back to article Sir, you've been using Kaspersky Lab antivirus. Please come with us, sir

The US government issued an interim rule this morning prohibiting agencies from using products or services that have pretty much anything to do with Kaspersky Lab. The Federal Acquisition Regulation (FAR) comes into effect from 16 July 2018 and is a result of the National Defense Authorization Act (NDAA), which prohibits any …

  1. DagD

    Kapersky Labs "Big No, No..."

    Conducting business on private email servers and home brewed Black Berries? - Don't see a problem...

    1. Anonymous Coward
      Anonymous Coward

      FBI boss Comey used Gmail....

      AV from McAfee to AVG / Avast is Ad-Slurp Malware anyway.

      Kaspersky Virus-Removal-Tool seems ok. Reason to switch?

      -------------

      https://www.theregister.co.uk/2018/06/15/fbi_boss_comey_private_email/

  2. Will Godfrey Silver badge
    Unhappy

    Seems clear to me

    The snoops don't like it because it does work and borks their spyware.

  3. Waseem Alkurdi

    I still don't get Kaspersky Labs

    ... violate the US Constitution by specifically and unfairly singling out the company for legislative punishment, based on vague and unsubstantiated allegations without any basis in fact.

    There's an Arabic saying that translates into "To whom should the seed complain if the judge was a chicken?".

    Kaspersky Labs is doing the exact same thing.

  4. Anonymous Coward
    FAIL

    Kaspersky is choicefully blind

    Well it deliberately cannot see past reparse points (they are Microsoft sim-links for partitions).

    Some years ago with a bit of bother I moved my (Win XP) Program files folder to a new partition, I removed all the files of program files folder and in MMC Storage Disk Management chose to link my partition to an empty folder.

    This creates a reparse point (sim-link) to that folder. Other antivirus and other programs seemed to work Ok, the only problem was some programs would delete Program files folder when uninstalling themselves, After a bit of panic I just recreated the empty Program files folder and all resumed well.

    Then it came to Kaspersky antivirus, it installed Ok, but when scanning the Program files folder and subtree threw up endless problems not finding itself or able to find programs down the subtrees.

    Kaspersky Australia said they would fix it, but I had removed it before hand. A couple of years later, forgetting the problems I had had, silly me, I bought another one and tried again - Whoopse NO it had the same problem I had to both times use a remove all Kaspersky program to get rid of it completely..

    Kaspersky was at conference so I Tweeted them and they blocked me. SO I guess they weren't going to change.

    This seems crazy because their install disk was a bootable AV version running on Linux that should have worked with simlinks, but it would never find definitions regardless of where it was installed.

    So GOV's and the like take note.

    Kaspersky would not run across reparse/simlinks properly.

    1. Anonymous Coward
      FAIL

      blind?

      "MS does not understand UNIX symbolic link. Even if they do, Windows does not come with sane replacement for the same, and [software that depends on] it might not work predictably in the vicinity of their reimagined, NTFS-integrated substitute"

      FTFY

      1. Anonymous Coward
        Facepalm

        MS does not understand UNIX symbolic link

        @dbtx: "MS does not understand UNIX symbolic link. Even if they do, Windows does not come with sane replacement for the same, and [software that depends on] it might not work predictably in the vicinity of their reimagined, NTFS-integrated substitute"

        Some time ago someone asked me to fix their Windows laptop which could not update as their was a stuck corrupt file in the update folder and Windows refused to delete it. So I booted a live CD and deleted the file, except it went back up the tree and deleted Windows, necessitating a total reinstall, my reputation never recovered.

  5. Mark 85

    Thanks to the secretive nature of intelligence agencies and the potential sensitivity of the alleged stolen data, that evidence is unlikely to be shared any time soon.

    I would like to think that in a perfect world, the agencies would share their concerns (and the proof) so that others not in the agencies can make an informed decision. I guess the spooks don't want to tip off the citizens that we're being watched.

    1. Anonymous Coward
      Anonymous Coward

      Snowden? Wasn't he in Geordie Shore?

    2. Anonymous Coward
      Stop

      Я невиновен, товарищ!

      > [ ... ] so that others not in the agencies can make an informed decision

      You can make an informed decision. You have been told, just like everyone else, that Kaspersky is not safe to run on Government computers.

