.
The previous AC's self-characterization seems to be the norm for folks with concealed carry permits - sane, rational, law abiding people who are expressly prohibited from drawing their weapons unless there is no other choice. That 5% of the population is not something to worry about, one is far more likely to get shot by a cop around here. Go to youtube and look up the Philando Castile shooting, that cop had his gun drawn and was practically shitting his pants before he shot the guy.
Sorry John, this has been extensively polled and Americans are indeed much more fearful than other advanced countries. You have been for a very long time, too; it's not a new thing.
You're half-right, though - the media very much works to heighten the sense of fear in the country in an effort to increase ratings (as do most politicians, particularly Republicans). You just immediately contradicted yourself by accurately pointing this out and then saying that the country is no more fearful than any other 'advanced culture'.
> "Sorry John, this has been extensively polled and Americans are indeed much more fearful than other advanced countries."
Polled? Seriously? I suggested most of the fear is an illusion, and I'll further suggest that most of the polls are too, these days. In fact, it is the polls themselves that are one of the main tools the media uses to engender fear.
Oddly enough Big John, I agree.
So long as we remove the 1st, 4th and 5th elements of your statement.
I've relatives down there. You and they may be among the 10% that have realised that the media fear mongering is just that - but sadly, far, far, far too many eat, breathe, drink, live and excrete that fear. It is why you have so many divisions in your population, and why so many of them are so violently opposed to the other groups.
And you, despite being radicalised, are clearly capable of knowing this, and that it will be the destruction of your country.
Unfortunately this dumb ass bitch is from my state and I'd like to say "I'm sorry" and that all of us from NH are not this retarded. She should also ban hardware made in China since they could actually design backdoors into technology, this is why technically unaware people should not have a say in anything tech related like this.
She's just the tip of the iceberg in CongressLand. Maybe it's time to re-read the Constitution, the Declaration of Independence and writings by the founders. Then again, for many such as the Millennials and many CongressCritters and some among the higher level offices and staff, I'm sure the contents would be a surprise.
At the defense/government level you can't really trust any software from foreign powers. You would be naïve to blindly use any software from US, Russia or China. It's, for example, time EU invests to cit many ties it has with foreign suppliers.
For the matter Kaspersky and other software has been banned from my company has well. The fact it would need to bend to any FSB request is clear, just like MS would bend to NSA.
There is no evidence that Kaspersky has ever been manipulated by the Russian government for espionage purposes, but they could do it if they wanted to. It's possible that in five years relations between the countries might have deteriorated to the point that happens. Security means seeing potential threats, not just countering those that exist.
For exactly the same reason, I'd expect the Russian government to do all they can to minimise dependence upon software developed by American companies. There's no evidence that the NSA has ever used Windows Update to distribute malware, but they could probably do that if the need was great enough - just a matter of turning up to Microsoft HQ with a USB stick and a 'if you breathe a word of this then you'll never see daylight again' form.
Well if all governments insisted that their IT is entirely trustworthy, they'd all insist on using software and hardware that is either designed and fabricated within their own borders or entirely open source. So Europe is going to have to build some fabs and just about everyone is going to have to start using a flavour of 'nix. (Even the US can't trust Windows as long as there are closed source device drivers and admin-level software involved.)
But try telling that to a typical politician and they just come up with a half-hearted response like this. She should grow a back-bone and insist on a fully trusted platform.
(I'd add a penguin icon, but I don't want to offend the BSD fans.)
And that's just it. Kaspersky has offered the US gov't the source code so it's not like there could be anything hiding. No, Shaheen is just kettle clanging for the media because she feels Hassan has been too uppity lately and stealing all the limelight by hanging out with Bernie Sanders and Elizabeth Warren.
It's quite easy to have one set of source code for showing everyone, and a different, or augmented set of source code with hidden nasties that is actually used to build the distributed software.
There are even examples of compiler attacks that make it possible to add the nasties during compilation of perfectly nice source code.
Being given access to source code tells you fuck all about the presence of nasties in the compiled product that the source is supposedly used to build.
Only partly true.
If you can compare a copy of the source compiled with exactly the same tool chain (note that word exactly) and a file comparison comes up the same as a bought copy you've a reasonable chance you're looking at the code that created it.
I know about the "rogue compiler" that Ritchie pointed out. I'd suggest a differential compilation to spot any large gobs of code that is only inserted by the tool chain compiler.
