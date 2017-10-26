Follow Slashdot blog updates by subscribing to our blog RSS feed

 


McAfee Says It No Longer Will Permit Government Source Code Reviews (reuters.com) 33

Posted by msmash from the tussle-continues dept.
Dustin Volz, Joel Schectman, and Jack Stubbs, reporting for Reuters: U.S.-based cyber firm McAfee said it will no longer permit foreign governments to scrutinize the source code of its products, halting a practice some security experts have warned could be leveraged by nation-states to carry out cyber attacks. Reuters reported in June that McAfee was among several Western technology companies that had acceded in recent years to greater demands by Moscow for access to source code, the instructions that control basic operations of computer equipment. The reviews, conducted in secure facilities known as "clean rooms" by Russian companies with expertise in technology testing, are required by Russian defense agencies for the stated purpose of ensuring no hidden "backdoors" exist in foreign-made software. But security experts and former U.S. officials have said those inspections provide Russia with opportunities to find vulnerabilities that could be exploited in offensive cyber operations. McAfee ended the reviews earlier this year after spinning off from Intel in April as an independent company, a McAfee spokeswoman said in an email to Reuters last week.

  • The Antivirus War is On (Score:4, Insightful)

    by cloud.pt ( 3412475 ) on Thursday October 26, 2017 @02:30PM (#55438723)

    This is interesting news, I didn't know Russia demanded this, but I guess they wised up before, well, the US.

    I do love the tongue-in-cheek from McAfee: they're blatantly trying to get the Kaspersky US market with the patriotic card by exiting the Russian one, and going backwards on the exact thing Kaspersky has stated they would allow from US!

    Now, in all seriousness - does McAfee really think they are gonna catch any market with this? Does anyone with a 2 digit IQ still install McAfee?

    • Even an unpopular offering will likely experience increased sales when one of their biggest competitors is burning down and everybody is jumping ship.

      For example, there are probably lots of people who dislike Symantec and don't want to install their product, and those people might not know which other companies have a good product. They might only know that McAfee has been around for a long time, and try it.

      McAfee at least is easier to uninstall.

      • Doesn't Windows come with a built-in antivirus these days?

        • Doesn't Windows come with a built-in antivirus these days?

          "It's secure. Trust me."

          After looking at the rather colorful history of the built-in browser, tends to make you wonder just how many times we're gonna believe that line...

    • I do love the tongue-in-cheek from McAfee: they're blatantly trying to get the Kaspersky US market...

      McAfee is already on many of the DoD computers I use, working hard to slow them to a crawl...

    • If the government regulations require an antivirus that meets A,B, and C, and only one company has those, then they win even if the application is a dumpster fire. You won't get any of those govt contract without meeting their requirements.

    • It makes no sense. I'd rather more countries review it, so there's more eyes on it and less likely to have something nefarious that only benefits one or some countries.

  • Double standard, anyone? (Score:3)

    by Scarred Intellect ( 1648867 ) on Thursday October 26, 2017 @02:32PM (#55438741) Homepage Journal

    So it's OK for the US to audit Kaspersky's source code for hidden backdoors (and Kaspersky is highly regarded for offering it), but it's not OK for Russia to audit McAfee's source code for hidden backdoors.

    Because Russia.

    Did I get that right?

    • So it's OK for the US to audit Kaspersky's source code for hidden backdoors (and Kaspersky is highly regarded for offering it), but it's not OK for Russia to audit McAfee's source code for hidden backdoors.

      McAfee does not set the policies of Kaspersky as to if they let people look at the code. Whether or not it's "OK" for one company to choose one thing and another company to choose another thing is a false dynamic. Both can choose to do whatever they like.

    • Re: (Score:1)

      by dabadab ( 126782 )

      Because Russia.

      Did I get that right?

      Yes. And coming from an ex-Eastern Block country that seems to be a damn good reason.

    • Re: (Score:2)

      by Jeremi ( 14640 )

      Really it doesn't make much difference either way.

      Unless you are as familiar with the codebase as its authors are (and you definitely won't be) and unless you are doing all of the compilation from source yourself (which you probably won't be), you're still more or less at the mercy of the software vendor.

      Even if you read all of the source code they provide you with to "prove" the program doesn't do anything nefarious, there is no guarantee that the binary you install on your computers was based on the sourc

