Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security Operating Systems IT Politics

Kaspersky's Exploit-Proof OS Leaves Security Experts Skeptical 196

Posted by timothy
from the trust-maybe-but-certainly-verify dept.
CWmike writes "Eugene Kaspersky, the $800-million Russian cybersecurity tycoon, is, by his own account, out to 'save the world' with an exploit-proof operating system. Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a 'digital Pearl Harbor' or 'digital 9/11' from hostile nation states like Iran, this sounds like the impossible dream come true — the cyber version of a Star Wars force field. But on this side of that world in need of saving, the enthusiasm is somewhat tempered. One big worry: source. 'The real question is, do you trust the people who built your system? The answer had better be yes,' said Gary McGraw, CTO of Cigital. Kaspersky's products are among the top ranked worldwide, are used by an estimated 300 million people and are embraced by U.S. companies like Microsoft, Cisco and Juniper Networks. But while he considers himself at some level a citizen of the world, he has close ties to Russian intelligence and Vladimir Putin. Part of his education and training was sponsored by the KGB, he is a past Soviet intelligence officer (some suspect he has not completely retired from that role) and he is said have a 'deep and ongoing relationship with Russia's Federal Security Service, or FSB,' the successor to the KGB and the agency that operates the Russian government's electronic surveillance network."
This discussion has been archived. No new comments can be posted.

Kaspersky's Exploit-Proof OS Leaves Security Experts Skeptical

Comments Filter:
  • by KrazyDave (2559307) <htcprog@gmail.com> on Friday October 19, 2012 @06:15PM (#41711075) Homepage
    ... doesn't mean that Kaspersky isn't still tied to Russian military interests. Proceed with caution.
  • by Anonymous Coward on Friday October 19, 2012 @06:16PM (#41711093)

    Your 4-function desktop calculator has no operating system, by any accepted definition of the term operating system.

  • by nzac (1822298) on Friday October 19, 2012 @06:21PM (#41711135)

    I know its not exploit proof but becoming a platinum sponsor and insisting they spend the money on code review. Then make custom modifications to remove all functionality and you should get close.

    If the people buying and operating these systems really cared about security I am sure they could piece together a far more secure solution at the expense of cost and convenience from current software.

  • Two things (Score:5, Insightful)

    by Gonoff (88518) on Friday October 19, 2012 @06:38PM (#41711283)
    1 - The cold war is over. Capitalism won (not democracy).
    2 - If I had a choice between something checked by the Russians, the US and the Chinese, the only one I would flat out reject would be the Chinese one. I see US spooks as no more concerned with my happiness and wellbeing than Russian ones.
  • Very simple... (Score:5, Insightful)

    by ArcadeNut (85398) on Friday October 19, 2012 @06:42PM (#41711313) Homepage

    If it's man made and accessible, it's exploitable.

    Thinking otherwise is foolish.

  • Not possible (Score:4, Insightful)

    by Waffle Iron (339739) on Friday October 19, 2012 @07:00PM (#41711451)

    Although improvements can certainly be made, it's simply not possible to make a useful computer totally exploit proof,

    This is because ultimately, the PEBKAC.

  • by identity0 (77976) on Friday October 19, 2012 @07:06PM (#41711487) Journal

    I often hear of "Russian hackers" and the hacker scene is supposedly pretty big, and I've always wondered to what extent the government there had a hand in that. Anyone here have any experience with the Russian scene?

    And why is the hacker scene so big there?

  • by farble1670 (803356) on Friday October 19, 2012 @07:08PM (#41711503)

    pre-cold war:

    USSR-based companies: in bed w/ the USSR government
    US-based companies: in bed w/ whoever pays them

    post-cold war:

    Russian-based companies: in bed w/ whoever pays them
    US-based companies: in bed w/ whoever pays them

  • Re:Two things (Score:5, Insightful)

    by circletimessquare (444983) <<circletimessquare> <at> <gmail.com>> on Friday October 19, 2012 @07:42PM (#41711687) Homepage Journal

    the american spooks will fuck you up for doing something against their geopolitical agenda

    so will the russians. but in addition, the russian spooks will fuck you up for doing something against the russian political status quo (and of course, the chinese too)

    america has going for it a genuinely much better tolerance for political dissent. you can say things about obama you can't say about putin or hu jintao. and that matters, it really matters

    but if you want to belittle that difference, you probably live in the west and have a well established antiestablishment attitude

    ok, now try that same antiestablishment attitude against moscow... in moscow. or against beijing... in beijing. exactly: your attitude just tells us you don't appreciate what you have

    in short, there is no nation you can fully trust. only differences in degrees. and the usa currently leads the list of trustworthiness of the superpowers. not that the usa doesn't have a lot of room for improvement. and not that it can't backslide. but currently it's the shinest piece of crap on top of the shit pile

  • by aNonnyMouseCowered (2693969) on Friday October 19, 2012 @07:53PM (#41711747)

    "Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a 'digital Pearl Harbor' or 'digital 9/11' from hostile nation states like Iran"

    I'm worried by this blurring of distinctions in the historical significance of the two events. Whatever your political persuasion, Pearl Harbor was a de facto declaration of war. It was a strike against a military target carried out by a true nation state. The "9/11" terrorist attack was something else. It was carried out by an independent group that at worst can be described as being in an alliance of convenience with some foreign government.

    By confusing our figures of speech for two clearly different types of cyberattacks, the danger is that the same counterattack methods will be used for both. Treating "9/11" as an act of war, and not simply as a well-coordinated distributed terrorist attack, led to a trillion-dollar War on Terror. On hindsight did it make sense to send out a nation's armies to deal with a few hundred suspected terrorists? Wouldn't it have been better if the intelligence agencies dealt with the issue, resorting to large military strikes only when the intelligence and situation warranted?

    So now will the hometowns/countries of suspected Anonymous members be the target of the same massive disruption of IT services that US would launch in retaliaton for a supposed cyberattack from Iran or China?

  • by Eyeball97 (816684) on Friday October 19, 2012 @08:30PM (#41711915)

    To claim that anything is exploit proof requires a level of arrogance and/or stupidity I hadn't thought possible outside of government.

I do not fear computers. I fear the lack of them. -- Isaac Asimov

Working...