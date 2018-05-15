Kaspersky Lab Moving Core Infrastructure To Switzerland (securityweek.com) 34
wiredmikey writes: As part of its Global Transparency Initiative, Russia-based Kaspersky Lab today announced that it will adjust its infrastructure to move a number of "core processes" from Russia to Switzerland. The security firm has faced challenges after several governments have banned Kaspersky software over security concerns, despite no hard evidence that Kaspersky has ever colluded with the Russian government. As an extension to its transparency initiative, announced in October 2017, the firm is now going further by making plans for its processes and source code to be independently supervised by a qualified third-party. To this end, it is supporting the creation of a new, non-profit "Transparency Center" able to assume this responsibility not just for itself, but for other partners and members who wish to join. Noticeably, Kaspersky Lab does not link the move specifically to the effects of the U.S. ban, but sees wider issues of global trust emerging.
How will moving location change anything? (Score:5, Insightful)
Kaspersky is being accused of aiding the Russian government in its espionage. Being that the company makes security software which by definition needs to be run these systems normally with elevated privileges.
Despite if the claims are true or not, people are not choosing Kaspersky software due to its connection with Russia, and the Russian government does have a trend of getting involved in its companies. Companies with sensitive information are not using the software.
Moving to Switzerland doesn't seem to really fix anything, because all it will take is a request for the CEO to send or "Backup" their data to a Russian Data center, or to an 3rd party data-center that Russia may have access too.
The only way I think they would be considered safe, is if they provide the source to all the countries they are trying to sell too, have them review it, and compile it with their own tools and redistribute it to its citizens. Any data collection would need to be done by 3rd party resellers who have no direct connection to the actual company.
The same issue happened a couple years back with Microsoft selling Windows in China IIRC. They made the source code available for inspection. I assume this is a similar initiative.
It's simple enough to reject those requests if Switzerland has reasonable privacy laws. "I'd love to send the data to Moscow HQ, but I'm in Switzerland and the law does not permit me to do so."
There are ways around that normally. Lets say there is a remote offsite backup in UK. Where their privacy may be compatible for Switzerland to send data to them, but UK Laws may allow sending data to Russia.
I am not saying UK laws will or will not allow this, I am just giving an example.
The government has been up in arms about foreign-produced hardware for many years, to the point that they stopped buying Cisco equipment for a while. Problem is you can't really find any off-the-shelf computer components that AREN'T made in Asia somewhere. I've even heard of instances where the gov won't allow software developed with IntelliJ because they are Russian as well.
Once Kaspersky establishes itself as "not Russian" in the public eye, then the tides will change again.
I don't disagree with your thoughtful answer.
I used Kaspersky long ago, when Windows was routinely eaten up with malware. You remember those days of Combofix and TDSSKiller and Malwarebytes.
I would install Kaspersky long enough to do the job, and it did it well. After the infections were removed, I did a deep uninstall using Revo Uninstaller, simply because, "Russia."
I had no reason to suspect Kaspersky of any evil, but I did not want a Russian company in my house.
Were I not retired from IT, I would avoid Kaspersky.
In related news, last fall ESET analyzed and detected variants of FinFisher, the German spy software used for the Bundestrojaner that is also sold to oppressive regimes like Egypt and Turkey.
Those anti-virus vendors are getting pesky, I guess there will be more government actions against those who don't comply in the near future.
Not sure that'll help (Score:5, Interesting)
Re:Not sure that'll help (Score:4, Interesting)
Eugene Kaspersky still lives in Moscow and he's still an ex-KGB agent. These two facts alone make look Kaspersky highly untrustworthy considering that the Kremlin is waging e-war with the rest of the world.
No, even if true Kaspersky A/V is still the far more trustworthy choice as I'd trust Putin over the US government as far as their interest in and ability to screw with me as an individual.
You have to understand that any A/V made by companies in "Five Eyes" nations or their allies is intentionally and deliberately broken out of the box. Kaspersky A/V will happily identify/remove US/Western LEA/TLA spyware, etc. That's really what this is about.
If the US government forces me to be spied on then whenever possible I'll choose to be spied on by the US's enemies over allowing the US to do so.
Strat
The enemy of my enemy is my friend is a better analogy.
Russia/Putin have zero interest in me and have no ability to toss me into PMITA prison unlike the US government who is and has for decades violated many if not most civil rights enshrined in the US Constitution.
If the US government doesn't want people running Russian software maybe they should stop trying to out-Russia Russia.
Strat
An Israeli firewall software was also removed off the Australian buy list
Full inspection of code at an Israeli embassy was not enough at the time.
Same old story, differential treatments.
But what is the point when Intel chips have huge unfixed hardware bugs, and video cards/DMA is another biggie.You think speculative execution is only llimited to CPU's? and not GPU's or phone modem chips?.
I bet Kaspersky gets first news on zero day exploits, with its own inhouse team capable of doing something with it.
Among the folks who stash their illegally earned, stolen or just plain plundered cash in Swiss secret numbered accounts are:
Cocaine Cartel Barons, corrupt African government officials, the American mafia, crooks in the Vatican Bank, that Crown Prince of Nigeria who keeps sending me spam, the "Windows Support" guy who keeps calling me, wealthy American and German tax evaders . . . and Putin's oligarch mafia stooges.
So the place is transparent as Area 51.
You mean it's a safe haven for those who do not wish to associate with world government? That sounds perfect for their purposes of signalling they are not under the control of Russia.
When will ISS Mission Support move to Switzerland too? That would include crew and resupply missions too.