IRL At some point you have to start trusting that people are acting in good faith.
"The Senate Armed Services Committee in June adopted my measure to prohibit the Department of Defense from using Kaspersky Lab software, to limit fallout from what I fear is already a huge breach of national security data."
Without any evidence of any wrongdoing it just makes this look like political games.
Russia is fact waging cyberwar on us, and Kaspersky works on secret projects with the intelligence services that are waging that war. The latest Kaspersky product is an "infrastructure OS" that they want us to install in all of our infrastructure that the Kremlin would like to bring down in the event of a conflict.
Now, how stupid need one be to allow such as thing? And why is this rag advocating opening all the doors to an enemy attack? Bizarre.
Hi! You're currently tripping my Bullshit Meter (tm).
Cite sources or be ridiculed.
Random blogs, Breitbart, InfoWars, etc are an instant fail.
"Because Russia!" is an instant fail.
Gun control, abortion, and now Russia, politicians need to pipe down about things for which they have no understanding. If DC fell silent as a result, nothing of value would be lost.
Trisul:
There are rather a lot of tinfoil hatters about these threads. I'm afraid however that you're in the class of faraday hat wearers. Russia at this point, and China, Japan, India and the rest, have collectively decided its time to sit back, pop some corn and watch the implosion. There will need be no effort by any external entity to cause it. Over the last 40 or so years the USA has armed it's own self destruct devices.
Shaheen is the senator in my state also (Hi Shawn - we don't' know each other).
This bitch jumps on the band wagon of anything that she thinks will make her look good.
She has no clue as to tech other than it's magic to her.
The reason the FBI/CIA/NSA doesn't like Kaspersky is that they outed their hacking tools.
Maybe she want's a US AV company to protect her interest? - well guess what, there isn't a US AV company in the top 5, and US companies are FAR more likely to allow backdoors than Kaspersky.
Shaheen - you are a ego trip, helo flying to avoid traffic at tax payer expense cunt that is a leach on NewHampshire. You should have been banned from politics for your arrogant ways.
What's the point of such an offer, given that all AV software is designed specifically to allow for updates to be automatically installed. Unless you get the source code of every update and have someone check it out before approving the update and allowing it to be installed, the software could be completely innocuous until one day an update it delivered that isn't.
No different than Microsoft delivering source code for Windows to China. Unless they give them the source code for every KB* update that comes along, and China inspects it before applying, they might as well not even look at the source code in the first place because they couldn't be assured that the NSA spy package wasn't delivered in an innocuous update that claims to fix an obscure SMB bug.
... that the illustrious guardians of our government data (the NSA) would have some way of testing/vetting software allowed to be installed within security perimeters. Software (without the source code) is pretty much a black box. And there's no telling what might be going on in its innards whether it was written by Kaspersky or Microsoft. You've got to put it in a 'clean room' and watch it for a while. And then you've got to watch your perimeters once it has been installed for suspicious activity.
Personally, I'd worry more about trojans installed by Boeing, Lockheed and the like to get the jump on defense department bidding information.
"the U.S was condemned them for invading a sovereign country. Ignoring the fact we have done it with Iraq and Afghanistan."And the rest!
1950 North Korea
1961 Cuba
1965 Dominican Republic
1983 Grenada
1989 Panama
1994 Haiti
Every ten* years or so, the United States needs to pick up some small crappy little country and throw it against the wall, just to show the world we mean business.
- Michael Ledeen, holder of the Freedom Chair at the American Enterprise Institute
* More like 8 years!
Why don't they take Kaspersky up on examining the code? Yes, Kaspersky could sneak code in later, but I seriously doubt they would risk their reputation and markets by slipping in spyware. They would be poison world-wide and out of business if they got caught doing that. The NSA might be able to see how to hack them like they do with the other security A/V suites. As Kaspersky is one they (NSA) can't hack, as of the Snowden leaks.
It's a lot of fear mongering by the Congress and the Media. Once the U.S, Russia and all countries, learn, understand and respect the cultural differences, there will never be any trust. We are all human, just trying to live, work, raise a family...etc with different beliefs, philosophies, cultures, languages, backgrounds.
I am not a threat to you or anyone. I am a nice guy.
I'm sure all the nice guys like the Cray brothers, Bonnie & Clyde and John Gotti have said the same thing. Just like I can say on Tinder that I an 6' 2", 190lbs, athletic build, a stud in bed and because I have typed it then it must be true.