      Now if you expect NSA to tell you how they came to that conclusion, you will be waiting for a very long time. They don't have to tell you. And you're not entitled to that piece of information.

      You are free, of course, to download Kaspersky, reverse-engineer it, analyze what it does, and then publish the results of your research for everyone to read. That is your chance to prove to the world, once and for all, that Kaspersky is innocent and that NSA is blowing this out of proportion, for nefarious reasons.

      I am awaiting the publication of your research paper on Kaspersky AV, proving its innocence. Until then, I'll take NSA's word for it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Я невиновен, товарищ!

        I am awaiting the publication of your research paper on Kaspersky AV, proving its innocence. Until then, I'll take NSA's word for it.

        Sure, because guilty until proven innocence combined with the usual lack of due process is the new US default. Well done, go straight to Trump, do not collect any sanity, or trust.

        If it's that nefarious, people need to know. There's no valid argument for the secrecy bullshit here - if there was something to it they would have "leaked" it already. These agencies have lost the right to just be believed without proof a long time ago.

        1. Anonymous Coward
          Devil

          Re: Я невиновен, товарищ!

          > guilty until proven innocence combined with the usual lack of due process is the new US default

          When it comes to spyware, that's always been the default.

          Lack of due process huh? Putinistan and the FSB giving due process lessons to the US.

          Why don't your friends at the FSB Kaspersky open source Kaspersky AV? Just open source it. Let's all have a look at what that code really does.

          1. Anonymous Coward
            Anonymous Coward

            Re: Я невиновен, товарищ!

            Why don't your friends at the FSB Kaspersky open source Kaspersky AV? Just open source it. Let's all have a look at what that code really does.

            Sure. As soon as you get Microsoft to open source its code too. After all, we're supposed to take that on trust on a glbal scale, despite everything they got up to since MS-DOS - and the fact that the US has just implemented laws that allow it have a peek at data that doesn't reside inside its jurisdiction.

            If you want Kaspersky to give away their IP you must be prepared to do the same, otherwise it's just yet another attempt at damaging the one company that gets in the way of government spyware - which is likely what this is all about. Trump's minions don't know subtle from a hole in the wall.

            1. Anonymous Coward
              Anonymous Coward

              Re: Я невиновен, товарищ!

              What does Microsoft's licensing have to do with Kaspersky spying for the FSB or GRU?

              Grasping at straws much?

              1. Anonymous Coward
                Anonymous Coward

                Re: Я невиновен, товарищ!

                What does Microsoft's licensing have to do with Kaspersky spying for the FSB or GRU?

                Maybe US spying vs Russian spying? Judging by the conversation you're very happy to accept the US arguments of spying without any evidence, but seem to have a problem with applying the same principle to a US organisation that hasn't even bothered to hide what it's doing now, but which even was found to have rather interesting keys in its code.

                And there's Google, of course. And Facebook. And Skype has been spying on every text message well before they camouflaged it with a site preview (discovered in Germany).

                Maybe it's just me, but it's a frequently exercised tactic in especially Trump world to start hollering about somebody else if you need people distracted from what you're doing yourself. It has by now almost become reflexive to ignore the noise and start looking at what they want to distract from.

                I can also understand why Kaspersky has to go. Thanks to Trump, the US has dug so deep a hole that they NEED espionage to give them a heads up where trouble will start for the US, because it's coming. Both Russia and China have effectively been given a free pass by The Orange One to the point that I'm wondering just who planned this one out - it sure as hell can't have been Trump.

          2. Roland6 Silver badge

            Re: Я невиновен, товарищ!

            @ST "Why don't your friends at the FSB Kaspersky open source Kaspersky AV? Just open source it. Let's all have a look at what that code really does."

            You obviously didn't read about the original complaint against Kaspersky...

            The problem wasn't in the source code, as the code was doing exactly what it was supposed to do, the problem was that according to an Israeli security outfit that they and the FSB had gained access to Kaspersky's command and control centre and so could look at what the client software had passed back for inspection and secondly direct targeted clients (ie. those that have uploaded 'interesting' stuff) to upload additional material...

