Office Depot, Best Buy Pull Kaspersky Products From Shelves (bleepingcomputer.com) 155
Catalin Cimpanu, reporting for BleepingComputer: Both Office Depot and Best Buy have removed Kaspersky Lab products from shelves. The ban has been in effect since mid-September, and the two chains are offering existing Kaspersky customers replacement security software. The first store to remove Kaspersky products from shelves was Best Buy, on around September 8. At the time, the FBI was pressuring the private sector to cut ties with the Russian antivirus maker, which was the subject of a Senate Intelligence Committee on the suspicion it may be collaborating with Russian intelligence agencies. Kaspersky vehemently denied all accusations. A week after Best Buy removed Kaspersky products from shelves, the Department of Homeland Security (DHS) issued a Binding Operational Directive published ordering the removal of Kaspersky Lab products off government computers. A day later, Office Depot announced a similar decision to ban the sale of Kaspersky products in its stores. Additionally, Office Depot is letting customers exchange their Kaspersky copy with a one-year license for McAfee LiveSafe.
Kaspersky may well be innocent (Score:5, Insightful)
I'm perfectly willing to believe, the authors of the Kaspersky software and the owners of the company want to have to provide a good anti-virus and do not want to cooperate with Russia's spies. But the decision may not be up to them — Russian government has many more instruments at their disposal to convince businesses and individuals to "cooperate", than do the governments of free(er) countries.
Yes, American government has some such instruments as well — just pick, who you trust more...
Re:Kaspersky may well be innocent (Score:5, Informative)
Russian government has many more instruments at their disposal to convince businesses and individuals to "cooperate"
While that might be true; I doubt they would risk it.
Probably you are at a MUCH higher risk if you replace Kaspersky software with McAfee LiveSafe, just because the McAfee offering is crap.
Also, the risk of VULNERABILITIES in your AV product is at a much higher risk than an intentional backdoor existing (IMO).
Personally; I use neither antivirus product favoring WebRoot instead, but I have some respect for Kaspersky, and nobody's shown any evidence specific to Kaspersky that they could not be trusted.
Re:Kaspersky may well be innocent (Score:4, Interesting)
Why? What does the Russian Government have to lose?
The fact that the ownership of Kapersky was shuffled around such that a guy with deep connections to the FSB (Former KGB) has significant control over the corp should scare anyone. This should be enhanced by the fact that the American government has apparently seen something so concerning that they are reacting to it with law enforcement assets and have bared it's use within the DOD.
This isn't much different than ZTE's three top owners being top Army officials in the PRC along with deep connections to their spy apparatus. I'd be concerned about using any Tech where the top people and owners are all connected to and beholden to that states spy apparatus. For all the talk no one on the board of Microsoft or Cisco is a top retired general that's got deep connections with the NSA. From what we learned from Snowden the NSA does their backdoor stuff on the sly by diverting packages and installing compromised firmwares after it leaves the factory instead of writing the backdoor directly into the software.
If Kapersky is truly using virus scanning to scan for files they want then they've created a tool with unparalleled power. Any computer with Kapersky software is having it's contents scanned and reported back to Russia and the Russian government is apparently able to review the database for targets. It would be trivial for them in such a situation to have the software grab the contents for them, after all it already has kernel Ring 0 access by virtue of it's status as a virus scanner. That's reason alone not to run windows.
Re:Kaspersky may well be innocent (Score:4, Insightful)
"This should be enhanced by the fact that the American government has apparently seen something so concerning that they are reacting to it with law enforcement assets and have bared it's use within the DOD."
Is this the same government that deliberately start wars and invade other countries based on their own propaganda (aluminum tubes and babies being pulled from incubators, anyone)? Yeah, I thought so. So now it's show your proof or GFY.
Re: (Score:2)
Google is an international advertising company, one of the (if not the) largest in the world. Russians purchase millions of ads per year from them. Will some be politically motivated? Sure. Is this legal? Yes.
Non-story in a desperate attempt to paint Russia as both a military boogyman and a Democrat scapegoat.
Re: (Score:2)
Why would they throw away such a useful tool on such a relatively trivial thing?
