Offshore Software

Discussion in 'privacy general' started by ajcstr, Mar 20, 2016.

  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    As I said, it all comes down to perspective: https://www.digitalnewsasia.com/sec...ries-most-hit-by-ebanking-malware-trend-micro

    ‘Malaysia among countries most hit by e-banking malware: Trend Micro’

    ‘About 23% of all online banking malware detections were in the United States, the most affected country in the first quarter of 2014, with more than 26,000 online banking malware detections.’

    ‘Japan came in second with over 11,000 detections (10%) while India ranked third with over 10,000 detections (9%).’

    ‘Brazil ranked fourth with a 7% share, followed by Turkey (4%), then France, Malaysia, Mexico, Vietnam and Australia, each with a 3% share.’ ~ op cit

    ‘There are three kinds of lies: lies, damned lies, and statistics.’ ~ Benjamin Disraeli (1804 - 1881)
     
  2. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    Well I learned from statistics class in college you can make the numbers say what you want by just presenting them differently.

    So ok, then, let's approach this differently.

    What does a company have to do to lose your trust? Has something about a software company ever made you shy away? I gave you my example and I posted an incident with EaseUS that upset some customers.
     
  3. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    I take this to mean victims as opposed to offenders ??
     
  4. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Well, it doesn't mean the offenders are all Chinese either.
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Well, I got a trojan once from a Russian journal site, that site pretty well lost my trust. On the other hand, I've used Russian software since. I was wondering about your rationale about Chinese and Russian sites based on just one site you had a 'bad vibe' about.
     
  6. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    I agree 100% I never said they were.

    http://www.bloomberg.com/slideshow/2013-04-23/top-ten-hacking-countries.html#slide11

    China has been accused of having state sponsored hackers. No, I'm not saying China or Russia is filled with hackers. What do other countries say about the US? Does Europe say we have state sponsored hackers? We may very well, who knows. If we do, they are not that good, they can't even hack one iPhone.

    It seems everyone else that has posted here has no concerns over this type of thing whatsoever so I guess I am being paranoid.
     
  7. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    China has accused the US of having state sponsored hackers before now. No country is innocent of cyber espionage, mine particularly (I'm talking about you GCHQ!). There isn't the same paranoia in my country about China as far as I know. It kind of reminds me of Orwell's novel '1984' where enemy countries were interchangeable every so many years. The paranoia about China is reminiscent of Cold War fears.
     
  8. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    Ha - I think you hit the nail on the head. Well it was a good chat at least, I certainly got a lot out of it. Hopefully some more people will weigh in.

    Maybe I'll start a thread about tech support companies in India next.
     
  9. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Personally I have no issue with Chinese software. My antivirus, web browser, archiver and download manager are all Chinese. I also regularly use a number of other programs that come from China too, as well as having software from many different Chinese vendors installed on my laptop.

    In my opinion, the Chinese write some excellent software, and I see no good reason not to use it. Maybe it's because I'm not paranoid.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I totally agree. I use ShadowDefender, and I trust it when I am going to do something really risky. Hasn't failed me yet.
     
  11. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I'd probably ask the Chinese about doing that lol.
     
  12. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I think everything I own is Chinese, except for the Japanese stuff. For some reason, a lot of my software is French. On Windows I use Maxthon and K-Meleon as my main browsers. I've used Maxthon for over five years. A lot of people won't use Maxthon because it's Chinese, which I think is weird.
     
  13. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    I have to confess to being somewhat bemused by this thread, perhaps because there's an element of cross-purpose about what threat models are being considered, and what the implication of "being" in country X might be. FWIW, the aspects I tend to think about are:

    a) What is the threat model of this software, what is the impact of breach or inbuilt trojans/backdoors?
    b) Can I restrict this in a container (VM, Firejail, Sandboxie)?
    c) Does the software require admin rights?
    d) Is this software FOSS?
    e) has it had a security audit?
    f) what history has it got, does it update regularly, are there competent people working on it?
    g) if commercial, what is the jurisdiction of the Head Office, is that vulnerable to NSL or equivalent?
    h) How hard would it be for the company to move if served with an NSL?
    i) what is the reputation of the company, what is its business model - am I a customer or the product?
    j) can I download the software and check its signature or checksums securely?
    k) if FOSS, can I build from source, and is this build repeatable?

    Doubtless everyone can add their own assessments to this!
     
  14. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    Touche !!

    Touche again !!

    (I still use EaseUS Todo, the origin of the software is a piece of the puzzle, not the whole criteria in itself).
     
    Last edited: Mar 27, 2016
  15. ajcstr

    ajcstr Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    183
    How would I find out this information with respect to a particular company?

    And I'm not sure what you mean by "cross-purpose"
     
  16. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    a) company website - product info, corporate info, management team, privacy policy. Quarterly/annual returns, filings. Transparency reports.
    support section: product documentation, release history, bug fixes/release notes. Browse of support forums.
    b) search on articles & reviews about the product and company; competitive reviews
    c) is product signed or can I verify checksum or is it under distro package management
    d) check on Wilders if there's any experience of the product
    e) personal evaluation of the product, usually in virtual machine - can run in sandboxes, restrict rights, inspect traffic

    Yep, a lot of work, though that depends on how easy it is to sandbox/containerise, and what privileges it requires.

    By cross-purpose, I mean that people may be talking about different things here.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.