            Hence why Kaspersky are now locating a CCC in Switzerland. Obviously, the only question is whether the FSB can legitimately access this, which fundamentally is exactly the same issue as the US government gaining access to data on Microsoft's servers in Ireland.

      2. Anonymous Coward
        Facepalm

        "You are free ... to reverse-engineer it ... chance to prove"

        No, not really. Have you even skimmed over a typical license in the last twenty years?

        Also WTF is up with all this guilty-until-proven-innocent shite? I think "free world" was kinda neat while it lasted, but how would I know?

        1. Anonymous Coward
          Anonymous Coward

          Re: "You are free ... to reverse-engineer it ... chance to prove"

          Is being completely incoherent your strongest suit?

          Please send my very best regards to Glenfiddich.

          Also: Malaguez said "probably, but definitely not Tuesday, because the Vietnamese were bypassing it, and Emma had already decided on cabbage."

          1. Anonymous Coward
            Anonymous Coward

            completely incoherent?

            Ellipsis indicates omission. I did not paraphrase or misquote.

      3. adew

        Re: Я невиновен, товарищ!

        Guilty until proven innocent then you advocate the abrogation of the principle "right to a fair trial" and condemn the s/w vendor on hearsay.

        Given the track record of the NSA and its ongoing feed of raw data to at least one middle eastern intel agency can its word be trusted unless backed by actual evidence ?

      4. Anonymous Coward
        Anonymous Coward

        Re: Я невиновен, товарищ!

        Now if you expect NSA to tell you how they came to that conclusion, you will be waiting for a very long time. They don't have to tell you. And you're not entitled to that piece of information.

        Yes, actually, Mr. Idiocracy. These people are taxpayer-funded. "I" am EMPLOYING them. They have to justify what they do.

        I know we are already past the point where state power is accountable to anyone except to state power and there is no prospect of fixing that anymore. But there is fun in watching corrupt power structures starting to wobble.

      5. DeKrow

        Re: Я невиновен, товарищ!

        "Until then, I'll take NSA's word for it."

        Why not take no-one's word for it? They've all got axes to grind one way or another. Assume the NSA / US Government are making some kind of play, but also that Kaspersky aren't as white as the driven snow. Taking the NSA's word for it will drive you towards other AV vendors, which may be more malleable towards the desires of said NSA.

        However, if you're a dyed-in-the-wool, blind-and-deaf-to-criticism US patriot, then continue on your merry way.

        Also, someone mentioned in the comments to a previous article that Kaspersky had offered their code for confirmation to the appropriate folks.

        1. Anonymous Coward
          Devil

          Re: Я невиновен, товарищ!

          > Why not take no-one's word for it?

          Because NSA isn't selling me - or you, or to anyone else - anything.

          There is no NSA Anti-Virus software available for download or purchase at nsa.gov.

          Another thing NSA is not doing is recommending or advocating not running Anti-Virus software.

          There are plenty of perfectly viable and competent alternatives to Kaspersky AV. Malwarebytes. Avast. Bitdefender. Just to name a few.

          Disclaimer: I have no association of any kind with any of the Anti-Virus companies mentioned above, so don't even try.

          Malwarebytes is my personal favorite. It's lightweight, fast and accurate. Avast is a bit heavier. Bitdefender is quite a bit heavier - meaning on system resources usage. But they do the job.

          So, do your research and take your pick.

          What I find very interesting - and entertaining - is this tsunami of outrage expressed almost exclusively by Anonymous Coward commentards.

          It's almost as if someone - who shall remain unnamed - had a vested interest in maintaining Kaspersky AV's presence on as many Windows PC's as possible, and in making certain that Windows PC users don't uninstall Kaspersky AV, and replace it with a different - and equally competent - Anti-Virus utility.

          1. hplasm
            Gimp

            Re: Я невиновен, товарищ!

            "Because NSA isn't selling me - or you, or to anyone else - anything."

            They're selling something...

            And you certainly have bought it.

          2. Anonymous Coward
            Anonymous Coward

            Re: Я невиновен, товарищ!

            > There is no NSA Anti-Virus software available for download or purchase at nsa.gov.