Re: (Score:2)
Pfft, most likely reason for ban, no US CIA/NSA back doors, maybe FSB ones but definately no US ones. Who is most likely to hack, the US government, they have an insane spy on everyone and control everyone policy. So paying for one, I would go with the Russian Kaspersky because they spend their time fending off the CIA/NSA rather than cooperating with them. Are Kaspersky innocent, not in US government eyes, they are guilty as hell for in all likelihood being unwilling to install CIA/NSA back doors, not that
Re: Kaspersky may well be innocent (Score:2)
i wouldnt give either absolute permission over all files on my computer. lets be honest, after windows, the anti virus that runs on it is the biggest security hole a computer can have.
Personally i think you are an idiot if you donâ(TM)t believe every single av vender is a key foothold for its respective governments intelligence service.
Re: Kaspersky may well be innocent (Score:1)
because the management engines are not âlegitimatelyâ(TM) sending your files to a remote server, - you can mitigate it with network based threat detection. yes they are a hole, but well down the list compared to windows and av communications with the outside world.
Re: (Score:2)
Here are some quotes for you: ... ... ...
Larry Ellison co-founded Oracle Corporation in 1977 with Bob Miner and Ed Oates under the name Software Development Laboratories (SDL).
Ed Oates graduated with a BA in mathematics from San Jose State University in 1968, and worked at Singer, the US Army Personnel Information Systems Command (PERSINSCOM) (drafted), Ampex, and Memorex before co-founding Oracle.
In-Q-Tel: A Glimpse Inside the CIA’s Venture-Capital Arm
In-Q-Tel has been an early backer of start-ups la
Re: (Score:2)
In-Q-Tel has also invested in FireEye for example.
Re:Kaspersky may well be innocent (Score:5, Insightful)
Do as we say or we'll confiscate your business, your assets, imprison your family, and beat you senseless
That's about how I'd figure that conversation would go in Putin's Russia.
The real question here is: In 2017, can we trust ANYTHING to run on our computers that we didn't compile ourselves, after personally vetting the sourcecode -- and then, can we trust the compiler to not be compromised, too? Really, honestly, seriously, I'm starting to feel like we're getting to that point -- and even if what we're running isn't compromised as soon as it's installed, there doesn't seem to be much of anything that can prevent the mahcine from being compromised externally, unless you're never connected to the Internet, ever -- and even then, security researchers keep exposing exploits that can compromise a computer that's completely air-gapped.
Re: (Score:3, Insightful)
You're forgetting about TPM. You may be fully compromised even when the machine isn't booted.
Re: (Score:2)
The CDP1802 with a 2kB integer BASIC interpreter and 8kB of static RAM I built back in the early 80's on perfboard is starting to look pretty good right now.
Ken Thompson (Score:2)
That reminds me of the Ken Thompson hack.
http://wiki.c2.com/?TheKenThom... [c2.com]
Deviously brilliant
Re:Kaspersky may well be innocent (Score:4, Funny)
Yes, American government has some such instruments as well — just pick, who you trust more...
I trust Linux more than either government. ;)
Re: (Score:2)
How very Libertarian of you... But is that even a dichotomy, though? Linux has [eteknix.com] quite a bit of NSA-developed code [nsa.gov]...
Re:Kaspersky may well be innocent (Score:4, Informative)
Re: (Score:2)
So sure you are... Besides, they may as well be increasing security by planting things with certain backdoors [wordpress.com]. The actual readable code may just be arcane and hard to read — but innocent. Innocent, until a specially-crafted USB-stick is plugged-in. Or a specially crafted ICMP-packet arrives — its content containing a proper key to open things up for the NSA (but not to anyone actually hostile)... Or until a binary d
Re: (Score:2)
So sure you are... Besides, they may as well be increasing security by planting things with certain backdoors [wordpress.com]. The actual readable code may just be arcane and hard to read — but innocent. Innocent, until a specially-crafted USB-stick is plugged-in. Or a specially crafted ICMP-packet arrives — its content containing a proper key to open things up for the NSA (but not to anyone actually hostile)... Or until a binary driver for some cool gadget is loaded into kernel...
I'm sure because in contrast with you I am an actual developer and have looked at the very code that I am talking about (would be a hypocrite otherwise). So first it was SELinux that was the problem and now there are hidden backdoors everywhere that you can unlock with ICMP packages, I do think that you should stop looking at shows like The Blacklist.
