In the light of the Ukraine crisis, what about Kaspersky?

Discussion in 'other security issues & news' started by sukarof, Apr 8, 2014.

Thread Status:
Not open for further replies.
  1. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Many has been worried about NSA and its affiliation with big companies like Microsoft, Google, Facebook and so on. Even the power the US government has over VISA, Paypal and Mastercard is problematic.
    Can Kaspersky be more trusted than google, VISA, Paypal, Mastercard, Google, Microsoft or Facebook?

    I did not care much about the allegations, or FUD(?) that occured a couple years ago about Karsperskys connections to the kremlin. But now in the light of the russian annexation of Crimea (and rest of the Ukraine next?) the question is timely. I am thinking about the new battlefield that is internet.

    (I, know I spelled Karspersky wrong in the title, but cant find a way to edit the title in this new style)
     
  2. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    883
    Location:
    Triassic
    Can Kaspersky be more trusted than google, VISA, Paypal, Mastercard, Google, Microsoft or Facebook?

    Are you assuming or asserting that the FSB would insert code in the AV program to mine and collect communication data with or without Kaspersky's cooperation or knowledge? Maybe an AV is not the right vehicle for this type of surveillance.

    I do not think there is too much trust to go around about anything on the internet. If a company is given no choice, is lied to or is complicit, you would not know. If you believe that they have been infiltrated and are untrustworthy then don't use the product. Freedom of Choice is also a weapon.
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
    Yeap :thumb:
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,069
    I would not trust any of above mentioned companies. It doesn't matter where they come from. IMO it is better to use software or service from country where you don't live in. If you are American than using Russian software would be a little safer. Russian companies probably wouldn't like to cooperate with FBI or CIA the same way as American companies do. The same goes for any country and software and service providers that come from that specific country.

    hqsec
     
  5. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Re: Russian hackers, I'd trust Kaspersky to be on top of their malware more than most AV companies. As per Ukraine, there are more hackers there than most any other place---see the recent Neiman Marcus credit card hack.
     
  6. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    I really don't belive in Russian Kaspersky!!!
    I will never ever use Kaspersky again since i know the russians through Kaspersky can spy everything on my PC!

    I boycott any russian product, like Kaspersky. I just don't belive in russians.
     
  7. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    On a technical note, this is not how an AV would be compromised. It is far more likely that IF, and I strongly emphasize IF, it would be through a potential white listing OR ignoring of said malware IF detected. What is more likely is that the malware itself is simply unknown with behaviors designed to circumvent known AV/AM detectors. The bad guys test continuously against multiple AV solutions whereas AV vendors can only test against the actual malware or through known malware behaviors and/or variants in a similar family.

    Don't assert malice when technical/real world limitations of the technology are the more likely root cause...
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Why would this be any more likely from them than from Microsoft, or Symantec, or McAfee? If I were to assume that this kind of behavior is unavoidable and undetectable (which it isn't) I'd be more concerned with software that originates in my own country. Unless you're one who has gained international attention, governments from other countries wouldn't be interested in what you have. IMO, the likelihood of a company collaborating with or being coerced by a government increases with the size of the company and the number of users or systems the government can potentially gain access to.

    I have no problems with Russian software. SSM is Russian and it's some of the best security software I've ever tried.
     
  9. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    Good for you - Good luck!!!
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    ..
    What are they gonna do? Send the KGB to you house? If you were doing something worth watching, wouldn't you rather someone in another country was watching rather than the agencies in your own country?
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm considered suspicious or paranoid by most standards, even in the privacy forum when it comes to software and/or government coercion. I regard software, its developers and vendors as its untrusted until proven otherwise. SSM earned my trust through 10+ years of usage, beta testing, and interactions with the developers. Windows OTOH has not, especially the NT versions.

    I'd still like to know why such behavior would be more likely in Kaspersky products that those from Symantec or McAfee. What could Russia do through them that the NSA couldn't do via NSLs or outright coercion? I see no difference in either ones ability against most PC users. The difference I see is in which would have an interest in what might be on my PC. That would be largely determined by where you live. Examples: the Russians don't care if I'm vocal about my opposition to NSA spying or if I supported the Occupy Wall Street movement. The NSA would be and those involved in that protest have classified as low level terrorists. The NSA considers those running Tor relays to be adversaries. Political motivations aside, which country has more interest in looking for pirated material on your PC? Obviously, the one that tries to equate music and video piracy with terrorism. For myself, I can't come up with a single reason why Russia would want access to my equipment, or of any way that total access to it would benefit them, save for compromising a single Tor exit. I have no reason to consider Russia a potential adversary. The Ukraine doesn't qualify as a reason to do so. Hypothetical example. If I viewed Russia as an enemy due to the Ukraine, their government would be my adversary, not their citizens. Government views and positions seldom reflect the views of their citizens no matter where you live. In such a scenario, I might distrust a big company like Kaspersy, partly because of their affiliation with the government and partly due to the way their software functions. OTOH, I'll give a single purpose app that's developed by one or two individuals the benefit of the doubt and evaluate it on its merits.