            Not at nsa.gov, but in pretty much every package manager from the Linux distro > selinux

            It's fascinating how those US agency, politics... are accusing other country of wrongdoing without giving any proof when it has been proven that the US are actually doing those things...

            One common sense question, If kaspersky is really malicious as the NSA said, why not sharing in public your proof ? Let everyone the possibility to check your information. If this is true, then kaspersky will lose in reputation and customers, no ?

            Anyway, any software, os, firmware, drivers, blob closed source should be considered as malicious.

      6. Anonymous Coward
        Anonymous Coward

        Re: Я невиновен, товарищ!

        @ST Конечно ты слишком тупой комментировать об этом.

        In this case it is impossible to prove innocence. The spooks would just node sagely saying “You haven’t found it yet, but the hook exists – you must look inside a needle, in an egg in a duck on and island you can’t sail to, which is watched over by a deathless wizard”.

        1. Anonymous Coward
          Linux

          Re: Я невиновен, товарищ!

          > In this case it is impossible to prove innocence.

          Really, it's not. Kaspersky really should, and really can, prove their innocence by open-sourcing their stuff.

          We'll download the source code, we'll compile it, and we'll compare our resulting binaries with the binaries downloadable from Kaspersky Labs' site. They better be identical.

          Note: interested parties have collected, over time, a large number of previous, installable versions of Kaspersky AV. So, if they try publishing some open-sauce version of Kaspersky AV source code, with missing little bits of it, here and there, we'll know right away it's not the same with what they've been peddling for all these years.

          We'll document every single thing it does during installation. We'll monitor and document every single thing it does during a scan.

          So, really, it's quite easy. Sunlight is the best disinfectant.

          1. Anonymous Coward
            Anonymous Coward

            Re: Я невиновен, товарищ!

            @ST And even that will not satisfy you. This is essentially what Evengy offered to the agencies, but they still declined. Moreover, this is a rather difficult task, because one must use the same compiler with the settings on an OS which is configured identically &c. Clearly this is something that you have not had to do.

            Also, why should they open-source their IP and US companies not? It is what is of value for Kaspersky and they are entitled to make a living out it and not give it way: unless one believes that certain countries are not permitted to have IP.

            The fact that the spooks are refusing to consider the offer indicates to me the one real offence against any intelligence organisation - making them look stupid or incompetent.

            1. Anonymous Coward
              FAIL

              Re: Я невиновен, товарищ!

              > And even that will not satisfy you.

              And how exactly would you know that? Can you read my thoughts? Are you my personal spokesperson?

              The answer to the previous two questions is no.

              > This is essentially what Evengy offered to the agencies, but they still declined.

              OK, so if the agencies are being boneheads, open source the code for everyone to see. Let the truth be known.

              > Moreover, this is a rather difficult task, because one must use the same compiler with the settings on an OS which is configured identically

              Indeed. Not so difficult though. We only need to know the exact version + patchlevel of the compiler. Presumably the build system would be included with the open source publication.

              > Clearly this is something that you have not had to do.

              Actually I do this every single day for a living. But thanks for your efforts.

              > Also, why should they open-source their IP and US companies not?

              Because US companies haven't been accused of spying for the FSB or GRU.

              And because inventing 20,000 excuses for not publishing the source code stinks of guilty as charged.

              1. Anonymous Coward
                Anonymous Coward

                Re: Я невиновен, товарищ!

                But US companies have been accused of spy for US agencies, so the same guilt pertains to both. Unless, of course, one believes: FSB/GRU = bad, CIA/NSA = good. Or is that four legs good, two legs bad?

                Again, why should non-US companies be required to give up all their IP on the basis of an accusation - we can easily see how that will go. Just think about the consequences if the Chinese take the same approach.

          2. Roland6 Silver badge

            Re: Я невиновен, товарищ!

            >We'll download the source code, we'll compile it, and we'll compare our resulting binaries with the binaries downloadable from Kaspersky Labs' site. They better be identical.

            You had better be running exactly the same compiler, libraries, signing certificates etc. on your system as used by Kaspersky.