How do you know, when you download the latest nVidia-driver, for example, that it contains no NSA-provided code?
That one is easy because I don't download the latest nVidia driver since I'm using the open AMD drivers at home and the open Intel drivers at work.
Re: (Score:2)
Re: (Score:3)
Heartbleed. Tell me that the Heartbleed bug, the heartbeat function it fucked up the security on, and the RFC the heartbeat function was based on weren't all state sponsored.
Re:Kaspersky may well be innocent (Score:4, Informative)
The problem is that open source projects can be contributed to by anyone, including state sponsored bad actors.
You're not even wrong! However, it requires someone accept the contribution and never have someone notice the flaw. In the closed source model, nobody will ever have the chance to notice the flaw. Also, with a bit of pressure, a business will insert whatever blatantly evil code a state-sponsored actor insists on.
Heartbleed. Tell me that the Heartbleed bug, the heartbeat function it fucked up the security on, and the RFC the heartbeat function was based on weren't all state sponsored.
I can tell you for a certainty that shitty code occurs in the wild without the help of any state-sponsorship. OpenSSL was neglected but hey, thanks for the conspiracy theory!
Re: (Score:3)
Re: (Score:2)
I don't run any anti-virus software on Linux. I trust the user community to discover and patch any problems much more than I trust any anti-virus vendor. So far, no problems.
Re: (Score:3, Insightful)
Pick the one that can hurt you the least. Who is the greater threat Russian secret police or American? Trust but verify. RR
Re: (Score:1)
Re: (Score:1)
> Russian government has many more instruments at their disposal to convince businesses and individuals to "cooperate", than do the governments of free(er) countries.
Pshaw! Russia doesn't have anything on the US in that regard.
http://www.reuters.com/article/us-usa-security-rsa/exclusive-secret-contract-tied-nsa-and-security-industry-pioneer-idUSBRE9BJ1C220131220 [reuters.com]
As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.
And don't forget all those US anti-virus firms that reluctantly updated their products to scan and remove the Sony rootkit DRM shit only after t
Re: (Score:3)
I'm perfectly willing to believe, the authors of the Symantec software and the owners of the company want to have to provide a good anti-virus and do not want to cooperate with United States' spies. But the decision may not be up to them — US government has many more instruments at their disposal to convince businesses and individuals to "cooperate", than do the governments of free(er) countries.
Yes, Russian government has some such instruments as well — just pick, who you trust more...
https://w [reuters.com]
Re: (Score:3)
Yes, American government has some such instruments as well
Yep, like spreading FUD about AV that doesn't cooperate and coercing businesses to stop using/selling it.
Re: (Score:2)
Re: (Score:3)
Um, that doesn't make them innocent, that makes them guilty but coerced. Innocent would be if the Russian spies were sniffing through their telemetry without them knowing, but that still means they are just as much of a security hole. I will admit that I didn't know that anti-virus software sent the user's files off-site for "inspection" if they were "suspicious". That is ridiculously insecure for the user's private data.
Your "innocent" scenario is exactly what Kaspersky says (may have) happened in the case with the case where an NSA contractor's files were scanned by Kaspersky and then immediately hacked by the Russians. From Eugene Kaspersky: [kaspersky.com]
Re: (Score:1)
Consider this... The US has equal "instruments" in McAfee as Russia has in Kaspersky. Which is more likely to cause you a run in with a government body?
Re: (Score:2)
I'm perfectly willing to believe, based on, plenty of evidence, that you, write like, a retard.
Re: (Score:2)
https://www.federalregister.go... [federalregister.gov]
Snake oil (Score:2)
Antivirus are snake oil.
Re: (Score:1)
I would treat the The Russians more of course. They don't care if I download movies or music from American studios or protest against some western policy. Perhaps they might be interested in the later and even want to pay me for it, so all the better.
They probably refused to ignore NSA malware (Score:5, Insightful)
And now they are killed via a classical attack on their reputation, which may or may not be completely without merit. Of course, this only concerns the US market.
Re:They probably refused to ignore NSA malware (Score:4, Interesting)
It's also possible that the software is fine as delivered by Kaspersky as far as they know, but altered/backdoored covertly while in transit, somehow. The U.S. government has done as much to Cisco hardware that has been shipped worldwide, so it's not like there wouldn't be precedent.
