Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 24 Nov 2017, 14:56
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Is Kaspersky Antivirus a spy platform?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [6 Posts]  
Author Message
perdido


Joined: 09 Dec 2013
Posts: 696
Location: Altair IV , Just north of Eeyore Junction.

PostPosted: Sat 14 Oct 2017, 03:53    Post subject:  Is Kaspersky Antivirus a spy platform?
Subject description: According to Israel and US Govt. it is.
 

Russian spying tales using Kaspersky.

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets

https://www.washingtonpost.com/world/national-security/israel-hacked-kaspersky-then-tipped-the-nsa-that-its-tools-had-been-breached/2017/10/10/d48ce774-aa95-11e7-850e-2bdd1236be5d_story.html

https://www.consumerreports.org/privacy/what-to-do-about-the-kaspersky-data-hack-/

https://www.tomsguide.com/us/is-kaspersky-safe,news-25983.html

.

_________________
.
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 11177
Location: Gatineau (Qc), Canada

PostPosted: Sat 14 Oct 2017, 10:28    Post subject:  

Hi perdido.

It looks a lot like defamation or a smear tactic. It's as old as the world. Of
course, this being a spy story, no real examples or proof or evidence can
be released to the public for security reasons. (Ha-ha.So what else is new.)

Hey let's start a rumor ! How about... "Consumer Reports and the White
House are like peas in a pod." So the White House told CR to write an
article to smear Karspersky software.

See. That was so easy. You just say it, no proof needed.

As to the reasons, well, let's get our imagination going. Maybe:
-- pres. Trump thinks Kaspersky is bringing in too much money into Russia

-- some software engineer at Norton's is jealous of Russian talent and his
uncle works in the NSA

-- some official at Kaspersky accidentally put the horns on an official in the
Mossad during a business trip in Israel (Israeli women can be so
beautiful...), and this is Mossad's revenge. (For those who don't know, if
your wife has "put the horns on you", it means she slept with another guy.)

Anyway, it shouldn't concern me, because
1) I'm Canadian;
2) I'm running a Linux box;
3) there are no national secrets on this box, I swear! Twisted Evil
4) my wife is faithful!

Have fun imagining things! Wink

~~~~~~~~~~~~~~~
PS,
Almost forgot the obvious:
-- The US has a very "Buy American" president, so God forbid the US
Public Service would be using Russian software for anything! "Find any
reason to get Karspersky software off American gov't computers!", said
Pres. Trump in a rage.

-- And so we dust off narrow-mindedness off the list of very sad human
behaviors.

_________________
musher0
~~~~~~~~~~
"Logical entities must not be multiplied beyond necessity." | |
« Il ne faut pas multiplier les entités logiques sans nécessité. » (Ockham)
Back to top
View user's profile Send private message 
6502coder


Joined: 23 Mar 2009
Posts: 405
Location: Western United States

PostPosted: Wed 25 Oct 2017, 18:27    Post subject:  

Kaspersky's explanation:
http://www.zdnet.com/article/kaspersky-admits-to-reaping-nsa-code-from-us-pc/
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1688

PostPosted: Thu 26 Oct 2017, 08:36    Post subject:  

The truth here is that this particular charge is probably true, but deniable. That is hardly the whole story.

Any antivirus which depends on scanning for files which match a database of signatures and uploads suspect files to servers managed by the company that created it can be used this way. The major requirement is that the code sent to any particular machine can be customized. This is easy when the vendor's licensing has a product key for each paying customer, and there are different versions of protection software from the same vendor. (Sound like an unusual situation?)

Nothing stops you from slipping in a signature (pattern) that matches any kind of file you want. There may well be a switch in the code to allow or prevent uploading suspect files, but if the code is not accessible to you, you can't tell if changing this really stops the antivirus from uploading files in every case. I suspect it does not. There must be some form of problem reporting software in every such product, because problems are constantly arising.

By using the antivirus pattern matcher to fish for specific files, on a particular machine, and causing it to upload those it finds, you can crack any machine without having an explicit backdoor. It is even possible for the company involved to deny subverting the system. If the information simply leaks to attackers the operation will be deniable.

An even simpler way is to stop installation of a signature for a threat intelligence professionals can control. Such zero-day threats arise all the time. Once a system is cracked, and you have collected passwords, you can remove all traces of compromise and reinstall the missing signature. You will now have the same access as the person at the keyboard, except for pushing the power button.

The problem here is with national laws forcing companies to cooperate with intelligence services. This is normally seen as a matter of defense, but nothing prevents the information obtained from being used offensively.

The current model of IT security is fatally flawed.
Back to top
View user's profile Send private message 
greengeek


Joined: 20 Jul 2010
Posts: 4721
Location: Republic of Novo Zelande

PostPosted: Thu 26 Oct 2017, 11:58    Post subject:  

The way I read this story - and Kaspersky's explanation - is this:

- If you work for Israel or for the NSA creating tools that breach the privacy of citizens computers then it's best not to use Kaspersky antivirus as it is capable of identifying the trojans you are creating, and sending that development code back to Kaspersky for analysis.

The antivirus spotted the nature of the illegal code in use on the NSA employees computer and then did exactly what it is supposed to do and isolated the bad code and uploaded it to Kaspersky to feed it's signature back into the antivrus database.

Caught in the act NSA !
(how surprising ! )

Every decent antivirus is a "spy platform". Thats what they do - identifying bad code, from evil people and evil states, running in YOUR computer. Stick with the tame antiviri if you don't really want to know what the NSA is up to...

https://usa.kaspersky.com/about/press-releases/2017_preliminary-results-of-the-internal-investigation-into-alleged-incident-reported-by-us-media
Back to top
View user's profile Send private message 
perdido


Joined: 09 Dec 2013
Posts: 696
Location: Altair IV , Just north of Eeyore Junction.

PostPosted: Fri 10 Nov 2017, 11:27    Post subject:  

CIA wrote code 'to impersonate' Russia’s Kaspersky Lab anti-virus company, WikiLeaks says

Wikileaks drama alert: CIA forged digital certs imitating Kaspersky Lab
"Eugene Kaspersky, chief exec of Kaspersky Lab, sought to reassure customers. "We've investigated the Vault 8 report and confirm
the certificates in our name are fake. Our customers, private keys and services are safe and unaffected," he said."

All in all I would not be suprised if Kaspersky is an innocent bystander being victimized by the USA deep state swamp.

.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [6 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0459s ][ Queries: 13 (0.0057s) ][ GZIP on ]