            But all your little exercise will do is to provide that the binaries came from the source. It doesn't prove the presence or absence of 'backdoors', for that you will have to read the code. However, I doubt that will reveal anything, as if what has been published is correct and I have seen evidence to think otherwise, the code did exactly what the CCC told it to do - just like the telemetry module in Win10 - which can also upload your entire HDD and connected drives to MS - you consented to this by accepting the EULA.

            Basically, ANY AV product that uploads 'suspicious' stuff to a CCC, where 'suspicious' is defined by the CCC can be misused by any party having access (authorised or not authorised) to the CCC.

            I do think ST you are barking up the wrong tree.

      7. Dodgy Geezer Silver badge

        Re: Я невиновен, товарищ!

        I have a bridge I would like to sell you. It's a government asset, but NSA has approved the sale....

        Oh, and NSA also point out that we have to have some more wars in the Middle East, because one of the leaders there is directly threatening the US. His identity is a secret from you, because you're not entitled to that piece of information. You are, however, entitled to pay for the war...

  6. Anonymous Coward
    Anonymous Coward

    Ergo

    Kaspersky is effective.

  7. Anonymous Coward
    Anonymous Coward

    pretty much anything to do with Kaspersky Lab

    "The US government issued an interim rule this morning prohibiting agencies from using products or services that have pretty much anything to do with Kaspersky Lab"

    Does this include sending data over spoofed Kaspersky certs?

    https://www.theregister.co.uk/2017/11/10/cia_kaspersky_fake_certs_ploy/

  8. Nematode

    NSA: No Such Agency.

    And anyway, Sir, why do Americans use that word, Sir, so much when being forcefully polite, when they don't have Knighthoods?

  9. FuzzyWuzzys
    Happy

    If the top US snoop agency hates it...

    ...then is must work properly and be blocking NSA spyware. I'll gladly be renewing my Kaspersky 10-user license in a couple of months thanks very much!

  10. JaitcH
    FAIL

    I'd Prefer Russians and Chinese Routing Around in my Privates Than the UK or USA

    Why would anyone trust the NSA or GCHQ with anything? Or indeed their governments? They have no morals.

    Besides, they haven't figured a crack for Chinese and Russian equipment.

    Does anyone still use CISCO equipment for anything? They have been hacked by the NSA and GCHQ years ago.

    Trust no one with your crown jewels; avoid the cloud and don't even let the InterNet in to buildings where confidential work is done. It might be a pain in the butt but at least you have total control.

    And please explain if US software is so great, how come the Chinese, the DPRK and Russia can seemingly access US Government systems as well as Trunp's 400 pound Yoofs in their bedsitters?

    1. Anonymous Coward
      Anonymous Coward

      Re: I'd Prefer Russians and Chinese Routing Around in my Privates Than the UK or USA

      Does anyone still use CISCO equipment for anything? They have been hacked by the NSA and GCHQ years ago.

      Don't be silly. Cisco products use a "special" SSL library. Guess who makes it? All Cisco network traffic goes through a smallish room pointed out to me once by a high-up. One cable in, one cable out. Guess what's inside? All major US companies actively work with the NSA to spy on their employees and backdoor their products.

      In our "black belt" security training they went to great lengths trying to persuade us that we don't build products with back doors. But somehow they never explained why we're using this "special" SSL library.

      My guess is that they need to use this NSA SSL lib to be allowed to sell product to the US government. Backdooring is not the result of cracks, it's a feature.

      Posted anonymously to protect my income ;).

  11. Anonymous Coward
    Anonymous Coward

    Only fools believe that our US based AV / FW software is safe and free from prying eyes. Only fools believe that our US AV software doesn't have any dirty little secrets.

    Come on guys ... does anyone really believe that our "agencies" would let a piece of very strong AV/FW software in the wild if they didn't have the "spare key"? No one will (or can) admit it but we are just as bad as the Russians, the Chinese, the <fill in the blank>, ad nauseam.

    Core "Trump-fans" are all obfuscated that the Russians meddled in our elections but do you believe that our "agencies" don't do the same? The same applies to strong AV / FW / and Cyphering apps.

  12. Adrian 4

    Sales feature

    Kaspersky is doing it wrong.

    Banned by the agency best known for planting spyware and illegally accessing their own employers (federal and public) data ? Must be good ! Buy it !

  13. razorfishsl

    Bit defender next......

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like