Re: (Score:2)
Definitely a possibility.
Re: (Score:2)
You think the NSA told a Russian Security company with possible ties to the Russian government about its walware?
Re: (Score:2)
Re: They probably refused to ignore NSA malware (Score:2)
Re: (Score:2)
This is not how this goes. Kaspersky is a pretty good AV company. They have sensors and are probably finding NSA malware all on their own without being told about it. They may then get a request to remove certain signatures, though.
Re: (Score:2)
This is not how this goes. Kaspersky is a pretty good AV company. They have sensors and are probably finding NSA malware all on their own without being told about it. They may then get a request to remove certain signatures, though.
Which tells Kaspersky that a certain piece of malware come from the NSA, which then potentially tells Russian Intelligence what systems the NSA is targeting and what information they may have collected.
I still don't see the NSA telling Kaspersky about it's malware.
Re: (Score:2)
I still don't see the NSA telling Kaspersky about it's malware.
That is an issue on your side, not on mine...
Re:They probably refused to ignore NSA malware (Score:4, Interesting)
That's the best explanation. Now everyone has received the warning. If you don't cooperate with the US three letter organisations we'll get you. They've got nothing on Kaspersky except that the software performed as expected and that is by detecting malware. Give it some time and every AV that is left on the market is forcibly unreliable.
Re: (Score:3)
It may be a good idea to run Kaspersky in addition to your regular scanner on everything suspicious. It may also be an excellent idea to buy their product to make sure they stay on the market. At least against US government malware, it seems they are currently getting the highest endorsement possible.
Russia removing Windows in 3...2..1... (Score:2)
Well... (Score:3)
trumpistan (Score:3, Interesting)
we take in products from hundreds of different countries, including digital products that are in the heart of infrastructure. we allow outsourcing of sensitive data processing all over the planet.
but this one company is being singled out by the federal government and destroyed without a trial.
lets look at companies who actually took money from Russian operatives to place political advertisements on their networks. Facebook, Google, Twitter, directly profited from Russian interference in the election, and will never face any consequences.
this has nothing to do with protecting security, it is all about nationalism and isolation, Trump thinks that by cutting out foreign competition it will somehow provide an economic boost to domestic companies.
what he doesnt seem to realize is that every isolationist country, from Japan to Russia, has a stagnating population and a stagnating economy. Interacting with the world is how China lifted itself out of poverty - us cutting ourselves off from the world is how we are going to sink into it.
Re: (Score:2)
That would be a great theory, except that the MSM and all the big players in DC have been telling us for the last 1.5 years that Russia has Trump in their pocket.
It makes way more sense if you said this was the Three Letter Agencies involved and their deep state overlords ordered this a payback for "Russia Hacking The Election".
Further, if it is what you say it is, it defeats the whole "Russia Hacked The Election" at several levels, namely it backfiring on the Russians. They probably have more dirt on Clint
Re: (Score:2)
singled out by the federal government and destroyed without a trial.
Stores need not be forced to carry your product, customers need not be forced to buy it - government, corporate, or otherwise. There's no place for a trial here.
"off the shelves" = zero impact (Score:5, Insightful)
No? Me either.
Re: (Score:2)
I 'member! /Memberberries
Re: (Score:3)
'Member meticulously transcribing source code from paper magazines, then leaving the computer on 24/7, because you couldn't afford the tape drive for a few more months?
Re: (Score:2)
Re: (Score:2)
I 'member getting my member stuck in it when I didn't receive proper instructions.
Re: (Score:2)
Remember when you'd buy software? With a disc in a cardboard package? From a retail store you'd have to enter? No? Me either.
Pepperidge Farms remembers
Re: (Score:2)
Re: (Score:2)
Dementia.
Re: (Score:2)
Re: (Score:2)
Speaking of the cloud and trustworthiness, how do you know that what you get back from your cloud storage is exactly what you put into your cloud storage (nothing more, nothing less)? We need good file checksum tools that use local/off-line storage of checksums for comparison purposes.
How do you know that any piece of software on your computer is doing just what it says, and nothing more, especially when it makes "phone home" connections? We need automatic containment of all software execution with the a
Also possible this is all to whitewash... (Score:2, Interesting)
The fact that anti-virus is so last generation and the dangers now are general purpose programmable management engine processors available in ARM, Intel, and AMD cpus/socs with no way for the physical owner (rather than the manufacturer) to disable, reprogram, audit, or otherwise ensure control of their computer systems is actually under their control.