    I can't outright reject software because it's Russian in origin any more than I can accept software just because it's made in the USA. Using nationality as a basis for your trust is little more than blind prejudice. By that logic, my exit node must be owned by the NSA just because it's in the US. In reality, I'd shut it down before I'd willingly allow that.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    I must admit, I sometimes also think about stuff like, who can we trust, and who not? :ninja:

    But then I think, if there were really backdoors in software like Kaspersky and Baidu AV (for example) wouldn´t it already be discovered? Plus what if they get busted, that would destroy their business.
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I doubt it, especially from an AV. With most AVs being at least partially cloud based, how would a user know what data the AV is sending out and for what purpose, especially if the traffic is encrypted in any way. When an AV scans a folder or drive, it's easy to see what it's looking at. It's not so easy to determine what it's looking for. Is it looking for signatures left by specific types of malicious code or signatures that match known pirated material, or subversive material? When the source code is closed and the traffic encrypted, there's no easy way to tell. AVs that are integrate with cloud components don't need a backdoor in the conventional sense. They can send it out the front door because we can't read the traffic. AV vendors are just as susceptible to mission creep as 3 letter agencies, especially if someone offers them money to look for specific items. If such activities were initiated only when a specific command is sent, that ability could remained undetected for many years. An unused backdoor in closed source software is next to impossible to find. If such activity got caught red handed and was the result of government coercion, it would be covered up quickly and never make the mainstream news. The Snowden revelations have shown this. Most Americans are aware that it has happened but only know what the mainstream news has told them. Few have looked at them to see the extent of it, the coverups, and the contradictions. It would be the same for an AV vendor.
     
  14. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Some facts to consider - Our fellow Wilders Security Forum member Sergey Ulasen was the discoverer of stuxnet and wrote about it here in the Wilders Security Forum shortly after the initial news was published (2010) in the New York Times. He was working for a small antivirus company at the time.

    Subsequently he came to work for Kaspersky Labs. Kaspersky Labs is the the lead security company who has released early information about stuxnet (and later its variants).

    Stuxnet was meant to attack the computer system of a hardened Russian Nuclear Enrichment Plant in Iran.

    If one would care to hear a talk by Eugene Kaspersky about this and Kaspersky Lab's intentions to find any malicious software such as government back doors on anyone's computer regardless of the source than you may wish to have a listen to his talk to the Press Club in Canberra, Australia in 2013. If you do not wish to listen to the whole one hour then have a listen from 44:10-46:06.

    Only some food for thought.

    Best regards

    P.S. Sergey's story of his discovery is found here.
     
  15. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    hi
    Any av editor must deal with national laws of each country, and this is the case for Symantec as for Kaspersky.
    Dr Web and Kaspersky need to deal with specifiv Russian Federal Law (change .pda in .pdf to read the paper)
    http://www.wired.com/images_blogs/d...tions-and-Implications-for-Kaspersky-Labs.pda

    Regarding backdoors, just consider that any AV installed in a machine is a potential security and privacy risk.
    Dr Web is the FSB antivirus firstly because the CEO team has accepted the auditing process, which included source code analysis at different time and at the office.
    Kaspersky has not accepted the analysis of their source code...and in a very strange way, their source code was avalibale on the net...
    This is not a geopolitical board, then i just link to an excellent blog which focus, on some artciles, on Russia and Kaspersky
    http://jeffreycarr.blogspot.co.at/2014/03/russian-cyber-warfare-capabilities-in.html
    http://jeffreycarr.blogspot.com/2012/05/flame-russia-and-itu-geopolitical.html
    http://jeffreycarr.blogspot.com/2012/05/kasperskys-problematic-flame-analysis.html
    http://jeffreycarr.blogspot.com/2012/08/russias-kaspersky-labs-to-develop.html
    http://jeffreycarr.blogspot.com/2013/01/rbn-connection-to-kasperskys-red.html

    Rgds
     
  16. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That PDF is an interesting read. It's likely that similar requirements exist in most countries. Those requirements could take the form of anything from broadly interpreted laws to NSLs. IMO, it's reasonable to assume that this is widespread and encompasses far more than just AVs.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Very informative post. :thumb:

    But I still can´t imagine that no one would be able to find a backdoor in anti malware tools. :cautious:
     
  18. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    It would depend on what form that backdoor takes. If an app requires an open port for legitimate inbound traffic, what prevents that port from being used for more than one purpose? If the backdoor function was only activated after receiving a very specific command, what are the odds that someone will find it by chance? If the files of the backdoored application are encrypted or obfuscated in an unusual manner, finding the backdoor would be extremely difficult. Besides, how many people who are able to reverse engineer these types of apps are actually doing so? I'd suspect that many of those able to do so are already working for some government. If they found such a backdoor, they wouldn't publicize it. They'd do just like the NSA does, hide its existence for their own use.

    With most AVs being at least partially cloud based, there'd be no need for a port that's open to inbound traffic. Those AVs are in almost continuous contact with their cloud servers. The command could be sent with the regular traffic. Unless the user can decrypt the traffic, how would they know?
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    There is no need to backdoor an AV. Bypassing them is trivial, we did it in one of my classes and it was basically just a lesson consisting of a chapter of a metasploit book.

    Coercing them into including a backdoor is expensive and dangerous. Much cheaper and safer to just bypass it.
     
  20. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    An AV can be completely disabled with a bad update. With a governments ability to MITM traffic, delivering a defective update would be simple. Norton did it to themselves on more than one occasion. If someone ever comes up with another warhol or a nastier equivalent of Slammer, the damage would be done well before any AV could respond. There's way too many ways an AV can be defeated, especially by a powerful adversary. Missed detections, directly attacked by malicious code, compromise the update server or detection files, MITM attack on update delivery.
     
Loading...
Thread Status:
Not open for further replies.