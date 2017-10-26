McAfee Says It No Longer Will Permit Government Source Code Reviews (reuters.com) 33
Dustin Volz, Joel Schectman, and Jack Stubbs, reporting for Reuters: U.S.-based cyber firm McAfee said it will no longer permit foreign governments to scrutinize the source code of its products, halting a practice some security experts have warned could be leveraged by nation-states to carry out cyber attacks. Reuters reported in June that McAfee was among several Western technology companies that had acceded in recent years to greater demands by Moscow for access to source code, the instructions that control basic operations of computer equipment. The reviews, conducted in secure facilities known as "clean rooms" by Russian companies with expertise in technology testing, are required by Russian defense agencies for the stated purpose of ensuring no hidden "backdoors" exist in foreign-made software. But security experts and former U.S. officials have said those inspections provide Russia with opportunities to find vulnerabilities that could be exploited in offensive cyber operations. McAfee ended the reviews earlier this year after spinning off from Intel in April as an independent company, a McAfee spokeswoman said in an email to Reuters last week.
You mean, stop bribing Secretary of States, former presidents under the watchful eye of the Robert Mueller FBI ?
In antivirus, hack Russia you!
Of course, the US govt doesn't need to review mcafee's source code, they already know exactly what back doors they have inserted into it, just like they claim Russia has done
The fact is, researching new viruses and maintaining up-to-date signatures requires constant work, which means the need for paid employees. This is really something that should be a collaboration between all the governments of the world and provide for free, thus facilitating far greater FOSS anti-virus solutions. As it is, it's just not something that's interesting enough for anyone to want to do as a hobby. Add to that the fact that those of us running FOSS operating systems don'
The Antivirus War is On (Score:4, Insightful)
This is interesting news, I didn't know Russia demanded this, but I guess they wised up before, well, the US.
I do love the tongue-in-cheek from McAfee: they're blatantly trying to get the Kaspersky US market with the patriotic card by exiting the Russian one, and going backwards on the exact thing Kaspersky has stated they would allow from US!
Now, in all seriousness - does McAfee really think they are gonna catch any market with this? Does anyone with a 2 digit IQ still install McAfee?
Even an unpopular offering will likely experience increased sales when one of their biggest competitors is burning down and everybody is jumping ship.
For example, there are probably lots of people who dislike Symantec and don't want to install their product, and those people might not know which other companies have a good product. They might only know that McAfee has been around for a long time, and try it.
McAfee at least is easier to uninstall.
Doesn't Windows come with a built-in antivirus these days?
"It's secure. Trust me."
After looking at the rather colorful history of the built-in browser, tends to make you wonder just how many times we're gonna believe that line...
McAfee is already on many of the DoD computers I use, working hard to slow them to a crawl...
It makes no sense. I'd rather more countries review it, so there's more eyes on it and less likely to have something nefarious that only benefits one or some countries.
Double standard, anyone? (Score:3)
McAfee does not set the policies of Kaspersky as to if they let people look at the code. Whether or not it's "OK" for one company to choose one thing and another company to choose another thing is a false dynamic. Both can choose to do whatever they like.
Yes. And coming from an ex-Eastern Block country that seems to be a damn good reason.
Really it doesn't make much difference either way.
Unless you are as familiar with the codebase as its authors are (and you definitely won't be) and unless you are doing all of the compilation from source yourself (which you probably won't be), you're still more or less at the mercy of the software vendor.
Even if you read all of the source code they provide you with to "prove" the program doesn't do anything nefarious, there is no guarantee that the binary you install on your computers was based on the sourc