Much like other psy-ops intended to direct attention away from the real social or technological threats, this may be another one of them. If they can backdoor
Old news (Score:2)
Best Buy pulled Kaspersky on 9/8, then 8 days (1 week + 1 day) later Office Depot announced the same.
I know /. is slow in posting stuff but why is this even posted on 10/9?
Re: (Score:2)
Except for an Office Depot addition, It's basically a dupe [slashdot.org].
They should've... (Score:5, Insightful)
Who is the worst? (Score:2)
1. Considering the fact that American companies are forced to "cooperate" with the American government
2. Considering the spying habit of the NSA
3. Considering that I live in Canada, where Russia has no influence (the chance that I would be extradited to Russia for wrong think are nil)
I'd much rather use a Russian antivirus than an American one! (That is, I'd much prefer that Russia spies on me than the US.)
Re: (Score:2)
Just wait until your Toronto to Vancouver Air Canada flight is diverted over Montana, you are detained and your laptop is confiscated for flying through US airspace with Kaspersky software.
Re: (Score:3)
Magic Lantern (software) https://en.wikipedia.org/wiki/... [wikipedia.org]
At least it's not Norton... (Score:2)
Pretty bad when your AV software is worse than the shit it's supposed to stop.
Is there any actual proof of anything? (Score:5, Insightful)
Or do we just trash businesses based on opinion?
Re: (Score:2)
It's not just opinion ... Hillary lost so Trump is illegitimate so Russian Hackers so Kaspersky conspiracy.
QED
Maybe you disagree because you're a fascist.
'Murca.
Trust the brand that helped find (Score:3)
Flame
Equation Group
Duqu
https://en.wikipedia.org/wiki/... [wikipedia.org]
Highly sophisticated malware gets found and the internet is safer.
Re: (Score:1)
mod parent up!
Additionally, Office Depot is letting customers (Score:2)
exchange their Kaspersky copy with a one-year license for McAfee LiveSafe.
for McAfee LiveSafe.
McAfee
Worst trade ever.
Kaspersky endorsement (Score:2)
Pick your poison (Score:1)
If you live in the US, who do you want spying on you? the Russians? or the NSA?
Pick your poison...personally, as a non-combatant, I think I'd prefer the Russians as they have no legal reach to me....
but since I run a 'nix variant, I don't run any AV anyway, a non-issue for me.
Re: (Score:1)
So how is the the weather in Russia, comrade?
Re:What we can learn from this (Score:4, Funny)
We have nice weather while Americans have tornados! The Cold War is over but The Warm War is working!
Re: (Score:1)
Re: What we can learn from this (Score:2, Funny)
Agreed. Maybe a kinda chartreuse color?
Re: (Score:2)
Well that's a nice color. 40 or 55?
https://media2.caskers.com/med... [caskers.com]
Re: (Score:2)
Are you now, or have you ever been, a member of the Communist Party?
Re: (Score:3)
Joe's affiliations: (Score:1)
Roy Cohn was Joe McCarthy's chief counsel during the army hearings.
.
Roy Cohn was also Donald Trump's lawyer.
Re: (Score:1)
Uh-huh. Why are you half-assing this, AC?
Roy Cohn also was the US DOJ prosecutor in the Rosenberg espionage trial, and he also represented Rupert Murdoch He was a registered Democrat who often supported Republican administration on the federal, state, and local levels. He was disbarred, a homosexual, and died of AIDS in 1986. He was also a Jew.
There, this smear is much more informative. Do better next time, AC.
Re: (Score:1)
the rest of the world is laughing at you
And we'll keep laughing for lots of other reasons.
Re: (Score:3)
No. This isn't racism, this is nationalism, or possibly jingoism.
OTOH, it's also a very real recognition that the Russian govt. can coerce any backdoor it wants into Kapersky software. So it makes perfect sense for US govt. machines to avoid it. (I'm not saying they should trust McAfee,)
That said, the Russians would probably be reluctant to share their info with the US spooks, so Kapersky's software is likely a better choice for those living under a US regime than many alternatives. But perhaps avoiding
Re: (Score:2)